CVE-2025-12801
MediumCVSS 6.5Exploitation Probability (EPSS)
Low risk37th percentile - higher than 37% of all known CVEs
Summary
A vulnerability was discovered in the rpc.mountd daemon of the nfs-utils package for Linux, allowing an NFSv3 client to escalate privileges assigned in the /etc/exports file at mount time. This enables access to any subdirectory or subtree of an exported directory, regardless of file permissions and 'root_squash' or 'all_squash' attributes.
Risk Assessment
The organization is at risk of unauthorized access to sensitive data by an NFSv3 client that can bypass access restrictions and gain privileges to subdirectories of the exported filesystem, potentially leading to data leakage or integrity compromise.
Recommendation
Immediately update the nfs-utils package to the latest version containing the security fix. Until the update is applied, restrict access to NFSv3 services or implement additional firewall rules.
Original NVD description (English source)
A vulnerability was recently discovered in the rpc.mountd daemon in the nfs-utils package for Linux, that allows a NFSv3 client to escalate the privileges assigned to it in the /etc/exports file at mount time. In particular, it allows the client to access any subdirectory or subtree of an exported directory, regardless of the set file permissions, and regardless of any 'root_squash' or 'all_squash' attributes that would normally be expected to apply to that client.

