Vulnerability Details CVE-2025-69691
Netgate pfSense CE 2.8.0 allows code execution in the XMLRPC API via pfsense.exec_php. NOTE: the Supplier disputes this because the API call is only available to admins and they are intentionally allowed to execute PHP code.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 9.8%
CVSS Severity
CVSS v3 Score 9.9
References