CVE-2025-69690: n/a
Netgate pfSense CE 2.7.2 allows code execution by using the module installer with a backup file with a serialized PHP object containing the post_reboot_commands property. NOTE: the Supplier disputes this because this installer is only available to admins and they are intentionally allowed to execute PHP code.
AI Analysis
Technical Summary
CVE-2025-69690 describes a potential code execution issue in Netgate pfSense CE 2.7.2. The vulnerability arises when the module installer processes a backup file containing a serialized PHP object with a specific property (post_reboot_commands), which could lead to code execution. However, the vendor disputes this as a vulnerability because the installer functionality is restricted to administrative users who inherently have permission to execute PHP code, implying this behavior is by design rather than a security flaw.
Potential Impact
If exploited, this could allow an administrator with access to the module installer to execute arbitrary PHP code via crafted backup files. Since the installer is restricted to admins, the impact is limited to authorized users and does not represent an escalation of privileges or remote code execution by unauthorized actors. There are no known exploits in the wild.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Given the vendor's position that this behavior is intentional and limited to admin users, no immediate action may be required beyond ensuring that administrative access is tightly controlled and monitored.
CVE-2025-69690: n/a
Description
Netgate pfSense CE 2.7.2 allows code execution by using the module installer with a backup file with a serialized PHP object containing the post_reboot_commands property. NOTE: the Supplier disputes this because this installer is only available to admins and they are intentionally allowed to execute PHP code.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
CVE-2025-69690 describes a potential code execution issue in Netgate pfSense CE 2.7.2. The vulnerability arises when the module installer processes a backup file containing a serialized PHP object with a specific property (post_reboot_commands), which could lead to code execution. However, the vendor disputes this as a vulnerability because the installer functionality is restricted to administrative users who inherently have permission to execute PHP code, implying this behavior is by design rather than a security flaw.
Potential Impact
If exploited, this could allow an administrator with access to the module installer to execute arbitrary PHP code via crafted backup files. Since the installer is restricted to admins, the impact is limited to authorized users and does not represent an escalation of privileges or remote code execution by unauthorized actors. There are no known exploits in the wild.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Given the vendor's position that this behavior is intentional and limited to admin users, no immediate action may be required beyond ensuring that administrative access is tightly controlled and monitored.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- mitre
- Date Reserved
- 2026-01-09T00:00:00.000Z
- Cvss Version
- null
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 69fd8104cbff5d86109f55c4
Added to database: 5/8/2026, 6:21:56 AM
Last enriched: 5/8/2026, 6:36:51 AM
Last updated: 5/8/2026, 11:25:40 PM
Views: 11
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.