← Volver a CVEs
CVE-2025-53392
MEDIUM5.0
Descripcion
In Netgate pfSense CE 2.8.0, the "WebCfg - Diagnostics: Command" privilege allows reading arbitrary files via diag_command.php dlPath directory traversal. NOTE: the Supplier's perspective is that this is intended behavior for this privilege level, and that system administrators are informed through both the product documentation and UI.
Detalles CVE
Puntuacion CVSS v3.15.0
SeveridadMEDIUM
Vector CVSSCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N
Vector de ataqueNETWORK
ComplejidadLOW
Privilegios requeridosLOW
Interaccion usuarioNONE
Publicado6/28/2025
Ultima modificacion10/15/2025
Fuentenvd
Avistamientos honeypot0
Productos afectados
pfsense:pfsense
Debilidades (CWE)
CWE-36
Referencias
https://github.com/skraft9/pfsense-security-research(cve@mitre.org)
https://github.com/skraft9/pfsense-security-research(134c704f-9b21-4f2e-91b3-4a467353bcc0)
Correlaciones IOC
Sin correlaciones registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.