CVE 9.9 CRITICAL

CVE-2025-69691_CVE-2025-69691

May 8, 2026 invoker category_cve

9.9 / 10

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Description

Netgate pfSense CE 2.8.0 allows code execution in the XMLRPC API via pfsense.exec_php. NOTE: the Supplier disputes this because the API call is only available to admins and they are intentionally allowed to execute PHP code.

AI Analysis

Code execution vulnerability in the XMLRPC API via pfsense.exec_php

Basic Information

ID CVE-2025-69691

Source mitre

Published May 8, 2026 at 00:00

Modified May 8, 2026 at 21:29

Affected Product

Vendor Netgate

Product pfSense CE

Version 2.8.0

Affected Versions n/a n/a n/a

CWE Classification

CWE-284 CWE-915

AI Assessment

AI Score 9.9 / 10

AI Severity Critical

Vendor Netgate

Product pfSense CE

Version 2.8.0

References

{
    "lastseen": "",
    "description": "Netgate pfSense CE 2.8.0 allows code execution in the XMLRPC API via pfsense.exec_php. NOTE: the Supplier disputes this because the API call is only available to admins and they are intentionally allowed to execute PHP code.",
    "published": "2026-05-08T00:00:00.000Z",
    "modified": "2026-05-08T21:29:04.070Z",
    "type": "cve",
    "title": "CVE-2025-69691",
    "source": "mitre",
    "references": "https://www.linkedin.com/in/nelson-adhepeau/\nhttps://seclists.org/fulldisclosure/2026/Feb/16",
    "id": "CVE-2025-69691",
    "bulletinFamily": "",
    "cwe": [
        "CWE-284",
        "CWE-915"
    ],
    "cvelist": null,
    "sourceData": "n/a n/a n/a",
    "sourceHref": "",
    "cvss": {
        "score": 9.9,
        "severity": "CRITICAL",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "pfSense CE",
    "version": "2.8.0",
    "vendor": "Netgate",
    "ai_description": "Code execution vulnerability in the XMLRPC API via pfsense.exec_php",
    "ai_severity": "Critical",
    "ai_vendor": "Netgate",
    "ai_product": "pfSense CE",
    "ai_version": "2.8.0",
    "ai_score": 9.9
}

💭 Join the Security Discussion ❌ Cancel Reply