{"id":"RLSA-2026:18597","summary":"Low: NetworkManager security update","details":"NetworkManager is a system network service that manages network devices and connections, attempting to keep active network connectivity when available. Its capabilities include managing Ethernet, wireless, mobile broadband (WWAN), and PPPoE devices, as well as providing VPN integration with a variety of different VPN services.\n\nSecurity Fix(es):\n\n* networkmanagr: NetworkManager File Access (CVE-2025-9615)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Rocky Linux 9 Release Notes linked from the References section.","modified":"2026-05-28T16:00:18.667104789Z","published":"2026-05-28T15:43:06.024531Z","upstream":["CVE-2025-9615"],"references":[{"type":"ADVISORY","url":"https://errata.rockylinux.org/RLSA-2026:18597"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2391503"}],"affected":[{"package":{"name":"NetworkManager","ecosystem":"Rocky Linux:9","purl":"pkg:rpm/rocky-linux/NetworkManager?distro=rocky-linux-9&epoch=1"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1:1.54.3-2.el9"}],"database_specific":{"yum_repository":"BaseOS"}}],"database_specific":{"source":"https://storage.googleapis.com/resf-osv-data/RLSA-2026:18597.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"}],"credits":[{"name":"Rocky Enterprise Software Foundation"},{"name":"Red Hat"}]}