{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/95283?format=json","vulnerability_id":"VCID-dgnh-q7rt-nkgz","summary":"By default, jailed processes cannot mount filesystems, including nullfs(4).  However, the allow.mount.nullfs option enables mounting nullfs filesystems, subject to privilege checks.\n\nIf a privileged user within a jail is able to nullfs-mount directories, a limitation of the kernel's path lookup logic allows that user to escape the jail's chroot, yielding access to the full filesystem of the host or parent jail.\n\nIn a jail configured to allow nullfs(4) mounts from within the jail, the jailed root user can escape the jail's filesystem root.","aliases":[{"alias":"CVE-2025-15547"}],"fixed_packages":[],"affected_packages":[],"references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-15547","reference_id":"","reference_type":"","scores":[{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.07261","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.07303","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.07295","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.07296","published_at":"2026-06-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-15547"},{"reference_url":"https://security.freebsd.org/advisories/FreeBSD-SA-26:02.jail.asc","reference_id":"FreeBSD-SA-26:02.jail.asc","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-10T18:59:30Z/"}],"url":"https://security.freebsd.org/advisories/FreeBSD-SA-26:02.jail.asc"}],"weaknesses":[{"cwe_id":269,"name":"Improper Privilege Management","description":"The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor."}],"exploits":[],"severity_range_score":"8.8 - 8.8","exploitability":null,"weighted_severity":null,"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dgnh-q7rt-nkgz"}