CVE-2025-2312

Summary

A flaw was found in cifs-utils. When trying to obtain Kerberos credentials, the cifs.upcall program from the cifs-utils package makes an upcall to the wrong namespace in containerized environments. This issue may lead to disclosing sensitive data from the host's Kerberos credentials cache.

Affected Software

VendorProductVersion RangeStatus
cifs-utilscifs-utils0 < 7.2affected

Weaknesses

  • CWE-488: CWE-488

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References