CVE-2025-2515

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2025-2515

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-2515.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2025-2515

Published

2025-12-24T17:15:47.293Z

Modified

2025-12-31T09:57:29.749855Z

Severity

7.2 (High) CVSS_V3 - CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

A vulnerability was found in BlueChi, a multi-node systemd service controller used in RHIVOS. This flaw allows a user with root privileges on a managed node (qm) to create or override systemd service unit files that affect the host node. This issue can lead to privilege escalation, unauthorized service execution, and potential system compromise.

References

Affected packages

Git / github.com/eclipse-bluechi/bluechi

Affected ranges

Type: GIT
Repo: https://github.com/eclipse-bluechi/bluechi
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

fe0d28301ce2bd45f0b1d8a98a94efef799fbc73

Affected versions

v0.*

v0.1.0

v0.10.0

v0.2.0

v0.2.1

v0.3.0

v0.4.0

v0.5.0

v0.6.0

v0.7.0

v0.8.0

v0.9.0

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-2515.json"