CVE-2025-14558

FreeBSD rtsold DNSSL Command Injection (RCE)

Description

rtsold(8) does not validate DNSSL domain names for shell metacharacters before passing them to resolvconf(8). Command substitution via $() enables remote code execution from an adjacent network.

Affected: FreeBSD 13.x, 14.x, 15.x before 2025-12-16

Usage

sudo python3 exploit.py -i eth0                      # touch /tmp/pwned
sudo python3 exploit.py -i eth0 -p 'id > /tmp/out'   # custom command

Requirements

Layer 2 adjacency to target
Target: rtsold with ACCEPT_RTADV enabled
Attacker: root, Python 3, Scapy

References

Credits: Kevin Day

Name		Name	Last commit message	Last commit date
Latest commit History 9 Commits
LICENSE		LICENSE
README.md		README.md
exploit.py		exploit.py

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

CVE-2025-14558

Description

Usage

Requirements

References

About

Uh oh!

Releases

Packages

Uh oh!

Contributors 1

Languages

Folders and files

Latest commit

History

Repository files navigation

CVE-2025-14558

Description

Usage

Requirements

References

About

Resources

License

Uh oh!

Stars

Watchers

Forks

Releases

Packages 0

Uh oh!

Contributors 1

Languages

Packages