Bug 2391503 (CVE-2025-9615)

Summary: CVE-2025-9615 NetworkManager: NetworkManager File Access
Product: [Other] Security Response Reporter: OSIDB Bzimport <bzimport>
Component: vulnerabilityAssignee: Product Security DevOps Team <prodsec-dev>
Status: NEW --- QA Contact:
Severity: low Docs Contact:
Priority: low    
Version: unspecifiedCC: security-response-team
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: ---
Doc Text:
A flaw was found in NetworkManager. The NetworkManager package allows access to files that may belong to other users. NetworkManager allows non-root users to configure the system's network. The daemon runs with root privileges and can access files owned by users different from the one who added the connection.
Story Points: ---
Clone Of: Environment:
Last Closed: Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Deadline: 2025-12-12   

Description OSIDB Bzimport 2025-08-28 16:04:19 UTC
A flaw was found in NetworkManager. NetworkManager package allows access files that may belong to other users. NetworkManager allows non-root users to configure the network on the system. The daemon runs as root and, as such, is able to access files that are owned by users different from the one who added the connection.

Comment 2 errata-xmlrpc 2026-05-19 08:37:26 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 10

Via RHSA-2026:18142 https://access.redhat.com/errata/RHSA-2026:18142

Comment 3 errata-xmlrpc 2026-05-19 12:51:18 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2026:18597 https://access.redhat.com/errata/RHSA-2026:18597