CVE-2025-15547 Freebsd — Exploit & Vulnerability Details HIGH

Parameter	Value
CVSS	8.8 (HIGH)
Type	CWE-269 (Improper Privilege Management)
Vendor	Freebsd
Public PoC	No

By default, jailed processes cannot mount filesystems, including nullfs(4). However, the allow.mount.nullfs option enables mounting nullfs filesystems, subject to privilege checks. If a privileged user within a jail is able to nullfs-mount directories, a limitation of the kernel's path lookup logic allows that user to escape the jail's chroot, yielding access to the full filesystem of the host or parent jail.

In a jail configured to allow nullfs(4) mounts from within the jail, the jailed root user can escape the jail's filesystem root.

Attack Parameters

Attack Vector

Local

Requires local access

Attack Complexity

Low

Easy to exploit

Privileges Required

Low

Basic privileges needed

User Interaction

None

No user interaction needed

Impact Assessment

Confidentiality

High

Complete data leak

Integrity

High

Complete data modification

Availability

High

Complete denial of service

CVSS Vector v3.1

Weakness Type (CWE)

CWE-269 Improper Privilege Management

Vulnerable Products 17

Configuration	From (including)	Up to (excluding)
Freebsd Freebsd cpe:2.3:o:freebsd:freebsd:13.5:-::::::	—	—
Freebsd Freebsd cpe:2.3:o:freebsd:freebsd:13.5:p1::::::	—	—
Freebsd Freebsd cpe:2.3:o:freebsd:freebsd:13.5:p2::::::	—	—
Freebsd Freebsd cpe:2.3:o:freebsd:freebsd:13.5:p3::::::	—	—
Freebsd Freebsd cpe:2.3:o:freebsd:freebsd:13.5:p4::::::	—	—
Freebsd Freebsd cpe:2.3:o:freebsd:freebsd:13.5:p5::::::	—	—
Freebsd Freebsd cpe:2.3:o:freebsd:freebsd:13.5:p6::::::	—	—
Freebsd Freebsd cpe:2.3:o:freebsd:freebsd:13.5:p7::::::	—	—
Freebsd Freebsd cpe:2.3:o:freebsd:freebsd:13.5:p8::::::	—	—
Freebsd Freebsd cpe:2.3:o:freebsd:freebsd:14.3:-::::::	—	—
Freebsd Freebsd cpe:2.3:o:freebsd:freebsd:14.3:p1::::::	—	—
Freebsd Freebsd cpe:2.3:o:freebsd:freebsd:14.3:p2::::::	—	—
Freebsd Freebsd cpe:2.3:o:freebsd:freebsd:14.3:p3::::::	—	—
Freebsd Freebsd cpe:2.3:o:freebsd:freebsd:14.3:p4::::::	—	—
Freebsd Freebsd cpe:2.3:o:freebsd:freebsd:14.3:p5::::::	—	—
Freebsd Freebsd cpe:2.3:o:freebsd:freebsd:14.3:p6::::::	—	—
Freebsd Freebsd cpe:2.3:o:freebsd:freebsd:14.3:p7::::::	—	—

References 1

https://security.freebsd.org/advisories/FreeBSD-SA-26:02.jail.asc

secteam@freebsd.org

Share Post Share Share Share

Related Vulnerabilities

CVE-2026-4748

Freebsd

None

CVE-2026-3038

Freebsd

7.5

CVE-2026-2261

Freebsd

7.5

CVE-2025-15576

Freebsd

7.5

CVE-2025-14769

Freebsd

7.5

Menu

CVE-2025-15547

Attack Parameters

Impact Assessment

CVSS Vector v3.1

Weakness Type (CWE)

Vulnerable Products 17

References 1

Related Vulnerabilities

CVE-2026-4748

CVE-2026-3038

CVE-2026-2261

CVE-2025-15576

CVE-2025-14769

CVE Details

Editor's Choice

Menu

CVE-2025-15547

Attack Parameters

Impact Assessment

CVSS Vector v3.1

Weakness Type (CWE)

Vulnerable Products 17

References 1

Related Vulnerabilities

CVE-2026-4748

CVE-2026-3038

CVE-2026-2261

CVE-2025-15576

CVE-2025-14769

CVE Details

Editor's Choice

Stay informed on cybersecurity