CVE-2025-50989

CRITICAL EPSS 94.0%
Published Aug 27, 202510mo ago · Modified Jun 17, 20261w ago
9.1 CVSS 3.1
Critical
Find Similar
Published Aug 27, 2025 10mo ago
Last Modified Jun 17, 2026 1w ago

Description

OPNsense before 25.1.8 contains an authenticated command injection vulnerability in its Bridge Interface Edit endpoint (interfaces_bridge_edit.php). The span POST parameter is concatenated into a system-level command without proper sanitization or escaping, allowing an administrator to inject arbitrary shell operators and payloads. Successful exploitation results in remote code execution with the privileges of the web service (typically root), potentially leading to full system compromise or lateral movement. This vulnerability arises from inadequate input validation and improper handling of user-supplied data in backend command invocations.

CVSS Details

Base Score
9.1
Exploitability
2.3
Impact
6.0
Vector string
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Attack Vector Network
Attack Complexity Low
Privileges Required High
User Interaction None
Scope Changed
Confidentiality High
Integrity High
Availability High

Threat Intelligence

EPSS Exploit Probability
94.0% percentile
Exploit & Patch Status
Public Exploit Known
No Patch Available

Weaknesses 2

CWE-77 Command Injection Injection
CWE-78 OS Command Injection Injection

Affected Products 1

VendorProductVersionRange
opnsenseopnsense* <25.1.8

References 2

  • github.com https://github.com/4rdr/proofs/blob/main/info/OPNsense-25.1-Command-Injection-via-span-parameter.md
    ExploitThird Party Advisory
  • github.com https://github.com/opnsense/changelog/blob/640e96ed6a783254283aead0d0b744fc9143ce6d/community/25.1/25.1.8#L34
    Product

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.