CVE-2025-12801
Received Received - Intake
Privilege Escalation in nfs-utils rpc.mountd via NFSv3 Mount Access

Publication date: 2026-03-04

Last updated on: 2026-04-02

Assigner: Red Hat, Inc.

Description
A vulnerability was recently discovered in the rpc.mountd daemon in the nfs-utils package for Linux, that allows a NFSv3 client to escalate the privileges assigned to it in the /etc/exports file at mount time. In particular, it allows the client to access any subdirectory or subtree of an exported directory, regardless of the set file permissions, and regardless of any 'root_squash' or 'all_squash' attributes that would normally be expected to apply to that client.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-04
Last Modified
2026-04-02
Generated
2026-06-16
AI Q&A
2026-03-04
EPSS Evaluated
2026-06-15
NVD
CVE-2025-12801
EUVD
EUVD-2025-208274
Affected Vendors & Products
Showing 7 associated CPEs
Vendor Product Version / Range
redhat enterprise_linux 7.0
redhat enterprise_linux 6.0
redhat enterprise_linux 8.0
redhat openshift_container_platform 4.0
redhat enterprise_linux 9.0
redhat enterprise_linux 10.0
linux-nfs nfs-utils *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-732 The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.
CWE-279 While it is executing, the product sets the permissions of an object in a way that violates the intended permissions that have been specified by the user.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

[{'type': 'paragraph', 'content': 'CVE-2025-12801 is a vulnerability in the rpc.mountd daemon of the nfs-utils package on Linux systems.'}, {'type': 'paragraph', 'content': 'This flaw allows an NFSv3 client to escalate its privileges during the mount operation by bypassing the restrictions defined in the /etc/exports file.'}, {'type': 'paragraph', 'content': "Specifically, the client can gain unauthorized access to any subdirectory or subtree within an exported directory, ignoring the file permissions and security attributes such as 'root_squash' or 'all_squash' that are normally enforced to limit client privileges."}] [1]

Impact Analysis

[{'type': 'paragraph', 'content': 'This vulnerability allows an NFSv3 client to bypass normal access controls and gain unauthorized access to subdirectories or subtrees within exported directories.'}, {'type': 'paragraph', 'content': 'As a result, an attacker or malicious client could access sensitive files or data that should be restricted, potentially leading to data exposure.'}, {'type': 'paragraph', 'content': "The vulnerability ignores file permissions and security attributes like 'root_squash' or 'all_squash', which normally help protect against privilege escalation."}] [1]

Compliance Impact

I don't know

Detection Guidance

I don't know

Mitigation Strategies

I don't know

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-12801. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart