{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-30T08:47:01.869","vulnerabilities":[{"cve":{"id":"CVE-2025-15547","sourceIdentifier":"secteam@freebsd.org","published":"2026-03-09T12:16:11.403","lastModified":"2026-03-17T15:55:08.573","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"By default, jailed processes cannot mount filesystems, including nullfs(4).  However, the allow.mount.nullfs option enables mounting nullfs filesystems, subject to privilege checks.\n\nIf a privileged user within a jail is able to nullfs-mount directories, a limitation of the kernel's path lookup logic allows that user to escape the jail's chroot, yielding access to the full filesystem of the host or parent jail.\n\nIn a jail configured to allow nullfs(4) mounts from within the jail, the jailed root user can escape the jail's filesystem root."},{"lang":"es","value":"Por defecto, los procesos enjaulados no pueden montar sistemas de archivos, incluyendo nullfs(4). Sin embargo, la opción allow.mount.nullfs permite montar sistemas de archivos nullfs, sujeto a comprobaciones de privilegios.\n\nSi un usuario privilegiado dentro de una jaula es capaz de montar directorios con nullfs, una limitación de la lógica de búsqueda de rutas del kernel permite a ese usuario escapar del chroot de la jaula, lo que otorga acceso al sistema de archivos completo del anfitrión o de la jaula padre.\n\nEn una jaula configurada para permitir montajes de nullfs(4) desde dentro de la jaula, el usuario root enjaulado puede escapar de la raíz del sistema de archivos de la jaula."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.0,"impactScore":6.0},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.0,"impactScore":6.0}]},"weaknesses":[{"source":"secteam@freebsd.org","type":"Secondary","description":[{"lang":"en","value":"CWE-269"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:13.5:-:*:*:*:*:*:*","matchCriteriaId":"947F561E-AD65-43B9-94C1-3109A3D35248"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:13.5:p1:*:*:*:*:*:*","matchCriteriaId":"3D1987F1-1E08-4B28-8D16-D25A091D99ED"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:13.5:p2:*:*:*:*:*:*","matchCriteriaId":"BEC1E8A0-0402-45F1-938D-FEFDCFC3E747"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:13.5:p3:*:*:*:*:*:*","matchCriteriaId":"D94457D6-738F-4ABB-BD46-F2B621531FE2"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:13.5:p4:*:*:*:*:*:*","matchCriteriaId":"8C38CB56-B80C-4D1B-9267-16E8F985B170"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:13.5:p5:*:*:*:*:*:*","matchCriteriaId":"13DF1E38-5E8D-42FF-A4C5-092300864F3E"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:13.5:p6:*:*:*:*:*:*","matchCriteriaId":"83A86F81-0965-4600-835A-496756137998"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:13.5:p7:*:*:*:*:*:*","matchCriteriaId":"987E31A4-7E21-471E-A3EA-4E53FFDB3DFB"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:13.5:p8:*:*:*:*:*:*","matchCriteriaId":"9FBFE8B3-DC7C-4394-B062-C40E201EC059"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:14.3:-:*:*:*:*:*:*","matchCriteriaId":"9DC7C54E-58AF-4ADE-84AF-0EF0F325E20E"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:14.3:p1:*:*:*:*:*:*","matchCriteriaId":"D3D22B8C-36CF-4800-9673-0B0240558BDD"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:14.3:p2:*:*:*:*:*:*","matchCriteriaId":"242FA2A8-5D7D-4617-A411-2651FF3A3E4C"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:14.3:p3:*:*:*:*:*:*","matchCriteriaId":"40573F60-F3B7-4AEC-846A-B08E5B7D9D00"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:14.3:p4:*:*:*:*:*:*","matchCriteriaId":"1FB832CE-0A98-44A2-8BAC-CD38A64279B6"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:14.3:p5:*:*:*:*:*:*","matchCriteriaId":"9A785F8E-C218-41AE-8D57-BF06DDAEF7CB"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:14.3:p6:*:*:*:*:*:*","matchCriteriaId":"C3909FDD-B2A2-45B6-A40B-1D303A717F15"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:14.3:p7:*:*:*:*:*:*","matchCriteriaId":"720597A2-F181-46E1-8A0D-097E17ADC4FB"}]}]}],"references":[{"url":"https://security.freebsd.org/advisories/FreeBSD-SA-26:02.jail.asc","source":"secteam@freebsd.org","tags":["Vendor Advisory"]}]}}]}