CVE-2025-12801

moderate-risk

Published 2026-03-04

A vulnerability was recently discovered in the rpc.mountd daemon in the nfs-utils package for Linux, that allows a NFSv3 client to escalate the privileges assigned to it in the /etc/exports file at mount time. In particular, it allows the client to access any subdirectory or subtree of an exported directory, regardless of the set file permissions, and regardless of any 'root_squash' or 'all_squash' attributes that would normally be expected to apply to that client.

Do I need to act?

0.01% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 6.5/10 Medium

NETWORK / LOW complexity

Affected Products (7)

Openshift Container Platform

Enterprise Linux

Nfs-Utils

Affected Vendors

Redhat Linux-Nfs

References (12)

Third Party Advisory https://access.redhat.com/errata/RHSA-2026:3938

Third Party Advisory https://access.redhat.com/errata/RHSA-2026:3939

Third Party Advisory https://access.redhat.com/errata/RHSA-2026:3940

Third Party Advisory https://access.redhat.com/errata/RHSA-2026:3941

Third Party Advisory https://access.redhat.com/errata/RHSA-2026:3942

https://access.redhat.com/errata/RHSA-2026:5127

https://access.redhat.com/errata/RHSA-2026:5606

https://access.redhat.com/errata/RHSA-2026:5867

https://access.redhat.com/errata/RHSA-2026:5873

https://access.redhat.com/errata/RHSA-2026:5877

Third Party Advisory https://access.redhat.com/security/cve/CVE-2025-12801

Issue Tracking https://bugzilla.redhat.com/show_bug.cgi?id=2413081

/ 100

moderate-risk

Severity 24/34 · High

Exploitability 0/34 · Minimal

Exposure 14/34 · Moderate