5.2

CVE-2025-57852

EPSS 0.01%
Veröffentlicht 30.09.2025 15:15:53
Zuletzt bearbeitet 02.10.2025 19:12:17
Quelle secalert@redhat.com
Teams Watchlist Login
Unerledigt Login

A container privilege escalation flaw was found in KServe ModelMesh container images. This issue stems from the /etc/passwd file being created with group-writable permissions during build time. In certain conditions, an attacker who can execute commands within an affected container, even as a non-root user, can leverage their membership in the root group to modify the /etc/passwd file. This could allow the attacker to add a new user with any arbitrary UID, including UID 0, leading to full root privileges within the container.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 9

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerRed Hat

≫

Produkt Red Hat OpenShift AI 2.16

Default Statusaffected

Version < *

Version sha256:97e2bd9b587f08e135a9aeb9b3e0dc6eafa1a9bdacbb5ecb681ce9bd5aa37fc9

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat OpenShift AI 2.19

Default Statusaffected

Version < *

Version sha256:53ac36baa374159b9065c718a9ede821bbb61d9ebe9502b2243e0a9f7aca0d16

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat OpenShift AI 2.21

Default Statusaffected

Version < *

Version sha256:687c8eeed55f021ecaab1307f0e88b5b16d91f72d63b3d7168d7bbee90e8947b

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat OpenShift AI 2.22

Default Statusaffected

Version < *

Version sha256:1709fa3c79aad4ba7eb9be8299949396092c8e20210124e0c0936385bc04e839

Status unaffected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.01%	0.004

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
secalert@redhat.com	5.2	0.5	4.7	CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:H/A:L

CWE-276 Incorrect Default Permissions

During installation, installed file permissions are set to allow anyone to modify those files.

https://access.redhat.com/security/cve/CVE-2025-57852

https://bugzilla.redhat.com/show_bug.cgi?id=2391105

https://access.redhat.com/errata/RHSA-2025:16981

https://access.redhat.com/errata/RHSA-2025:16982

https://access.redhat.com/errata/RHSA-2025:16984

https://access.redhat.com/errata/RHSA-2025:16983

https://nvd.nist.gov/vuln/detail/CVE-2025-57852

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-57852

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-57852

EUVD