icon

We found results for “

CVE-2025-2312

Good to know:

icon

Date: March 25, 2025

A flaw was found in cifs-utils. When trying to obtain Kerberos credentials, the cifs.upcall program from the cifs-utils package makes an upcall to the wrong namespace in containerized environments. This issue may lead to disclosing sensitive data from the host's Kerberos credentials cache.

Severity Score

Severity Score

Weakness Type (CWE)

Exposure of Data Element to Wrong Session

CWE-488

Top Fix

icon

Upgrade Version

Upgrade to version https://git.samba.org/cifs-utils.git - cifs-utils-7.2

Learn More

CVSS v3.1

Base Score:
Attack Vector (AV): LOCAL
Attack Complexity (AC): HIGH
Privileges Required (PR): NONE
User Interaction (UI): NONE
Scope (S): CHANGED
Confidentiality (C): HIGH
Integrity (I): NONE
Availability (A): NONE

Do you need more information?

Contact Us