CVE-2025-69691 | THREATINT

Description

Netgate pfSense CE 2.8.0 allows code execution in the XMLRPC API via pfsense.exec_php. NOTE: the Supplier disputes this because the API call is only available to admins and they are intentionally allowed to execute PHP code.

PUBLISHED Reserved 2026-01-09 | Published 2026-05-08 | Updated 2026-05-08 | Assigner mitre

References

seclists.org/fulldisclosure/2026/Feb/16 exploit

www.linkedin.com/in/nelson-adhepeau/

seclists.org/fulldisclosure/2026/Feb/16

cve.org (CVE-2025-69691)

nvd.nist.gov (CVE-2025-69691)

Download JSON