CVE-2025-15547 describes a jail escape vulnerability affecting FreeBSD. This flaw allows a privileged user within a jail, if nullfs mounting is enabled, to bypass the jail's chroot restrictions and access the host filesystem. The vulnerability impacts FreeBSD versions less than or equal to p9, and a fix is available in FreeBSD p9.
The primary impact of CVE-2025-15547 is the potential for a complete compromise of the FreeBSD host system. An attacker, already possessing privileged access within a jail (e.g., root within the jail), can leverage the nullfs mount vulnerability to escape the jail's confines. This escape grants them access to the host's entire filesystem, enabling them to read sensitive data, install malware, modify system configurations, and potentially pivot to other systems on the network. The blast radius extends to any data or services residing on the host system, making this a high-severity concern. This vulnerability is particularly concerning in environments utilizing jails for isolation and security.
CVE-2025-15547 was publicly disclosed on 2026-03-09. The vulnerability's exploitability depends on the allow.mount.nullfs option being enabled within the jail. There are currently no known public exploits or active campaigns targeting this vulnerability, but the potential for exploitation exists given the ease of exploiting nullfs vulnerabilities. It is not listed on the CISA KEV catalog at the time of writing.
Exploit Status
EPSS
0.01% (2% percentile)
The primary mitigation for CVE-2025-15547 is upgrading to FreeBSD p9 or later, which contains the fix. If an immediate upgrade is not feasible, consider disabling the allow.mount.nullfs option within the jail configuration. This will prevent nullfs mounts, effectively eliminating the attack vector. Alternatively, restrict the user's privileges within the jail to prevent them from mounting filesystems. Monitor system logs for suspicious nullfs mount attempts. After upgrading, verify the fix by attempting a nullfs mount from within a jail and confirming that the operation is denied.
Update your FreeBSD system to the latest available version. Specifically, update to version 13.5-RELEASE-p9 or later, or to version 14.3-RELEASE-p8 or later. This will correct the jail escape vulnerability via nullfs.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2025-15547 is a vulnerability in FreeBSD p9 that allows a privileged user within a jail to escape the jail's chroot and access the host filesystem by exploiting a nullfs mount limitation.
You are affected if you are running FreeBSD versions less than or equal to p9 and have the allow.mount.nullfs option enabled within your jails.
Upgrade to FreeBSD p9 or later. Alternatively, disable the allow.mount.nullfs option in your jail configuration or restrict user privileges within the jail.
There are currently no known public exploits or active campaigns targeting this vulnerability, but the potential for exploitation exists.
Refer to the official FreeBSD security advisories at https://security.freebsd.org/.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.