CVE-2025-15576
Published Mar 9, 2026
Last updated 7 hours ago
- Description
- If two sibling jails are restricted to separate filesystem trees, which is to say that neither of the two jail root directories is an ancestor of the other, jailed processes may nonetheless be able to access a shared directory via a nullfs mount, if the administrator has configured one. In this case, cooperating processes in the two jails may establish a connection using a unix domain socket and exchange directory descriptors with each other. When performing a filesystem name lookup, at each step of the lookup, the kernel checks whether the lookup would descend below the jail root of the current process. If the jail root directory is not encountered, the lookup continues. In a configuration where processes in two different jails are able to exchange file descriptors using a unix domain socket, it is possible for a jailed process to receive a directory for a descriptor that is below that process' jail root. This enables full filesystem access for a jailed process, breaking the chroot. Note that the system administrator is still responsible for ensuring that an unprivileged user on the jail host is not able to pass directory descriptors to a jailed process, even in a patched kernel.
- Source
- secteam@freebsd.org
- NVD status
- Awaiting Analysis
- secteam@freebsd.org
- CWE-269
- Hype score
- Not currently trending
CVE-2025-15576 Jail Chroot Escape Vulnerability in FreeBSD 14.3 and 13.5 https://t.co/GgJTNM4uJn
@VulmonFeeds
9 Mar 2026
28 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
FreeBSD の脆弱性 CVE-2025-15576 が FIX:jail 環境からの完全な脱出を許す可能性 https://t.co/umdowmuqG6 FreeBSD の仮想化/分離機能である jail において、隔離された環境からホスト OS のファイルシステムへのアクセスが可
@iototsecnews
5 Mar 2026
136 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Urgent: Critical #FreeBSD vulnerability (CVE-2025-15576) allows jail escape and full system compromise. Administrators must patch immediately to secure systems. Link: https://t.co/vGpJJOHp68 #Security #Vulnerability #Patch #System #Admin #Exploit #Escape #Compromise #Urgent https
@dailytechonx
28 Feb 2026
6 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
FreeBSDに、隔離されたjail環境から攻撃者が脱出できてしまう重大な脆弱性(CVE-2025-15576)が発見されたようです。 FreeBSDの「jail」とは、プロセスを特定のディレクトリツリーに制限し、ホストシステムから隔
@omomuki_tech
27 Feb 2026
27 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
FreeBSD issues advisory on CVE-2025-15576, a critical jail escape bug that can crash entire systems and expose host filesystems. Admins should patch now via FreeBSD-SA-26:04.jail. #Vulnerability https://t.co/GKmjjGlh0X
@threatcluster
27 Feb 2026
45 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
FreeBSD sistemlerinde keşfedilen kritik CVE-2025-15576 zafiyeti, saldırganların izole edilmiş jail ortamlarından kaçarak tüm dosya sistemini ele geçirmesine neden oluyor. Geçici bir çözümü olmayan bu açık için acil yama gerekiyor. Haberin detayı: https://t.co/Vr
@KantanNewsX
27 Feb 2026
62 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Warning: Severe vulnerability in FreeBSD. CVE-2025-15576. Exploitation enables full filesystem access for a jailed process, breaking the chroot. More info: https://t.co/KlzyZbAMTp #Patch #Patch #Patch
@CCBalert
26 Feb 2026
194 Impressions
0 Retweets
1 Like
1 Bookmark
0 Replies
0 Quotes
FreeBSDにJail (chroot)エスケープが可能な脆弱性。CVE-2025-15576は親子関係にない2つのJailがnullfsマウント経由で共有のディレクトリにアクセス可能な場合に、Jailのroot外のファイルディスクリプタを取得可能なもの
@__kokumoto
26 Feb 2026
717 Impressions
1 Retweet
5 Likes
1 Bookmark
0 Replies
0 Quotes
FreeBSD patches a critical jail escape (CVE-2025-15576) and a kernel heap overflow (CVE-2026-3038). Learn how nullfs and routing sockets put hosts at risk. #FreeBSD #CyberSecurity #JailEscape #InfoSec #KernelSecurity #Vulnerability #SysAdmin #OpenSource https://t.co/vLTgtaQw1t
@the_yellow_fall
26 Feb 2026
250 Impressions
0 Retweets
1 Like
1 Bookmark
0 Replies
0 Quotes
multiple jail escapes in freebsd in the past month -neither of which being flagged in your favorite scanners - CVE-2025-15576 , CVE-2025-15547 If you stronger isolation - you need unikernels. https://t.co/8UMDkVw8WN
@nanovms
24 Feb 2026
157 Impressions
0 Retweets
2 Likes
0 Bookmarks
0 Replies
0 Quotes