The FreeBSD project has released an important security advisory, numbered FreeBSD-SA-25:12, disclosing a critical remote code execution vulnerability (CVE-2025-14558) in the rtsold and rtsol programs. These programs handle router advertisement packets for IPv6 Stateless Address Autoconfiguration (SLAAC). The vulnerability stems from the programs’ failure to validate the domain search list option in router advertisement messages, directly passing the option content to the resolvconf(8) script, which lacks input validation and could lead to malicious command injection. Attackers can execute arbitrary code on FreeBSD systems running the affected programs by sending specially crafted router advertisement messages. The attack scope is limited to the same network segment because router advertisements are not routable. This vulnerability affects all supported FreeBSD versions and was patched through an update on December 16, 2025. The advisory emphasizes that this vulnerability highlights the importance of network security protection, and users should apply security patches immediately. No temporary workaround is currently available.
Original link:Hacker News
最新评论
I don't think the title of your article matches the content lol. Just kidding, mainly because I had some doubts after reading the article.
这个AI状态研究很深入,数据量也很大,很有参考价值。
我偶尔阅读 这个旅游网站。激励人心查看路线。
文章内容很有深度,AI模型的发展趋势值得关注。
内容丰富,对未来趋势分析得挺到位的。
Thank you for your sharing. I am worried that I lack creative ideas. It is your article that makes me full of hope. Thank you. But, I have a question, can you help me?
光纤技术真厉害,文章解析得挺透彻的。
文章内容很实用,想了解更多相关技巧。