Critical severity9.9NVD Advisory· Published May 8, 2026· Updated May 12, 2026
CVE-2025-69691
CVE-2025-69691
Description
Netgate pfSense CE 2.8.0 allows code execution in the XMLRPC API via pfsense.exec_php. NOTE: the Supplier disputes this because the API call is only available to admins and they are intentionally allowed to execute PHP code.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2Patches
Vulnerability mechanics
References
2- seclists.org/fulldisclosure/2026/Feb/16nvdExploitMailing ListThird Party Advisory
- www.linkedin.com/in/nelson-adhepeau/nvdNot Applicable
News mentions
0No linked articles in our index yet.