VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-4adr-w6a9-yube

Essentials
Severities (75)
References (29)
Severity details (6)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-4adr-w6a9-yube
Aliases	CVE-2025-2312
Summary	cifs-utils: kernel: cifs-utils: cifs.upcall makes an upcall to the wrong namespace in containerized environments
Status	Published
Exploitability	0.5
Weighted Severity	5.3
Risk	2.6
Affected and Fixed Packages	Package Details

Weaknesses (1)

CWE-488

Exposure of Data Element to Wrong Session

System	Score	Found at
cvssv3	5.9	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-2312.json
epss	0.00013	https://api.first.org/data/v1/epss?cve=CVE-2025-2312
epss	0.00013	https://api.first.org/data/v1/epss?cve=CVE-2025-2312
epss	0.00013	https://api.first.org/data/v1/epss?cve=CVE-2025-2312
epss	0.00017	https://api.first.org/data/v1/epss?cve=CVE-2025-2312
epss	0.00017	https://api.first.org/data/v1/epss?cve=CVE-2025-2312
epss	0.00017	https://api.first.org/data/v1/epss?cve=CVE-2025-2312
epss	0.00017	https://api.first.org/data/v1/epss?cve=CVE-2025-2312
epss	0.00017	https://api.first.org/data/v1/epss?cve=CVE-2025-2312
epss	0.00017	https://api.first.org/data/v1/epss?cve=CVE-2025-2312
epss	0.00017	https://api.first.org/data/v1/epss?cve=CVE-2025-2312
epss	0.00017	https://api.first.org/data/v1/epss?cve=CVE-2025-2312
epss	0.00017	https://api.first.org/data/v1/epss?cve=CVE-2025-2312
epss	0.00017	https://api.first.org/data/v1/epss?cve=CVE-2025-2312
epss	0.00017	https://api.first.org/data/v1/epss?cve=CVE-2025-2312
epss	0.00017	https://api.first.org/data/v1/epss?cve=CVE-2025-2312
epss	0.00017	https://api.first.org/data/v1/epss?cve=CVE-2025-2312
epss	0.00017	https://api.first.org/data/v1/epss?cve=CVE-2025-2312
epss	0.00017	https://api.first.org/data/v1/epss?cve=CVE-2025-2312
epss	0.00017	https://api.first.org/data/v1/epss?cve=CVE-2025-2312
epss	0.00017	https://api.first.org/data/v1/epss?cve=CVE-2025-2312
epss	0.00017	https://api.first.org/data/v1/epss?cve=CVE-2025-2312
epss	0.00017	https://api.first.org/data/v1/epss?cve=CVE-2025-2312
epss	0.00017	https://api.first.org/data/v1/epss?cve=CVE-2025-2312
epss	0.00017	https://api.first.org/data/v1/epss?cve=CVE-2025-2312
epss	0.00017	https://api.first.org/data/v1/epss?cve=CVE-2025-2312
epss	0.00017	https://api.first.org/data/v1/epss?cve=CVE-2025-2312
epss	0.00019	https://api.first.org/data/v1/epss?cve=CVE-2025-2312
epss	0.00019	https://api.first.org/data/v1/epss?cve=CVE-2025-2312
epss	0.00019	https://api.first.org/data/v1/epss?cve=CVE-2025-2312
epss	0.00019	https://api.first.org/data/v1/epss?cve=CVE-2025-2312
epss	0.00019	https://api.first.org/data/v1/epss?cve=CVE-2025-2312
epss	0.00019	https://api.first.org/data/v1/epss?cve=CVE-2025-2312
epss	0.00019	https://api.first.org/data/v1/epss?cve=CVE-2025-2312
epss	0.00019	https://api.first.org/data/v1/epss?cve=CVE-2025-2312
epss	0.00019	https://api.first.org/data/v1/epss?cve=CVE-2025-2312
epss	0.00019	https://api.first.org/data/v1/epss?cve=CVE-2025-2312
epss	0.00019	https://api.first.org/data/v1/epss?cve=CVE-2025-2312
epss	0.00019	https://api.first.org/data/v1/epss?cve=CVE-2025-2312
epss	0.00019	https://api.first.org/data/v1/epss?cve=CVE-2025-2312
epss	0.00019	https://api.first.org/data/v1/epss?cve=CVE-2025-2312
epss	0.00019	https://api.first.org/data/v1/epss?cve=CVE-2025-2312
epss	0.00019	https://api.first.org/data/v1/epss?cve=CVE-2025-2312
epss	0.00019	https://api.first.org/data/v1/epss?cve=CVE-2025-2312
epss	0.00019	https://api.first.org/data/v1/epss?cve=CVE-2025-2312
epss	0.00019	https://api.first.org/data/v1/epss?cve=CVE-2025-2312
epss	0.00019	https://api.first.org/data/v1/epss?cve=CVE-2025-2312
epss	0.00019	https://api.first.org/data/v1/epss?cve=CVE-2025-2312
epss	0.00019	https://api.first.org/data/v1/epss?cve=CVE-2025-2312
epss	0.00019	https://api.first.org/data/v1/epss?cve=CVE-2025-2312
epss	0.00019	https://api.first.org/data/v1/epss?cve=CVE-2025-2312
epss	0.00019	https://api.first.org/data/v1/epss?cve=CVE-2025-2312
epss	0.00019	https://api.first.org/data/v1/epss?cve=CVE-2025-2312
epss	0.00019	https://api.first.org/data/v1/epss?cve=CVE-2025-2312
epss	0.00019	https://api.first.org/data/v1/epss?cve=CVE-2025-2312
epss	0.00019	https://api.first.org/data/v1/epss?cve=CVE-2025-2312
epss	0.00019	https://api.first.org/data/v1/epss?cve=CVE-2025-2312
epss	0.00019	https://api.first.org/data/v1/epss?cve=CVE-2025-2312
epss	0.00019	https://api.first.org/data/v1/epss?cve=CVE-2025-2312
epss	0.00019	https://api.first.org/data/v1/epss?cve=CVE-2025-2312
epss	0.00019	https://api.first.org/data/v1/epss?cve=CVE-2025-2312
epss	0.00019	https://api.first.org/data/v1/epss?cve=CVE-2025-2312
epss	0.00019	https://api.first.org/data/v1/epss?cve=CVE-2025-2312
epss	0.00019	https://api.first.org/data/v1/epss?cve=CVE-2025-2312
epss	0.00019	https://api.first.org/data/v1/epss?cve=CVE-2025-2312
epss	0.00019	https://api.first.org/data/v1/epss?cve=CVE-2025-2312
epss	0.00019	https://api.first.org/data/v1/epss?cve=CVE-2025-2312
epss	0.00019	https://api.first.org/data/v1/epss?cve=CVE-2025-2312
epss	0.00019	https://api.first.org/data/v1/epss?cve=CVE-2025-2312
epss	0.00019	https://api.first.org/data/v1/epss?cve=CVE-2025-2312
cvssv3.1	6.5	https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1	5.9	https://git.samba.org/?p=cifs-utils.git;a=commit;h=89b679228cc1be9739d54203d28289b03352c174
ssvc	Track	https://git.samba.org/?p=cifs-utils.git;a=commit;h=89b679228cc1be9739d54203d28289b03352c174
cvssv3.1	5.9	https://web.git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/fs/smb?id=db363b0a1d9e6b9dc556296f1b1007aeb496a8cf
ssvc	Track	https://web.git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/fs/smb?id=db363b0a1d9e6b9dc556296f1b1007aeb496a8cf

