Vulnerability Details CVE-2025-69690
Netgate pfSense CE 2.7.2 allows code execution by using the module installer with a backup file with a serialized PHP object containing the post_reboot_commands property. NOTE: the Supplier disputes this because this installer is only available to admins and they are intentionally allowed to execute PHP code.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 11.3%
CVSS Severity
CVSS v3 Score 9.1
References