Bluechi: privilege escalation in bluechi via unrestricted cross-node systemd dependencies

7.2 / 10

HIGH

CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

Description

A vulnerability was found in BlueChi, a multi-node systemd service controller used in RHIVOS. This flaw allows a user with root privileges on a managed node (qm) to create or override systemd service unit files that affect the host node. This issue can lead to privilege escalation, unauthorized service execution, and potential system compromise.

Basic Information

ID CVE-2025-2515

Source redhat

Published Dec 24, 2025 at 16:21

Modified Dec 24, 2025 at 16:48

Affected Product

Vendor Eclipse Foundation

Product BlueChi

Affected Versions Eclipse Foundation BlueChi 0

CWE Classification

CWE-863

References

{
    "lastseen": "",
    "description": "A vulnerability was found in BlueChi, a multi-node systemd service controller used in RHIVOS. This flaw allows a user with root privileges on a managed node (qm) to create or override systemd service unit files that affect the host node. This issue can lead to privilege escalation, unauthorized service execution, and potential system compromise.",
    "published": "2025-12-24T16:21:54.365Z",
    "modified": "2025-12-24T16:48:19.891Z",
    "type": "cve",
    "title": "Bluechi: privilege escalation in bluechi via unrestricted cross-node systemd dependencies",
    "source": "redhat",
    "references": "https://access.redhat.com/security/cve/CVE-2025-2515\nhttps://bugzilla.redhat.com/show_bug.cgi?id=2353313\nhttps://github.com/eclipse-bluechi/bluechi/commit/fe0d28301ce2bd45f0b1d8a98a94efef799fbc73#diff-64140c83db42a8888f346a40de293b80f79ebf7d75ce4137b22567e360bce607\nhttps://github.com/eclipse-bluechi/bluechi/issues/1069\nhttps://github.com/eclipse-bluechi/bluechi/pull/1073",
    "id": "CVE-2025-2515",
    "bulletinFamily": "",
    "cwe": [
        "CWE-863"
    ],
    "cvelist": null,
    "sourceData": "Eclipse Foundation BlueChi 0",
    "sourceHref": "",
    "cvss": {
        "score": 7.2,
        "severity": "HIGH",
        "vector": "CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "BlueChi",
    "version": "0",
    "vendor": "Eclipse Foundation",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Bluechi: privilege escalation in bluechi via unrestricted cross-node systemd dependencies_CVE-2025-2515