CVE-2025-13698

Name of the Vulnerable Software and Affected Versions Deciso OPNsense (affected versions not specified)

Description A flaw exists in Deciso OPNsense related to the handling of backup configuration files, specifically within the diag backup.php script. This allows network-adjacent attackers with authentication to create arbitrary files on affected systems. The issue stems from insufficient validation of user-supplied paths before they are used in file operations, enabling an attacker to create files with root privileges.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.