CVE-2025-15576
Published: 09 March 2026
Summary
CVE-2025-15576 is a high-severity Improper Privilege Management (CWE-269) vulnerability in Freebsd Freebsd. Its CVSS base score is 7.5 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 6.7th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SC-39 (Process Isolation) and SC-4 (Information in Shared System Resources).
Deeper analysis
CVE-2025-15576 is a jail isolation bypass vulnerability in the FreeBSD kernel's jail subsystem. It affects configurations where two sibling jails are restricted to separate filesystem trees—meaning neither jail root directory is an ancestor of the other—but a shared directory is accessible via a nullfs mount. In such setups, jailed processes can exchange directory file descriptors over a unix domain socket connection. During filesystem name lookups, the kernel fails to properly validate if a descriptor-referenced directory descends below the current process's jail root, enabling access to paths outside the jail's chroot boundary.
Exploitation requires local access (AV:L) with low privileges (PR:L) and high attack complexity (AC:H), typically involving cooperating processes across the two sibling jails to establish a unix domain socket and pass directory descriptors. Successful exploitation grants the jailed process full filesystem access, resulting in high confidentiality (C:H) and integrity (I:H) impacts with changed scope (S:C) but no availability impact (A:N), as scored at CVSS 7.5 (CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N). The vulnerability is linked to CWE-269 (Privilege Context Switching Error), CWE-488 (Exposure of Data Element to Wrong Session), and CWE-790 (Incomplete Filtering of File Descriptors).
The FreeBSD Security Advisory at https://security.freebsd.org/advisories/FreeBSD-SA-26:04.jail.asc details the issue and provides patches. Even with patches applied, administrators must ensure unprivileged users on the jail host cannot pass directory descriptors to jailed processes.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-208409
Vulnerability details
If two sibling jails are restricted to separate filesystem trees, which is to say that neither of the two jail root directories is an ancestor of the other, jailed processes may nonetheless be able to access a shared directory via…
more
a nullfs mount, if the administrator has configured one. In this case, cooperating processes in the two jails may establish a connection using a unix domain socket and exchange directory descriptors with each other. When performing a filesystem name lookup, at each step of the lookup, the kernel checks whether the lookup would descend below the jail root of the current process. If the jail root directory is not encountered, the lookup continues. In a configuration where processes in two different jails are able to exchange file descriptors using a unix domain socket, it is possible for a jailed process to receive a directory for a descriptor that is below that process' jail root. This enables full filesystem access for a jailed process, breaking the chroot. Note that the system administrator is still responsible for ensuring that an unprivileged user on the jail host is not able to pass directory descriptors to a jailed process, even in a patched kernel.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Jail isolation bypass via kernel descriptor validation flaw directly enables container-like escape (T1611) and local privilege escalation (T1068) to full host filesystem access.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Timely flaw remediation through application of the FreeBSD kernel patch directly corrects the filesystem name lookup validation failure for exchanged directory descriptors in jails.
Prevents unauthorized transfer of directory file descriptors between sibling jails via shared system resources such as nullfs mounts and unix domain sockets.
Enforces process isolation to block cooperating jailed processes from bypassing chroot boundaries through descriptor exchange over unix domain sockets.