CVE-2025-2515

Published: Dec 24, 2025Modified: Dec 29, 2025

7.2

Vector

CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

Exploitability: 0.5 / Impact: 6.0

Source: secalert@redhat.com

Description

A vulnerability was found in BlueChi, a multi-node systemd service controller used in RHIVOS. This flaw allows a user with root privileges on a managed node (qm) to create or override systemd service unit files that affect the host node. This issue can lead to privilege escalation, unauthorized service execution, and potential system compromise.

Related CWEs

CWE-863

Incorrect Authorization

The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.

References (5)

https://access.redhat.com/security/cve/CVE-2025-2515

Source: secalert@redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=2353313

Source: secalert@redhat.com

https://github.com/eclipse-bluechi/bluechi/commit/fe0d28301ce2bd45f0b1d8a98a94efef799fbc73#diff-64140c83db42a8888f346a40de293b80f79ebf7d75ce4137b22567e360bce607

Source: secalert@redhat.com

https://github.com/eclipse-bluechi/bluechi/issues/1069

Source: secalert@redhat.com

https://github.com/eclipse-bluechi/bluechi/pull/1073

Source: secalert@redhat.com

Timeline

No history available yet.