OPNsense 25.1 contains an authenticated command injection vulnerability in its Bridge Interface Edit endpoint (interfaces_bridge_edit.php). The span POST parameter is concatenated into a system-level command without proper sanitization or escaping, allowing an administrator to inject arbitrary shell operators and payloads. Successful exploitation grants RCE with the privileges of the web service (typically root), potentially leading to full system compromise or lateral movement. This vulnerability arises from inadequate input validation and improper handling of user-supplied data in backend command invocations.
History

Wed, 27 Aug 2025 22:00:00 +0000

Type Values Removed Values Added
First Time appeared Opnsense
Opnsense opnsense
Vendors & Products Opnsense
Opnsense opnsense

Wed, 27 Aug 2025 15:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-77
Metrics cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Wed, 27 Aug 2025 14:45:00 +0000

Type Values Removed Values Added
Description OPNsense 25.1 contains an authenticated command injection vulnerability in its Bridge Interface Edit endpoint (interfaces_bridge_edit.php). The span POST parameter is concatenated into a system-level command without proper sanitization or escaping, allowing an administrator to inject arbitrary shell operators and payloads. Successful exploitation grants RCE with the privileges of the web service (typically root), potentially leading to full system compromise or lateral movement. This vulnerability arises from inadequate input validation and improper handling of user-supplied data in backend command invocations.
References

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2025-08-27T14:48:37.186Z

Reserved: 2025-06-16T00:00:00.000Z

Link: CVE-2025-50989

cve-icon Vulnrichment

Updated: 2025-08-27T14:47:28.729Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2025-08-27T15:15:38.857

Modified: 2025-08-29T16:24:09.860

Link: CVE-2025-50989

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2025-08-27T21:57:27Z