6.4
CVE-2025-57848
- EPSS 0%
- Veröffentlicht 23.10.2025 20:15:40
- Zuletzt bearbeitet 15.04.2026 00:35:42
- Quelle secalert@redhat.com
- CVE-Watchlists
- Unerledigt
Container-native-virtualization: privilege escalation via excessive /etc/passwd permissions
A container privilege escalation flaw was found in certain Container-native Virtualization images. This issue stems from the /etc/passwd file being created with group-writable permissions during build time. In certain conditions, an attacker who can execute commands within an affected container, even as a non-root user, can leverage their membership in the root group to modify the /etc/passwd file. This could allow the attacker to add a new user with any arbitrary UID, including UID 0, leading to full root privileges within the container.
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerRed Hat
≫
Produkt
Red Hat OpenShift Virtualization 4
Default Statusaffected
HerstellerRed Hat
≫
Produkt
Red Hat OpenShift Virtualization 4
Default Statusaffected
HerstellerRed Hat
≫
Produkt
Red Hat OpenShift Virtualization 4
Default Statusaffected
HerstellerRed Hat
≫
Produkt
Red Hat OpenShift Virtualization 4
Default Statusaffected
HerstellerRed Hat
≫
Produkt
Red Hat OpenShift Virtualization 4
Default Statusaffected
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
Login| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0% | 0.001 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| secalert@redhat.com | 6.4 | 0.5 | 5.9 |
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
|
CWE-276 Incorrect Default Permissions
During installation, installed file permissions are set to allow anyone to modify those files.