CVE-2025-1272
Published: 18 February 2026
Summary
CVE-2025-1272 is a high-severity Missing Authentication for Critical Function (CWE-306) vulnerability. Its CVSS base score is 7.7 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Kernel Modules and Extensions (T1547.006); ranked at the 0.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 CM-14 (Signed Components) and CM-6 (Configuration Settings).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly mitigates the vulnerability by requiring timely patching, such as RHSA-2025:6966, to re-enable kernel lockdown mode and prevent exploitation.
Ensures kernel configuration settings enforce lockdown mode activation and restrictions on sensitive kernel access, directly countering the disabled-by-default issue.
Requires signed kernel modules to block loading of unsigned modules, preventing execution of untrusted code and Secure Boot bypass.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Directly disables kernel lockdown, enabling unsigned module loading (T1547.006), code signing bypass for Secure Boot (T1553.002), and impairment of kernel security defenses (T1562.001).
NVD Description
The Linux Kernel lockdown mode for kernel versions starting on 6.12 and above for Fedora Linux has the lockdown mode disabled without any warning. This may allow an attacker to gain access to sensitive information such kernel memory mappings, I/O…
more
ports, BPF and kprobes. Additionally unsigned modules can be loaded, leading to execution of untrusted code breaking breaking any Secure Boot protection. This vulnerability affects only Fedora Linux.
Deeper analysisAI
CVE-2025-1272 is a vulnerability in the Linux kernel's lockdown mode, affecting kernel versions 6.12 and above specifically on Fedora Linux. In these versions, lockdown mode is disabled without any warning to users, undermining intended security protections. This issue, classified under CWE-306 (Missing Authentication for Critical Function), carries a CVSS v3.1 base score of 7.7 (AV:L/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H) and was published on 2026-02-18.
A local attacker with high privileges (PR:H) can exploit this vulnerability, which requires low complexity and user interaction. Successful exploitation allows access to sensitive kernel information, including memory mappings, I/O ports, BPF programs, and kprobes. Additionally, attackers can load unsigned kernel modules, enabling execution of untrusted code and bypassing Secure Boot protections.
Red Hat advisories provide mitigation details, including errata RHSA-2025:6966, which addresses the issue for affected Fedora systems. Further technical details are available in the CVE security advisory at https://access.redhat.com/security/cve/CVE-2025-1272 and the upstream Bugzilla report at https://bugzilla.redhat.com/show_bug.cgi?id=2345615. Administrators should apply the relevant patches promptly to re-enable proper lockdown functionality.
Details
- CWE(s)