{"id":"CVE-2025-2312","details":"A flaw was found in cifs-utils. When trying to obtain Kerberos credentials, the cifs.upcall program from the cifs-utils package makes an upcall to the wrong namespace in containerized environments. This issue may lead to disclosing sensitive data from the host's Kerberos credentials cache.","modified":"2026-04-16T04:38:29.436076714Z","published":"2025-03-25T18:15:34.987Z","related":["SUSE-SU-2025:01614-1","SUSE-SU-2025:01620-1","SUSE-SU-2025:01640-1","SUSE-SU-2025:01707-1","SUSE-SU-2025:01919-1","SUSE-SU-2025:01951-1","SUSE-SU-2025:01964-1","SUSE-SU-2025:01967-1","SUSE-SU-2025:1381-1","SUSE-SU-2025:20192-1","SUSE-SU-2025:20206-1","SUSE-SU-2025:20270-1","SUSE-SU-2025:20283-1"],"references":[{"type":"WEB","url":"https://git.samba.org/?p=cifs-utils.git;a=commit;h=89b679228cc1be9739d54203d28289b03352c174"},{"type":"WEB","url":"https://web.git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/fs/smb?id=db363b0a1d9e6b9dc556296f1b1007aeb496a8cf"}],"affected":[{"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-2312.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N"}]}