CVE-2025-14558

This is a functional exploit for CVE-2025-14558, targeting a command injection vulnerability in FreeBSD's rtsold via maliciously crafted DNSSL options in IPv6 Router Advertisements. The PoC uses Scapy to send packets with embedded shell metacharacters, achieving remote code execution on vulnerable systems.

This is a functional proof-of-concept exploit for CVE-2025-14558, demonstrating remote command injection via crafted IPv6 Router Advertisement packets targeting FreeBSD's rtsold service. It uses Scapy to send malicious DNSSL options that trigger command execution as root.

This Metasploit module exploits CVE-2025-14558, a command injection vulnerability in FreeBSD's rtsol(8) and rtsold(8) via malformed DNSSL options in IPv6 Router Advertisement packets. The exploit sends crafted packets to trigger command execution via shell substitution in resolvconf(8).

This exploit leverages a command injection vulnerability in FreeBSD's rtsold via maliciously crafted DNSSL options in IPv6 Router Advertisement packets. The payload is encoded to bypass shell metacharacter validation and achieve remote code execution through resolvconf's unquoted variable expansion.