CVE-2025-2312

EPSS 0.02%
Veröffentlicht 25.03.2025 18:15:34
Zuletzt bearbeitet 15.04.2026 00:35:42
Quelle 74b3a70d-cca6-4d34-9789-e83b22
CVE-Watchlists
Login
Unerledigt
Login

cifs.upcall makes an upcall to the wrong namespace in containerized environments

A flaw was found in cifs-utils. When trying to obtain Kerberos credentials, the cifs.upcall program from the cifs-utils package makes an upcall to the wrong namespace in containerized environments. This issue may lead to disclosing sensitive data from the host's Kerberos credentials cache.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 5

CNA 1 VulnDex Vulnerability Enrichment 6

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

Herstellercifs-utils

≫

Produkt cifs-utils

Default Statusunaffected

Version 0

Version < 7.2

Status affected

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.02%	0.061

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
74b3a70d-cca6-4d34-9789-e83b222ae3be	5.9	1.4	4	CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N

CWE-488 Exposure of Data Element to Wrong Session

The product does not sufficiently enforce boundaries between the states of different sessions, causing data to be provided to, or used by, the wrong session.

https://git.samba.org/?p=cifs-utils.git;a=commit;h=89b679228cc1be9739d54203d28289b03352c174

https://web.git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/fs/smb?id=db363b0a1d9e6b9dc556296f1b1007aeb496a8cf

https://nvd.nist.gov/vuln/detail/CVE-2025-2312

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-2312

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-2312

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2025-2312