CVE-2025-9615 Red Hat CVE debrief

Who should care

System administrators managing multi-user Linux environments with NetworkManager enabled; security teams monitoring local privilege escalation vectors; organizations using Red Hat Enterprise Linux or distributions shipping NetworkManager

Technical summary

The NetworkManager daemon runs with root privileges to manage system network configurations. The vulnerability exists because the daemon does not properly validate file ownership boundaries when processing user-supplied connection configurations. A local user with privileges to add network connections can specify paths or configurations that cause the root-privileged daemon to access files owned by other users, resulting in information disclosure. The attack requires local access and valid user credentials, with no user interaction needed. The confidentiality impact is limited (LOW) per CVSS scoring, with no integrity or availability impact.

Defensive priority

low

Recommended defensive actions

• Apply Red Hat security advisories RHSA-2026:18142 and RHSA-2026:18597 when available for affected systems
• Review NetworkManager configurations for unauthorized connection definitions added by non-privileged users
• Monitor for unusual network configuration changes in multi-user environments
• Validate that NetworkManager packages are updated to versions containing merge requests !2324 and !2327
• Consider restricting NetworkManager configuration privileges to administrative accounts where feasible

Evidence notes

Vulnerability description sourced from NVD record with CVSS vector AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N. Vendor attribution to Red Hat supported by multiple errata references and Bugzilla entry. Technical details confirmed through upstream GitLab issue and merge requests. CWE-281 (Improper Preservation of Privileges) classified by Red Hat.

Official resources