CVE-2025-69690
Netgate · pfSense CE
Netgate pfSense CE 2.7.2 is vulnerable to arbitrary code execution via the module installer when processing a maliciously crafted serialized PHP object.
Executive summary
A critical remote code execution vulnerability in Netgate pfSense CE 2.7.2 could allow authenticated administrators to execute arbitrary PHP code on the underlying system.
Vulnerability
This vulnerability involves an insecure deserialization flaw within the module installer, which can be triggered by providing a backup file containing a malicious serialized PHP object. The attack requires an authenticated administrator session to execute.
Business impact
The vulnerability carries a CVSS score of 9.1, reflecting its critical potential for full system compromise. While the vendor disputes the finding, arguing that administrative access is required and intended, any unauthorized or coerced administrative access would allow an attacker to gain complete control over the network gateway, leading to total data interception or network disruption.
Remediation
Immediate Action: Review current security policies regarding administrative access and ensure that only authorized personnel have access to the module installer and backup restoration functions.
Proactive Monitoring: Monitor system logs for unauthorized access to the module installation interface and investigate any irregular or high-privilege activity performed by administrative accounts.
Compensating Controls: Restrict access to the pfSense web interface to trusted management IP addresses to prevent unauthorized administrative sessions.
Exploitation status
Public Exploit Available: Unknown
Analyst recommendation
Given the severity of this vulnerability, administrators should prioritize the principle of least privilege for all administrative accounts. While the vendor considers this a design feature, organizations must treat this as a high-risk vector for lateral movement and system compromise.