← Zuruck zu CVEs
CVE-2025-53392
MEDIUM5.0
Beschreibung
In Netgate pfSense CE 2.8.0, the "WebCfg - Diagnostics: Command" privilege allows reading arbitrary files via diag_command.php dlPath directory traversal. NOTE: the Supplier's perspective is that this is intended behavior for this privilege level, and that system administrators are informed through both the product documentation and UI.
CVE Details
CVSS v3.1 Bewertung5.0
SchweregradMEDIUM
CVSS VektorCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N
AngriffsvektorNETWORK
KomplexitatLOW
Erforderliche PrivilegienLOW
BenutzerinteraktionNONE
Veroffentlicht6/28/2025
Zuletzt geandert10/15/2025
Quellenvd
Honeypot-Sichtungen0
Betroffene Produkte
pfsense:pfsense
Schwachen (CWE)
CWE-36
Referenzen
https://github.com/skraft9/pfsense-security-research(cve@mitre.org)
https://github.com/skraft9/pfsense-security-research(134c704f-9b21-4f2e-91b3-4a467353bcc0)
IOC Korrelationen
Keine Korrelationen erfasst
This product uses data from the NVD API but is not endorsed or certified by the NVD.