CVE-2025-69691
PfSense Community Edition 2.8.0 is affected by CVE-2025-69691, an authenticated remote code execution via the XMLRPC API endpoint pfsense.exec_php. The vulnerability allows executing arbitrary PHP code as root after authenticating with Basic Auth (the PoC notes usage of admin:pfsense, and the XML...