2 matches found
CVE-2025-50989
OPNsense before 25.1.8 contains an authenticated command injection vulnerability in its Bridge Interface Edit endpoint interfacesbridgeedit.php. The span POST parameter is concatenated into a system-level command without proper sanitization or escaping, allowing an administrator to inject arbitra...
CVE-2025-50989
OPNsense before 25.1.8 suffers an authenticated command injection in the Bridge Interface Edit endpoint (interfaces_bridge_edit.php). The POST parameter span is concatenated into a system-level command without sanitization, allowing an administrator to inject arbitrary shell commands and payloads...