Vulnerability Details CVE-2025-14558
The rtsol(8) and rtsold(8) programs do not validate the domain search list options provided in router advertisement messages; the option body is passed to resolvconf(8) unmodified.
resolvconf(8) is a shell script which does not validate its input. A lack of quoting meant that shell commands pass as input to resolvconf(8) may be executed.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.416
EPSS Ranking 97.4%
CVSS Severity
CVSS v3 Score 7.2