Security

Re: OPNsense 25.10.2 business edition released

Posted on by Scott Magee

OPNsense has released hotfix **25.10.2_3**, delivering targeted improvements to enhance stability and security across the platform.

This update includes:

– A fix for captive portal hard-timeout calculation
– Prevention of unnecessary background cleanups in firmware update hooks
– A security enhancement addressing a CSRF vulnerability in multiple API endpoints by enforcing POST-only requests (contributed by Oliver)

These timely updates reflect the OPNsense team’s continued commitment to reliability, performance, and proactive security.

Read the full update here:
https://forum.opnsense.org/index.php?topic=50819.msg262485#msg262485

Scott Magee

Managing Director of Cirrus IT Services (UK) Limited