CVE-2025-50989

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2025-50989
OPNsense 25.1 contains an authenticated command injection vulnerability in its Bridge Interface Edit endpoint (interfaces_bridge_edit.php). The span POST parameter is concatenated into a system-level command without proper sanitization or escaping, allowing an administrator to inject arbitrary shell operators and payloads. Successful exploitation grants RCE with the privileges of the web service (typically root), potentially leading to full system compromise or lateral movement. This vulnerability arises from inadequate input validation and improper handling of user-supplied data in backend command invocations.

8.8 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://github.com/4rdr/proofs/blob/main/info/OPNsense-25.1-Command-Injection-via-span-parameter.md
Configurations

No configuration.

History

29 Aug 2025, 16:24

Type Values Removed Values Added
Summary
  • (es) OPNsense 25.1 contiene una vulnerabilidad de inyección de comandos autenticados en su endpoint Bridge Interface Edit (interfaces_bridge_edit.php). El parámetro POST span se concatena en un comando a nivel de sistema sin la debida depuración ni escape, lo que permite a un administrador inyectar operadores de shell y payloads arbitrarias. Una explotación exitosa otorga a RCE los privilegios del servicio web (normalmente root), lo que podría provocar la vulneración total del sistema o un desplazamiento lateral. Esta vulnerabilidad surge de una validación de entrada inadecuada y del manejo incorrecto de los datos proporcionados por el usuario en las invocaciones de comandos del backend.

27 Aug 2025, 15:15

Type Values Removed Values Added
New CVE
Information

Published : 2025-08-27 15:15

Updated : 2025-08-29 16:24

NVD link : CVE-2025-50989

Mitre link : CVE-2025-50989

CVE.ORG link : CVE-2025-50989

JSON object : View

Products Affected

No product.

CWE
CWE-77

Improper Neutralization of Special Elements used in a Command ('Command Injection')