CVE-2025-9615
Privilege Escalation via File Access Flaw in NetworkManager
Publication date: 2026-01-26
Last updated on: 2026-01-26
Assigner: Red Hat, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| networkmanager | networkmanager | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-281 | The product does not preserve permissions or incorrectly preserves permissions when copying, restoring, or sharing objects, which can cause them to have less restrictive permissions than intended. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-9615 is a security flaw in the NetworkManager package on Linux systems. It allows non-root users who can configure network settings to access files owned by other users. This happens because the NetworkManager daemon runs with root privileges and can access files beyond those of the user who added the network connection. [1]
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, you should update the NetworkManager package to a version where this issue is fixed. Since the vulnerability allows non-root users with network configuration permissions to access files owned by other users due to the NetworkManager daemon running with root privileges, applying the vendor's security updates or patches is the recommended immediate step. [1]
How can this vulnerability impact me? :
This vulnerability can lead to unauthorized access to files owned by other users on the system, potentially exposing sensitive information. Although classified as low severity, it compromises user file privacy by allowing non-root users to read files they should not have access to. [1]