CVE-2025-14946
Unknown Unknown - Not Provided
Argument Injection in libnbd via Malicious URI Enables Code Execution

Publication date: 2025-12-19

Last updated on: 2025-12-19

Assigner: Red Hat, Inc.

Description
A flaw was found in libnbd. A malicious actor could exploit this by convincing libnbd to open a specially crafted Uniform Resource Identifier (URI). This vulnerability arises because non-standard hostnames starting with '-o' are incorrectly interpreted as arguments to the Secure Shell (SSH) process, rather than as hostnames. This could lead to arbitrary code execution with the privileges of the user running libnbd.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-12-19
Last Modified
2025-12-19
Generated
2026-06-16
AI Q&A
2025-12-19
EPSS Evaluated
2026-06-15
NVD
CVE-2025-14946
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
redhat libnbd 3.1
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-88 The product constructs a string for a command to be executed by a separate component in another control sphere, but it does not properly delimit the intended arguments, options, or switches within that command string.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability in libnbd occurs because the library incorrectly interprets hostnames starting with '-o' in nbd+ssh:// URIs as arguments to the SSH process instead of as hostnames. A malicious actor can exploit this by crafting a URI with such a hostname, causing libnbd to execute arbitrary commands with the privileges of the user running libnbd. This happens due to inadequate sanitization of the hostname field, leading to arbitrary code execution. [1, 2]

Impact Analysis

If exploited, this vulnerability can lead to arbitrary code execution on your system with the privileges of the user running libnbd. This means an attacker could run malicious commands or code, potentially compromising your system's security and data integrity. [1, 2]

Detection Guidance

You can detect this vulnerability by checking the version of libnbd installed on your system. Versions 1.22 and later are affected. Use commands like `nbdinfo --version` or check the package version via your package manager (e.g., `rpm -q libnbd` or `dpkg -s libnbd`). Additionally, monitor for usage of nbd+ssh:// URIs with hostnames starting with '-o' in your logs or scripts, as these could indicate attempts to exploit the vulnerability. [1]

Mitigation Strategies

The immediate mitigation step is to upgrade libnbd to version 1.24.0 or later, which includes a fix for the hostname sanitization issue in nbd_connect_uri(3) and related tools. Until the upgrade is applied, avoid using nbd+ssh:// URIs with hostnames starting with '-o' and restrict untrusted users from providing URIs to libnbd. Also, monitor and restrict SSH command-line arguments that could be injected via this vulnerability. [1, 2]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-14946. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart