CVE-2025-12801 is a vulnerability discovered in the rpc.mountd daemon within the nfs-utils package on Red Hat Enterprise Linux 10. The issue arises from incorrect execution-assigned permissions during the NFSv3 mount process. Normally, the /etc/exports file governs which directories are exported over NFS and enforces access controls such as file permissions and squash options like root_squash or all_squash to restrict client privileges. However, this vulnerability allows an NFSv3 client to bypass these restrictions at mount time, granting access to any subdirectory or subtree within the exported directory regardless of the configured permissions or squash settings. This means that a client can escalate its privileges beyond what the server administrator intended, potentially accessing sensitive data that should have been restricted. The vulnerability requires network access (AV:N) and low attack complexity (AC:L), with the attacker needing some privileges (PR:L) but no user interaction (UI:N). The impact is primarily on confidentiality (C:H), with no direct impact on integrity or availability. The vulnerability is rated medium severity with a CVSS 3.1 score of 6.5. No known exploits are currently in the wild, but the flaw poses a significant risk to environments using NFSv3 exports on RHEL 10. The issue highlights a critical misconfiguration or coding error in the mount daemon that undermines the security model of NFS exports.

The primary impact of CVE-2025-12801 is unauthorized data disclosure. Attackers exploiting this vulnerability can access sensitive files and directories that should be restricted by export permissions and squash options. This can lead to leakage of confidential information, intellectual property, or personally identifiable information. Since the vulnerability does not affect integrity or availability, it does not allow modification or disruption of services directly. However, unauthorized access can facilitate further attacks such as data exfiltration or lateral movement within a network. Organizations relying on NFSv3 for file sharing, especially in multi-tenant or sensitive environments, face increased risk of data breaches. The vulnerability could undermine trust in NFS exports and complicate compliance with data protection regulations. Although no public exploits are known yet, the low complexity and network accessibility make it a credible threat once exploited. The scope is limited to systems running Red Hat Enterprise Linux 10 with vulnerable nfs-utils and configured NFSv3 exports.

To mitigate CVE-2025-12801, organizations should: 1) Apply vendor patches immediately once available to fix the rpc.mountd daemon vulnerability. 2) Temporarily disable NFSv3 exports or restrict NFS access to trusted clients only via firewall rules and network segmentation. 3) Review and tighten /etc/exports configurations, minimizing exported directories and avoiding broad subtree exports. 4) Consider upgrading to NFSv4 or later versions which have improved security features and are not affected by this issue. 5) Monitor NFS server logs for unusual mount requests or access patterns indicative of exploitation attempts. 6) Implement intrusion detection systems to alert on anomalous NFS traffic. 7) Educate system administrators on the risks of exporting directories with weak permissions or squash settings. 8) Conduct regular audits of NFS export permissions and client access rights. These steps go beyond generic advice by focusing on configuration hardening, network controls, and proactive monitoring specific to the nature of this vulnerability.