Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.
6.5

Linux NFSv3 Clients Can Access Sensitive Directories

CVE-2025-12801
Summary

A recent vulnerability in the Linux NFSv3 service allows remote clients to access sensitive directories on a server, even if permissions are set to prevent it. This could expose confidential data. To fix this, update your Linux system with the latest nfs-utils package.

What to do

No fix is available yet. Check with your software vendor for updates.

Affected software
VendorProductAffected versionsFix available
redhat openshift_container_platform 4.0
redhat enterprise_linux 6.0
redhat enterprise_linux 7.0
redhat enterprise_linux 8.0
redhat enterprise_linux 9.0
redhat enterprise_linux 10.0
linux-nfs nfs-utils All versions
Original title
A vulnerability was recently discovered in the rpc.mountd daemon in the nfs-utils package for Linux, that allows a NFSv3 client to escalate the privileges assigned to it in the /etc/exports file at...
Original description
A vulnerability was recently discovered in the rpc.mountd daemon in the nfs-utils package for Linux, that allows a NFSv3 client to escalate the
privileges assigned to it in the /etc/exports file at mount time. In particular, it allows the client to access any subdirectory or subtree of an exported directory, regardless of the set file permissions, and regardless of any 'root_squash' or 'all_squash' attributes that would normally be expected to apply to that client.
nvd CVSS3.1 6.5
Vulnerability type
CWE-279
CWE-732 Incorrect Permission Assignment for Critical Resource
Published: 4 Mar 2026 · Updated: 13 Mar 2026 · First seen: 6 Mar 2026