CVE-2025-53392 MEDIUM

CVE-2025-53392

Vendor Netgate
Product pfSense
Weakness CWE-36
Published June 28, 2025
Last update June 30, 2025

CVSS base score

5.0/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality Low
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N

What the vulnerability does

01Description

In Netgate pfSense CE 2.8.0, the "WebCfg - Diagnostics: Command" privilege allows reading arbitrary files via diag_command.php dlPath directory traversal. NOTE: the Supplier's perspective is that this is intended behavior for this privilege level, and that system administrators are informed through both the product documentation and UI.

Key dates

02Disclosure timeline

June 28, 2025 CVE published
June 30, 2025 Record updated