216.73.216.128

CVE-2025-12801

· Published 04/03/2026 16:16 · Modified 05/03/2026 20:16

Labels: CVE-2025-12801 2026-03-04CVE-2025-12801CWE-279[email protected]

Essential information

Published
04/03/2026 16:16
Modified
05/03/2026 20:16
Author
Creator
CVSS
6.5 MEDIUM (v3.1)
CISA KEV
No
CWE
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CVSS metrics

Description

A vulnerability was recently discovered in the rpc.mountd daemon in the nfs-utils package for Linux, that allows a NFSv3 client to escalate the privileges assigned to it in the /etc/exports file at mount time. In particular, it allows the client to access any subdirectory or subtree of an exported directory, regardless of the set file permissions, and regardless of any 'root_squash' or 'all_squash' attributes that would normally be expected to apply to that client.

NVD status

Status
Undergoing Analysis — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
red hat / nfs-utils cpe:2.3:a:red_hat:nfs-utils:*:*:*:*:*:*:*:*

References