vulnerability
FreeBSD: VID-6c9318c7-dae9-11f0-80b8-bc241121aa0a (CVE-2025-14558): FreeBSD -- Remote code execution via ND6 Router Advertisements
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 10 | (AV:N/AC:L/Au:N/C:C/I:C/A:C) | Dec 17, 2025 | Jan 27, 2026 | Jan 27, 2026 |
Severity
10
CVSS
(AV:N/AC:L/Au:N/C:C/I:C/A:C)
Published
Dec 17, 2025
Added
Jan 27, 2026
Modified
Jan 27, 2026
Description
Problem Description: The rtsol(8) and rtsold(8) programs do not validate the domain search list options provided in router advertisement messages; the option body is passed to resolvconf(8) unmodified. resolvconf(8) is a shell script which does not validate its input. A lack of quoting meant that shell commands pass as input to resolvconf(8) may be executed. Impact: Systems running rtsol(8) or rtsold(8) are vulnerable to remote code execution from systems on the same network segment. In particular, router advertisement messages are not routable and should be dropped by routers, so the attack does not cross network boundaries.
Solutions
freebsd-upgrade-base-15_0-release-p1freebsd-upgrade-base-14_3-release-p7freebsd-upgrade-base-13_5-release-p8
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.