CVE 9.1 CRITICAL

CVE-2025-69690_CVE-2025-69690

May 8, 2026 invoker category_cve

9.1 / 10

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

Description

Netgate pfSense CE 2.7.2 allows code execution by using the module installer with a backup file with a serialized PHP object containing the post_reboot_commands property. NOTE: the Supplier disputes this because this installer is only available to admins and they are intentionally allowed to execute PHP code.

AI Analysis

Code execution vulnerability in pfSense CE 2.7.2 via the module installer with a malicious backup file

Basic Information

ID CVE-2025-69690

Source mitre

Published May 8, 2026 at 00:00

Modified May 8, 2026 at 21:29

Affected Product

Vendor Netgate

Product pfSense CE

Version 2.7.2

Affected Versions n/a n/a n/a

CWE Classification

CWE-502 CWE-915

AI Assessment

AI Score 9.1 / 10

AI Severity Critical

Vendor Netgate

Product pfSense CE

Version 2.7.2

References

{
    "lastseen": "",
    "description": "Netgate pfSense CE 2.7.2 allows code execution by using the module installer with a backup file with a serialized PHP object containing the post_reboot_commands property. NOTE: the Supplier disputes this because this installer is only available to admins and they are intentionally allowed to execute PHP code.",
    "published": "2026-05-08T00:00:00.000Z",
    "modified": "2026-05-08T21:29:10.073Z",
    "type": "cve",
    "title": "CVE-2025-69690",
    "source": "mitre",
    "references": "https://www.linkedin.com/in/nelson-adhepeau/\nhttps://seclists.org/fulldisclosure/2026/Feb/16",
    "id": "CVE-2025-69690",
    "bulletinFamily": "",
    "cwe": [
        "CWE-502",
        "CWE-915"
    ],
    "cvelist": null,
    "sourceData": "n/a n/a n/a",
    "sourceHref": "",
    "cvss": {
        "score": 9.1,
        "severity": "CRITICAL",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "pfSense CE",
    "version": "2.7.2",
    "vendor": "Netgate",
    "ai_description": "Code execution vulnerability in pfSense CE 2.7.2 via the module installer with a malicious backup file",
    "ai_severity": "Critical",
    "ai_vendor": "Netgate",
    "ai_product": "pfSense CE",
    "ai_version": "2.7.2",
    "ai_score": 9.1
}

💭 Join the Security Discussion ❌ Cancel Reply