How to fix CVE-2025-14558?

Within 24 hours: Identify and inventory all systems running rtsol(8)/rtsold(8) and assess exposure to untrusted networks. Within 7 days: Implement network segmentation to restrict router advertisement reception, disable IPv6 router solicitation where feasible, or configure static DNS settings to bypass dynamic updates. Within 30 days: Monitor vendor security advisories for patch availability and establish testing procedures for rapid deployment once patches are released.

Is Freebsd affected by CVE-2025-14558?

CVE-2025-14558 affects router advertisement message processing in FreeBSD/Unix systems, allowing attackers to inject malicious domain search configurations through network traffic.

CVE-2025-14558

HIGH

2026-03-09 [email protected]

7.2

CVSS 3.1

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

High

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

PoC Detected

Mar 17, 2026 - 15:55 vuln.today

Public exploit code

Analysis Generated

Mar 12, 2026 - 21:56 vuln.today

CVE Published

Mar 09, 2026 - 12:16 nvd

HIGH 7.2

Description

The rtsol(8) and rtsold(8) programs do not validate the domain search list options provided in router advertisement messages; the option body is passed to resolvconf(8) unmodified. resolvconf(8) is a shell script which does not validate its input. A lack of quoting meant that shell commands pass as input to resolvconf(8) may be executed.

Analysis

Technical Context

Classified as CWE-20 (Improper Input Validation). The rtsol(8) and rtsold(8) programs do not validate the domain search list options provided in router advertisement messages; the option body is passed to resolvconf(8) unmodified.

resolvconf(8) is a shell script which does not validate its input. A lack of quoting meant that shell commands pass as input to resolvconf(8) may be executed.

Affected Products

The rtsol(8) and rtsold(8) programs do not validate the domain search list options provided in router advertisement messages; the option body is passe

Remediation

Monitor vendor advisories for a patch. Restrict network access to the affected service where possible.

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +40.0

CVSS: +36

POC: +20

CVE-2025-14558 vulnerability details – vuln.today

Back

CVE-2025-14558

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Share

CVE-2025-14558

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Share

External POC / Exploit Code