CVE-2025-53392 (GCVE-0-2025-53392)
Vulnerability from cvelistv5
Published
2025-06-28 00:00
Modified
2025-06-30 13:32
Severity ?
5.0 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N
CWE
  • CWE-36 - Absolute Path Traversal
Summary
In Netgate pfSense CE 2.8.0, the "WebCfg - Diagnostics: Command" privilege allows reading arbitrary files via diag_command.php dlPath directory traversal. NOTE: the Supplier's perspective is that this is intended behavior for this privilege level, and that system administrators are informed through both the product documentation and UI.
References
Impacted products
Vendor Product Version
Netgate pfSense Version: 2.8.0   <
Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-53392",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-06-30T13:27:04.222331Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-06-30T13:32:27.839Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "exploit"
            ],
            "url": "https://github.com/skraft9/pfsense-security-research"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "product": "pfSense",
          "vendor": "Netgate",
          "versions": [
            {
              "status": "affected",
              "version": "2.8.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:a:netgate:pfsense:*:*:*:*:*:*:*:*",
                  "versionEndIncluding": "2.8.0",
                  "versionStartIncluding": "2.8.0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In Netgate pfSense CE 2.8.0, the \"WebCfg - Diagnostics: Command\" privilege allows reading arbitrary files via diag_command.php dlPath directory traversal. NOTE: the Supplier\u0027s perspective is that this is intended behavior for this privilege level, and that system administrators are informed through both the product documentation and UI."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-36",
              "description": "CWE-36 Absolute Path Traversal",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-06-28T22:27:49.881Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://github.com/skraft9/pfsense-security-research"
        }
      ],
      "tags": [
        "disputed"
      ],
      "x_generator": {
        "engine": "enrichogram 0.0.1"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2025-53392",
    "datePublished": "2025-06-28T00:00:00.000Z",
    "dateReserved": "2025-06-28T00:00:00.000Z",
    "dateUpdated": "2025-06-30T13:32:27.839Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2025-53392\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2025-06-28T23:15:21.503\",\"lastModified\":\"2025-06-30T18:38:23.493\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[{\"sourceIdentifier\":\"cve@mitre.org\",\"tags\":[\"disputed\"]}],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In Netgate pfSense CE 2.8.0, the \\\"WebCfg - Diagnostics: Command\\\" privilege allows reading arbitrary files via diag_command.php dlPath directory traversal. NOTE: the Supplier\u0027s perspective is that this is intended behavior for this privilege level, and that system administrators are informed through both the product documentation and UI.\"},{\"lang\":\"es\",\"value\":\"En Netgate pfSense CE 2.8.0, el privilegio \\\"WebCfg - Diagn\u00f3stico: Comando\\\" permite leer archivos arbitrarios mediante la navegaci\u00f3n del directorio diag_command.php dlPath. NOTA: El proveedor considera que este es el comportamiento previsto para este nivel de privilegio y que los administradores del sistema est\u00e1n informados a trav\u00e9s de la documentaci\u00f3n del producto y la interfaz de usuario.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"cve@mitre.org\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N\",\"baseScore\":5.0,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.1,\"impactScore\":1.4}]},\"weaknesses\":[{\"source\":\"cve@mitre.org\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-36\"}]}],\"references\":[{\"url\":\"https://github.com/skraft9/pfsense-security-research\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://github.com/skraft9/pfsense-security-research\",\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\"}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-53392\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"poc\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-06-30T13:27:04.222331Z\"}}}], \"references\": [{\"url\": \"https://github.com/skraft9/pfsense-security-research\", \"tags\": [\"exploit\"]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-06-30T13:28:00.748Z\"}}], \"cna\": {\"tags\": [\"disputed\"], \"metrics\": [{\"cvssV3_1\": {\"version\": \"3.1\", \"baseScore\": 5, \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N\"}}], \"affected\": [{\"vendor\": \"Netgate\", \"product\": \"pfSense\", \"versions\": [{\"status\": \"affected\", \"version\": \"2.8.0\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}], \"references\": [{\"url\": \"https://github.com/skraft9/pfsense-security-research\"}], \"x_generator\": {\"engine\": \"enrichogram 0.0.1\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"In Netgate pfSense CE 2.8.0, the \\\"WebCfg - Diagnostics: Command\\\" privilege allows reading arbitrary files via diag_command.php dlPath directory traversal. NOTE: the Supplier\u0027s perspective is that this is intended behavior for this privilege level, and that system administrators are informed through both the product documentation and UI.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-36\", \"description\": \"CWE-36 Absolute Path Traversal\"}]}], \"cpeApplicability\": [{\"nodes\": [{\"negate\": false, \"cpeMatch\": [{\"criteria\": \"cpe:2.3:a:netgate:pfsense:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndIncluding\": \"2.8.0\", \"versionStartIncluding\": \"2.8.0\"}], \"operator\": \"OR\"}]}], \"providerMetadata\": {\"orgId\": \"8254265b-2729-46b6-b9e3-3dfca2d5bfca\", \"shortName\": \"mitre\", \"dateUpdated\": \"2025-06-28T22:27:49.881Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2025-53392\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-06-30T13:32:27.839Z\", \"dateReserved\": \"2025-06-28T00:00:00.000Z\", \"assignerOrgId\": \"8254265b-2729-46b6-b9e3-3dfca2d5bfca\", \"datePublished\": \"2025-06-28T00:00:00.000Z\", \"assignerShortName\": \"mitre\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.