Directory Traversal Vulnerability in Deciso OPNsense
CVE-2025-13698

4.5MEDIUM

Key Information:

Vendor: Deciso
Status: Opnsense
Vendor: CVE Published:; 23 December 2025

What is CVE-2025-13698?

A directory traversal vulnerability exists in the Deciso OPNsense backup functionality, allowing network-adjacent attackers to create arbitrary files on affected installations. This issue arises from inadequate validation of user-supplied paths during file operations within the diag_backup.php component. An attacker exploiting this flaw can potentially write files with root privileges, which poses significant security risks to the system. Authentication is required to carry out the exploit, highlighting the importance of securing user credentials and monitoring access logs.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

OPNsense 25.7

References

https://www.zerodayinitiative.com/advisories/ZDI-25-1022/

x_research-advisory

https://github.com/opnsense/core/commit/cb15c935137d05c86...

vendor-advisory

CVSS V3.0

Score:

4.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Dec 23, 2025
Vulnerability Reserved
Nov 25, 2025

JSON

Deciso

What is CVE-2025-13698?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.0

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.