CVE-2010-20059

UNKNOWN 0.0

FreeNAS < 0.7.2 rev 5543 exec_raw.php Arbitrary Command Execution

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

0th

FreeNAS 0.7.2 prior to revision 5543 includes an unauthenticated command‐execution backdoor in its web interface. The exec_raw.php script exposes a cmd parameter that is passed directly to the underlying shell without sanitation.

CWE	CWE-78
Vendor	ixsystems
Product	freenas
Published	Aug 20, 2025
Last Updated	Apr 7, 2026

Stay Ahead of the Next One

Get instant alerts for ixsystems freenas

Be the first to know when new unknown vulnerabilities affecting ixsystems freenas are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

iXsystems / FreeNAS

* < 0.7.2 rev 5543

References

NVD ↗ CVE.org ↗ EPSS Data ↗

exploit-db.com: https://www.exploit-db.com/exploits/16313 raw.githubusercontent.com: https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/multi/http/freenas_exec_raw.rb sourceforge.net: https://sourceforge.net/projects/freenas/ github.com: https://github.com/freenas truenas.com: https://www.truenas.com/freenas/ tenable.com: https://www.tenable.com/plugins/nnm/5714 web.archive.org: https://web.archive.org/web/20101218143110/http://sourceforge.net/projects/freenas/files//stable/0.7.2/NOTES%200.7.2.5543.txt/view vulncheck.com: https://www.vulncheck.com/advisories/freenas-arbitrary-command-execution

CVE-2010-20059

FreeNAS < 0.7.2 rev 5543 exec_raw.php Arbitrary Command Execution

Get instant alerts for ixsystems freenas

Affected Versions

References

Credits