CVE-2025-9615
3.3
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Summary
A flaw was found in NetworkManager. The NetworkManager package allows access to files that may belong to other users. NetworkManager allows non-root users to configure the system's network. The daemon runs with root privileges and can access files owned by users different from the one who added the connection.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Red Hat | Red Hat Enterprise Linux 10 | 1:1.56.0-1.el10 < * | unaffected |
| Red Hat | Red Hat Enterprise Linux 9 | 1:1.54.3-2.el9 < * | unaffected |
| Red Hat | Red Hat Enterprise Linux 9 | 1:1.54.3-2.el9 < * | unaffected |
Weaknesses
- CWE-281: Improper Preservation of Permissions
Workarounds
SELinux is shipped out of the box in targeted enforcing mode, which prevents processes from having unwanted permissions and mitigates this attack.
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
References
- https://access.redhat.com/errata/RHSA-2026:18142
- https://access.redhat.com/errata/RHSA-2026:18597
- https://access.redhat.com/security/cve/CVE-2025-9615
- https://bugzilla.redhat.com/show_bug.cgi?id=2391503
- https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/issues/1809
- https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/merge_requests/2324
- https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/merge_requests/2327
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.