CVE-2025-13698
Directory Traversal in OPNsense diag_backup.php Enables Root File Creation
Publication date: 2025-12-23
Last updated on: 2025-12-23
Assigner: Zero Day Initiative
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| deciso | opnsense | 3.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-22 | The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in Deciso OPNsense's diag_backup.php allows an authenticated network-adjacent attacker to perform directory traversal and create arbitrary files on the system. It occurs because the application does not properly validate user-supplied file paths before using them in file operations, enabling the attacker to create files with root privileges.
How can this vulnerability impact me? :
An attacker exploiting this vulnerability can create arbitrary files on the affected system with root privileges. This could lead to unauthorized modification or insertion of malicious files, potentially compromising system integrity and security.