Cyber Resilience

CVE-2025-21863

HighUpdated

Published: 12 March 2025

Published
12 March 2025
Modified
01 June 2026
KEV Added
Patch
CVSS Score v3.1 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0001 1.4th percentile
Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-21863 is a high-severity an unspecified weakness vulnerability in Linux Linux Kernel. Its CVSS base score is 7.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 1.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2025-21863 is a vulnerability in the Linux kernel's io_uring subsystem that enables opcode speculation. The issue arises because the sqe->opcode field is used across different tables without sanitization against speculative execution, potentially allowing unintended behavior during processor speculation.

A local attacker with low privileges can exploit this vulnerability with low attack complexity and no user interaction. Exploitation leads to high impacts on confidentiality, integrity, and availability, as reflected in the CVSS 3.1 score of 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).

Mitigation is provided through stable kernel patches, including commits 1e988c3fe1264708f4f92109203ac5b1d65de50b, 506b9b5e8c2d2a411ea8fe361333f5081c56d23a, b9826e3b26ec031e9063f64a7c735449c43955e4, and fdbfd52bd8b85ed6783365ff54c82ab7067bd61b available on git.kernel.org. Security practitioners should update affected Linux kernel versions to incorporate these fixes.

EU & UK References

Vulnerability details

In the Linux kernel, the following vulnerability has been resolved: io_uring: prevent opcode speculation sqe->opcode is used for different tables, make sure we santitise it against speculations.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
Why these techniques?

Local kernel vulnerability in io_uring enabling speculative execution of unsanitized opcodes allows low-privileged attackers to achieve high-impact effects on confidentiality, integrity, and availability, directly facilitating privilege escalation to root.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2025-71152Same product: Linux Linux Kernel
CVE-2026-23111Same product: Linux Linux Kernel
CVE-2026-31530Same product: Linux Linux Kernel
CVE-2026-23387Same product: Linux Linux Kernel
CVE-2025-21856Same product: Linux Linux Kernel
CVE-2025-21727Same product: Linux Linux Kernel
CVE-2026-23275Same product: Linux Linux Kernel
CVE-2026-31401Same product: Linux Linux Kernel
CVE-2024-57980Same product: Linux Linux Kernel
CVE-2026-23437Same product: Linux Linux Kernel

Affected Assets

linux
linux kernel
6.14 · 5.6 — 6.6.80 · 6.7 — 6.12.17 · 6.13 — 6.13.5

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly mitigates CVE-2025-21863 by identifying, reporting, and applying the specified Linux kernel patches that sanitize sqe->opcode against speculative execution.

prevent

Requires validation of sqe->opcode inputs to the io_uring subsystem, preventing speculative execution of unsanitized opcodes leading to unintended behavior.

prevent

Provides memory protections such as data execution prevention and address space randomization that reduce the impact of speculative execution vulnerabilities like opcode speculation in io_uring.

References