CVE-2025-12801
MED 6.5A vulnerability was recently discovered in the rpc.mountd daemon in the nfs-utils package for Linux, that allows a NFSv3 client to escalate the
privileges assigned to it in the /etc/exports file at mount time. In particular, it allows the client to access any subdirectory or subtree of an exported directory, regardless of the set file permissions, and regardless of any 'root_squash' or 'all_squash' attributes that would normally be expected to apply to that client.
Affected Applications in Environment
14
Platform
v17,38,0,0
1 device
Platform
v17,17,0,0
1 device
Platform
v17,15,0,0
2 devices
Platform
v17,24,0,0
1 device
nfs-utils
v1:2.3.3-64.el8_10
1 device
nfs-utils
v1:2.5.4-38.el9_7.3
1 device
nfs-utils
v1:2.5.4-38.el9
23 devices
nfs-utils
v1:2.5.4-34.el9
1 device
nfs-utils
v1:2.3.3-64.0.1.el8_10
4 devices
nfs-utils
v1:2.3.3-68.el8_10
1 device
nfs-utils
v1:2.3.3-59.0.1.el8
1 device
nfs-utils
v1:2.3.3-59.el8
3 devices
nfs-utils
v1:2.5.4-34.0.1.el9
1 device
nfs-utils
v1:1.3.0-0.68.el7.2
1 device
Affected Devices
42
DPEXAN-5CD017CV
Windows
DPHSNG-34Y86X3
Windows
DPMATH-C11312G9
Windows
FL217-2-ADOTTER
Windows
MICHELLEUSUHP
Windows
atc.db.usu.edu
Linux
chela03
Linux
chela04
Linux
chela05
Linux
devjobsub.banner.usu.edu
Linux
dpapsb-161390.aggies.usu.edu
Linux
dpapsb-191594.mypc.usu.edu
Linux
el103-02.ece.usu.edu
Linux
el103-03.ece.usu.edu
Linux
el103-04.ece.usu.edu
Linux
el103-05.ece.usu.edu
Linux
el103-07.ece.usu.edu
Linux
el103-08.ece.usu.edu
Linux
el103-09.ece.usu.edu
Linux
el103-10.ece.usu.edu
Linux
el103-14.ece.usu.edu
Linux
el103-15.ece.usu.edu
Linux
el103-16.ece.usu.edu
Linux
el103-17.ece.usu.edu
Linux
el103-18.ece.usu.edu
Linux
el103-19.ece.usu.edu
Linux
el103-20.ece.usu.edu
Linux
el120-01.ece.usu.edu
Linux
el120-02.ece.usu.edu
Linux
el120-03.ece.usu.edu
Linux
el120-04.ece.usu.edu
Linux
el120-06.ece.usu.edu
Linux
el120-08.ece.usu.edu
Linux
el120-09.ece.usu.edu
Linux
el120-11.ece.usu.edu
Linux
el120-12.ece.usu.edu
Linux
eprocdev.banner.usu.edu
Linux
facreadytestrhel.pplant.usu.edu
Linux
guru.cluster
Linux
oms.db.usu.edu
Linux
paymentworksdev.banner.usu.edu
Linux
zldtst.db.usu.edu
Linux
References
12
- https://access.redhat.com/errata/RHSA-2026:3938
- https://access.redhat.com/errata/RHSA-2026:3939
- https://access.redhat.com/errata/RHSA-2026:3940
- https://access.redhat.com/errata/RHSA-2026:3941
- https://access.redhat.com/errata/RHSA-2026:3942
- https://access.redhat.com/errata/RHSA-2026:5127
- https://access.redhat.com/errata/RHSA-2026:5606
- https://access.redhat.com/errata/RHSA-2026:5867
- https://access.redhat.com/errata/RHSA-2026:5873
- https://access.redhat.com/errata/RHSA-2026:5877
- https://access.redhat.com/security/cve/CVE-2025-12801
- https://bugzilla.redhat.com/show_bug.cgi?id=2413081