CVE-2025-69690: pfsense vulnerability

Netgate pfSense CE 2.7.2 allows code execution by using the module installer with a backup file with a serialized PHP object containing the post_reboot_commands property. NOTE: the Supplier disputes this because this installer is only available to admins an...
CVE-2025-69690CVSS 9.1Web

CVE-2025-69690: pfsense vulnerability

Netgate pfSense CE 2.7.2 allows code execution by using the module installer with a backup file with a serialized PHP object containing the post_reboot_commands property. NOTE: the Supplier disputes this because this installer is only available to admins an...

CVSS
9.1 CRITICAL
EPSS
45.96%
Known exploited
not in KEV
Product
pfsense

What is known

Netgate pfSense CE 2.7.2 allows code execution by using the module installer with a backup file with a serialized PHP object containing the post_reboot_commands property. NOTE: the Supplier disputes this because this installer is only available to admins and they are intentionally allowed to execute PHP code.

Sources