CVE-2025-11568 | Luksmeta: data corruption when handling luks1 partitions with luksmeta

A data corruption vulnerability has been identified in the luksmeta utility when used with the LUKS1 disk encryption format. An attacker with the necessary permissions can exploit this flaw by writing a large amount of metadata to an encrypted device. The utility fails to correctly validate the available space, causing the metadata to overwrite and corrupt the user's encrypted data. This action leads to a permanent loss of the stored information. Devices using the LUKS formats other than LUKS1 are not affected by this issue.

Published: 2025-10-15 Last update: 2026-06-17 Assigner: [email protected] Source: [email protected]
NVD Status:DeferredCVE State: published
View at NVD, CVE.org, EUVD

CVE-2025-11568 is rated Low Risk (17.9/100): CVSS Medium severity, with low exploitation likelihood (EPSS 0.09%). Low composite risk—no urgent action required; patch on your normal maintenance cycle and revisit priority if CVSS or EPSS increases.

Risk is dynamic; we continuously reassess and refresh what is shown on this page as upstream context changes.

Exploit prediction scoring system (EPSS) score for CVE-2025-11568

EPSS lead: Daily EPSS estimates relative likelihood of exploitation; percentile ranks this CVE among scored vulnerabilities (higher = more severe relative rank).

# Date Old EPSS score New EPSS score Delta (New - Old)
1 2026-06-15 0.01% 0.09% +0.08%
2 2025-10-16 0.01%

Full EPSS history (2 records total)

Common vulnerability scoring system (CVSS) metrics for CVE-2025-11568

CVSS metrics for this CVE.

Base score Version Severity Vector Exploitability Impact Score source
4.4 3.1 MEDIUM
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N Click to expand
Attack vector (AV:L)
They already need access on the box, or another person has to do something wrong; it’s not a remote drive-by.
Attack complexity (AC:L)
Once they can reach the bug, pulling it off is straightforward—no weird race conditions or rare setup.
Privileges required (PR:H)
They need powerful rights—admin, root, or similar—before this pays off.
User interaction (UI:N)
Nobody has to click “OK” or open a trap file; it can work without a victim helping.
Scope (S:U)
Damage stays in the same “trust bubble” as the broken component—no big spill into unrelated systems.
Confidentiality (C:N)
Doesn’t really leak secrets in a meaningful way.
Integrity (I:H)
They could widely tamper with or forge data—trust in the data is badly hurt.
Availability (A:N)
Service keeps running; no real outage angle.
 0.8 3.6 [email protected]

Weakness enumeration for CVE-2025-11568

GitHub Security Advisory for CVE-2025-11568

GHSA-pvmm-7c2r-wmp4 · Severity: medium — A data corruption vulnerability has been identified in the luksmeta utility when used with the...

OS Trackers for CVE-2025-11568

vendor priority summary link
debian not yet assigned CVE-2025-11568 not yet assigned priority: Debian including 1 source packages (luksmeta), 5 status rows across 5 suites (bookworm, bullseye, forky, sid, trixie): resolved 4, open 1. https://security-tracker.debian.org/tracker/CVE-2025-11568
redhat medium https://access.redhat.com/security/cve/CVE-2025-11568
ubuntu medium CVE-2025-11568 medium priority: Ubuntu including 1 source packages (luksmeta), 7 status rows across 7 suites (bionic, focal, jammy, noble, plucky, questing, upstream): needs-triage 6, ignored 1. https://ubuntu.com/security/CVE-2025-11568

Affected software / configurations for CVE-2025-11568

Vendor Product Version Raw CPE
No affected products in dataset.

References for CVE-2025-11568

cvelogic Threat Intelligence