#VU118558 Input validation error in luksmeta - CVE-2025-11568
Published: November 17, 2025
Vulnerability identifier: #VU118558
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2025-11568
CWE-ID: CWE-20
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vulnerable software:
luksmeta
luksmeta
Software vendor:
latchset
latchset
Description
The vulnerability allows a local user to corrupt stored information.
The vulnerability exists due to insufficient input validation in the luksmeta utility when used with the LUKS1 disk encryption format. The utility fails to correctly validate the available space, causing the metadata to overwrite and corrupt the user's encrypted data.. A local user can write a large amount of metadata to an encrypted device and cause permanent loss of the stored information.
Remediation
Install updates from vendor's website.