How to fix CVE-2025-27612?

Within 30 days: Identify affected systems and apply vendor patches as part of regular patch cycle. Review and tighten file/resource permissions.

Is Redhat affected by CVE-2025-27612?

Organizations using libcontainer should be aware of moderate risk from CVE-2025-27612, a incorrect default permissions vulnerability rated CVSS 5.9. Attackers could gain access beyond their authorized level. Organizations should apply vendor updates when available and monitor for exploitation.

CVE-2025-27612

MEDIUM

2025-03-21 [email protected]

Privilege Escalation Redhat Suse

5.9

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Attack Vector

Local

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

Low

Availability

Low

Lifecycle Timeline

Patch Released

Mar 31, 2026 - 21:13 nvd

Patch available

Analysis Generated

Mar 28, 2026 - 18:32 vuln.today

CVE Published

Mar 21, 2025 - 15:15 nvd

MEDIUM 5.9

DescriptionNVD

libcontainer is a library for container control. Prior to libcontainer 0.5.3, while creating a tenant container, the tenant builder accepts a list of capabilities to be added in the spec of tenant container. The logic here adds the given capabilities to all capabilities of main container if present in spec, otherwise simply set provided capabilities as capabilities of the tenant container. However, setting inherited caps in any case for tenant container can lead to elevation of capabilities, similar to CVE-2022-29162. This does not affect youki binary itself. This is only applicable if you are using libcontainer directly and using the tenant builder.

AnalysisAI

libcontainer is a library for container control. Rated medium severity (CVSS 5.9), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified as Incorrect Default Permissions (CWE-276), which allows attackers to access resources due to overly permissive default settings. libcontainer is a library for container control. Prior to libcontainer 0.5.3, while creating a tenant container, the tenant builder accepts a list of capabilities to be added in the spec of tenant container. The logic here adds the given capabilities to all capabilities of main container if present in spec, otherwise simply set provided capabilities as capabilities of the tenant container. However, setting inherited caps in any case for tenant container can lead to elevation of capabilities, similar to CVE-2022-29162. This does not affect youki binary itself. This is only applicable if you are using libcontainer directly and using the tenant builder.

Affected ProductsAI

See vendor advisory for affected versions.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Set restrictive default permissions, follow principle of least privilege, review defaults during deployment.

Vendor StatusVendor

CVE-2025-27612 vulnerability details – vuln.today

Back