CVE-2025-2515

Bluechi: privilege escalation in bluechi via unrestricted cross-node systemd dependencies

CVSS 7.2 HIGHEPSS 0.2%CWE-863

Vexday Risk Score

21Low

SSVC decision (CISA)

Track

No exploitation signal → monitor

CVSS 7.2EPSS 0.2%KEV nãoPoC —Nuclei —Metasploit —Patch —

Lifecycle

24 Dec 2025Published on NVD

Recommendation: Monitor — no exploitation signal at the moment.

A vulnerability was found in BlueChi, a multi-node systemd service controller used in RHIVOS. This flaw allows a user with root privileges on a managed node (qm) to create or override systemd service unit files that affect the host node. This issue can lead to privilege escalation, unauthorized service execution, and potential system compromise.

CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

Affected products

Eclipse Foundation · BlueChi Red Hat · Red Hat In-Vehicle Operating System 1

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://access.redhat.com/security/cve/CVE-2025-2515 https://bugzilla.redhat.com/show_bug.cgi?id=2353313 https://github.com/eclipse-bluechi/bluechi/commit/fe0d28301ce2bd45f0b1d8a98a94efef799fbc73#diff-64140c83db42a8888f346a40de293b80f79ebf7d75ce4137b22567e360bce607 https://github.com/eclipse-bluechi/bluechi/issues/1069 https://github.com/eclipse-bluechi/bluechi/pull/1073