Netgate Pfsense vulnerabilities

CVE-2025-12490 [HIGH] CWE-22 CVE-2025-12490: Netgate pfSense CE Suricata Path Traversal Remote Code Execution Vulnerability. This vulnerability a Netgate pfSense CE Suricata Path Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to create arbitrary files on affected installations of Netgate pfSense. Authentication is required to exploit this vulnerability. The specific flaw exists within the Suricata package. The issue results from the lack of proper vali

CVE-2025-53392 [MEDIUM] CWE-36 CVE-2025-53392: In Netgate pfSense CE 2.8.0, the "WebCfg - Diagnostics: Command" privilege allows reading arbitrary In Netgate pfSense CE 2.8.0, the "WebCfg - Diagnostics: Command" privilege allows reading arbitrary files via diag_command.php dlPath directory traversal. NOTE: the Supplier's perspective is that this is intended behavior for this privilege level, and that system administrators are informed through both the product documentation and UI.

CVE-2024-46538 [MEDIUM] CWE-79 CVE-2024-46538: A cross-site scripting (XSS) vulnerability in pfsense v2.5.2 allows attackers to execute arbitrary w A cross-site scripting (XSS) vulnerability in pfsense v2.5.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the $pconfig variable at interfaces_groups_edit.php.

CVE-2023-48123 [HIGH] CVE-2023-48123: An issue in Netgate pfSense Plus v.23.05.1 and before and pfSense CE v.2.7.0 allows a remote attacke An issue in Netgate pfSense Plus v.23.05.1 and before and pfSense CE v.2.7.0 allows a remote attacker to execute arbitrary code via a crafted request to the packet_capture.php file.

CVE-2023-42326 [HIGH] CWE-77 CVE-2023-42326: An issue in Netgate pfSense v.2.7.0 allows a remote attacker to execute arbitrary code via a crafted An issue in Netgate pfSense v.2.7.0 allows a remote attacker to execute arbitrary code via a crafted request to the interfaces_gif_edit.php and interfaces_gre_edit.php components.

CVE-2023-42325 [MEDIUM] CWE-79 CVE-2023-42325: Cross Site Scripting (XSS) vulnerability in Netgate pfSense v.2.7.0 allows a remote attacker to gain Cross Site Scripting (XSS) vulnerability in Netgate pfSense v.2.7.0 allows a remote attacker to gain privileges via a crafted url to the status_logs_filter_dynamic.php page.

CVE-2023-42327 [MEDIUM] CWE-79 CVE-2023-42327: Cross Site Scripting (XSS) vulnerability in Netgate pfSense v.2.7.0 allows a remote attacker to gain Cross Site Scripting (XSS) vulnerability in Netgate pfSense v.2.7.0 allows a remote attacker to gain privileges via a crafted URL to the getserviceproviders.php page.

CVE-2020-21487 [CRITICAL] CWE-79 CVE-2020-21487: Cross Site Scripting vulnerability found in Netgate pfSense 2.4.4 and ACME package v.0.6.3 allows at Cross Site Scripting vulnerability found in Netgate pfSense 2.4.4 and ACME package v.0.6.3 allows attackers to execute arbitrary code via the RootFolder field of acme_certificates.php.

CVE-2023-27253 [HIGH] CWE-91 CVE-2023-27253: A command injection vulnerability in the function restore_rrddata() of Netgate pfSense v2.7.0 allows A command injection vulnerability in the function restore_rrddata() of Netgate pfSense v2.7.0 allows authenticated attackers to execute arbitrary commands via manipulating the contents of an XML file supplied to the component config.xml.

CVE-2022-29273 [MEDIUM] CWE-79 CVE-2022-29273: pfSense CE through 2.6.0 and pfSense Plus before 22.05 allow XSS in the WebGUI via URL Table Alias U pfSense CE through 2.6.0 and pfSense Plus before 22.05 allow XSS in the WebGUI via URL Table Alias URL parameters.

