What is the CVSS score of CVE-2025-2312?

CVE-2025-2312 has a CVSS 3.1 base score of 5.9 (Medium). CVSS vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N. EPSS exploitation probability: 0.0%.

Which versions of Red Hat are affected by CVE-2025-2312?

Organizations using A flaw should be aware of moderate risk from CVE-2025-2312 rated CVSS 5.9. Exploitation could compromise the security of affected deployments.. A patch is available.

How to fix or mitigate CVE-2025-2312?

Within 30 days: Identify affected systems and apply vendor patches as part of regular patch cycle. Monitor vendor channels for patch availability.

Red Hat CVE-2025-2312

MEDIUM

Exposure of Data Element to Wrong Session (CWE-488)

2025-03-25 74b3a70d-cca6-4d34-9789-e83b222ae3be

Information Disclosure Red Hat Suse

5.9

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N

Attack Vector

Local

Attack Complexity

High

Privileges Required

None

User Interaction

None

Scope

Changed

Confidentiality

High

Integrity

None

Availability

None

Lifecycle Timeline

Patch released

Apr 05, 2026 - 08:30 nvd

Patch available

Analysis Generated

Mar 28, 2026 - 18:33 vuln.today

CVE Published

Mar 25, 2025 - 18:15 nvd

MEDIUM 5.9

DescriptionNVD

A flaw was found in cifs-utils. When trying to obtain Kerberos credentials, the cifs.upcall program from the cifs-utils package makes an upcall to the wrong namespace in containerized environments. This issue may lead to disclosing sensitive data from the host's Kerberos credentials cache.

AnalysisAI

A flaw was found in cifs-utils. Rated medium severity (CVSS 5.9), this vulnerability is no authentication required. No vendor patch available.

Technical ContextAI

This vulnerability is classified under CWE-488. A flaw was found in cifs-utils. When trying to obtain Kerberos credentials, the cifs.upcall program from the cifs-utils package makes an upcall to the wrong namespace in containerized environments. This issue may lead to disclosing sensitive data from the host's Kerberos credentials cache.

Affected ProductsAI

See vendor advisory for affected versions.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.