PatchSiren

PatchSiren cyber security CVE debrief

CVE-2025-12801 Red Hat CVE debrief

A vulnerability was recently discovered in the rpc.mountd daemon in the nfs-utils package for Linux, that allows a NFSv3 client to escalate the privileges assigned to it in the /etc/exports file at mount time. In particular, it allows the client to access any subdirectory or subtree of an exported directory, regardless of the set file permissions, and regardless of any 'root_squash' or 'all_squash' attributes that would normally be expected to apply to that client. The vulnerability has a CVSS score of 6.5 and a severity of MEDIUM. The CVE record was published on 2026-03-04T16:16:23.900Z and last modified on 2026-06-25T04:17:38.983Z. Redhat's Openshift Container Platform and various versions of Redhat Enterprise Linux are affected.

Vendor
Red Hat
Product
Red Hat Enterprise Linux 10
CVSS
MEDIUM 6.5
CISA KEV
Not listed in stored evidence
Original CVE published
2026-03-04
Original CVE updated
2026-06-25
Advisory published
2026-03-04
Advisory updated
2026-06-25

Who should care

System administrators and security teams responsible for Linux systems, particularly those using Redhat's Openshift Container Platform and Enterprise Linux, should be aware of this vulnerability. They should assess their exposure and take necessary steps to mitigate the risk. This vulnerability could allow an attacker to gain elevated privileges and access sensitive data.

Technical summary

The vulnerability is caused by a flaw in the rpc.mountd daemon in the nfs-utils package for Linux. This daemon is responsible for handling NFSv3 client requests. The vulnerability allows a client to access any subdirectory or subtree of an exported directory, regardless of file permissions or 'root_squash' or 'all_squash' attributes. The CVSS vector for this vulnerability is CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N. The weakness associated with this vulnerability is CWE-732, and a secondary weakness is CWE-279.

Defensive priority

This vulnerability has a medium severity and a CVSS score of 6.5. It is recommended that affected systems be patched as soon as possible to prevent potential attacks.

Recommended defensive actions

  • Apply patches or updates provided by Redhat to address the vulnerability in the rpc.mountd daemon.
  • Review and update /etc/exports file to ensure proper permissions and access controls.
  • Monitor system logs for potential exploitation attempts.
  • Consider implementing compensating controls, such as network segmentation or access restrictions, to limit the impact of a potential attack.
  • Perform a thorough inventory check to identify affected systems and prioritize patching efforts.

Evidence notes

The CVE record and NVD detail provide information on the vulnerability, its impact, and affected systems. Redhat has provided several errata (RHSA-2026:3938, RHSA-2026:3939, RHSA-2026:3940, RHSA-2026:3941, RHSA-2026:3942, RHSA-2026:5127, RHSA-2026:5606) to address this vulnerability. The Bugzilla report (bugzilla.redhat.com/show_bug.cgi?id=2413081) provides additional details on the issue.

Official resources

This article is AI-assisted and based on the supplied source corpus.