Home

Description

The rtsol(8) and rtsold(8) programs do not validate the domain search list options provided in router advertisement messages; the option body is passed to resolvconf(8) unmodified. resolvconf(8) is a shell script which does not validate its input. A lack of quoting meant that shell commands pass as input to resolvconf(8) may be executed.

PUBLISHED Reserved 2025-12-12 | Published 2026-03-09 | Updated 2026-03-10 | Assigner freebsd

Problem types

CWE-20 Improper Input Validation

Product status

Default status
unknown

15.0-RELEASE (release) before p1
affected

14.3-RELEASE (release) before p7
affected

13.5-RELEASE (release) before p8
affected

Credits

Kevin Day finder

References

sploitus.com/...EXPLOIT-FREEBSD-MISC-RTSOLD_DNSSL_CMDINJECT- exploit

security.freebsd.org/advisories/FreeBSD-SA-25:12.rtsold.asc vendor-advisory

cve.org (CVE-2025-14558)

nvd.nist.gov (CVE-2025-14558)

Download JSON