CNNVD-202508-3226 Information

CNNVD ID

CNNVD-202508-3226

Related CVE

CVE-2025-50989

• CNNVD Published: 2025-08-27

Description (Chinese)

Deciso OPNsense是荷兰Deciso公司的一套基于FreeBSD的开源防火墙和路由软件。 Deciso OPNsense 25.1版本存在操作系统命令注入漏洞，该漏洞源于Bridge Interface Edit端点中span参数处理不当，可能导致命令注入攻击。

Description (English)

Deciso OPNsense is an open-source firewall and routed software package based on FreeBSD of the Netherlands Corporation of Deciso. Version 25.1 of Deciso OPNsense contains a loophole in the OS command, which arises from the mishandling of the span parameters in the Bridge Interface Edit endpoint, which may result in an order being injected into the attack.

Hazard Level

Medium

Vulnerability Type

操作系统命令注入

Affected Vendor

Deciso

Published

2025-08-27

Last Modified

2026-02-24

References

https://github.com/4rdr/proofs/blob/main/info/OPNsense-25.1-Command-Injection-via-span-parameter.md https://github.com/opnsense/changelog/blob/640e96ed6a783254283aead0d0b744fc9143ce6d/community/25.1/25.1.8#L34 https://nvd.nist.gov/vuln/detail/CVE-2025-50989

Patch

https://opnsense.org/download/