CVE-2025-9615

Summary

A flaw was found in NetworkManager. The NetworkManager package allows access to files that may belong to other users. NetworkManager allows non-root users to configure the system's network. The daemon runs with root privileges and can access files owned by users different from the one who added the connection.

Affected Software

VendorProductVersion RangeStatus
Red HatRed Hat Enterprise Linux 101:1.56.0-1.el10 < *unaffected
Red HatRed Hat Enterprise Linux 91:1.54.3-2.el9 < *unaffected
Red HatRed Hat Enterprise Linux 91:1.54.3-2.el9 < *unaffected

Weaknesses

  • CWE-281: Improper Preservation of Permissions

Workarounds

SELinux is shipped out of the box in targeted enforcing mode, which prevents processes from having unwanted permissions and mitigates this attack.

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References