๐Ÿ” CVE Alert

CVE-2025-12801

MEDIUM 6.5

Nfs-utils: rpc.mountd in the nfs-utils privilege escalation

CVSS Score
6.5
EPSS Score
0.0%
EPSS Percentile
2th

A vulnerability was recently discovered in the rpc.mountd daemon in the nfs-utils package for Linux, that allows a NFSv3 client to escalate the privileges assigned to it in the /etc/exports file at mount time. In particular, it allows the client to access any subdirectory or subtree of an exported directory, regardless of the set file permissions, and regardless of any 'root_squash' or 'all_squash' attributes that would normally be expected to apply to that client.

CWE CWE-279
Vendor red hat
Product red hat enterprise linux 10
Published Mar 4, 2026
Last Updated Apr 2, 2026
Stay Ahead of the Next One

Get instant alerts for red hat red hat enterprise linux 10

Be the first to know when new medium vulnerabilities affecting red hat red hat enterprise linux 10 are published โ€” delivered to Slack, Telegram or Discord.

Get Free Alerts โ†’ Free ยท No credit card ยท 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None

Affected Versions

Red Hat / Red Hat Enterprise Linux 10
All versions affected
Red Hat / Red Hat Enterprise Linux 8
All versions affected
Red Hat / Red Hat Enterprise Linux 9
All versions affected
Red Hat / Red Hat Enterprise Linux 9
All versions affected
Red Hat / Red Hat Enterprise Linux 9.4 Extended Update Support
All versions affected
Red Hat / Red Hat Enterprise Linux 9.6 Extended Update Support
All versions affected
Red Hat / Red Hat OpenShift Container Platform 4.16
All versions affected
Red Hat / Red Hat OpenShift Container Platform 4.17
All versions affected
Red Hat / Red Hat OpenShift Container Platform 4.18
All versions affected
Red Hat / Red Hat OpenShift Container Platform 4.19
All versions affected
Red Hat / Red Hat Ceph Storage 8
All versions affected
Red Hat / Red Hat Enterprise Linux 6
All versions affected
Red Hat / Red Hat Enterprise Linux 6
All versions affected
Red Hat / Red Hat Enterprise Linux 7
All versions affected

References

NVD โ†— CVE.org โ†— EPSS Data โ†—
access.redhat.com: https://access.redhat.com/errata/RHSA-2026:3938 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:3939 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:3940 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:3941 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:3942 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:5127 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:5606 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:5867 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:5873 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:5877 access.redhat.com: https://access.redhat.com/security/cve/CVE-2025-12801 bugzilla.redhat.com: https://bugzilla.redhat.com/show_bug.cgi?id=2413081

Credits

Red Hat would like to thank Simon Hall for reporting this issue.