CVE-2025-2515

HIGH(7.2)

CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

Risk Signal Score18/100 — NIEDRIG

CVSS 7.2 — Hoch

EPSS-Score

Exploit-Wahrscheinlichkeit (30 Tage)

CVSS Score

7.2

Technische Schwere

Beschreibung

A vulnerability was found in BlueChi, a multi-node systemd service controller used in RHIVOS. This flaw allows a user with root privileges on a managed node (qm) to create or override systemd service unit files that affect the host node. This issue can lead to privilege escalation, unauthorized service execution, and potential system compromise.

Referenzen

https://access.redhat.com/security/cve/CVE-2025-2515
https://bugzilla.redhat.com/show_bug.cgi?id=2353313
https://github.com/eclipse-bluechi/bluechi/commit/fe0d28301ce2bd45f0b1d8a98a94ef...
https://github.com/eclipse-bluechi/bluechi/issues/1069
https://github.com/eclipse-bluechi/bluechi/pull/1073