CVE-2025-15547

Name of the Vulnerable Software and Affected Versions FreeBSD (affected versions not specified)

Description A flaw exists in FreeBSD where, by default, jailed processes are restricted from mounting filesystems, including nullfs(4). However, enabling the 'allow.mount.nullfs' option permits mounting nullfs filesystems, subject to privilege checks. A privileged user within a jail, capable of nullfs-mounting directories, can exploit a kernel path lookup logic issue to escape the jail's chroot, gaining access to the host or parent jail's filesystem. Specifically, a jailed root user in a jail configured to allow nullfs(4) mounts can escape the jail's filesystem root.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.