CP
cyberpings
VulnerabilitiesHIGH

Critical RCE Flaw Found in pfSense: Immediate Action Required

FDFull DisclosureFeb 16, 2026
CVE-2025-69690CVE-2025-69691pfSense
🎯

Basically, two serious security flaws let hackers run code on pfSense routers.

Quick Summary

Two serious flaws in pfSense could let hackers run code remotely. Users of pfSense CE 2.7.2 and 2.8.0 are at risk. It's crucial to secure your network now, as no patches are available.

What Happened

A significant security issue has been uncovered in pfSense?, a popular open-source firewall and router software. Researchers have identified two vulnerabilities?, CVE-2025-69690 and CVE-2025-69691, that allow authenticated? remote code execution (RCE)?. This means that if an attacker gains access to a pfSense? device, they can execute malicious code remotely, potentially compromising the entire network.

The vulnerabilities? were disclosed by researcher Nelson Adhepeau, who reported them to the vendor on December 2, 2025. Unfortunately, the vendor acknowledged the issues but stated that no patches? would be issued. As a result, the advisory was published after a standard 90-day waiting period, leaving users vulnerable to potential attacks.

Why Should You Care

If you use pfSense? for your home or business network, this is a wake-up call. An attacker could exploit these vulnerabilities? to take control of your network, leading to data breaches, loss of sensitive information, or even ransomware attacks. Imagine leaving your front door unlocked; you wouldn't feel safe, right? This is the cybersecurity equivalent.

Your router is the gateway to your digital life. If it’s compromised, everything connected to it—your devices, bank accounts, and personal information—could be at risk. This is not just a technical issue; it directly impacts your privacy and security. Act now to protect yourself!

What's Being Done

Currently, there is no fix available from pfSense? for these vulnerabilities?. Users are advised to take immediate action to secure their networks. Here are some steps you can take:

  • Limit access: Restrict access to your pfSense? device to only trusted users.
  • Monitor logs: Keep an eye on your network logs for any unusual activity.
  • Consider alternatives: If possible, evaluate other firewall solutions that provide timely security updates.

Experts are closely monitoring the situation for any signs of exploitation in the wild. With the absence of patches?, the risk remains high, and vigilance is essential.

💡 Tap dotted terms for explanations

🔒 Pro insight: The lack of vendor response to these critical RCE vulnerabilities may lead to widespread exploitation and increased threat actor interest.

Original article from

Full Disclosure

Read Full Article

Share

Related Pings

HIGHVulnerabilities

HttpOnly Cookies at Risk from New 'Cookie Sandwich' Technique

A new technique called 'cookie sandwich' can steal secure cookies from websites. This affects users relying on HttpOnly flags for protection. Stay informed and ensure your online security measures are up to date.

PortSwigger Research·Jan 22, 2025
HIGHVulnerabilities

Exploitation Alert: Gladinet Vulnerability Targets Cryptography

A vulnerability in Gladinet's CentreStack and Triofox software is being actively exploited. Users are at risk of data breaches due to hardcoded cryptographic keys. Gladinet is working on a fix, but immediate action is needed to secure your systems.

Huntress Blog·Dec 18, 2025
HIGHVulnerabilities

XSS Vulnerability Found in RPi-Jukebox-RFID 2.8.0

A serious XSS vulnerability has been found in RPi-Jukebox-RFID 2.8.0. Users are at risk of attackers injecting harmful scripts. Update your software immediately to protect your device and data.

Exploit-DB·Feb 2, 2026
HIGHVulnerabilities

Hacked Construction Apps Threaten Jobsite Security

Hacked construction apps are exposing job sites to security risks. This affects contractors and workers alike, leading to potential project delays and safety issues. Stay updated on software patches and security measures to protect your projects.

Huntress Blog·Jan 21, 2026
HIGHVulnerabilities

URL Validation Bypass Cheat Sheet Gets Powerful New Payloads

A new update to the URL Validation Bypass Cheat Sheet introduces powerful payloads for web security experts. This matters because weak URL validations can lead to serious security breaches. Stay informed and protect your online activities!

PortSwigger Research·Oct 29, 2024
HIGHVulnerabilities

Windows 10 Faces Spoofing Vulnerability Risk

A spoofing vulnerability has been found in Windows 10 version 10.0.17763.7009. This flaw could allow attackers to impersonate legitimate users, risking your sensitive information. Microsoft is working on a patch, so stay alert and update your system when available.

Exploit-DB·Feb 11, 2026