CVE-2025-12490

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2025-12490

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-12490.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2025-12490

Published

2025-11-06T20:15:46.643Z

Modified

2026-03-14T12:45:34.318014Z

Severity

8.8 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

Netgate pfSense CE Suricata Path Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to create arbitrary files on affected installations of Netgate pfSense. Authentication is required to exploit this vulnerability.

The specific flaw exists within the Suricata package. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to create files in the context of root. Was ZDI-CAN-28085.

References

Affected packages

Git / github.com/pfsense/freebsd-ports

Affected ranges

Type: GIT
Repo: https://github.com/pfsense/freebsd-ports
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

36b2303dfca35a1183d76f26bcc6ce26d4ea682d

Affected versions

Other

END-OF-2015Q4

devel_before_hashes_changed

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-12490.json"