CVE-2025-9615
3.3 LOWA flaw was found in NetworkManager
Published: 2026-01-26 · Last updated: 2026-05-19
Severity and scoring
- CVSS
- 3.3 LOW
- Vector
- CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
- CWE
- CWE-281
Description
A flaw was found in NetworkManager. The NetworkManager package allows access to files that may belong to other users. NetworkManager allows non-root users to configure the system's network. The daemon runs with root privileges and can access files owned by users different from the one who added the connection.
Source: NVD
References
- [NVD]https://nvd.nist.gov/vuln/detail/CVE-2025-9615
- [Other]https://access.redhat.com/errata/RHSA-2026:18142
- [Other]https://access.redhat.com/errata/RHSA-2026:18597
- [Other]https://access.redhat.com/security/cve/CVE-2025-9615
- [Other]https://bugzilla.redhat.com/show_bug.cgi?id=2391503
- [Other]https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/issues/1809
- [Other]https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/merge_requests/2324
- [Other]https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/merge_requests/2327
Related CVEs
Same CWE
- CVE-2024-47270 — Improper preservation of permissions vulnerability in Archiving Push functionality in Synology Surveillance Station before 9.2.2-11575 an... (2.7 LOW)
- CVE-2026-44832 — Snipe-IT is an IT asset/license management system (8.8 HIGH)
- CVE-2026-24194 — NVIDIA Display Driver for Linux contains a vulnerability in a kernel mode layer handler, where a user could cause improper permission han... (7.8 HIGH)
- CVE-2026-34744 — Mantis Bug Tracker (MantisBT) is an open source issue tracker
- CVE-2026-34600 — Joplin is an open source note-taking and to-do application that organises notes and lists into notebooks (5.7 MEDIUM)