What is CVE-2025-12490?

CVE-2025-12490 is a high-severity vulnerability in Netgate Pfsense, classified under Path Traversal. CVSS score: 8.8/10. Published 2025-11-06.

How severe is CVE-2025-12490?

High severity. CVSS v3 base score is 8.8 out of 10.

Path Traversal in Netgate Pfsense

CVE-2025-12490

Netgate pfSense CE Suricata Path Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to create arbitrary files on affected installations of Netgate pfSense. Authentication is required to exploit this v…

Vulnerability class: Path Traversal (Directory Traversal)

EPSS: 0.183 (96.8th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 8.8 (High). Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H.

Affected products

Netgate Pfsense — versions pfSense 2.8.1, Suricata package 7.0.8_3

Weakness classification (CWE)

CWE-22 — Path Traversal

References

ZDI-25-979 (x_research-advisory)
vendor-provided URL (vendor-advisory)

Frequently asked questions

What is CVE-2025-12490?: CVE-2025-12490 is a high-severity vulnerability in Netgate Pfsense, classified under Path Traversal. CVSS score: 8.8/10. Published 2025-11-06.
How severe is CVE-2025-12490?: High severity. CVSS v3 base score is 8.8 out of 10.