Deciso OPNsense diag_backup.php filename Directory Traversal Arbitrary File Creation Vulnerability
CVE-2025-13698

4.5MEDIUM

Key Information:

Vendor: Deciso
Status: Opnsense
Vendor: CVE Published:; 23 December 2025

What is CVE-2025-13698?

Deciso OPNsense diag_backup.php filename Directory Traversal Arbitrary File Creation Vulnerability. This vulnerability allows network-adjacent attackers to create arbitrary files on affected installations of Deciso OPNsense. Authentication is required to exploit this vulnerability.

The specific flaw exists within the handling of backup configuration files. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to create files in the context of root. Was ZDI-CAN-28133.

Affected Version(s)

OPNsense 25.7

References

https://www.zerodayinitiative.com/advisories/ZDI-25-1022/

x_research-advisory

https://github.com/opnsense/core/commit/cb15c935137d05c86...

vendor-advisory

CVSS V3.0

Score:

4.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 23, 2025
Vulnerability Reserved
Nov 25, 2025

JSON