Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
Router Advertisements Can Execute Shell Commands on Linux Systems
Exploitation likelihood: 40%
CVE-2025-14558
Summary
If your Linux system receives a malicious router advertisement, it may execute unintended shell commands. This can happen because the system doesn't check the contents of the advertisement before passing it to the resolvconf script. To protect your system, ensure you're running the latest version of the affected software and consider implementing additional security controls to filter or validate incoming router advertisements.
Original title
The rtsol(8) and rtsold(8) programs do not validate the domain search list options provided in router advertisement messages; the option body is passed to resolvconf(8) unmodified.
resolvconf(8) i...
Original description
The rtsol(8) and rtsold(8) programs do not validate the domain search list options provided in router advertisement messages; the option body is passed to resolvconf(8) unmodified.
resolvconf(8) is a shell script which does not validate its input. A lack of quoting meant that shell commands pass as input to resolvconf(8) may be executed.
resolvconf(8) is a shell script which does not validate its input. A lack of quoting meant that shell commands pass as input to resolvconf(8) may be executed.
Vulnerability type
CWE-20
Improper Input Validation
Published: 9 Mar 2026 · Updated: 13 Mar 2026 · First seen: 9 Mar 2026