VDB

DEBIAN-CVE-2025-2312

DEBIAN-CVE-2025-2312 PUBLISHED CVSS 5.900000095367432 MEDIUM

A flaw was found in cifs-utils. When trying to obtain Kerberos credentials, the cifs.upcall program from the cifs-utils package makes an upcall to the wrong namespace in containerized environments. This issue may lead to disclosing sensitive data from the host's Kerberos credentials cache.

Risk Scores

CVSS 3.1
5.900000095367432
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N

Affected Products

VendorProductVersions
Debian:12cifs-utils7.4-1, *, 0
Debian:13cifs-utils0, 0
Debian:14cifs-utils0, 0

Timeline

  • Mar 25, 2025 CVE Published
  • Apr 28, 2026 CVE Updated
Open in Interactive Console →
$ Console Community · 100/wk Open console ›