CVE-2025-69690

CRITICAL

Netgate pfSense CE 2.7.2 - Code Injection

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2025-69690. PoCs published by privlabs.

AI-analyzed exploit summary This repository provides a detailed technical analysis of two authenticated RCE vulnerabilities in Netgate pfSense Community Edition (CVE-2025-69690 and CVE-2025-69691), including attack flows, affected components, and proof-of-concept payloads.

Description

Netgate pfSense CE 2.7.2 allows code execution by using the module installer with a backup file with a serialized PHP object containing the post_reboot_commands property. NOTE: the Supplier disputes this because this installer is only available to admins and they are intentionally allowed to execute PHP code.

Exploits (1)

github WRITEUP
by privlabs · poc
https://github.com/privlabs/CVE-2025-69690-CVE-2025-69691

This repository provides a detailed technical analysis of two authenticated RCE vulnerabilities in Netgate pfSense Community Edition (CVE-2025-69690 and CVE-2025-69691), including attack flows, affected components, and proof-of-concept payloads.

Classification
Writeup 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Netgate pfSense Community Edition 2.7.2 and 2.8.0
Auth required
Prerequisites: admin credentials · access to pfSense web interface or XMLRPC API
devstral-2 · analyzed May 17, 2026 Full analysis →

References (2)

Core 2

Scores

CVSS v3 9.1
EPSS 0.0063
EPSS Percentile 45.4%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact total

Details

CWE
CWE-502 CWE-915
Status published
Products (1)
pfsense/pfsense 2.7.2
Published May 08, 2026
Tracked Since May 08, 2026