CNNVD-202512-4084 Information

CNNVD ID

CNNVD-202512-4084

Related CVE

CVE-2025-13698

• CNNVD Published: 2025-12-23

Description (Chinese)

Deciso OPNsense是荷兰Deciso公司的一个防火墙与路由器操作系统。 Deciso OPNsense存在路径遍历漏洞，该漏洞源于处理备份配置文件时缺乏对用户提供路径的验证，可能导致任意文件创建。

Description (English)

Deciso OPNsense is a firewall and router operating system of the Dutch company Deciso. Deciso OPNsense has a loophole in the path, which results from the lack of validation of the path provided by the user while processing the backup profile, which may lead to the creation of any file.

Hazard Level

High

Vulnerability Type

路径遍历

Affected Vendor

Deciso

Published

2025-12-23

Last Modified

2026-02-24

References

https://github.com/opnsense/core/commit/cb15c935137d05c86a1e6cf12af877e9c32a23af https://www.zerodayinitiative.com/advisories/ZDI-25-1022/

Patch

https://github.com/opnsense/core/commit/cb15c935137d05c86a1e6cf12af877e9c32a23af