CVE-2025-12801
Nfs-utils: rpc.mountd in the nfs-utils privilege escalation
A vulnerability was recently discovered in the rpc.mountd daemon in the nfs-utils package for Linux, that allows a NFSv3 client to escalate the
privileges assigned to it in the /etc/exports file at mount time. In particular, it allows the client to access any subdirectory or subtree of an exported directory, regardless of the set file permissions, and regardless of any 'root_squash' or 'all_squash' attributes that would normally be expected to apply to that client.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Productos afectados
Red Hat · Red Hat Ceph Storage 8Red Hat · Red Hat Enterprise Linux 10Red Hat · Red Hat Enterprise Linux 6Red Hat · Red Hat Enterprise Linux 7Red Hat · Red Hat Enterprise Linux 8Red Hat · Red Hat Enterprise Linux 9Red Hat · Red Hat Enterprise Linux 9.4 Extended Update SupportRed Hat · Red Hat Enterprise Linux 9.6 Extended Update SupportRed Hat · Red Hat OpenShift Container Platform 4.16Red Hat · Red Hat OpenShift Container Platform 4.17Red Hat · Red Hat OpenShift Container Platform 4.18Red Hat · Red Hat OpenShift Container Platform 4.19¿Quieres saber si tu infraestructura está expuesta a esto?
Hablar con TrueHacking →Referencias
https://access.redhat.com/errata/RHSA-2026:3938https://access.redhat.com/errata/RHSA-2026:3939https://access.redhat.com/errata/RHSA-2026:3940https://access.redhat.com/errata/RHSA-2026:3941https://access.redhat.com/errata/RHSA-2026:3942https://access.redhat.com/errata/RHSA-2026:5127https://access.redhat.com/errata/RHSA-2026:5606https://access.redhat.com/errata/RHSA-2026:5867https://access.redhat.com/errata/RHSA-2026:5873https://access.redhat.com/errata/RHSA-2026:5877https://access.redhat.com/security/cve/CVE-2025-12801https://bugzilla.redhat.com/show_bug.cgi?id=2413081