CVE-2025-53392 Information

Description

In Netgate pfSense CE 2.8.0 the \WebCfg - Diagnostics: Command\ privilege allows reading arbitrary files via diag_command.php dlPath directory traversal. NOTE: the Supplier’s perspective is that this is intended behavior for this privilege level and that system administrators are informed through both the product documentation and UI.

Reference

https://github.com/skraft9/pfsense-security-research

Related CNNVD

CNNVD-202506-3656 (Published: 2025-06-28)