Medium severity4.4NVD Advisory· Published Oct 15, 2025· Updated Apr 15, 2026

CVE-2025-11568

Description

A data corruption vulnerability has been identified in the luksmeta utility when used with the LUKS1 disk encryption format. An attacker with the necessary permissions can exploit this flaw by writing a large amount of metadata to an encrypted device. The utility fails to correctly validate the available space, causing the metadata to overwrite and corrupt the user's encrypted data. This action leads to a permanent loss of the stored information. Devices using the LUKS formats other than LUKS1 are not affected by this issue.

Affected products

Latchset/Luksmetareferences

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

access.redhat.com/errata/RHSA-2025:23086nvd
access.redhat.com/security/cve/CVE-2025-11568nvd
bugzilla.redhat.com/show_bug.cginvd
github.com/latchset/luksmeta/pull/16nvd

News mentions

No linked articles in our index yet.

cvss	0.286
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000