CVE-2025-9615

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2025-9615
A flaw was found in NetworkManager. The NetworkManager package allows access to files that may belong to other users. NetworkManager allows non-root users to configure the system's network. The daemon runs with root privileges and can access files owned by users different from the one who added the connection.

3.3 /10

CVSS v3 : LOW

V3 Legend

Vector : AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Exploitability : 1.8 / Impact : 1.4

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://access.redhat.com/errata/RHSA-2026:18142
https://access.redhat.com/errata/RHSA-2026:18597
https://access.redhat.com/security/cve/CVE-2025-9615
https://bugzilla.redhat.com/show_bug.cgi?id=2391503
https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/issues/1809
https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/merge_requests/2324
https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/merge_requests/2327
Configurations

No configuration.

History

19 May 2026, 15:16

Type Values Removed Values Added
References
  • () https://access.redhat.com/errata/RHSA-2026:18597 -

19 May 2026, 10:16

Type Values Removed Values Added
References
  • () https://access.redhat.com/errata/RHSA-2026:18142 -

15 Apr 2026, 00:35

Type Values Removed Values Added
Summary
  • (es) Se encontró una falla en NetworkManager. El paquete NetworkManager permite el acceso a archivos que pueden pertenecer a otros usuarios. NetworkManager permite a usuarios no-root configurar la red del sistema. El demonio se ejecuta con privilegios de root y puede acceder a archivos propiedad de usuarios diferentes de aquel que añadió la conexión.

26 Jan 2026, 20:16

Type Values Removed Values Added
New CVE
Information

Published : 2026-01-26 20:16

Updated : 2026-05-19 15:16

NVD link : CVE-2025-9615

Mitre link : CVE-2025-9615

CVE.ORG link : CVE-2025-9615

JSON object : View

Products Affected

No product.

CWE
CWE-281

Improper Preservation of Permissions