What is CVE-2025-71292?

A medium-severity vulnerability has been identified in the Linux kernel, specifically concerning the jfs: nlink overflow in jfs_rename function. Organizations should prioritize remediation due to potential availability impacts.

What is the severity of CVE-2025-71292?

CVE-2025-71292 has a severity rating of MEDIUM with a CVSS base score of 5.5.

CVE-2025-71292 | Medium Vulnerability in Linux Kernel

In the Linux kernel, a vulnerability has been resolved concerning the jfs: nlink overflow in the jfs_rename function. This vulnerability arises when the nlink for a directory is maximal (-1). If a rename operation is performed within that directory on a child directory, the nlink is incremented and then decremented. While this operation is typically harmless, when nlink equals -1, it results in a wrap-around to 0, triggering a warning from drop_nlink. After applying the patch, syzbot no longer issues warnings, and basic filesystem tests showed no regressions.

The severity of this vulnerability is classified as medium, with a CVSS score of 5.5. This score indicates a moderate level of risk, as the vulnerability can impact the availability of the system without requiring high privileges or user interaction. Organizations utilizing affected versions of the Linux kernel must take this issue seriously and prioritize patching to avoid potential disruptions.

The attack vector for this vulnerability is local, and the attack complexity is low, meaning that an attacker with low privileges can exploit this flaw without needing user interaction. Given the implications for availability, organizations should address this vulnerability promptly.

Organizations should prioritize patching immediately.

Vulnerability Details

The official description of this vulnerability indicates that it affects the Linux kernel, specifically the jfs: nlink overflow in jfs_rename. The CVSS score of 5.5 reflects a medium severity level, as it poses a potential risk to the availability of systems running affected versions. The vulnerability was published on May 6, 2026, and is classified as analyzed.

Technical Analysis

The root cause of this vulnerability is an overflow condition in the jfs_rename function. When nlink reaches its maximum value of -1, subsequent operations can cause issues due to the wrap-around effect. The attack vector is local, requiring low privileges to exploit. The attack complexity is low, and no user interaction is needed. While this vulnerability does not impact confidentiality or integrity, it does significantly affect availability.

Risk & Impact Analysis

The real-world deployment risk associated with this vulnerability is notable due to the potential for availability disruptions. Organizations utilizing the affected Linux kernel versions should understand that the blast radius could be significant, impacting system performance and availability. Given the CVSS score and the fact that it is not included in the KEV catalog, organizations must assess their specific environments and prioritize this issue accordingly.

Exploitation Status

Signal	Status
Known Exploit	No
Public PoC	No
Actively Exploited	No
Ransomware Use	No

Affected Versions

The vulnerability affects multiple versions of the Linux kernel, specifically versions starting from 2.6.12.1 up to but not including 5.10.252, as well as several other version ranges leading up to 6.19.6. Organizations should ensure they apply the necessary patches to all affected versions.

Mitigation & Remediation

To mitigate this vulnerability, organizations should immediately apply the relevant patches provided by the Linux kernel maintainers. It is crucial to ensure that all systems running affected versions are updated to the latest version to prevent potential disruptions.

For further validation of remediation effectiveness, organizations should consider continuous penetration testing to identify similar weaknesses.

Detection Guidance

Organizations should monitor logs for anomalies that could indicate attempts to exploit this vulnerability. Additionally, tracking behavioral patterns associated with the jfs_rename function may reveal potential exploitation efforts.

AppSecure Threat Intelligence Insight

The long-term significance of this vulnerability lies in its representation of how local attacks can exploit vulnerabilities in filesystem management. Security teams should take note of this trend and ensure they are implementing best practices in code review and testing for similar issues.

For further insights, organizations can explore our guide on penetration testing methodology and understand how to incorporate continuous security practices into development.

Additionally, reviewing the latest trends in vulnerability management programs can help fortify organizational defenses.

In conclusion, understanding and addressing vulnerabilities such as CVE-2025-71292 is critical for maintaining the security posture of any organization leveraging Linux systems.

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

CVE ID	Title	Severity	Vulnerability Type	Published
CVE-2025-65418	CVE-2025-65418: High Vulnerability in docuFORM Managed Print Service Client	HIGH	Path Traversal	May 11, 2026
CVE-2025-65417	CVE-2025-65417: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	XSS	May 11, 2026
CVE-2025-65416	CVE-2025-65416: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Unrestricted File Upload	May 11, 2026
CVE-2025-65415	CVE-2025-65415: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Session Fixation	May 11, 2026
CVE-2025-61314	CVE-2025-61314: High Vulnerability in GmbH Mecury Managed Print Services	HIGH	XSS	May 11, 2026

CVE-2025-71292: Medium Vulnerability in Linux Kernel