CVE-2025-14558

EUVD-2025-208404
The rtsol(8) and rtsold(8) programs do not validate the domain search list options provided in router advertisement messages; the option body is passed to resolvconf(8) unmodified.

resolvconf(8) is a shell script which does not validate its input.  A lack of quoting meant that shell commands pass as input to resolvconf(8) may be executed.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.2 HIGH
NETWORK
LOW
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Affected Products (NVD)
VendorProductVersion
freebsdfreebsd
13.5
freebsdfreebsd
13.5:p1
freebsdfreebsd
13.5:p2
freebsdfreebsd
13.5:p3
freebsdfreebsd
13.5:p4
freebsdfreebsd
13.5:p5
freebsdfreebsd
13.5:p6
freebsdfreebsd
13.5:p7
freebsdfreebsd
14.3
freebsdfreebsd
14.3:p1
freebsdfreebsd
14.3:p2
freebsdfreebsd
14.3:p3
freebsdfreebsd
14.3:p4
freebsdfreebsd
14.3:p5
freebsdfreebsd
14.3:p6
freebsdfreebsd
15.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://security.freebsd.org/advisories/FreeBSD-SA-25:12.rtsold.asc
https://sploitus.com/exploit?id=MSF:EXPLOIT-FREEBSD-MISC-RTSOLD_DNSSL_CMDINJECT-