5.2

CVE-2025-57852

A container privilege escalation flaw was found in KServe ModelMesh container images. This issue stems from the /etc/passwd file being created with group-writable permissions during build time. In certain conditions, an attacker who can execute commands within an affected container, even as a non-root user, can leverage their membership in the root group to modify the /etc/passwd file. This could allow the attacker to add a new user with any arbitrary UID, including UID 0, leading to full root privileges within the container.

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
This information is available to logged-in users.
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
VendorRed Hat
Product Red Hat OpenShift AI 2.16
Default Statusaffected
Version < *
Version sha256:97e2bd9b587f08e135a9aeb9b3e0dc6eafa1a9bdacbb5ecb681ce9bd5aa37fc9
Status unaffected
VendorRed Hat
Product Red Hat OpenShift AI 2.19
Default Statusaffected
Version < *
Version sha256:53ac36baa374159b9065c718a9ede821bbb61d9ebe9502b2243e0a9f7aca0d16
Status unaffected
VendorRed Hat
Product Red Hat OpenShift AI 2.21
Default Statusaffected
Version < *
Version sha256:687c8eeed55f021ecaab1307f0e88b5b16d91f72d63b3d7168d7bbee90e8947b
Status unaffected
VendorRed Hat
Product Red Hat OpenShift AI 2.22
Default Statusaffected
Version < *
Version sha256:1709fa3c79aad4ba7eb9be8299949396092c8e20210124e0c0936385bc04e839
Status unaffected
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.01% 0.004
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
secalert@redhat.com 5.2 0.5 4.7
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:H/A:L
CWE-276 Incorrect Default Permissions

During installation, installed file permissions are set to allow anyone to modify those files.