Search for vulnerabilities
Vulnerability details: VCID-xr97-qae9-rqfe
Vulnerability ID VCID-xr97-qae9-rqfe
Aliases CVE-2024-12747
Summary A flaw was found in rsync. This vulnerability arises from a race condition during rsync's handling of symbolic links. Rsync's default behavior when encountering symbolic links is to skip them. If an attacker replaced a regular file with a symbolic link at the right time, it was possible to bypass the default behavior and traverse symbolic links. Depending on the privileges of the rsync process, an attacker could leak sensitive information, potentially leading to privilege escalation.
Status Published
Exploitability 0.5
Weighted Severity 9.0
Risk 4.5
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
System Score Found at
cvssv3.1 5.6 https://access.redhat.com/errata/RHSA-2025:2600
ssvc Track https://access.redhat.com/errata/RHSA-2025:2600
cvssv3.1 5.6 https://access.redhat.com/errata/RHSA-2025:7050
ssvc Track https://access.redhat.com/errata/RHSA-2025:7050
cvssv3.1 5.6 https://access.redhat.com/errata/RHSA-2025:8385
ssvc Track https://access.redhat.com/errata/RHSA-2025:8385
cvssv3 5.6 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-12747.json
cvssv3.1 5.6 https://access.redhat.com/security/cve/CVE-2024-12747
ssvc Track https://access.redhat.com/security/cve/CVE-2024-12747
epss 0.00013 https://api.first.org/data/v1/epss?cve=CVE-2024-12747
epss 0.00013 https://api.first.org/data/v1/epss?cve=CVE-2024-12747
epss 0.00013 https://api.first.org/data/v1/epss?cve=CVE-2024-12747
epss 0.00013 https://api.first.org/data/v1/epss?cve=CVE-2024-12747
epss 0.00013 https://api.first.org/data/v1/epss?cve=CVE-2024-12747
epss 0.00013 https://api.first.org/data/v1/epss?cve=CVE-2024-12747
epss 0.00013 https://api.first.org/data/v1/epss?cve=CVE-2024-12747
epss 0.00013 https://api.first.org/data/v1/epss?cve=CVE-2024-12747
epss 0.00013 https://api.first.org/data/v1/epss?cve=CVE-2024-12747
epss 0.00013 https://api.first.org/data/v1/epss?cve=CVE-2024-12747
epss 0.00013 https://api.first.org/data/v1/epss?cve=CVE-2024-12747
epss 0.00013 https://api.first.org/data/v1/epss?cve=CVE-2024-12747
epss 0.00013 https://api.first.org/data/v1/epss?cve=CVE-2024-12747
epss 0.00013 https://api.first.org/data/v1/epss?cve=CVE-2024-12747
epss 0.00013 https://api.first.org/data/v1/epss?cve=CVE-2024-12747
epss 0.00013 https://api.first.org/data/v1/epss?cve=CVE-2024-12747
epss 0.00013 https://api.first.org/data/v1/epss?cve=CVE-2024-12747
cvssv3.1 5.6 https://bugzilla.redhat.com/show_bug.cgi?id=2332968
ssvc Track https://bugzilla.redhat.com/show_bug.cgi?id=2332968
cvssv3.1 6.3 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1 5.6 https://kb.cert.org/vuls/id/952657
ssvc Track https://kb.cert.org/vuls/id/952657
archlinux Critical https://security.archlinux.org/AVG-2858
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-12747.json
https://api.first.org/data/v1/epss?cve=CVE-2024-12747
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-12747
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
952657 https://kb.cert.org/vuls/id/952657
ASA-202501-1 https://security.archlinux.org/ASA-202501-1
AVG-2858 https://security.archlinux.org/AVG-2858
cpe:/a:redhat:discovery:1.14::el9 https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:discovery:1.14::el9
cpe:/a:redhat:enterprise_linux:9::appstream https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:9::appstream
cpe:/a:redhat:openshift:4 https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4
cpe:/o:redhat:enterprise_linux:10 https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10
cpe:/o:redhat:enterprise_linux:6 https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6
cpe:/o:redhat:enterprise_linux:7 https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7
cpe:/o:redhat:enterprise_linux:8::baseos https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8::baseos
cpe:/o:redhat:enterprise_linux:9::baseos https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9::baseos
CVE-2024-12747 https://access.redhat.com/security/cve/CVE-2024-12747
CVE-2024-12747 https://nvd.nist.gov/vuln/detail/CVE-2024-12747
RHSA-2025:2600 https://access.redhat.com/errata/RHSA-2025:2600
RHSA-2025:7050 https://access.redhat.com/errata/RHSA-2025:7050
RHSA-2025:8385 https://access.redhat.com/errata/RHSA-2025:8385
show_bug.cgi?id=2332968 https://bugzilla.redhat.com/show_bug.cgi?id=2332968
USN-7206-1 https://usn.ubuntu.com/7206-1/
USN-7206-3 https://usn.ubuntu.com/7206-3/
No exploits are available.
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N Found at https://access.redhat.com/errata/RHSA-2025:2600
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-14T18:38:10Z/ Found at https://access.redhat.com/errata/RHSA-2025:2600
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N Found at https://access.redhat.com/errata/RHSA-2025:7050
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-14T18:38:10Z/ Found at https://access.redhat.com/errata/RHSA-2025:7050
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N Found at https://access.redhat.com/errata/RHSA-2025:8385
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-14T18:38:10Z/ Found at https://access.redhat.com/errata/RHSA-2025:8385
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-12747.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N Found at https://access.redhat.com/security/cve/CVE-2024-12747
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-14T18:38:10Z/ Found at https://access.redhat.com/security/cve/CVE-2024-12747
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N Found at https://bugzilla.redhat.com/show_bug.cgi?id=2332968
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-14T18:38:10Z/ Found at https://bugzilla.redhat.com/show_bug.cgi?id=2332968
Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N Found at https://kb.cert.org/vuls/id/952657
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-14T18:38:10Z/ Found at https://kb.cert.org/vuls/id/952657
Exploit Prediction Scoring System (EPSS)
Percentile 0.01306
EPSS Score 0.00013
Published At July 30, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2025-07-31T08:31:23.337595+00:00 Alpine Linux Importer Import https://secdb.alpinelinux.org/v3.18/main.json 37.0.0