Medium severity6.5NVD Advisory· Published Mar 4, 2026· Updated Apr 2, 2026
CVE-2025-12801
CVE-2025-12801
Description
A vulnerability was recently discovered in the rpc.mountd daemon in the nfs-utils package for Linux, that allows a NFSv3 client to escalate the privileges assigned to it in the /etc/exports file at mount time. In particular, it allows the client to access any subdirectory or subtree of an exported directory, regardless of the set file permissions, and regardless of any 'root_squash' or 'all_squash' attributes that would normally be expected to apply to that client.
Affected products
7- cpe:2.3:a:redhat:openshift_container_platform:4.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:10.0:*:*:*:*:*:*:*+ 4 more
- cpe:2.3:o:redhat:enterprise_linux:10.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
12- access.redhat.com/errata/RHSA-2026:3938nvdThird Party Advisory
- access.redhat.com/errata/RHSA-2026:3939nvdThird Party Advisory
- access.redhat.com/errata/RHSA-2026:3940nvdThird Party Advisory
- access.redhat.com/errata/RHSA-2026:3941nvdThird Party Advisory
- access.redhat.com/errata/RHSA-2026:3942nvdThird Party Advisory
- access.redhat.com/security/cve/CVE-2025-12801nvdThird Party Advisory
- bugzilla.redhat.com/show_bug.cginvdIssue TrackingThird Party Advisory
- access.redhat.com/errata/RHSA-2026:5127nvd
- access.redhat.com/errata/RHSA-2026:5606nvd
- access.redhat.com/errata/RHSA-2026:5867nvd
- access.redhat.com/errata/RHSA-2026:5873nvd
- access.redhat.com/errata/RHSA-2026:5877nvd
News mentions
0No linked articles in our index yet.