Search
Find a vulnerability
Search criteria
2 vulnerabilities found for libnbd by Red Hat
CVE-2025-14946 (GCVE-0-2025-14946)
Vulnerability from nvd – Published: 2025-12-19 13:02 – Updated: 2025-12-22 21:28
VLAI
Title
Libnbd: libnbd: arbitrary code execution via ssh argument injection through a malicious uri
Summary
A flaw was found in libnbd. A malicious actor could exploit this by convincing libnbd to open a specially crafted Uniform Resource Identifier (URI). This vulnerability arises because non-standard hostnames starting with '-o' are incorrectly interpreted as arguments to the Secure Shell (SSH) process, rather than as hostnames. This could lead to arbitrary code execution with the privileges of the user running libnbd.
Severity
4.8 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-88 - Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://access.redhat.com/security/cve/CVE-2025-14946 | vdb-entryx_refsource_REDHAT |
| https://bugzilla.redhat.com/show_bug.cgi?id=2423789 | issue-trackingx_refsource_REDHAT |
| https://libguestfs.org/libnbd-release-notes-1.24.… |
Impacted products
5 products
| Vendor | Product | Version | |
|---|---|---|---|
| Red Hat | libnbd |
Affected:
1.22.0 , < 1.22.5
(semver)
Affected: 1.23.0 , < 1.23.9 (semver) |
|
| Red Hat | Red Hat Enterprise Linux 10 |
cpe:/o:redhat:enterprise_linux:10 |
|
| Red Hat | Red Hat Enterprise Linux 8 |
cpe:/o:redhat:enterprise_linux:8 |
|
| Red Hat | Red Hat Enterprise Linux 9 |
cpe:/o:redhat:enterprise_linux:9 |
|
| Red Hat | Red Hat OpenShift Virtualization 4 |
cpe:/a:redhat:container_native_virtualization:4 |
Date Public
2025-12-16 00:00
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-14946",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-19T15:13:18.624274Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-19T15:13:42.235Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://gitlab.com/nbdkit/libnbd",
"defaultStatus": "unaffected",
"packageName": "libnbd",
"product": "libnbd",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "1.22.5",
"status": "affected",
"version": "1.22.0",
"versionType": "semver"
},
{
"lessThan": "1.23.9",
"status": "affected",
"version": "1.23.0",
"versionType": "semver"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:10"
],
"defaultStatus": "affected",
"packageName": "libnbd",
"product": "Red Hat Enterprise Linux 10",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
],
"defaultStatus": "unaffected",
"packageName": "virt:rhel/libnbd",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:9"
],
"defaultStatus": "unaffected",
"packageName": "libnbd",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:container_native_virtualization:4"
],
"defaultStatus": "unaffected",
"packageName": "container-native-virtualization/virt-cdi-apiserver",
"product": "Red Hat OpenShift Virtualization 4",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:container_native_virtualization:4"
],
"defaultStatus": "unaffected",
"packageName": "container-native-virtualization/virt-cdi-apiserver-rhel9",
"product": "Red Hat OpenShift Virtualization 4",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:container_native_virtualization:4"
],
"defaultStatus": "unaffected",
"packageName": "container-native-virtualization/virt-cdi-cloner",
"product": "Red Hat OpenShift Virtualization 4",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:container_native_virtualization:4"
],
"defaultStatus": "unaffected",
"packageName": "container-native-virtualization/virt-cdi-cloner-rhel9",
"product": "Red Hat OpenShift Virtualization 4",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:container_native_virtualization:4"
],
"defaultStatus": "unaffected",
"packageName": "container-native-virtualization/virt-cdi-controller",
"product": "Red Hat OpenShift Virtualization 4",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:container_native_virtualization:4"
],
"defaultStatus": "unaffected",
"packageName": "container-native-virtualization/virt-cdi-controller-rhel9",
"product": "Red Hat OpenShift Virtualization 4",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:container_native_virtualization:4"
],
"defaultStatus": "unaffected",
"packageName": "container-native-virtualization/virt-cdi-importer",
"product": "Red Hat OpenShift Virtualization 4",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:container_native_virtualization:4"
],
"defaultStatus": "unaffected",
"packageName": "container-native-virtualization/virt-cdi-importer-rhel9",
"product": "Red Hat OpenShift Virtualization 4",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:container_native_virtualization:4"
],
"defaultStatus": "unaffected",
"packageName": "container-native-virtualization/virt-cdi-operator",
"product": "Red Hat OpenShift Virtualization 4",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:container_native_virtualization:4"
],
"defaultStatus": "unaffected",
"packageName": "container-native-virtualization/virt-cdi-operator-rhel9",
"product": "Red Hat OpenShift Virtualization 4",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:container_native_virtualization:4"
],
"defaultStatus": "unaffected",
"packageName": "container-native-virtualization/virt-cdi-uploadproxy",
"product": "Red Hat OpenShift Virtualization 4",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:container_native_virtualization:4"
],
"defaultStatus": "unaffected",
