关键漏洞信息 CVE ID: CVE-2025-13698 CVSS Score: 4.5 (AV:A/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N) Affected Vendors: Deciso Affected Products: OPNsense Vulnerability Details: Description: This vulnerability allows network-adjacent attackers to create arbitrary files on affected installations of Deciso OPNsense. Authentication is required to exploit this vulnerability. Flaw: The specific flaw exists within the handling of backup configuration files due to lack of proper validation of a user-supplied path. Disclosures Timeline: 2025-10-29: Vulnerability reported to vendor 2025-11-25: Coordinated public release of advisory 2025-11-25: Advisory Updated Credit: Alex Williams from Peliera Technologies Additional Details: Deciso has issued an update. More details can be found at: GitHub Commit