Path Traversal Vulnerability in Netgate pfSense CE Suricata Package
CVE-2025-12490

8.8HIGH

Key Information:

Vendor: Netgate
Status: Pfsense
Vendor: CVE Published:; 6 November 2025

What is CVE-2025-12490?

A path traversal vulnerability exists within the Suricata package of Netgate pfSense CE, allowing remote attackers, authenticated to the system, to create arbitrary files. The flaw arises from inadequate validation of user-supplied paths before performing file operations. This vulnerability enables attackers to execute code with root privileges, potentially compromising the entire system.

Affected Version(s)

pfSense pfSense 2.8.1, Suricata package 7.0.8_3

References

https://www.zerodayinitiative.com/advisories/ZDI-25-979/

x_research-advisory

https://github.com/pfsense/FreeBSD-ports/commit/36b2303df...

vendor-advisory

CVSS V3.0

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 6, 2025
Vulnerability Reserved
Oct 29, 2025

JSON