PT-2025-8789 · Linux+6 · Linux Kernel+6

Syzbot

Published

2025-01-27

Updated

2026-04-20

CVE-2025-21706

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A vulnerability has been resolved in the Linux kernel related to the mptcp module, specifically in the mptcp pm nl fullmesh function. The issue allows the fullmesh flag to be set on 'implicit' endpoints, which is not allowed. This was discovered by syzbot, triggering a warning. The vulnerability is related to the in-kernel path-manager and the set flags hook.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

BDU:2025-11950

CVE-2025-21706

DLA-4102-1

OPENSUSE-SU-2025_1177-1

OPENSUSE-SU-2025_1178-1

OPENSUSE-SU-2025_1180-1

SUSE-SU-2025:01919-1

SUSE-SU-2025:01951-1

SUSE-SU-2025:01967-1

SUSE-SU-2025:1177-1

SUSE-SU-2025:1178-1

SUSE-SU-2025:1180-1

SUSE-SU-2025:20190-1

SUSE-SU-2025:20192-1

SUSE-SU-2025:20260-1

SUSE-SU-2025:20270-1

SUSE-SU-2025_01951-1

SUSE-SU-2025_01967-1

SUSE-SU-2025_1177-1

SUSE-SU-2025_1178-1

SUSE-SU-2025_1180-1

USN-7521-1

USN-7521-2

USN-7521-3

USN-7703-1

USN-7703-2

USN-7703-3

USN-7703-4

USN-7719-1

USN-7737-1

Affected Products

Astra Linux

Debian

Linuxmint

Linux Kernel

Red Os

Suse

Ubuntu

PT-2025-8789 · Linux+6 · Linux Kernel+6

CVE-2025-21706

Weakness Enumeration

Related Identifiers

Affected Products

References · 1550