NIXPKGS-2026-0520

GitHub issue published on

Permalink CVE-2025-12801

6.5 MEDIUM

CVSS version: 3.1
Attack vector (AV): NETWORK
Attack complexity (AC): LOW
Privileges required (PR): LOW
User interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality impact (C): HIGH
Integrity impact (I): NONE
Availability impact (A): NONE

updated 1 month, 3 weeks ago by @LeSuisse Activity log

Created suggestion 1 month, 3 weeks ago
@LeSuisse ignored package mkinitcpio-nfs-utils 1 month, 3 weeks ago
@LeSuisse accepted 1 month, 3 weeks ago
@LeSuisse published on GitHub 1 month, 3 weeks ago

Nfs-utils: rpc.mountd in the nfs-utils privilege escalation

A vulnerability was recently discovered in the rpc.mountd daemon in the nfs-utils package for Linux, that allows a NFSv3 client to escalate the privileges assigned to it in the /etc/exports file at mount time. In particular, it allows the client to access any subdirectory or subtree of an exported directory, regardless of the set file permissions, and regardless of any 'root_squash' or 'all_squash' attributes that would normally be expected to apply to that client.

References

https://access.redhat.com/security/cve/CVE-2025-12801 vdb-entryx_refsource_REDHAT
RHBZ#2413081 issue-trackingx_refsource_REDHAT

Affected products

rhcos

nfs-utils

nfs-utils-lib

Matching in nixpkgs

pkgs.nfs-utils

Linux user-space NFS utilities

nixos-unstable 2.8.5
- nixpkgs-unstable 2.8.5
- nixos-unstable-small 2.8.5
nixos-25.11 2.7.1
- nixos-25.11-small 2.7.1
- nixpkgs-25.11-darwin 2.7.1

Ignored packages (1)

pkgs.mkinitcpio-nfs-utils

ipconfig and nfsmount tools for root on NFS, ported from klibc

nixos-unstable 0.3
- nixpkgs-unstable 0.3
- nixos-unstable-small 0.3
nixos-25.11 0.3
- nixos-25.11-small 0.3
- nixpkgs-25.11-darwin 0.3

Package maintainers

@abbradar Nikolay Amiantov <ab@fmap.me>

RH issue: https://bugzilla.redhat.com/show_bug.cgi?id=2413081