CVE-2025-12801

A vulnerability was recently discovered in the rpc.mountd daemon in the nfs-utils package for Linux, that allows a NFSv3 client to escalate the privileges assigned to it in the /etc/exports file at mount time. In particular, it allows the client to access any subdirectory or subtree of an exported directory, regardless of the set file permissions, and regardless of any 'root_squash' or 'all_squash' attributes that would normally be expected to apply to that client.

CVSS v3 6.5 MEDIUM

6.5^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://access.redhat.com/errata/RHSA-2026:3938	Third Party Advisory
https://access.redhat.com/errata/RHSA-2026:3939	Third Party Advisory
https://access.redhat.com/errata/RHSA-2026:3940	Third Party Advisory
https://access.redhat.com/errata/RHSA-2026:3941	Third Party Advisory
https://access.redhat.com/errata/RHSA-2026:3942	Third Party Advisory
https://access.redhat.com/errata/RHSA-2026:5127
https://access.redhat.com/errata/RHSA-2026:5606
https://access.redhat.com/errata/RHSA-2026:5867
https://access.redhat.com/errata/RHSA-2026:5873
https://access.redhat.com/errata/RHSA-2026:5877
https://access.redhat.com/security/cve/CVE-2025-12801	Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2413081	Issue Tracking Third Party Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:redhat:openshift_container_platform:4.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux:6.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux:7.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux:8.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux:9.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux:10.0:::::::*

Configuration 2 (hide)

cpe:2.3:a:linux-nfs:nfs-utils:-:*:*:*:*:*:*:*

History

02 Apr 2026, 15:16

Type	Values Removed	Values Added
References		() https://access.redhat.com/errata/RHSA-2026:5873 -

01 Apr 2026, 11:15

Type	Values Removed	Values Added
References		() https://access.redhat.com/errata/RHSA-2026:5877 -

01 Apr 2026, 10:16

Type	Values Removed	Values Added
References		() https://access.redhat.com/errata/RHSA-2026:5867 -

25 Mar 2026, 05:16

Type	Values Removed	Values Added
References		() https://access.redhat.com/errata/RHSA-2026:5127 -

24 Mar 2026, 11:16

Type	Values Removed	Values Added
Summary		(es) Una vulnerabilidad fue descubierta recientemente en el demonio rpc.mountd del paquete nfs-utils para Linux, que permite a un cliente NFSv3 escalar los privilegios asignados a él en el archivo /etc/exports en el momento del montaje. En particular, permite al cliente acceder a cualquier subdirectorio o subárbol de un directorio exportado, independientemente de los permisos de archivo establecidos, e independientemente de cualquier atributo 'root_squash' o 'all_squash' que normalmente se esperaría que se aplicaran a ese cliente.
References		() https://access.redhat.com/errata/RHSA-2026:5606 -

09 Mar 2026, 17:40

Type	Values Removed	Values Added
CPE		cpe:2.3:a:linux-nfs:nfs-utils:-:::::::* cpe:2.3:o:redhat:enterprise_linux:10.0:::::::* cpe:2.3:a:redhat:openshift_container_platform:4.0:::::::* cpe:2.3:o:redhat:enterprise_linux:6.0:::::::* cpe:2.3:o:redhat:enterprise_linux:9.0:::::::* cpe:2.3:o:redhat:enterprise_linux:7.0:::::::* cpe:2.3:o:redhat:enterprise_linux:8.0:::::::*
CWE		CWE-732
First Time		Redhat enterprise Linux Redhat Linux-nfs nfs-utils Linux-nfs Redhat openshift Container Platform
References	~~() https://access.redhat.com/errata/RHSA-2026:3938 -~~	() https://access.redhat.com/errata/RHSA-2026:3938 - Third Party Advisory
References	~~() https://access.redhat.com/errata/RHSA-2026:3939 -~~	() https://access.redhat.com/errata/RHSA-2026:3939 - Third Party Advisory
References	~~() https://access.redhat.com/errata/RHSA-2026:3940 -~~	() https://access.redhat.com/errata/RHSA-2026:3940 - Third Party Advisory
References	~~() https://access.redhat.com/errata/RHSA-2026:3941 -~~	() https://access.redhat.com/errata/RHSA-2026:3941 - Third Party Advisory
References	~~() https://access.redhat.com/errata/RHSA-2026:3942 -~~	() https://access.redhat.com/errata/RHSA-2026:3942 - Third Party Advisory
References	~~() https://access.redhat.com/security/cve/CVE-2025-12801 -~~	() https://access.redhat.com/security/cve/CVE-2025-12801 - Third Party Advisory
References	~~() https://bugzilla.redhat.com/show_bug.cgi?id=2413081 -~~	() https://bugzilla.redhat.com/show_bug.cgi?id=2413081 - Issue Tracking, Third Party Advisory

06 Mar 2026, 15:16

Type	Values Removed	Values Added
References		() https://access.redhat.com/errata/RHSA-2026:3939 - () https://access.redhat.com/errata/RHSA-2026:3942 -

06 Mar 2026, 09:15

Type	Values Removed	Values Added
References		() https://access.redhat.com/errata/RHSA-2026:3941 -

06 Mar 2026, 04:15

Type	Values Removed	Values Added
References		() https://access.redhat.com/errata/RHSA-2026:3940 -

05 Mar 2026, 20:16

Type	Values Removed	Values Added
References		() https://access.redhat.com/errata/RHSA-2026:3938 -

04 Mar 2026, 16:16

Type	Values Removed	Values Added
New CVE

Information

Published : 2026-03-04 16:16

Updated : 2026-04-02 15:16

NVD link : CVE-2025-12801

Mitre link : CVE-2025-12801

CVE.ORG link : CVE-2025-12801

JSON object : View

Products Affected

redhat

enterprise_linux
openshift_container_platform

linux-nfs

nfs-utils

CWE

CWE-279

Incorrect Execution-Assigned Permissions

CWE-732

Incorrect Permission Assignment for Critical Resource

6.5 /10