CVE-2025-11568: A data corruption vulnerability has been identified in the luksmeta utility when used with the LUKS1 disk encryption format. An attacker with the nece...

Description

A data corruption vulnerability has been identified in the luksmeta utility when used with the LUKS1 disk encryption format. An attacker with the necessary permissions can exploit this flaw by writing a large amount of metadata to an encrypted device. The utility fails to correctly validate the available space, causing the metadata to overwrite and corrupt the user's encrypted data. This action leads to a permanent loss of the stored information. Devices using the LUKS formats other than LUKS1 are not affected by this issue.

Metrics

CVSS 3.1

4.4/10

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N

EPSS Probability

0.09%

0.7th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-1284

References

Timeline

Published: Oct 15, 2025
Last Modified: Jun 25, 2026
Status: Deferred

Frequently Asked Questions

What is CVE-2025-11568?

A data corruption vulnerability has been identified in the luksmeta utility when used with the LUKS1 disk encryption format. An attacker with the necessary permissions can exploit this flaw by writing a large amount of metadata to an encrypted device. The utility fails to correctly validate the available space, causing the metadata to overwrite and corrupt the user's encrypted data. This action leads to a permanent loss of the stored information. Devices using the LUKS formats other than LUKS1 are not affected by this issue.

How severe is CVE-2025-11568?

CVE-2025-11568 has a CVSS score of 4.4/10 (MEDIUM severity). The EPSS model estimates a 0.09% probability of exploitation in the next 30 days.

How do I fix CVE-2025-11568?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.