High severity7.2OSV Advisory· Published Dec 24, 2025· Updated Apr 15, 2026

CVE-2025-2515

Description

A vulnerability was found in BlueChi, a multi-node systemd service controller used in RHIVOS. This flaw allows a user with root privileges on a managed node (qm) to create or override systemd service unit files that affect the host node. This issue can lead to privilege escalation, unauthorized service execution, and potential system compromise.

Affected products

Eclipse Bluechi/BluechiOSV
Range: v0.1.0, v0.10.0, v0.2.0, …

Patches

fe0d28301ce2

https://github.com/eclipse-bluechi/bluechivia osv

commit

Vulnerability mechanics

Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

access.redhat.com/security/cve/CVE-2025-2515nvd
bugzilla.redhat.com/show_bug.cginvd
github.com/eclipse-bluechi/bluechi/commit/fe0d28301ce2bd45f0b1d8a98a94efef799fbc73nvd
github.com/eclipse-bluechi/bluechi/issues/1069nvd
github.com/eclipse-bluechi/bluechi/pull/1073nvd

News mentions

No linked articles in our index yet.

cvss	0.468
epss	0.000
exploit	0.000
kev	0.000
patch	-0.070
ransomware	0.000