Unrated severityNVD Advisory· Published Mar 9, 2026· Updated Mar 10, 2026
Remote code execution via ND6 Router Advertisements
CVE-2025-14558
Description
The rtsol(8) and rtsold(8) programs do not validate the domain search list options provided in router advertisement messages; the option body is passed to resolvconf(8) unmodified.
resolvconf(8) is a shell script which does not validate its input. A lack of quoting meant that shell commands pass as input to resolvconf(8) may be executed.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
1Patches
Vulnerability mechanics
References
1- security.freebsd.org/advisories/FreeBSD-SA-25:12.rtsold.ascmitrevendor-advisory
News mentions
0No linked articles in our index yet.