Cyber Resilience

CVE-2025-1272

High

Published: 18 February 2026

Published
18 February 2026
Modified
15 April 2026
KEV Added
Patch
CVSS Score v3.1 7.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H
EPSS Score 0.0023 13.9th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2025-1272 is a high-severity Missing Authentication for Critical Function (CWE-306) vulnerability. Its CVSS base score is 7.7 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Kernel Modules and Extensions (T1547.006); ranked at the 13.9th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 CM-14 (Signed Components) and CM-6 (Configuration Settings).

Deeper analysis

CVE-2025-1272 is a vulnerability in the Linux kernel's lockdown mode, affecting kernel versions 6.12 and above specifically on Fedora Linux. In these versions, lockdown mode is disabled without any warning to users, undermining intended security protections. This issue, classified under CWE-306 (Missing Authentication for Critical Function), carries a CVSS v3.1 base score of 7.7 (AV:L/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H) and was published on 2026-02-18.

A local attacker with high privileges (PR:H) can exploit this vulnerability, which requires low complexity and user interaction. Successful exploitation allows access to sensitive kernel information, including memory mappings, I/O ports, BPF programs, and kprobes. Additionally, attackers can load unsigned kernel modules, enabling execution of untrusted code and bypassing Secure Boot protections.

Red Hat advisories provide mitigation details, including errata RHSA-2025:6966, which addresses the issue for affected Fedora systems. Further technical details are available in the CVE security advisory at https://access.redhat.com/security/cve/CVE-2025-1272 and the upstream Bugzilla report at https://bugzilla.redhat.com/show_bug.cgi?id=2345615. Administrators should apply the relevant patches promptly to re-enable proper lockdown functionality.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

The Linux Kernel lockdown mode for kernel versions starting on 6.12 and above for Fedora Linux has the lockdown mode disabled without any warning. This may allow an attacker to gain access to sensitive information such kernel memory mappings, I/O…

more

ports, BPF and kprobes. Additionally unsigned modules can be loaded, leading to execution of untrusted code breaking breaking any Secure Boot protection. This vulnerability affects only Fedora Linux.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1547.006 Kernel Modules and Extensions Persistence
Adversaries may modify the kernel to automatically execute programs on system boot.
T1553.002 Code Signing Defense Impairment
Adversaries may create, acquire, or steal code signing materials to sign their malware or tools.
T1685 Disable or Modify Tools Defense Impairment
Adversaries may disable, degrade, or tamper with security tools or applications (e.
Why these techniques?

Directly disables kernel lockdown, enabling unsigned module loading (T1547.006), code signing bypass for Secure Boot (T1553.002), and impairment of kernel security defenses (T1562.001).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2024-8053Shared CWE-306
CVE-2026-39987Shared CWE-306
CVE-2026-25775Shared CWE-306
CVE-2024-23943Shared CWE-306
CVE-2019-25236Shared CWE-306
CVE-2022-50978Shared CWE-306
CVE-2025-9254Shared CWE-306
CVE-2025-40771Shared CWE-306
CVE-2024-13185Shared CWE-306
CVE-2026-24790Shared CWE-306

Affected Assets

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly mitigates the vulnerability by requiring timely patching, such as RHSA-2025:6966, to re-enable kernel lockdown mode and prevent exploitation.

prevent

Ensures kernel configuration settings enforce lockdown mode activation and restrictions on sensitive kernel access, directly countering the disabled-by-default issue.

prevent

Requires signed kernel modules to block loading of unsigned modules, preventing execution of untrusted code and Secure Boot bypass.

References