Critical9.9Netgate pfSense Updated
Netgate pfSense CE 2.8.0 allows code execution in the XMLRPC API via pfsense.exec_php.
CVE-2025-69691 Published May 8, 2026Updated by vendor Jun 17, 2026
CVE-2025-69691
Affected products & platforms
Netgate pfSenseUnclassified
Summary
Netgate pfSense CE 2.8.0 allows code execution in the XMLRPC API via pfsense.exec_php. NOTE: the Supplier disputes this because the API call is only available to admins and they are intentionally allowed to execute PHP code.
Mitigation
Mitigation steps weren't captured by the parser for this advisory — this is a parsing gap, not a statement that no fix exists. Read the vendor advisory below for the authoritative guidance.
Official advisory · medium-confidence parse· fetched 4 hours ago·verify at source
Discussion(0)
No comments yet. Share field notes, upgrade gotchas, or questions — verify against the vendor advisory before acting on community advice.
Sign in to join the discussion.