CVE-2025-15547 Jail escape by a privileged user via nullfs

🗓️ 09 Mar 2026 11:46:51Reported by freebsdType

CVE-2025-15547: Privileged jail user can escape chroot via nullfs mounts when allow.mount.nullfs is on.

Reporter	Title	Published	Views	Family All 13
FreeBSD	FreeBSD -- Jail escape by a privileged user via nullfs	27 Jan 202600:00	–	freebsd
Circl	CVE-2025-15547	9 Mar 202612:22	–	circl
CNNVD	FreeBSD 安全漏洞	9 Mar 202600:00	–	cnnvd
CVE	CVE-2025-15547	9 Mar 202611:46	–	cve
EUVD	EUVD-2025-208407	9 Mar 202612:31	–	euvd
EUVD	EUVD-2025-208408	9 Mar 202612:31	–	euvd
FreeBSD Advisory	FreeBSD-SA-26:02.jail	27 Jan 202600:00	–	freebsd_advisory
Tenable Nessus	FreeBSD : FreeBSD -- Jail escape by a privileged user via nullfs (90071333-fbe5-11f0-a13f-bc241121aa0a)	30 Jan 202600:00	–	nessus
NVD	CVE-2025-15547	9 Mar 202612:16	–	nvd
Packet Storm News	FreeBSD Security Advisory - FreeBSD-SA-26:02.jail	27 Jan 202600:00	–	packetstormnews

[
  {
    "defaultStatus": "unknown",
    "modules": [
      "jail"
    ],
    "product": "FreeBSD",
    "vendor": "FreeBSD",
    "versions": [
      {
        "lessThan": "p8",
        "status": "affected",
        "version": "14.3-RELEASE",
        "versionType": "release"
      },
      {
        "lessThan": "p9",
        "status": "affected",
        "version": "13.5-RELEASE",
        "versionType": "release"
      }
    ]
  }
]

Source	Link
security	www.security.freebsd.org/advisories/FreeBSD-SA-26:02.jail.asc

09 Mar 2026 11:46Current

EPSS0.00024

CWE-269