Skip to main content

Kubernetes CVE-2025-57851

| EUVDEUVD-2025-209300 MEDIUM
Incorrect Default Permissions (CWE-276)
2026-04-08 redhat
6.4
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
6.4 MEDIUM
AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
Red Hat
6.4 MEDIUM
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
High
Privileges Required
High
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

3
EUVD ID Assigned
Apr 08, 2026 - 14:16 euvd
EUVD-2025-209300
Analysis Generated
Apr 08, 2026 - 14:16 vuln.today
CVE Published
Apr 08, 2026 - 13:55 nvd
MEDIUM 6.4

DescriptionCVE.org

A container privilege escalation flaw was found in certain Multicluster Engine for Kubernetes images. This issue stems from the /etc/passwd file being created with group-writable permissions during build time. In certain conditions, an attacker who can execute commands within an affected container, even as a non-root user, can leverage their membership in the root group to modify the /etc/passwd file. This could allow the attacker to add a new user with any arbitrary UID, including UID 0, leading to full root privileges within the container.

AnalysisAI

Container privilege escalation in Red Hat Multicluster Engine for Kubernetes allows authenticated local attackers to escalate from non-root container execution to full root privileges by exploiting group-writable permissions on the /etc/passwd file created during container image build time, enabling arbitrary UID assignment including UID 0.

Technical ContextAI

The vulnerability stems from improper file permission configuration (CWE-276: Incorrect Default Permissions) applied to the /etc/passwd file during container image construction. The /etc/passwd file is created with group-writable permissions, allowing any user in the root group to modify user account entries. Within a container context, attackers with local command execution capabilities can leverage group membership to append new user entries with arbitrary UIDs. By specifying UID 0 during passwd file modification, an attacker can create a new user account with root-level privileges, effectively achieving privilege escalation from a constrained container execution context to full root access. This affects Red Hat Multicluster Engine for Kubernetes container images across multiple versions, as indicated by the wildcard version CPE entries provided.

RemediationAI

Apply the vendor-released security patch from Red Hat for Multicluster Engine for Kubernetes, available through the Red Hat security advisory portal at https://access.redhat.com/security/cve/CVE-2025-57851. The fix addresses improper file permissions by ensuring /etc/passwd is created with correct restrictive permissions during image build time, preventing non-root users and group members from modifying user account entries. Immediate patching is recommended for production environments, particularly those running multi-tenant or untrusted workload scenarios. Organizations should verify the exact patched version number from the Red Hat advisory and update container images accordingly. Container runtime security policies should also be reviewed to limit the execution privileges of container processes where feasible.

CVE-2025-1974 CRITICAL POC
9.8 Mar 25

A critical vulnerability in Kubernetes ingress-nginx controller allows unauthenticated attackers with pod network access

CVE-2026-45321 CRITICAL POC
9.6 May 12

Credential-harvesting malware compromised 84 versions of 42 TanStack npm packages on 2026-05-11 via chained GitHub Actio

CVE-2025-1098 HIGH POC
8.8 Mar 25

Kubernetes ingress-nginx contains a configuration injection vulnerability via the mirror-target and mirror-host Ingress

CVE-2025-24514 HIGH POC
8.8 Mar 25

A security issue was discovered in ingress-nginx https://github.com/kubernetes/ingress-nginx where the `auth-url` Ingres

CVE-2025-1097 HIGH POC
8.8 Mar 25

A security issue was discovered in ingress-nginx https://github.com/kubernetes/ingress-nginx where the `auth-tls-match-c

CVE-2020-8554 MEDIUM POC
6.3 Jan 21

Kubernetes API server in all versions allow an attacker who is able to create a ClusterIP service and set the spec.exter

CVE-2025-55190 CRITICAL POC
9.9 Sep 04

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Rated critical severity (CVSS 9.9), this vulne

CVE-2018-18843 CRITICAL POC
10.0 Dec 04

The Kubernetes integration in GitLab Enterprise Edition 11.x before 11.2.8, 11.3.x before 11.3.9, and 11.4.x before 11.4

CVE-2026-22039 CRITICAL POC
9.9 Jan 27

Kyverno Kubernetes policy engine prior to 1.x has a privilege escalation vulnerability (CVSS 9.9) allowing policy bypass

CVE-2024-42480 CRITICAL POC
9.9 Aug 12

Kamaji is the Hosted Control Plane Manager for Kubernetes. Rated critical severity (CVSS 9.9), this vulnerability is rem

CVE-2023-28110 CRITICAL POC
9.9 Mar 16

Jumpserver is a popular open source bastion host, and Koko is a Jumpserver component that is the Go version of coco, ref

CVE-2026-25996 CRITICAL POC
9.8 Feb 12

String filter bypass in Inspektor Gadget Kubernetes eBPF tooling before fix. Insufficient string escaping enables filter

Vendor StatusVendor

Share

CVE-2025-57851 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy