CVE-2025-69690
CRITICAL
9,1
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
Attack Vector: network
Attack Complexity: low
Privileges Required: high
User Interaction: none
Scope: changed
Confidentiality: high
Integrity: high
Availability: high
Description
AI Translation Available
Netgate pfSense CE 2.7.2 allows code execution by using the module installer with a backup file with a serialized PHP object containing the post_reboot_commands property. NOTE: the Supplier disputes this because this installer is only available to admins and they are intentionally allowed to execute PHP code.
EPSS (Exploit Prediction Scoring System)
Trend Analysis
EPSS (Exploit Prediction Scoring System)
Prevede la probabilità di sfruttamento basata su intelligence sulle minacce e sulle caratteristiche della vulnerabilità.
EPSS Score
0,0001
Percentile
0,0th
Updated
Single Data Point
Only one EPSS measurement is available for this CVE. Trend analysis requires multiple data points over time.
502
Deserialization of Untrusted Data
DraftCommon Consequences
Security Scopes Affected:
Integrity
Availability
Other
Potential Impacts:
Modify Application Data
Unexpected State
Dos: Resource Consumption (Cpu)
Varies By Context
Applicable Platforms
Languages:
Java, JavaScript, PHP, Python, Ruby
Technologies:
AI/ML, ICS/OT, Not Technology-Specific
915
Improperly Controlled Modification of Dynamically-Determined Object Attributes
IncompleteCommon Consequences
Security Scopes Affected:
Integrity
Other
Potential Impacts:
Modify Application Data
Execute Unauthorized Code Or Commands
Varies By Context
Alter Execution Logic
Applicable Platforms
Languages:
ASP.NET, Not Language-Specific, PHP, Python, Ruby
https://seclists.org/fulldisclosure/2026/Feb/16
https://seclists.org/fulldisclosure/2026/Feb/16
https://www.linkedin.com/in/nelson-adhepeau/