CVE-2025-53392 – pfSense File Traversal Vulnerability

June 28, 2025

CVE ID : CVE-2025-53392

Published : June 28, 2025, 11:15 p.m. | 2 hours, 11 minutes ago

Description : In Netgate pfSense CE 2.8.0, the “WebCfg – Diagnostics: Command” privilege allows reading arbitrary files via diag_command.php dlPath directory traversal. NOTE: the Supplier’s perspective is that this is intended behavior for this privilege level, and that system administrators are informed through both the product documentation and UI.

Severity: 5.0 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-53393 – Akka Cluster Metrics Java Serialization Deserialization Vulnerability

Next Article CVE-2025-6839 – Conjure Position Department Service Quality Evaluation System Less Bootstrap Mixin Head PHP Backdoor Remote Code Execution

CodeSOD: A Unique Way to Primary Key

BrowserStack launches Figma plugin for detecting accessibility issues in design phase

Parasoft brings agentic AI to service virtualization in latest release

Node.js vs. Python for Backend: 7 Reasons C-Level Leaders Choose Node.js Talent

The best CRM software with email marketing in 2025: Expert tested and reviewed

This multi-port car charger can power 4 gadgets at once – and it’s surprisingly cheap

I’m a wearables editor and here are the 7 Pixel Watch 4 rumors I’m most curious about

8 ways I quickly leveled up my Linux skills – and you can too

The Intersection of Agile and Accessibility – A Series on Designing for Everyone

The Intersection of Agile and Accessibility – A Series on Designing for Everyone

Zero Trust & Cybersecurity Mesh: Your Org’s Survival Guide

Execute Ping Commands and Get Back Structured Data in PHP

A Tomb Raider composer has been jailed — His legacy overshadowed by $75k+ in loan fraud

A Tomb Raider composer has been jailed — His legacy overshadowed by $75k+ in loan fraud

“I don’t think I changed his mind” — NVIDIA CEO comments on H20 AI GPU sales resuming in China following a meeting with President Trump

Galaxy Z Fold 7 review: Six years later — Samsung finally cracks the foldable code

CVE-2025-53392 – pfSense File Traversal Vulnerability

CVE-2025-44658 – Netgear RAX30 PHP-FPM Misconfigured Extension Bypass Vulnerability

CVE-2025-7393 – Drupal Mail Login Authentication Bypass

CVE-2025-6841 – Code-projects Product Inventory System SQL Injection Vulnerability

GPT-4.1 is here, but not for everyone. Here’s who can try the new models

Designers: We’ll all be design engineers in a year

CVE-2025-49013 – WilderForge GitHub Actions Shell Code Injection Vulnerability

How to Fix Missile Command Delta Not Launching

Smashing Security podcast #423: Operation Endgame, deepfakes, and dead slugs

China’s Massistant Tool Secretly Extracts SMS, GPS Data, and Images From Confiscated Phones

CVE-2025-46584 – Apache File System Authentication Bypass

CVE-2025-53392 – pfSense File Traversal Vulnerability

Related Posts