Critical9.1Netgate pfSense Updated
Netgate pfSense CE 2.7.2 allows code execution by using the module installer with a backup file with a serialized PHP object co…
CVE-2025-69690 Published May 8, 2026Updated by vendor Jun 17, 2026
CVE-2025-69690
Affected products & platforms
Netgate pfSenseUnclassified
Summary
Netgate pfSense CE 2.7.2 allows code execution by using the module installer with a backup file with a serialized PHP object containing the post_reboot_commands property. NOTE: the Supplier disputes this because this installer is only available to admins and they are intentionally allowed to execute PHP code.
Mitigation
Mitigation steps weren't captured by the parser for this advisory — this is a parsing gap, not a statement that no fix exists. Read the vendor advisory below for the authoritative guidance.
Official advisory · medium-confidence parse· fetched 5 hours ago·verify at source
Discussion(0)
No comments yet. Share field notes, upgrade gotchas, or questions — verify against the vendor advisory before acting on community advice.
Sign in to join the discussion.