CVE-2025-9615 – This CVE describes an improper preservation of ... (How to Fix)

Q: What is the severity of CVE-2025-9615?

CVE-2025-9615 has a CVSS score of 3.3 (LOW). This CVE describes an improper preservation of permissions vulnerability in NetworkManager where the daemon running with root privileges can access files belonging to other users when non-root users configure network connections. This affects Linux systems using NetworkManager for network configuration. The vulnerability could allow unauthorized file access but requires local user access to exploit.

📋 TL;DR

This CVE describes an improper preservation of permissions vulnerability in NetworkManager where the daemon running with root privileges can access files belonging to other users when non-root users configure network connections. This affects Linux systems using NetworkManager for network configuration. The vulnerability could allow unauthorized file access but requires local user access to exploit.

💻 Affected Systems

Products:

NetworkManager

Versions: Specific affected versions not specified in provided references, but likely multiple recent versions before fixes

Operating Systems: Linux distributions using NetworkManager (RHEL, Fedora, Ubuntu, Debian, etc.)

Default Config Vulnerable: ⚠️ Yes

Notes: Affects systems where NetworkManager is used for network configuration and non-root users are allowed to configure network connections.

⚠️ Manual Verification Required

This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.

Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).

🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.

Recommended Actions:

Review the CVE details at NVD
Check vendor security advisories for your specific version
Test if the vulnerability is exploitable in your environment
Consider updating to the latest version as a precaution

⚠️ Risk & Real-World Impact

🔴

Worst Case

A local attacker could potentially read sensitive files belonging to other users, including configuration files, credentials, or other protected data, leading to information disclosure or privilege escalation.

🟠

Likely Case

Limited information disclosure where a local user can access some files belonging to other users, but the impact is constrained by existing file permissions and system configuration.

🟢

If Mitigated

Minimal impact if proper file permissions are already in place and users follow principle of least privilege for sensitive files.

🌐 Internet-Facing: LOW - This vulnerability requires local access to exploit and cannot be triggered remotely.

🏢 Internal Only: MEDIUM - Local users on affected systems could potentially access files belonging to other users, but exploitation requires specific conditions and user interaction.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires local access and knowledge of specific file paths. The attacker needs to be able to configure network connections through NetworkManager.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check vendor-specific patches (refer to merge requests 2324 and 2327 for upstream fixes)

Vendor Advisory: https://access.redhat.com/security/cve/CVE-2025-9615

Restart Required: Yes

Instructions:

1. Check your distribution's security advisories. 2. Update NetworkManager package using your package manager (yum update NetworkManager, apt upgrade network-manager, etc.). 3. Restart NetworkManager service (systemctl restart NetworkManager). 4. Verify the update was successful.

🔧 Temporary Workarounds

Restrict network configuration permissions

linux

Limit which users can configure network connections through NetworkManager

# Review and modify NetworkManager permissions in /etc/NetworkManager/NetworkManager.conf
# Consider using polkit rules to restrict network configuration

Implement strict file permissions

linux

Ensure sensitive files have proper permissions to limit exposure

# Review file permissions for sensitive files: ls -la /path/to/sensitive/files
# Set appropriate permissions: chmod 600 sensitive_file
# Consider using access control lists for additional protection

🧯 If You Can't Patch

Restrict local user access to systems running vulnerable NetworkManager versions
Implement strict file system permissions and regularly audit file ownership and permissions

🔍 How to Verify

Check if Vulnerable:

Check NetworkManager version and compare against patched versions from your distribution's security advisory

Check Version:

nmcli --version or rpm -q NetworkManager or dpkg -l network-manager

Verify Fix Applied:

Verify NetworkManager package version matches or exceeds patched version from vendor advisory, then test network configuration functionality

📡 Detection & Monitoring

Log Indicators:

Unusual network configuration changes by non-privileged users in NetworkManager logs
Failed file access attempts in system logs

Network Indicators:

No network-based indicators as this is a local vulnerability

SIEM Query:

Search for NetworkManager configuration changes by non-root users or unusual file access patterns from NetworkManager process

📊 Metadata

CVE ID: CVE-2025-9615

CVSS v3 Score: 3.3 (LOW)

CVSS Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

CWE: CWE-281

EPSS Score: 0.01% exploit probability (0.2th percentile)

Published: January 26, 2026

Last Updated: January 27, 2026

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-9615, you might also want to check these: