CVE-2025-12801
EUVD-2025-20827404.03.2026, 16:16
A vulnerability was recently discovered in the rpc.mountd daemon in the nfs-utils package for Linux, that allows a NFSv3 client to escalate the privileges assigned to it in the /etc/exports file at mount time. In particular, it allows the client to access any subdirectory or subtree of an exported directory, regardless of the set file permissions, and regardless of any 'root_squash' or 'all_squash' attributes that would normally be expected to apply to that client.Enginsight
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| redhat | openshift_container_platform | 4.0 |
| redhat | enterprise_linux | 6.0 |
| redhat | enterprise_linux | 7.0 |
| redhat | enterprise_linux | 8.0 |
| redhat | enterprise_linux | 9.0 |
| redhat | enterprise_linux | 10.0 |
| linux-nfs | nfs-utils | - |
𝑥
= Vulnerable software versions
openSUSE / SLES Releases
openSUSE Product | |||||||||
|---|---|---|---|---|---|---|---|---|---|
| libnfsidmap0 |
| ||||||||
| libnfsidmap1 |
| ||||||||
| nfs-client |
| ||||||||
| nfs-doc |
| ||||||||
| nfs-kernel-server |
| ||||||||
| nfsidmap-devel |
| ||||||||
| nfsidmap0-devel |
|
Red Hat Enterprise Linux Releases
Red Hat Product | |||||
|---|---|---|---|---|---|
| libnfsidmap |
| ||||
| libnfsidmap-devel |
| ||||
| nfs-utils |
| ||||
| nfs-utils-coreos |
| ||||
| nfsv4-client-utils |
|
Common Weakness Enumeration
- CWE-279 - Incorrect Execution-Assigned PermissionsWhile it is executing, the software sets the permissions of an object in a way that violates the intended permissions that have been specified by the user.
- CWE-732 - Incorrect Permission Assignment for Critical ResourceThe product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.
References