Privilege Escalation Vulnerability in BlueChi Systemd Service Controller
CVE-2025-2515

7.2HIGH

Key Information:

Vendor

Eclipse Foundation

Status
Bluechi
Vendor
CVE Published:
24 December 2025

What is CVE-2025-2515?

A flaw in BlueChi, a multi-node systemd service controller utilized in RHIVOS, enables users with root privileges on a managed node to create or overwrite systemd service unit files. This vulnerability poses significant risks, including unauthorized execution of services and could potentially lead to compromises within the host system. Administrators should be aware of this flaw and take necessary precautions to mitigate potential threats.

Affected Version(s)

BlueChi 0 < 1.0.0

References

https://access.redhat.com/security/cve/CVE-2025-2515
vdb-entryx_refsource_REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=2353313
issue-trackingx_refsource_REDHAT
https://github.com/eclipse-bluechi/bluechi/commit/fe0d283...

CVSS V3.1

Score:
7.2
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Physical
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Red Hat would like to thank Thibault Guittet (RedHat) and Todd Cullum (RedHat) for reporting this issue.
JSON
.
CVE-2025-2515 : Privilege Escalation Vulnerability in BlueChi Systemd Service Controller