CVE-2024-25940

CVE-2024-25940 is a medium-severity vulnerability in Freebsd with a CVSS 3.x base score of 6.3. It is not currently listed as actively exploited by CISA, and its EPSS exploit-prediction score is low. The underlying weakness is classified as CWE-922.

Key facts

Description

`bhyveload -h <host-path>` may be used to grant loader access to the <host-path> directory tree on the host. Affected versions of bhyveload(8) do not make any attempt to restrict loader's access to <host-path>, allowing the loader to read any file the host user has access to. In the bhyveload(8) model, the host supplies a userboot.so to boot with, but the loader scripts generally come from the guest image. A maliciously crafted script could be used to exfiltrate sensitive data from the host accessible to the user running bhyhveload(8), which is often the system root.

Frequently asked questions

What is CVE-2024-25940?
`bhyveload -h <host-path>` may be used to grant loader access to the <host-path> directory tree on the host. Affected versions of bhyveload(8) do not make any attempt to restrict loader's access to <host-path>, allowing the loader to read any file the host user has access to. In the bhyveload(8) model, the host supplies a userboot.so to boot with, but the loader scripts generally come from the guest image. A maliciously crafted script could be used to exfiltrate sensitive data from the host accessible to the user running bhyhveload(8), which is often the system root.
How severe is CVE-2024-25940?
CVE-2024-25940 has a CVSS 3.x base score of 6.3, rated medium severity. It is exploitable over network with low attack complexity, requires low privileges and no user interaction. Impact on confidentiality is low, integrity low, and availability low.
Is CVE-2024-25940 being actively exploited?
It is not currently listed in CISA's KEV catalog. Its EPSS exploit-prediction score is 1% (40th percentile), an estimate of the probability of exploitation in the next 30 days.
What products are affected by CVE-2024-25940?
CVE-2024-25940 primarily affects Freebsd. In total, 17 product configurations (CPEs) are listed as vulnerable; see the affected-products list for the exact versions.
How do I fix CVE-2024-25940?
Review the linked vendor and NVD advisories for patched versions and mitigations, then upgrade or apply the recommended workaround.
Does CVE-2024-25940 have an EU (EUVD) identifier?
Yes. CVE-2024-25940 is tracked in the ENISA EU Vulnerability Database (EUVD) as EUVD-2024-23242.
When was CVE-2024-25940 published?
CVE-2024-25940 was published on 2024-02-15 and last updated on 2026-06-17.

References

Affected products (17)

More vulnerabilities in Freebsd

All CVEs affecting Freebsd →

Other CWE-922 vulnerabilities

Browse all CWE-922 vulnerabilities →