Plataforma
freebsd
Componente
suricata
Corrigido em
2.8.2
CVE-2025-12490 is a Remote Code Execution (RCE) vulnerability affecting Suricata installations within Netgate pfSense CE. This flaw allows authenticated attackers to create arbitrary files on the system, potentially leading to complete system compromise. The vulnerability impacts pfSense versions 7.0.83–pfSense 2.8.1 and the Suricata package 7.0.83. A fix is available in pfSense 2.8.2.
Successful exploitation of CVE-2025-12490 allows an attacker to execute arbitrary code with root privileges on the affected pfSense firewall. This could lead to complete system takeover, data exfiltration, and disruption of network services. The ability to create arbitrary files as root significantly expands the attacker's capabilities, enabling them to install malware, modify system configurations, and potentially pivot to other systems on the network. This vulnerability is similar in impact to other path traversal vulnerabilities where attackers gain elevated privileges through file manipulation.
CVE-2025-12490 was initially reported to ZDI (ZDI-CAN-28085). The vulnerability is considered to have a medium probability of exploitation given the requirement for authentication. Public proof-of-concept code is not currently available, but the path traversal nature of the vulnerability makes it likely that such code will emerge. This CVE was published on 2025-11-06.
Organizations running pfSense firewalls with Suricata enabled, particularly those using versions 7.0.8_3–pfSense 2.8.1, are at risk. Shared hosting environments where multiple users have access to Suricata configuration are also particularly vulnerable, as an attacker could potentially exploit the vulnerability through another user's account.
• freebsd / server:
journalctl -u suricata | grep -i "path traversal"• freebsd / server:
lsof | grep /usr/local/suricata/ -i 'root'• freebsd / server:
find / -name '*created_by_attacker*' -user rootdisclosure
patch
Status do Exploit
EPSS
26.70% (percentil 96%)
CISA SSVC
Vetor CVSS
The primary mitigation for CVE-2025-12490 is to upgrade to pfSense version 2.8.2 or later, which includes the necessary fix. If an immediate upgrade is not possible, consider implementing temporary workarounds such as restricting access to Suricata configuration interfaces to trusted users only. Reviewing Suricata configuration files for any unusual or unauthorized file creations can also help detect potential compromise. After upgrading, confirm the fix by attempting to create a file in a restricted directory via the Suricata configuration interface; the attempt should be denied.
Actualice el paquete Suricata a la versión corregida proporcionada por Netgate para pfSense. Esto solucionará la vulnerabilidad de path traversal que permite la creación de archivos arbitrarios. Consulte el anuncio de seguridad de Netgate para obtener instrucciones específicas de actualización.
Análise de vulnerabilidades e alertas críticos diretamente no seu e-mail.
CVE-2025-12490 is a Remote Code Execution vulnerability in Suricata installations within Netgate pfSense CE, allowing authenticated attackers to create arbitrary files as root.
You are affected if you are running pfSense versions 7.0.83–pfSense 2.8.1 and the Suricata package 7.0.83.
Upgrade to pfSense version 2.8.2 or later to resolve the vulnerability. Restrict access to Suricata configuration interfaces as a temporary workaround.
While public proof-of-concept code is not currently available, the vulnerability's nature suggests potential for exploitation.
Refer to the official Netgate pfSense security advisory for CVE-2025-12490 on the pfSense website.
Envie seu arquivo de dependências e descubra na hora se esta e outras CVEs te atingem.