CVE-2025-12801

CVSS v3.1

6.5

Medium

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions nfs-utils (affected versions not specified)

Description A flaw exists in the rpc.mountd daemon within the nfs-utils package for Linux. This issue allows a Network File System version 3 (NFSv3) client to gain higher privileges than those defined in the /etc/exports file during the mount process. Specifically, a client can access any subdirectory or subtree of an exported directory, bypassing standard file permissions and expected security attributes like 'root squash' or 'all squash'.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

LPE

Incorrect Permission

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-732CWE-279

Related Identifiers

ALSA-2026:3938

ALSA-2026:3939

ALSA-2026:3940

CVE-2025-12801

ECHO-EB83-CD7F-0158

RHSA-2026:3938

RHSA-2026:3939

RHSA-2026:3940

RHSA-2026:3941

RHSA-2026:3942

SUSE-SU-2026:1356-1

Affected Products

Nfs-Utils

CVE-2025-12801

Weakness Enumeration

Related Identifiers

Affected Products

References · 40