Reference id	Reference type	URL
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-2312.json
		https://api.first.org/data/v1/epss?cve=CVE-2025-2312
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-2312
		https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
1106242		https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1106242
2352604		https://bugzilla.redhat.com/show_bug.cgi?id=2352604
CVE-2025-2312		https://nvd.nist.gov/vuln/detail/CVE-2025-2312
?p=cifs-utils.git;a=commit;h=89b679228cc1be9739d54203d28289b03352c174		https://git.samba.org/?p=cifs-utils.git;a=commit;h=89b679228cc1be9739d54203d28289b03352c174
smb?id=db363b0a1d9e6b9dc556296f1b1007aeb496a8cf		https://web.git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/fs/smb?id=db363b0a1d9e6b9dc556296f1b1007aeb496a8cf
USN-7384-1		https://usn.ubuntu.com/7384-1/
USN-7384-2		https://usn.ubuntu.com/7384-2/
USN-7448-1		https://usn.ubuntu.com/7448-1/
USN-7468-1		https://usn.ubuntu.com/7468-1/
USN-7536-1		https://usn.ubuntu.com/7536-1/
USN-7585-1		https://usn.ubuntu.com/7585-1/
USN-7585-2		https://usn.ubuntu.com/7585-2/
USN-7585-3		https://usn.ubuntu.com/7585-3/
USN-7585-4		https://usn.ubuntu.com/7585-4/
USN-7591-1		https://usn.ubuntu.com/7591-1/
USN-7591-2		https://usn.ubuntu.com/7591-2/
USN-7591-3		https://usn.ubuntu.com/7591-3/
USN-7591-4		https://usn.ubuntu.com/7591-4/
USN-7592-1		https://usn.ubuntu.com/7592-1/
USN-7593-1		https://usn.ubuntu.com/7593-1/
USN-7595-1		https://usn.ubuntu.com/7595-1/
USN-7595-2		https://usn.ubuntu.com/7595-2/
USN-7595-3		https://usn.ubuntu.com/7595-3/
USN-7595-4		https://usn.ubuntu.com/7595-4/
USN-7602-1		https://usn.ubuntu.com/7602-1/

No exploits are available.

Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-2312.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N Found at https://git.samba.org/?p=cifs-utils.git;a=commit;h=89b679228cc1be9739d54203d28289b03352c174

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-25T18:22:51Z/ Found at https://git.samba.org/?p=cifs-utils.git;a=commit;h=89b679228cc1be9739d54203d28289b03352c174

Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N Found at https://web.git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/fs/smb?id=db363b0a1d9e6b9dc556296f1b1007aeb496a8cf

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-25T18:22:51Z/ Found at https://web.git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/fs/smb?id=db363b0a1d9e6b9dc556296f1b1007aeb496a8cf

Exploit Prediction Scoring System (EPSS)

Percentile	0.01012
EPSS Score	0.00013
Published At	March 28, 2025, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2025-03-28T05:43:27.264973+00:00	RedHat Importer	Import	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-2312.json	36.0.0