Home > Vulnerability Database > CVE-2025-2312

Mend.io Vulnerability Database

CVE-2025-2312

Good to know:

Date: March 25, 2025

A flaw was found in cifs-utils. When trying to obtain Kerberos credentials, the cifs.upcall program from the cifs-utils package makes an upcall to the wrong namespace in containerized environments. This issue may lead to disclosing sensitive data from the host's Kerberos credentials cache.

Severity Score

5.9

Related Resources (4)

Url: https://git.samba.org/?p=cifs-utils.git;a=commit;h=89b679228cc1be9739d54203d28289b03352c174

Url: https://web.git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/fs/smb?id=db363b0a1d9e6b9dc556296f1b1007aeb496a8cf

Url: https://nvd.nist.gov/vuln/detail/CVE-2025-2312

Url: https://www.mend.io/vulnerability-database/CVE-2025-2312

Severity Score

5.9

Weakness Type (CWE)

Exposure of Data Element to Wrong Session

CWE-488

Top Fix

Upgrade Version

Upgrade to version https://git.samba.org/cifs-utils.git - cifs-utils-7.2

Learn More

CVSS v3.1

Base Score:	5.9
Attack Vector (AV):	LOCAL
Attack Complexity (AC):	HIGH
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	CHANGED
Confidentiality (C):	HIGH
Integrity (I):	NONE
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2025-2312

Good to know:

Date: March 25, 2025

Severity Score

Related Resources (4)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?