What is CVE-2025-12801?

CVE-2025-12801 is a medium-severity vulnerability in Red Hat Ceph Storage 8, classified under Incorrect Execution-Assigned Permissions. CVSS score: 6.5/10. Published 2026-03-04.

How severe is CVE-2025-12801?

Medium severity. CVSS v3 base score is 6.5 out of 10.

Vulnerability in Red Hat Ceph Storage 8

CVE-2025-12801

A vulnerability was recently discovered in the rpc.mountd daemon in the nfs-utils package for Linux, that allows a NFSv3 client to escalate the privileges assigned to it in the /etc/exports file at mount time. In particular, it allows the…

EPSS: 0.000 (5.2th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 6.5 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N.

Affected products

Red Hat Ceph Storage 8 — versions sha256:1160569002c25d3d349bbe41b57eeffade438853d3419edca01813227440f414
Red Hat Enterprise Linux 10 — versions 1:2.8.3-0.el10_1.3
Red Hat Enterprise Linux 6
Red Hat Enterprise Linux 7
Red Hat Enterprise Linux 8 — versions 1:2.3.3-68.el8_10
Red Hat Enterprise Linux 9 — versions 1:2.5.4-38.el9_7.3
Red Hat Enterprise Linux 9.4 Extended Update Support — versions 1:2.5.4-26.el9_4.3
Red Hat Enterprise Linux 9.6 Extended Update Support — versions 1:2.5.4-34.el9_6.3
Red Hat Openshift Container Platform 4.16 — versions 416.94.202603231244-0
Red Hat Openshift Container Platform 4.17 — versions 417.94.202603242359-0

Weakness classification (CWE)

CWE-279 — Incorrect Execution-Assigned Permissions

References

RHSA-2026:3938 (vendor-advisory, x_refsource_REDHAT)
RHSA-2026:3939 (vendor-advisory, x_refsource_REDHAT)
RHSA-2026:3940 (vendor-advisory, x_refsource_REDHAT)
RHSA-2026:3941 (vendor-advisory, x_refsource_REDHAT)
RHSA-2026:3942 (vendor-advisory, x_refsource_REDHAT)
RHSA-2026:5127 (vendor-advisory, x_refsource_REDHAT)
RHSA-2026:5606 (vendor-advisory, x_refsource_REDHAT)
RHSA-2026:5867 (vendor-advisory, x_refsource_REDHAT)
RHSA-2026:5873 (vendor-advisory, x_refsource_REDHAT)
RHSA-2026:5877 (vendor-advisory, x_refsource_REDHAT)

Frequently asked questions

What is CVE-2025-12801?: CVE-2025-12801 is a medium-severity vulnerability in Red Hat Ceph Storage 8, classified under Incorrect Execution-Assigned Permissions. CVSS score: 6.5/10. Published 2026-03-04.
How severe is CVE-2025-12801?: Medium severity. CVSS v3 base score is 6.5 out of 10.