Vulnerabilities

CVE-2025-53392

by Fred · 28/06/2025

In Netgate pfSense CE 2.8.0, the “WebCfg – Diagnostics: Command” privilege allows reading arbitrary files via diag_command.php dlPath directory traversal. NOTE: the Supplier’s perspective is that this is intended behavior for this privilege level, and that system administrators are informed through both the product documentation and UI.

More information : https://github.com/skraft9/pfsense-security-research

Similar

Tags: Cybersecurity Alert