Vulnerability in Udisks Daemon Affects Red Hat Products
CVE-2025-8067

8.5HIGH

Key Information:

Vendor: Red Hat
Status: Red Hat Enterprise Linux 10; Red Hat Enterprise Linux 6; Red Hat Enterprise Linux 7; Red Hat Enterprise Linux 8
Vendor: CVE Published:; 28 August 2025

What is CVE-2025-8067?

A security flaw discovered in the Udisks daemon allows unprivileged users to create loop devices via the D-BUS interface. The vulnerability arises because the daemon fails to properly validate the lower bounds of the index parameter, enabling potential access to privileged files or causing the service to crash. This issue emphasizes the need for stringent input validation mechanisms to safeguard against unauthorized access and privilege escalation.

References

https://access.redhat.com/security/cve/CVE-2025-8067

vdb-entryx_refsource_REDHAT

https://bugzilla.redhat.com/show_bug.cgi?id=2388623

issue-trackingx_refsource_REDHAT

CVSS V3.1

Score:

8.5

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 28, 2025
Vulnerability Reserved
Jul 22, 2025

Credit

Red Hat would like to thank Michael Imfeld (born0monday) for reporting this issue.