CVE-2025-13698 | Deciso OPNsense diag_backup.php path traversal (ZDI-25-1022)

Inserito da Angelo Barbosa | Nov 26, 2025 | CVE

A vulnerability identified as critical has been detected in Deciso OPNsense. Affected by this issue is some unknown functionality of the file diag_backup.php. The manipulation leads to path traversal.

This vulnerability is uniquely identified as CVE-2025-13698. The attack is possible to be carried out remotely. No exploit exists.

You should upgrade the affected component.

CVE-2025-13698 | Deciso OPNsense diag_backup.php path traversal (ZDI-25-1022)

Post correlati

CVE-2024-51513 | Huawei HarmonyOS 5.0.0 VPN Module denial of service

CVE-2024-0105 | NVIDIA BlueField LTS23 insufficient privileges

CVE-2024-57423 | CloudClassroom-PHP Project 1.0 assessment exid cross site scripting

CVE-2025-20166 | Cisco Common Services Platform Collector Software 2.11/2.11.0.1/2.11.0.2/2.11.0.3/30.1.1-0 Interface cross site scripting (cisco-sa-cspc-xss-CDOJZyH)