Plateforme
freebsd
Corrigé dans
p8
p9
CVE-2025-15547 describes a jail escape vulnerability affecting FreeBSD. This flaw allows a privileged user within a jail, if nullfs mounting is enabled, to bypass the jail's chroot restrictions and access the host filesystem. The vulnerability impacts FreeBSD versions less than or equal to p9, and a fix is available in FreeBSD p9.
The primary impact of CVE-2025-15547 is the potential for a complete compromise of the FreeBSD host system. An attacker, already possessing privileged access within a jail (e.g., root within the jail), can leverage the nullfs mount vulnerability to escape the jail's confines. This escape grants them access to the host's entire filesystem, enabling them to read sensitive data, install malware, modify system configurations, and potentially pivot to other systems on the network. The blast radius extends to any data or services residing on the host system, making this a high-severity concern. This vulnerability is particularly concerning in environments utilizing jails for isolation and security.
CVE-2025-15547 was publicly disclosed on 2026-03-09. The vulnerability's exploitability depends on the allow.mount.nullfs option being enabled within the jail. There are currently no known public exploits or active campaigns targeting this vulnerability, but the potential for exploitation exists given the ease of exploiting nullfs vulnerabilities. It is not listed on the CISA KEV catalog at the time of writing.
Systems utilizing FreeBSD jails for application isolation, particularly those with privileged users within the jails and the allow.mount.nullfs option enabled, are at significant risk. Shared hosting environments where multiple users share a FreeBSD host and utilize jails are also particularly vulnerable.
• freebsd / server:
# Check for allow.mount.nullfs enabled in jail configuration
cat /etc/jail.conf | grep allow.mount.nullfs• freebsd / server:
# Monitor system logs for nullfs mount attempts
journalctl -u jaild | grep nullfs• freebsd / server:
# Check for suspicious processes with access to the host filesystem
ps auxww | grep -i nullfsdisclosure
Statut de l'Exploit
EPSS
0.01% (percentile 2%)
The primary mitigation for CVE-2025-15547 is upgrading to FreeBSD p9 or later, which contains the fix. If an immediate upgrade is not feasible, consider disabling the allow.mount.nullfs option within the jail configuration. This will prevent nullfs mounts, effectively eliminating the attack vector. Alternatively, restrict the user's privileges within the jail to prevent them from mounting filesystems. Monitor system logs for suspicious nullfs mount attempts. After upgrading, verify the fix by attempting a nullfs mount from within a jail and confirming that the operation is denied.
Mettez à jour votre système FreeBSD vers la dernière version disponible. Plus précisément, mettez à jour vers la version 13.5-RELEASE-p9 ou ultérieure, ou vers la version 14.3-RELEASE-p8 ou ultérieure. Cela corrigera la vulnérabilité d'échappement de jail via nullfs.
Analyses de vulnérabilités et alertes critiques directement dans votre boîte mail.
CVE-2025-15547 is a vulnerability in FreeBSD p9 that allows a privileged user within a jail to escape the jail's chroot and access the host filesystem by exploiting a nullfs mount limitation.
You are affected if you are running FreeBSD versions less than or equal to p9 and have the allow.mount.nullfs option enabled within your jails.
Upgrade to FreeBSD p9 or later. Alternatively, disable the allow.mount.nullfs option in your jail configuration or restrict user privileges within the jail.
There are currently no known public exploits or active campaigns targeting this vulnerability, but the potential for exploitation exists.
Refer to the official FreeBSD security advisories at https://security.freebsd.org/.
Téléverse ton fichier de dépendances et découvre instantanément si cette CVE et d'autres te touchent.