CVE-2025-12801

EUVD-2025-208274

04.03.2026, 16:16

A vulnerability was recently discovered in the rpc.mountd daemon in the nfs-utils package for Linux, that allows a NFSv3 client to escalate the
privileges assigned to it in the /etc/exports file at mount time. In particular, it allows the client to access any subdirectory or subtree of an exported directory, regardless of the set file permissions, and regardless of any 'root_squash' or 'all_squash' attributes that would normally be expected to apply to that client.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	6.5 MEDIUM	NETWORK	LOW	LOW	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Base Score

CVSS 3.x

EPSS Score

Percentile: Unknown

Affected Products (NVD)

Vendor	Product	Version
redhat	openshift_container_platform	4.0
redhat	enterprise_linux	6.0
redhat	enterprise_linux	7.0
redhat	enterprise_linux	8.0
redhat	enterprise_linux	9.0
redhat	enterprise_linux	10.0
linux-nfs	nfs-utils	-

𝑥

= Vulnerable software versions

Common Weakness Enumeration

References

https://access.redhat.com/errata/RHSA-2026:3938

https://access.redhat.com/errata/RHSA-2026:3939

https://access.redhat.com/errata/RHSA-2026:3940

https://access.redhat.com/errata/RHSA-2026:3941

https://access.redhat.com/errata/RHSA-2026:3942

https://access.redhat.com/errata/RHSA-2026:5127

https://access.redhat.com/errata/RHSA-2026:5606

https://access.redhat.com/errata/RHSA-2026:5867

https://access.redhat.com/errata/RHSA-2026:5873

https://access.redhat.com/errata/RHSA-2026:5877

https://access.redhat.com/security/cve/CVE-2025-12801

https://bugzilla.redhat.com/show_bug.cgi?id=2413081