FKIE_CVE-2025-14558

Vulnerability from fkie_nvd - Published: 2026-03-09 12:16 - Updated: 2026-03-17 15:55
Severity ?
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
The rtsol(8) and rtsold(8) programs do not validate the domain search list options provided in router advertisement messages; the option body is passed to resolvconf(8) unmodified. resolvconf(8) is a shell script which does not validate its input. A lack of quoting meant that shell commands pass as input to resolvconf(8) may be executed.
References
secteam@freebsd.orghttps://security.freebsd.org/advisories/FreeBSD-SA-25:12.rtsold.ascVendor Advisory
134c704f-9b21-4f2e-91b3-4a467353bcc0https://sploitus.com/exploit?id=MSF:EXPLOIT-FREEBSD-MISC-RTSOLD_DNSSL_CMDINJECT-Exploit, Third Party Advisory
Impacted products
Vendor Product Version
freebsd freebsd 13.5
freebsd freebsd 13.5
freebsd freebsd 13.5
freebsd freebsd 13.5
freebsd freebsd 13.5
freebsd freebsd 13.5
freebsd freebsd 13.5
freebsd freebsd 13.5
freebsd freebsd 14.3
freebsd freebsd 14.3
freebsd freebsd 14.3
freebsd freebsd 14.3
freebsd freebsd 14.3
freebsd freebsd 14.3
freebsd freebsd 14.3
freebsd freebsd 15.0
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:freebsd:freebsd:13.5:-:*:*:*:*:*:*",
              "matchCriteriaId": "947F561E-AD65-43B9-94C1-3109A3D35248",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:freebsd:freebsd:13.5:p1:*:*:*:*:*:*",
              "matchCriteriaId": "3D1987F1-1E08-4B28-8D16-D25A091D99ED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:freebsd:freebsd:13.5:p2:*:*:*:*:*:*",
              "matchCriteriaId": "BEC1E8A0-0402-45F1-938D-FEFDCFC3E747",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:freebsd:freebsd:13.5:p3:*:*:*:*:*:*",
              "matchCriteriaId": "D94457D6-738F-4ABB-BD46-F2B621531FE2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:freebsd:freebsd:13.5:p4:*:*:*:*:*:*",
              "matchCriteriaId": "8C38CB56-B80C-4D1B-9267-16E8F985B170",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:freebsd:freebsd:13.5:p5:*:*:*:*:*:*",
              "matchCriteriaId": "13DF1E38-5E8D-42FF-A4C5-092300864F3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:freebsd:freebsd:13.5:p6:*:*:*:*:*:*",
              "matchCriteriaId": "83A86F81-0965-4600-835A-496756137998",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:freebsd:freebsd:13.5:p7:*:*:*:*:*:*",
              "matchCriteriaId": "987E31A4-7E21-471E-A3EA-4E53FFDB3DFB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:freebsd:freebsd:14.3:-:*:*:*:*:*:*",
              "matchCriteriaId": "9DC7C54E-58AF-4ADE-84AF-0EF0F325E20E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:freebsd:freebsd:14.3:p1:*:*:*:*:*:*",
              "matchCriteriaId": "D3D22B8C-36CF-4800-9673-0B0240558BDD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:freebsd:freebsd:14.3:p2:*:*:*:*:*:*",
              "matchCriteriaId": "242FA2A8-5D7D-4617-A411-2651FF3A3E4C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:freebsd:freebsd:14.3:p3:*:*:*:*:*:*",
              "matchCriteriaId": "40573F60-F3B7-4AEC-846A-B08E5B7D9D00",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:freebsd:freebsd:14.3:p4:*:*:*:*:*:*",
              "matchCriteriaId": "1FB832CE-0A98-44A2-8BAC-CD38A64279B6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:freebsd:freebsd:14.3:p5:*:*:*:*:*:*",
              "matchCriteriaId": "9A785F8E-C218-41AE-8D57-BF06DDAEF7CB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:freebsd:freebsd:14.3:p6:*:*:*:*:*:*",
              "matchCriteriaId": "C3909FDD-B2A2-45B6-A40B-1D303A717F15",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:freebsd:freebsd:15.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "368CFE5D-C5C2-42AF-AAF4-28DFE1A59C3B",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The rtsol(8) and rtsold(8) programs do not validate the domain search list options provided in router advertisement messages; the option body is passed to resolvconf(8) unmodified.\n\nresolvconf(8) is a shell script which does not validate its input.  A lack of quoting meant that shell commands pass as input to resolvconf(8) may be executed."
    },
    {
      "lang": "es",
      "value": "Los programas rtsol(8) y rtsold(8) no validan las opciones de lista de b\u00fasqueda de dominio proporcionadas en los mensajes de anuncio de router; el cuerpo de la opci\u00f3n se pasa a resolvconf(8) sin modificar.\n\nresolvconf(8) es un script de shell que no valida su entrada. Una falta de comillas significaba que los comandos de shell pasados como entrada a resolvconf(8) pueden ser ejecutados."
    }
  ],
  "id": "CVE-2025-14558",
  "lastModified": "2026-03-17T15:55:24.490",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.2,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.2,
        "impactScore": 5.9,
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "type": "Secondary"
      }
    ]
  },
  "published": "2026-03-09T12:16:11.140",
  "references": [
    {
      "source": "secteam@freebsd.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://security.freebsd.org/advisories/FreeBSD-SA-25:12.rtsold.asc"
    },
    {
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://sploitus.com/exploit?id=MSF:EXPLOIT-FREEBSD-MISC-RTSOLD_DNSSL_CMDINJECT-"
    }
  ],
  "sourceIdentifier": "secteam@freebsd.org",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "secteam@freebsd.org",
      "type": "Secondary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.