CVE-2025-14558
Published: 09 March 2026
Summary
CVE-2025-14558 is a high-severity Improper Input Validation (CWE-20) vulnerability in Freebsd Freebsd. Its CVSS base score is 7.2 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 1.7% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly requires validation of untrusted inputs like DNSSL options in router advertisements before passing unmodified to vulnerable components such as resolvconf(8).
Enforces restrictions on information inputs at network boundaries to block invalid or malicious DNSSL options from being processed by rtsol(8) and rtsold(8).
Mandates identification, reporting, and correction of the command injection flaw via patches provided in FreeBSD-SA-25:12.rtsold.asc.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Command injection in network-facing rtsold/rtsol daemon enables remote exploitation for Unix shell command execution.
NVD Description
The rtsol(8) and rtsold(8) programs do not validate the domain search list options provided in router advertisement messages; the option body is passed to resolvconf(8) unmodified. resolvconf(8) is a shell script which does not validate its input. A lack of…
more
quoting meant that shell commands pass as input to resolvconf(8) may be executed.
Deeper analysisAI
CVE-2025-14558 is a command injection vulnerability affecting the rtsol(8) and rtsold(8) programs in FreeBSD. These utilities process router advertisement messages without validating the domain search list (DNSSL) options, passing the option body unmodified to resolvconf(8), a shell script that lacks input validation and proper quoting around user-supplied data. As a result, shell commands embedded in the input can be executed. The issue carries a CVSS v3.1 base score of 7.2 (AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H) and maps to CWE-20 (Improper Input Validation). It was published on 2026-03-09.
Exploitation requires an attacker with high privileges (PR:H) to send crafted router advertisement messages over the network (AV:N) with low complexity and no user interaction. Successful attacks trigger command execution via resolvconf(8), potentially granting high-impact access to confidentiality, integrity, and availability on the affected system.
The FreeBSD Security Advisory FreeBSD-SA-25:12.rtsold.asc provides details on the issue, including patches and mitigation guidance. A Metasploit module (MSF:EXPLOIT-FREEBSD-MISC-RTSOLD_DNSSL_CMDINJECT) is available, indicating public exploit code exists.
Details
- CWE(s)