{"id":"AZL-59273","summary":"CVE-2025-2312 affecting package cifs-utils for versions less than 6.14-3","details":"A flaw was found in cifs-utils. When trying to obtain Kerberos credentials, the cifs.upcall program from the cifs-utils package makes an upcall to the wrong namespace in containerized environments. This issue may lead to disclosing sensitive data from the host's Kerberos credentials cache.","modified":"2026-04-01T05:19:51.357913Z","published":"2025-03-25T18:15:34Z","upstream":["CVE-2025-2312"],"references":[{"type":"WEB","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-2312"}],"affected":[{"package":{"name":"cifs-utils","ecosystem":"Azure Linux:2","purl":"pkg:rpm/azure-linux/cifs-utils"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"6.14-3"}]}],"database_specific":{"source":"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-59273.json"}}],"schema_version":"1.7.5"}