Security Advisory

CVE-2025-53392

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2025-06-28 00:00:00

Last updated 2025-06-30 13:32:27

Assigner mitre

State PUBLISHED

Description

In Netgate pfSense CE 2.8.0, the "WebCfg - Diagnostics: Command" privilege allows reading arbitrary files via diag_command.php dlPath directory traversal. NOTE: the Suppliers perspective is that this is intended behavior for this privilege level, and that system administrators are informed through both the product documentation and UI.

← Browse all CVEs View on cve.org ↗