CVE-2020-21219 [MEDIUM] CWE-79 CVE-2020-21219: Cross Site Scripting (XSS) vulnerability in Netgate pf Sense 2.4.4-Release-p3 and Netgate ACME packa Cross Site Scripting (XSS) vulnerability in Netgate pf Sense 2.4.4-Release-p3 and Netgate ACME package 0.6.3 allows remote attackers to to run arbitrary code via the RootFolder field to acme_certificate_edit.php page of the ACME package.

CVE-2022-26019 [HIGH] CWE-22 CVE-2022-26019: Improper access control vulnerability in pfSense CE and pfSense Plus (pfSense CE software versions p Improper access control vulnerability in pfSense CE and pfSense Plus (pfSense CE software versions prior to 2.6.0 and pfSense Plus software versions prior to 22.01) allows a remote attacker with the privilege to change NTP GPS settings to rewrite existing files on the file system, which may result in arbitrary command execution.

CVE-2022-24299 [HIGH] CWE-20 CVE-2022-24299: Improper input validation vulnerability in pfSense CE and pfSense Plus (pfSense CE software versions Improper input validation vulnerability in pfSense CE and pfSense Plus (pfSense CE software versions prior to 2.6.0 and pfSense Plus software versions prior to 22.01) allows a remote attacker with the privilege to change OpenVPN client or server settings to execute an arbitrary command.

CVE-2020-19201 [MEDIUM] CWE-79 CVE-2020-19201: A Stored Cross-Site Scripting (XSS) vulnerability was found in status_filter_reload.php, a page in t A Stored Cross-Site Scripting (XSS) vulnerability was found in status_filter_reload.php, a page in the pfSense software WebGUI, on Netgate pfSense version 2.4.4-p2 and earlier. The page did not encode output from the filter reload process, and a stored XSS was possible via the descr (description) parameter on NAT rules.

CVE-2020-19203 [MEDIUM] CWE-79 CVE-2020-19203: An authenticated Cross-Site Scripting (XSS) vulnerability was found in widgets/widgets/wake_on_lan_w An authenticated Cross-Site Scripting (XSS) vulnerability was found in widgets/widgets/wake_on_lan_widget.php, a component of the pfSense software WebGUI, on version 2.4.4-p2 and earlier. The widget did not encode the descr (description) parameter of wake-on-LAN entries in its output, leading to a possible stored XSS.

CVE-2020-10797 [MEDIUM] CWE-79 CVE-2020-10797: An XSS vulnerability resides in the hostname field of the diag_ping.php page in pfsense before 2.4.5 An XSS vulnerability resides in the hostname field of the diag_ping.php page in pfsense before 2.4.5 version. After passing inputs to the command and executing this command, the $result variable is not sanitized before it is printed.

CVE-2020-11457 [MEDIUM] CWE-79 CVE-2020-11457: pfSense before 2.4.5 has stored XSS in system_usermanager_addprivs.php in the WebGUI via the descr p pfSense before 2.4.5 has stored XSS in system_usermanager_addprivs.php in the WebGUI via the descr parameter (aka full name) of a user.

CVE-2019-16915 [CRITICAL] CWE-22 CVE-2019-16915: An issue was discovered in pfSense through 2.4.4-p3. widgets/widgets/picture.widget.php uses the wid An issue was discovered in pfSense through 2.4.4-p3. widgets/widgets/picture.widget.php uses the widgetkey parameter directly without sanitization (e.g., a basename call) for a pathname to file_get_contents or file_put_contents.

CVE-2019-16667 [HIGH] CWE-352 CVE-2019-16667: diag_command.php in pfSense 2.4.4-p3 allows CSRF via the txtCommand or txtRecallBuffer field, as dem diag_command.php in pfSense 2.4.4-p3 allows CSRF via the txtCommand or txtRecallBuffer field, as demonstrated by executing OS commands. This occurs because csrf_callback() produces a "CSRF token expired" error and a Try Again button when a CSRF token is missing.

CVE-2019-16914 [MEDIUM] CWE-79 CVE-2019-16914: An XSS issue was discovered in pfSense through 2.4.4-p3. In services_captiveportal_mac.php, the user An XSS issue was discovered in pfSense through 2.4.4-p3. In services_captiveportal_mac.php, the username and delmac parameters are displayed without sanitization.