5.2

CVE-2025-57848

A container privilege escalation flaw was found in certain Container-native Virtualization images. This issue stems from the /etc/passwd file being created with group-writable permissions during build time. In certain conditions, an attacker who can execute commands within an affected container, even as a non-root user, can leverage their membership in the root group to modify the /etc/passwd file. This could allow the attacker to add a new user with any arbitrary UID, including UID 0, leading to full root privileges within the container.
Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerRed Hat
Produkt Red Hat OpenShift Virtualization 4
Default Statusaffected
HerstellerRed Hat
Produkt Red Hat OpenShift Virtualization 4
Default Statusaffected
HerstellerRed Hat
Produkt Red Hat OpenShift Virtualization 4
Default Statusaffected
HerstellerRed Hat
Produkt Red Hat OpenShift Virtualization 4
Default Statusaffected
HerstellerRed Hat
Produkt Red Hat OpenShift Virtualization 4
Default Statusaffected
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.01% 0.003
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
secalert@redhat.com 5.2 0.5 4.7
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:H/A:L
CWE-276 Incorrect Default Permissions

During installation, installed file permissions are set to allow anyone to modify those files.