AZL-59273 CVE-2025-2312 affecting package cifs-utils for versions less than 6.14-3

🗓️ 25 Mar 2025 18:15:34Reported by GoogleType

osv

osv🔗 osv.dev

Flaw in cifs-utils upcall may disclose host Kerberos credentials in containers due to a wrong namespace.

Reporter	Title	Published	Views	Family All 291
Tenable Nessus	Amazon Linux 2023 : cifs-utils, cifs-utils-devel, cifs-utils-info (ALAS2023-2026-1597)	30 Apr 202600:00	–	nessus
Tenable Nessus	Azure Linux 3.0 Security Update: cifs-utils (CVE-2025-2312)	10 Apr 202500:00	–	nessus
Tenable Nessus	CBL Mariner 2.0 Security Update: cifs-utils (CVE-2025-2312)	9 Apr 202500:00	–	nessus
Tenable Nessus	Photon OS 5.0: Cifs PHSA-2025-5.0-0691	1 Dec 202500:00	–	nessus
Tenable Nessus	SUSE SLED15 / SLES15 / openSUSE 15 Security Update : kernel (SUSE-SU-2025:01614-1)	22 May 202500:00	–	nessus
Tenable Nessus	SUSE SLES15 Security Update : kernel (SUSE-SU-2025:01620-1)	22 May 202500:00	–	nessus
Tenable Nessus	SUSE SLES15 / openSUSE 15 Security Update : kernel (SUSE-SU-2025:01707-1)	27 May 202500:00	–	nessus
Tenable Nessus	SUSE SLES15 Security Update : kernel (SUSE-SU-2025:01919-1)	27 Jun 202500:00	–	nessus
Tenable Nessus	SUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2025:01951-1)	27 Jun 202500:00	–	nessus
Tenable Nessus	SUSE SLES15 / openSUSE 15 Security Update : kernel (SUSE-SU-2025:01964-1)	27 Jun 202500:00	–	nessus

Source	Link
nvd	www.nvd.nist.gov/vuln/detail/CVE-2025-2312

21 Apr 2026 04:37Current

7.3High risk

Vulners AI Score7.3

CVSS 3.15.9

EPSS0.00022

SSVC

cifs-utils kerberos credentials cache container environments upcall namespace security flaw credential disclosure