Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    PFSense 2.8.1 vulnerable to CVE-2025-6965?

    Scheduled Pinned Locked Moved General pfSense Questions
    4 Posts 4 Posters 398 Views 4 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • U Offline
      UniqueUser
      last edited by

      Hola,

      I am running PFsense and home and can see my PFsense firewall is running sqlite3-3.46.1, which is vulnerable to CVE-2025-6965 according to Nessus. Is that of concern, what do you recommend I do to fix it or why does it not affect PFsense?

      Sorry for the noob question.

      E S 2 Replies Last reply Reply Quote 0
      • E Offline
        elvisimprsntr @UniqueUser
        last edited by elvisimprsntr

        @UniqueUser

        Run these commands to list what additional packages are using sqlite3.

        
pkg info | grep -i sqlite
php83-pdo_sqlite-8.3.19        The pdo_sqlite shared extension for php
php83-sqlite3-8.3.19           The sqlite3 shared extension for php
sqlite3-3.46.1,1               SQL database engine in a C library

pkg info -r sqlite3
sqlite3-3.46.1,1:
	php83-sqlite3-8.3.19
	php83-pdo_sqlite-8.3.19

        The only thing I saw on the roadmap was "Upgrade PHP to 8.4", but not sure if that addresses CVE-2025-6965

        https://redmine.pfsense.org/projects/pfsense/roadmap
        https://redmine.pfsense.org/issues/16471

        Looks like we may have to wait for an official patch/update from Netgate.

        1 Reply Last reply Reply Quote 0
        • S Offline
          SteveITS Rebel Alliance @UniqueUser
          last edited by

          @UniqueUser From a cursory look it sounds like it's a problem with a malicious query. Generally one would need to be on the pfSense router to connect to it? So unless pfSense has bad queries it seems like not an issue. Not that I'm an sqlite expert.

          Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
          When upgrading, allow 10-15 minutes to reboot, or more depending on packages, CPU, and/or disk speed.
          Upvote 👍 helpful posts!

          1 Reply Last reply Reply Quote 0
          • dennypageD Offline
            dennypage
            last edited by

            The version of sqlite in 25.11 is 3.50.2.

            That said, I would not view it as an exploitable issue for pfSense as it requires the ability to execute arbitrary queries in sqlite3. That generally requires modifying the code on the system.

            1 Reply Last reply Reply Quote 1
            • First post
              Last post
            Copyright 2026 Rubicon Communications LLC (Netgate). All rights reserved.