Plataforma
freebsd
Corrigido em
p8
p9
CVE-2025-15547 describes a jail escape vulnerability affecting FreeBSD. This flaw allows a privileged user within a jail, if nullfs mounting is enabled, to bypass the jail's chroot restrictions and access the host filesystem. The vulnerability impacts FreeBSD versions less than or equal to p9, and a fix is available in FreeBSD p9.
The primary impact of CVE-2025-15547 is the potential for a complete compromise of the FreeBSD host system. An attacker, already possessing privileged access within a jail (e.g., root within the jail), can leverage the nullfs mount vulnerability to escape the jail's confines. This escape grants them access to the host's entire filesystem, enabling them to read sensitive data, install malware, modify system configurations, and potentially pivot to other systems on the network. The blast radius extends to any data or services residing on the host system, making this a high-severity concern. This vulnerability is particularly concerning in environments utilizing jails for isolation and security.
CVE-2025-15547 was publicly disclosed on 2026-03-09. The vulnerability's exploitability depends on the allow.mount.nullfs option being enabled within the jail. There are currently no known public exploits or active campaigns targeting this vulnerability, but the potential for exploitation exists given the ease of exploiting nullfs vulnerabilities. It is not listed on the CISA KEV catalog at the time of writing.
Systems utilizing FreeBSD jails for application isolation, particularly those with privileged users within the jails and the allow.mount.nullfs option enabled, are at significant risk. Shared hosting environments where multiple users share a FreeBSD host and utilize jails are also particularly vulnerable.
• freebsd / server:
# Check for allow.mount.nullfs enabled in jail configuration
cat /etc/jail.conf | grep allow.mount.nullfs• freebsd / server:
# Monitor system logs for nullfs mount attempts
journalctl -u jaild | grep nullfs• freebsd / server:
# Check for suspicious processes with access to the host filesystem
ps auxww | grep -i nullfsdisclosure
Status do Exploit
EPSS
0.01% (percentil 2%)
The primary mitigation for CVE-2025-15547 is upgrading to FreeBSD p9 or later, which contains the fix. If an immediate upgrade is not feasible, consider disabling the allow.mount.nullfs option within the jail configuration. This will prevent nullfs mounts, effectively eliminating the attack vector. Alternatively, restrict the user's privileges within the jail to prevent them from mounting filesystems. Monitor system logs for suspicious nullfs mount attempts. After upgrading, verify the fix by attempting a nullfs mount from within a jail and confirming that the operation is denied.
Atualize seu sistema FreeBSD para a última versão disponível. Especificamente, atualize para a versão 13.5-RELEASE-p9 ou posterior, ou para a versão 14.3-RELEASE-p8 ou posterior. Isso corrigirá a vulnerabilidade de escape de jail através de nullfs.
Análise de vulnerabilidades e alertas críticos diretamente no seu e-mail.
CVE-2025-15547 is a vulnerability in FreeBSD p9 that allows a privileged user within a jail to escape the jail's chroot and access the host filesystem by exploiting a nullfs mount limitation.
You are affected if you are running FreeBSD versions less than or equal to p9 and have the allow.mount.nullfs option enabled within your jails.
Upgrade to FreeBSD p9 or later. Alternatively, disable the allow.mount.nullfs option in your jail configuration or restrict user privileges within the jail.
There are currently no known public exploits or active campaigns targeting this vulnerability, but the potential for exploitation exists.
Refer to the official FreeBSD security advisories at https://security.freebsd.org/.
Envie seu arquivo de dependências e descubra na hora se esta e outras CVEs te atingem.