Plattform
freebsd
Komponente
suricata
Behoben in
2.8.2
CVE-2025-12490 is a Remote Code Execution (RCE) vulnerability affecting Suricata installations within Netgate pfSense CE. This flaw allows authenticated attackers to create arbitrary files on the system, potentially leading to complete system compromise. The vulnerability impacts pfSense versions 7.0.83–pfSense 2.8.1 and the Suricata package 7.0.83. A fix is available in pfSense 2.8.2.
Successful exploitation of CVE-2025-12490 allows an attacker to execute arbitrary code with root privileges on the affected pfSense system. This could lead to complete system takeover, data exfiltration, and the installation of persistent backdoors. The ability to create files as root significantly expands the attacker's capabilities, enabling them to modify system configurations, install malicious software, and pivot to other systems on the network. Given pfSense's role as a firewall and network gateway, a successful compromise could have a wide-ranging impact, affecting all systems behind the firewall.
This vulnerability was reported to Netgate via ZDI-CAN-28085. Public proof-of-concept code is not currently available, but the path traversal nature of the vulnerability suggests that exploitation is likely to become easier over time. The vulnerability is not currently listed on CISA KEV, but its HIGH severity warrants close monitoring. The requirement for authentication limits the immediate exploitability, but could be bypassed in environments with compromised user accounts.
Organizations running pfSense firewalls with Suricata enabled, particularly those using versions 7.0.8_3–pfSense 2.8.1, are at risk. Shared hosting environments where multiple users have access to Suricata configuration are also particularly vulnerable, as an attacker could potentially exploit the vulnerability through another user's account.
• freebsd / server:
journalctl -u suricata | grep -i "path traversal"• freebsd / server:
lsof | grep /usr/local/suricata/ -i 'root'• freebsd / server:
find / -name '*created_by_attacker*' -user rootdisclosure
patch
Exploit-Status
EPSS
26.70% (96% Perzentil)
CISA SSVC
CVSS-Vektor
The primary mitigation for CVE-2025-12490 is to upgrade to pfSense version 2.8.2 or later, which includes a fix for the path traversal vulnerability. If an immediate upgrade is not possible, consider implementing stricter file access controls on the Suricata installation directory to limit the attacker's ability to create arbitrary files. While not a complete solution, this can reduce the potential impact. Monitor system logs for suspicious file creation activity, particularly in unexpected locations. After upgrading, confirm the fix by attempting to create a file in a restricted directory via the Suricata interface; the operation should fail.
Actualice el paquete Suricata a la versión corregida proporcionada por Netgate para pfSense. Esto solucionará la vulnerabilidad de path traversal que permite la creación de archivos arbitrarios. Consulte el anuncio de seguridad de Netgate para obtener instrucciones específicas de actualización.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2025-12490 is a Remote Code Execution vulnerability in Suricata installations within Netgate pfSense CE, allowing authenticated attackers to create arbitrary files as root.
You are affected if you are running pfSense versions 7.0.83–pfSense 2.8.1 and the Suricata package 7.0.83.
Upgrade to pfSense version 2.8.2 or later to resolve the vulnerability. Restrict access to Suricata configuration interfaces as a temporary workaround.
While public proof-of-concept code is not currently available, the vulnerability's nature suggests potential for exploitation.
Refer to the official Netgate pfSense security advisory for CVE-2025-12490 on the pfSense website.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.