6.5
CVE-2025-12801
- EPSS 0.46%
- Veröffentlicht 04.03.2026 15:25:53
- Zuletzt bearbeitet 30.06.2026 00:16:51
- Quelle secalert@redhat.com
- CVE-Watchlists
- Unerledigt
Nfs-utils: rpc.mountd in the nfs-utils privilege escalation
A vulnerability was recently discovered in the rpc.mountd daemon in the nfs-utils package for Linux, that allows a NFSv3 client to escalate the privileges assigned to it in the /etc/exports file at mount time. In particular, it allows the client to access any subdirectory or subtree of an exported directory, regardless of the set file permissions, and regardless of any 'root_squash' or 'all_squash' attributes that would normally be expected to apply to that client.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Redhat ≫ Openshift Container Platform Version4.0
Redhat ≫ Enterprise Linux Version6.0
Redhat ≫ Enterprise Linux Version7.0
Redhat ≫ Enterprise Linux Version8.0
Redhat ≫ Enterprise Linux Version9.0
Redhat ≫ Enterprise Linux Version10.0
VulnDex Vulnerability Enrichment
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.46% | 0.364 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| secalert@redhat.com | 6.5 | 2.8 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
|
CWE-279 Incorrect Execution-Assigned Permissions
While it is executing, the product sets the permissions of an object in a way that violates the intended permissions that have been specified by the user.
CWE-732 Incorrect Permission Assignment for Critical Resource
The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.
https://access.redhat.com/security/cve/CVE-2025-12801
https://bugzilla.redhat.com/show_bug.cgi?id=2413081
https://access.redhat.com/errata/RHSA-2026:3938
https://access.redhat.com/errata/RHSA-2026:3940
https://access.redhat.com/errata/RHSA-2026:3941
https://access.redhat.com/errata/RHSA-2026:3939
https://access.redhat.com/errata/RHSA-2026:3942
https://access.redhat.com/errata/RHSA-2026:5606
https://access.redhat.com/errata/RHSA-2026:5127
https://access.redhat.com/errata/RHSA-2026:5867
https://access.redhat.com/errata/RHSA-2026:5877
https://access.redhat.com/errata/RHSA-2026:5873