Arbitrary Code Execution Vulnerability in libnbd by Red Hat
CVE-2025-14946

4.8MEDIUM

Key Information:

Vendor

Red Hat
Status
Libnbd
Red Hat Enterprise Linux 10
Red Hat Enterprise Linux 8
Red Hat Enterprise Linux 9
Vendor
CVE Published:
19 December 2025

What is CVE-2025-14946?

A security flaw observed in libnbd could allow a malicious actor to exploit the software by persuading it to open a specially crafted Uniform Resource Identifier (URI). This vulnerability is particularly concerning as it involves non-standard hostnames that begin with '-o', which are mistakenly processed as arguments for the Secure Shell (SSH) process instead of legitimate hostnames. If exploited, this can result in the execution of arbitrary code with the same privileges as the user running the libnbd process.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

libnbd 1.22.0 < 1.22.5

libnbd 1.23.0 < 1.23.9

References

https://access.redhat.com/security/cve/CVE-2025-14946
vdb-entryx_refsource_REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=2423789
issue-trackingx_refsource_REDHAT
https://libguestfs.org/libnbd-release-notes-1.24.1.html#S...

CVSS V3.1

Score:
4.8
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.