CVE-2025-2312

MEDIUM Year: 2025
CVSS v3 Score
5.9
Medium
Weakness Type
CWE-488
View all →

Vulnerability Description

A flaw was found in cifs-utils. When trying to obtain Kerberos credentials, the cifs.upcall program from the cifs-utils package makes an upcall to the wrong namespace in containerized environments. This issue may lead to disclosing sensitive data from the host's Kerberos credentials cache.

Related Vulnerabilities

CVE-2024-7049

MEDIUM
CVSS:5.4(Medium)

In version v0.3.8 of open-webui/open-webui, a vulnerability exists where a token is returned when a user with a pending role logs in. This allows the user to perform actions without admin confirmation...

CWE-4882024

CVE-2024-11094

MEDIUM
CVSS:5.3(Medium)

The 404 Solution plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.35.17 via the export feature. This makes it possible for unauthenticated a...

CWE-4882024

CVE-2025-27606

MEDIUM
CVSS:5.1(Medium)

Element Android is an Android Matrix Client provided by Element. Element Android up to version 1.6.32 can, under certain circumstances, fail to logout the user if they input the wrong PIN more than th...

CWE-4882025

CVE-2024-1223

MEDIUM
CVSS:4.8(Medium)

This vulnerability potentially allows unauthorized enumeration of information from the embedded device APIs. An attacker must already have existing knowledge of some combination of valid usernames, de...

CWE-4882024

CVE-2023-6519

HIGH
CVSS:7.5(High)

Exposure of Data Element to Wrong Session vulnerability in Mia Technology Inc. MİA-MED allows Read Sensitive Strings Within an Executable.This issue affects MİA-MED: before 1.0.7.

CWE-4882023

CVE-2024-5148

HIGH
CVSS:7.5(High)

A flaw was found in the gnome-remote-desktop package. The gnome-remote-desktop system daemon performs inadequate validation of session agents using D-Bus methods related to transitioning a client conn...

CWE-4882024