CVE-2025-12801 Red Hat — Exploit & Vulnerability Details MEDIUM

Parameter	Value
CVSS	6.5 (MEDIUM)
Type	CWE-279, CWE-732 (Incorrect Permission Assignment)
Vendor	Red Hat
Public PoC	No

A vulnerability was recently discovered in the rpc.mountd daemon in the nfs-utils package for Linux, that allows a NFSv3 client to escalate the privileges assigned to it in the /etc/exports file at mount time. In particular, it allows the client to access any subdirectory or subtree of an exported directory, regardless of the set file permissions, and regardless of any 'root_squash' or 'all_squash' attributes that would normally be expected to apply to that client.

Attack Parameters

Attack Vector

Network

Can be exploited remotely

Attack Complexity

Low

Easy to exploit

Privileges Required

Low

Basic privileges needed

User Interaction

None

No user interaction needed

Impact Assessment

Confidentiality

High

Complete data leak

Integrity

None

No data modification

Availability

None

No disruption

CVSS Vector v3.1

Weakness Type (CWE)

CWE-279

CWE-732 Incorrect Permission Assignment

Vulnerable Products 7

Configuration	From (including)	Up to (excluding)
Redhat Openshift_Container_Platform cpe:2.3:a:redhat:openshift_container_platform:4.0:::::::*	—	—
Redhat Enterprise_Linux cpe:2.3:o:redhat:enterprise_linux:6.0:::::::*	—	—
Redhat Enterprise_Linux cpe:2.3:o:redhat:enterprise_linux:7.0:::::::*	—	—
Redhat Enterprise_Linux cpe:2.3:o:redhat:enterprise_linux:8.0:::::::*	—	—
Redhat Enterprise_Linux cpe:2.3:o:redhat:enterprise_linux:9.0:::::::*	—	—
Redhat Enterprise_Linux cpe:2.3:o:redhat:enterprise_linux:10.0:::::::*	—	—
Linux-Nfs Nfs-Utils cpe:2.3:a:linux-nfs:nfs-utils:-:::::::*	—	—