"packageName": "container-native-virtualization/virt-cdi-uploadproxy-rhel9",
"product": "Red Hat OpenShift Virtualization 4",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:container_native_virtualization:4"
],
"defaultStatus": "unaffected",
"packageName": "container-native-virtualization/virt-cdi-uploadserver",
"product": "Red Hat OpenShift Virtualization 4",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:container_native_virtualization:4"
],
"defaultStatus": "unaffected",
"packageName": "container-native-virtualization/virt-cdi-uploadserver-rhel9",
"product": "Red Hat OpenShift Virtualization 4",
"vendor": "Red Hat"
}
],
"datePublic": "2025-12-16T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in libnbd. A malicious actor could exploit this by convincing libnbd to open a specially crafted Uniform Resource Identifier (URI). This vulnerability arises because non-standard hostnames starting with \u0027-o\u0027 are incorrectly interpreted as arguments to the Secure Shell (SSH) process, rather than as hostnames. This could lead to arbitrary code execution with the privileges of the user running libnbd."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Moderate"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-88",
"description": "Improper Neutralization of Argument Delimiters in a Command (\u0027Argument Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-22T21:28:33.841Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2025-14946"
},
{
"name": "RHBZ#2423789",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2423789"
},
{
"url": "https://libguestfs.org/libnbd-release-notes-1.24.1.html#Security"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-12-19T03:32:19.506Z",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2025-12-16T00:00:00.000Z",
"value": "Made public."
}
],
"title": "Libnbd: libnbd: arbitrary code execution via ssh argument injection through a malicious uri",
"workarounds": [
{
"lang": "en",
"value": "To mitigate this issue, ensure that applications utilizing libnbd do not process Uniform Resource Identifiers (URIs) from untrusted or unverified sources. This vulnerability requires a malicious actor to convince libnbd to open a specially crafted URI, therefore restricting the sources of URIs processed by libnbd can reduce exposure."
}
],
"x_generator": {
"engine": "cvelib 1.8.0"
},
"x_redhatCweChain": "CWE-88: Improper Neutralization of Argument Delimiters in a Command (\u0027Argument Injection\u0027)"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2025-14946",
"datePublished": "2025-12-19T13:02:38.342Z",
"dateReserved": "2025-12-19T03:34:44.633Z",
"dateUpdated": "2025-12-22T21:28:33.841Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-14946 (GCVE-0-2025-14946)
Vulnerability from cvelistv5 – Published: 2025-12-19 13:02 – Updated: 2025-12-22 21:28
VLAI
Title
Libnbd: libnbd: arbitrary code execution via ssh argument injection through a malicious uri
Summary
A flaw was found in libnbd. A malicious actor could exploit this by convincing libnbd to open a specially crafted Uniform Resource Identifier (URI). This vulnerability arises because non-standard hostnames starting with '-o' are incorrectly interpreted as arguments to the Secure Shell (SSH) process, rather than as hostnames. This could lead to arbitrary code execution with the privileges of the user running libnbd.
Severity
4.8 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-88 - Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://access.redhat.com/security/cve/CVE-2025-14946 | vdb-entryx_refsource_REDHAT |
| https://bugzilla.redhat.com/show_bug.cgi?id=2423789 | issue-trackingx_refsource_REDHAT |
| https://libguestfs.org/libnbd-release-notes-1.24.… |
Impacted products
5 products
| Vendor | Product | Version | |
|---|---|---|---|
| Red Hat | libnbd |
Affected:
1.22.0 , < 1.22.5
(semver)
Affected: 1.23.0 , < 1.23.9 (semver) |
|
| Red Hat | Red Hat Enterprise Linux 10 |
cpe:/o:redhat:enterprise_linux:10 |
|
| Red Hat | Red Hat Enterprise Linux 8 |
cpe:/o:redhat:enterprise_linux:8 |
|
| Red Hat | Red Hat Enterprise Linux 9 |
cpe:/o:redhat:enterprise_linux:9 |
|
| Red Hat | Red Hat OpenShift Virtualization 4 |
cpe:/a:redhat:container_native_virtualization:4 |
Date Public
2025-12-16 00:00
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-14946",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-19T15:13:18.624274Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-19T15:13:42.235Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://gitlab.com/nbdkit/libnbd",
"defaultStatus": "unaffected",
"packageName": "libnbd",
"product": "libnbd",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "1.22.5",
"status": "affected",
"version": "1.22.0",
"versionType": "semver"
},
{
"lessThan": "1.23.9",
"status": "affected",
"version": "1.23.0",
"versionType": "semver"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:10"
],
"defaultStatus": "affected",
"packageName": "libnbd",
"product": "Red Hat Enterprise Linux 10",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
],
"defaultStatus": "unaffected",
"packageName": "virt:rhel/libnbd",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:9"
],
"defaultStatus": "unaffected",
"packageName": "libnbd",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:container_native_virtualization:4"
],
"defaultStatus": "unaffected",
