CVE-2025-53392 — MEDIUM (5.0)

Vulnerability Description

In Netgate pfSense CE 2.8.0, the "WebCfg - Diagnostics: Command" privilege allows reading arbitrary files via diag_command.php dlPath directory traversal. NOTE: the Supplier's perspective is that this is intended behavior for this privilege level, and that system administrators are informed through both the product documentation and UI.

CVSS Score

5.0

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality

LOW

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Pfsense	Pfsense	2.8.0

Related Weaknesses (CWE)

CWE-36

References

https://github.com/skraft9/pfsense-security-researchExploitThird Party Advisory
https://github.com/skraft9/pfsense-security-researchExploitThird Party Advisory

FAQ

What is CVE-2025-53392?

CVE-2025-53392 is a vulnerability with a CVSS score of 5.0 (MEDIUM). In Netgate pfSense CE 2.8.0, the "WebCfg - Diagnostics: Command" privilege allows reading arbitrary files via diag_command.php dlPath directory traversal. NOTE: the Supplier's perspective is that this...

How severe is CVE-2025-53392?

CVE-2025-53392 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2025-53392?

Check the references section above for vendor advisories and patch information. Affected products include: Pfsense Pfsense.