Critical severity9.1NVD Advisory· Published May 8, 2026· Updated May 12, 2026
CVE-2025-69690
CVE-2025-69690
Description
Netgate pfSense CE 2.7.2 allows code execution by using the module installer with a backup file with a serialized PHP object containing the post_reboot_commands property. NOTE: the Supplier disputes this because this installer is only available to admins and they are intentionally allowed to execute PHP code.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2Patches
Vulnerability mechanics
References
2- seclists.org/fulldisclosure/2026/Feb/16nvdExploitMailing ListThird Party Advisory
- www.linkedin.com/in/nelson-adhepeau/nvdNot Applicable
News mentions
0No linked articles in our index yet.