What is the CVSS score of CVE-2025-14558?

CVE-2025-14558 has a CVSS 3.1 base score of 7.2 (High). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H. EPSS exploitation probability: 40.0%.

Which versions of Freebsd are affected by CVE-2025-14558?

CVE-2025-14558 affects router advertisement message processing in FreeBSD/Unix systems, allowing attackers to inject malicious domain search configurations through network traffic.

Is there a public PoC exploit available for CVE-2025-14558?

Yes, a public proof-of-concept exploit is available for CVE-2025-14558. Prioritise patching immediately. EPSS: 40.0%.

How to fix or mitigate CVE-2025-14558?

Within 24 hours: Identify and inventory all systems running rtsol(8)/rtsold(8) and assess exposure to untrusted networks. Within 7 days: Implement network segmentation to restrict router advertisement reception, disable IPv6 router solicitation where feasible, or configure static DNS settings to bypass dynamic updates. Within 30 days: Monitor vendor security advisories for patch availability and establish testing procedures for rapid deployment once patches are released.

Freebsd CVE-2025-14558

HIGH

Improper Input Validation (CWE-20)

2026-03-09 secteam@freebsd.org

Information Disclosure Freebsd

7.2

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

High

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

PoC Detected

Mar 17, 2026 - 15:55 vuln.today

Public exploit code

Analysis Generated

Mar 12, 2026 - 21:56 vuln.today

CVE Published

Mar 09, 2026 - 12:16 nvd

HIGH 7.2

DescriptionNVD

The rtsol(8) and rtsold(8) programs do not validate the domain search list options provided in router advertisement messages; the option body is passed to resolvconf(8) unmodified.

resolvconf(8) is a shell script which does not validate its input. A lack of quoting meant that shell commands pass as input to resolvconf(8) may be executed.

AnalysisAI

The rtsol(8) and rtsold(8) programs do not validate the domain search list options provided in router advertisement messages; the option body is passed to resolvconf(8) unmodified. resolvconf(8) is a shell script which does not validate its input. [CVSS 7.2 HIGH]

Technical ContextAI

Classified as CWE-20 (Improper Input Validation). The rtsol(8) and rtsold(8) programs do not validate the domain search list options provided in router advertisement messages; the option body is passed to resolvconf(8) unmodified.

resolvconf(8) is a shell script which does not validate its input. A lack of quoting meant that shell commands pass as input to resolvconf(8) may be executed.

RemediationAI

Monitor vendor advisories for a patch. Restrict network access to the affected service where possible.

CVE-2025-14558 vulnerability details – vuln.today

Back

Freebsd CVE-2025-14558

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

Technical ContextAI

RemediationAI

Share

External POC / Exploit Code