CVE-2025-15547
Published Mar 9, 2026
Last updated 7 hours ago
- Description
- By default, jailed processes cannot mount filesystems, including nullfs(4). However, the allow.mount.nullfs option enables mounting nullfs filesystems, subject to privilege checks. If a privileged user within a jail is able to nullfs-mount directories, a limitation of the kernel's path lookup logic allows that user to escape the jail's chroot, yielding access to the full filesystem of the host or parent jail. In a jail configured to allow nullfs(4) mounts from within the jail, the jailed root user can escape the jail's filesystem root.
- Source
- secteam@freebsd.org
- NVD status
- Awaiting Analysis
- secteam@freebsd.org
- CWE-269
- Hype score
- Not currently trending
CVE-2025-15547 Jail Escape Vulnerability in FreeBSD via NullFS Mount Path Lookup Logic https://t.co/FSgA3ILuri
@VulmonFeeds
9 Mar 2026
23 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
The severity is increased for this new vulnerability affecting FreeBSD (CVE-2025-15547) https://t.co/EPDgDaNNQh
@vuldb
9 Mar 2026
68 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
multiple jail escapes in freebsd in the past month -neither of which being flagged in your favorite scanners - CVE-2025-15576 , CVE-2025-15547 If you stronger isolation - you need unikernels. https://t.co/8UMDkVw8WN
@nanovms
24 Feb 2026
157 Impressions
0 Retweets
2 Likes
0 Bookmarks
0 Replies
0 Quotes