CVE-2025-15576

🗓️ 09 Mar 2026 11:54:20Reported by freebsdType

cve🔗 web.nvd.nist.gov📰️ 1 Media mentions👁 12 Views

CVE-2025-15576 lets a jailed process escape a chroot via a directory descriptor below its jail root exchanged between jails.

Reporter	Title	Published	Views	Family All 14
FreeBSD	FreeBSD -- Jail chroot escape via fd exchange with a different jail	24 Feb 202600:00	–	freebsd
Circl	CVE-2025-15576	27 Feb 202616:51	–	circl
CNNVD	FreeBSD 安全漏洞	9 Mar 202600:00	–	cnnvd
Cvelist	CVE-2025-15576 Jail chroot escape via fd exchange with a different jail	9 Mar 202611:54	–	cvelist
EUVD	EUVD-2025-208409	9 Mar 202612:31	–	euvd
EUVD	EUVD-2025-208410	9 Mar 202612:31	–	euvd
FreeBSD Advisory	FreeBSD-SA-26:04.jail	24 Feb 202600:00	–	freebsd_advisory
Tenable Nessus	FreeBSD : FreeBSD -- Jail chroot escape via fd exchange with a different jail (a88f5b2d-11e9-11f1-8148-bc241121aa0a)	28 Feb 202600:00	–	nessus
NVD	CVE-2025-15576	9 Mar 202612:16	–	nvd
Packet Storm News	FreeBSD Security Advisory - FreeBSD-SA-26:04.jail	24 Feb 202600:00	–	packetstormnews

NVD

Node

freebsd freebsdMatch13.5-

freebsd freebsdMatch13.5p1

freebsd freebsdMatch13.5p2

freebsd freebsdMatch13.5p3

freebsd freebsdMatch13.5p4

freebsd freebsdMatch13.5p5

freebsd freebsdMatch13.5p6

freebsd freebsdMatch13.5p7

freebsd freebsdMatch13.5p8

freebsd freebsdMatch13.5p9

freebsd freebsdMatch14.3-

freebsd freebsdMatch14.3p1

freebsd freebsdMatch14.3p2

freebsd freebsdMatch14.3p3

freebsd freebsdMatch14.3p4

freebsd freebsdMatch14.3p5

freebsd freebsdMatch14.3p6

freebsd freebsdMatch14.3p7

freebsd freebsdMatch14.3p8

[
  {
    "defaultStatus": "unknown",
    "modules": [
      "jail"
    ],
    "product": "FreeBSD",
    "vendor": "FreeBSD",
    "versions": [
      {
        "lessThan": "p9",
        "status": "affected",
        "version": "14.3-RELEASE",
        "versionType": "release"
      },
      {
        "lessThan": "p10",
        "status": "affected",
        "version": "13.5-RELEASE",
        "versionType": "release"
      }
    ]
  }
]

Source	Link
security	www.security.freebsd.org/advisories/FreeBSD-SA-26:04.jail.asc

17 Mar 2026 15:54Current

7.5High risk

Vulners AI Score7.5

CVSS 3.17.5

EPSS0.00023

SSVC

jail escape chroot escape inter jail exchange unix domain socket directory descriptor shared directory nullfs mount sibling jails jail root