CVE-2025-2312 MEDIUM

CVE-2025-2312: cifs.upcall makes an upcall to the wrong namespace in containerized environments

Vendor Cifs-Utils
Product cifs-utils
Weakness CWE-488
Published March 25, 2025
Last update March 25, 2025

CVSS base score

5.9/10
Attack vector Local
Attack complexity High
Privileges required None
User interaction None
Confidentiality High
Integrity None

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N

What the vulnerability does

01Description

A flaw was found in cifs-utils. When trying to obtain Kerberos credentials, the cifs.upcall program from the cifs-utils package makes an upcall to the wrong namespace in containerized environments. This issue may lead to disclosing sensitive data from the host's Kerberos credentials cache.

Key dates

02Disclosure timeline

March 25, 2025 CVE published
March 25, 2025 Record updated