CVE-2025-14558

HIGH 7.2

Remote code execution via ND6 Router Advertisements

CVSS Score

7.2

EPSS Score

0.0%

EPSS Percentile

0th

The rtsol(8) and rtsold(8) programs do not validate the domain search list options provided in router advertisement messages; the option body is passed to resolvconf(8) unmodified. resolvconf(8) is a shell script which does not validate its input. A lack of quoting meant that shell commands pass as input to resolvconf(8) may be executed.

CWE	CWE-20
Vendor	freebsd
Product	freebsd
Published	Mar 9, 2026
Last Updated	Mar 10, 2026

Stay Ahead of the Next One

Get instant alerts for freebsd freebsd

Be the first to know when new high vulnerabilities affecting freebsd freebsd are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

FreeBSD / FreeBSD

15.0-RELEASE < p1 14.3-RELEASE < p7 13.5-RELEASE < p8

References

NVD ↗ CVE.org ↗ EPSS Data ↗

security.freebsd.org: https://security.freebsd.org/advisories/FreeBSD-SA-25:12.rtsold.asc sploitus.com: https://sploitus.com/exploit?id=MSF:EXPLOIT-FREEBSD-MISC-RTSOLD_DNSSL_CMDINJECT-

Credits

Kevin Day