CVE-2025-14558

CVSS v2.0

8.3

High

AV:A/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions FreeBSD (affected versions not specified)

Description A remote code execution issue exists in the IPv6 autoconfiguration handler in FreeBSD. The issue is present in the rtsold background process and the rtsol utility. An attacker can achieve remote code execution with root privileges by sending a specially crafted IPv6 router advertisement packet. Router Advertisement (RA) messages used to exploit this issue are not routed and should be dropped by routers. To successfully exploit this, an attacker must be able to send a crafted packet from a system within the same network segment as the vulnerable host.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

RCE

OS Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-78CWE-20

Related Identifiers

BDU:2026-00013

CVE-2025-14558

FREEBSD-SA-25_12

Affected Products

Freebsd

Resolvconf

Rtsold

CVE-2025-14558

Weakness Enumeration

Related Identifiers

Affected Products

References · 22