"packageName": "container-native-virtualization/virt-cdi-apiserver",
"product": "Red Hat OpenShift Virtualization 4",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:container_native_virtualization:4"
],
"defaultStatus": "unaffected",
"packageName": "container-native-virtualization/virt-cdi-apiserver-rhel9",
"product": "Red Hat OpenShift Virtualization 4",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:container_native_virtualization:4"
],
"defaultStatus": "unaffected",
"packageName": "container-native-virtualization/virt-cdi-cloner",
"product": "Red Hat OpenShift Virtualization 4",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:container_native_virtualization:4"
],
"defaultStatus": "unaffected",
"packageName": "container-native-virtualization/virt-cdi-cloner-rhel9",
"product": "Red Hat OpenShift Virtualization 4",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:container_native_virtualization:4"
],
"defaultStatus": "unaffected",
"packageName": "container-native-virtualization/virt-cdi-controller",
"product": "Red Hat OpenShift Virtualization 4",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:container_native_virtualization:4"
],
"defaultStatus": "unaffected",
"packageName": "container-native-virtualization/virt-cdi-controller-rhel9",
"product": "Red Hat OpenShift Virtualization 4",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:container_native_virtualization:4"
],
"defaultStatus": "unaffected",
"packageName": "container-native-virtualization/virt-cdi-importer",
"product": "Red Hat OpenShift Virtualization 4",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:container_native_virtualization:4"
],
"defaultStatus": "unaffected",
"packageName": "container-native-virtualization/virt-cdi-importer-rhel9",
"product": "Red Hat OpenShift Virtualization 4",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:container_native_virtualization:4"
],
"defaultStatus": "unaffected",
"packageName": "container-native-virtualization/virt-cdi-operator",
"product": "Red Hat OpenShift Virtualization 4",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:container_native_virtualization:4"
],
"defaultStatus": "unaffected",
"packageName": "container-native-virtualization/virt-cdi-operator-rhel9",
"product": "Red Hat OpenShift Virtualization 4",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:container_native_virtualization:4"
],
"defaultStatus": "unaffected",
"packageName": "container-native-virtualization/virt-cdi-uploadproxy",
"product": "Red Hat OpenShift Virtualization 4",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:container_native_virtualization:4"
],
"defaultStatus": "unaffected",
"packageName": "container-native-virtualization/virt-cdi-uploadproxy-rhel9",
"product": "Red Hat OpenShift Virtualization 4",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:container_native_virtualization:4"
],
"defaultStatus": "unaffected",
"packageName": "container-native-virtualization/virt-cdi-uploadserver",
"product": "Red Hat OpenShift Virtualization 4",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:container_native_virtualization:4"
],
"defaultStatus": "unaffected",
"packageName": "container-native-virtualization/virt-cdi-uploadserver-rhel9",
"product": "Red Hat OpenShift Virtualization 4",
"vendor": "Red Hat"
}
],
"datePublic": "2025-12-16T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in libnbd. A malicious actor could exploit this by convincing libnbd to open a specially crafted Uniform Resource Identifier (URI). This vulnerability arises because non-standard hostnames starting with \u0027-o\u0027 are incorrectly interpreted as arguments to the Secure Shell (SSH) process, rather than as hostnames. This could lead to arbitrary code execution with the privileges of the user running libnbd."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Moderate"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-88",
"description": "Improper Neutralization of Argument Delimiters in a Command (\u0027Argument Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-22T21:28:33.841Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2025-14946"
},
{
"name": "RHBZ#2423789",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2423789"
},
{
"url": "https://libguestfs.org/libnbd-release-notes-1.24.1.html#Security"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-12-19T03:32:19.506Z",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2025-12-16T00:00:00.000Z",
"value": "Made public."
}
],
"title": "Libnbd: libnbd: arbitrary code execution via ssh argument injection through a malicious uri",
"workarounds": [
{
"lang": "en",
"value": "To mitigate this issue, ensure that applications utilizing libnbd do not process Uniform Resource Identifiers (URIs) from untrusted or unverified sources. This vulnerability requires a malicious actor to convince libnbd to open a specially crafted URI, therefore restricting the sources of URIs processed by libnbd can reduce exposure."
}
],
"x_generator": {
"engine": "cvelib 1.8.0"
},
"x_redhatCweChain": "CWE-88: Improper Neutralization of Argument Delimiters in a Command (\u0027Argument Injection\u0027)"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2025-14946",
"datePublished": "2025-12-19T13:02:38.342Z",
"dateReserved": "2025-12-19T03:34:44.633Z",
"dateUpdated": "2025-12-22T21:28:33.841Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}