SecuriTricks - CVE-2025-11568

Description

A data corruption vulnerability has been identified in the luksmeta utility when used with the LUKS1 disk encryption format. An attacker with the necessary permissions can exploit this flaw by writing a large amount of metadata to an encrypted device. The utility fails to correctly validate the available space, causing the metadata to overwrite and corrupt the user's encrypted data. This action leads to a permanent loss of the stored information. Devices using the LUKS formats other than LUKS1 are not affected by this issue.

Product(s) Impacted

Vendor	Product	Versions
Cryptsetup	Luksmeta Luks1	* *

Weaknesses

Common security weaknesses mapped to this vulnerability.

CWE-1284

Improper Validation of Specified Quantity in Input

The product receives input that is expected to specify a quantity (such as size or length), but it does not validate or incorrectly validates that the quantity has the required properties.

*CPE(s)

Affected systems and software identified for this CVE.

Type	Vendor	Product	Version	Update	Edition	Language	Software Edition	Target Software	Target Hardware	Other Information
a	cryptsetup	luksmeta	/	/	/	/	/	/	/	/
a	cryptsetup	luks1	/	/	/	/	/	/	/	/

References

https://access.redhat.com/security/cve/CVE-2025-11568

https://bugzilla.redhat.com/show_bug.cgi?id=2404244

CVSS Score

4.4 / 10

CVSS Data - 3.1

Attack Vector: LOCAL
Attack Complexity: LOW
Privileges Required: HIGH
Scope: UNCHANGED
Confidentiality Impact: NONE
Integrity Impact: HIGH
Availability Impact: NONE

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N

View Vector String

Timeline

Published: Oct. 15, 2025, 8:15 p.m.
Last Modified: Oct. 15, 2025, 8:15 p.m.

Status : Received

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

secalert@redhat.com

CVE-2025-11568