CVE-2025-9615
Publication date 15 December 2025
Last updated 16 December 2025
Ubuntu priority
Description
[avoid that non-admin user using other users certificates]
Status
| Package | Ubuntu Release | Status |
|---|---|---|
| network-manager | 25.10 questing |
Vulnerable, fix deferred
|
| 25.04 plucky |
Vulnerable, fix deferred
|
|
| 24.04 LTS noble |
Vulnerable, fix deferred
|
|
| 22.04 LTS jammy |
Vulnerable, fix deferred
|
|
| 20.04 LTS focal |
Vulnerable, fix deferred
|
|
| 18.04 LTS bionic |
Vulnerable, fix deferred
|
|
| 16.04 LTS xenial |
Vulnerable, fix deferred
|
Notes
mdeslaur
fixing this issue in network-manager requires updating all the network-manager VPN plugins to use the same new method. This is likely too intrusive to do in stable releases. Marking as deferred until all the VPN plugins and an update strategy has been determined. Possibly incomplete list of VPN plugins: - network-manager-fortisslvpn - network-manager-iodine - network-manager-l2tp - network-manager-openconnect - network-manager-openvpn - network-manager-pptp - network-manager-sstp - network-manager-strongswan - network-manager-vpnc Fixing this CVE likely also fixes CVE-2012-1096
Patch details
| Package | Patch details |
|---|---|
| network-manager |