VDB
CVE-2025-9615
CVE-2025-9615
PUBLISHED
CVSS 3.299999952316284 LOW
A flaw was found in NetworkManager. The NetworkManager package allows access to files that may belong to other users. NetworkManager allows non-root users to configure the system's network. The daemon runs with root privileges and can access files owned by users different from the one who added the connection.
EPSS 0.00% · 0.2th percentile
Risk Scores
CVSS v3.0
3.299999952316284
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
EPSS Score
0.00%
0.2th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Red Hat | Red Hat Enterprise Linux 9 | 1:1.54.3-2.el9, 1:1.54.3-2.el9 |
| Red Hat | Red Hat OpenShift Container Platform 4 | |
| Red Hat | Red Hat Enterprise Linux 6 | |
| StrongSwan | strongSwan | |
| Red Hat | Red Hat Enterprise Linux 8 | |
| Red Hat | Red Hat Enterprise Linux 7 | |
| Red Hat | Red Hat Enterprise Linux 10 | 1:1.56.0-1.el10 |
Timeline
- Dec 15, 2025 CVE Published
- Dec 18, 2025 PoC Published
- Jan 13, 2026 PoC Published
- Jan 13, 2026 PoC Published
- Jan 26, 2026 PoC Published
- Jan 27, 2026 EPSS Score
- Jan 29, 2026 EPSS Score
- Feb 1, 2026 EPSS Score
- Feb 3, 2026 EPSS Score
- Feb 6, 2026 EPSS Score
- Feb 8, 2026 EPSS Score
- Feb 11, 2026 EPSS Score
References
- https://access.redhat.com/security/cve/CVE-2025-9615 vdb
- RHBZ#2391503 issue
- https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/issues/1809 url
- https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/merge_requests/2324 url
- https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/merge_requests/2327 url
- https://www.strongswan.org//blog/2025/12/12/strongswan-vulnerability-(cve-2025-9615).html advisory
- https://nvd.nist.gov/vuln/detail/CVE-2025-9615 advisory
- RHSA-2026:18142 vendor-advisory
- RHSA-2026:18597 vendor-advisory