CVE-2025-57854

| EUVD-2025-209304 MEDIUM
2026-04-08 redhat
6.4
CVSS 3.1
Share

CVSS Vector

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
High
Privileges Required
High
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

3
EUVD ID Assigned
Apr 08, 2026 - 14:16 euvd
EUVD-2025-209304
Analysis Generated
Apr 08, 2026 - 14:16 vuln.today
CVE Published
Apr 08, 2026 - 13:55 nvd
MEDIUM 6.4

Tags

Privilege Escalation

Description

A container privilege escalation flaw was found in certain OpenShift Update Service (OSUS) images. This issue stems from the /etc/passwd file being created with group-writable permissions during build time. In certain conditions, an attacker who can execute commands within an affected container, even as a non-root user, may be able to leverage their membership in the root group to modify the /etc/passwd file. This could allow the attacker to add a new user with any arbitrary UID, including UID 0, leading to full root privileges within the container.

Analysis

Privilege escalation in OpenShift Update Service (OSUS) container images allows local attackers with high privileges to gain root access by modifying the group-writable /etc/passwd file created during build time. An attacker executing commands within an affected container can leverage root group membership to inject a new user with UID 0, achieving full container root privileges. No public exploit code or active exploitation has been identified at the time of analysis.

Technical Context

This vulnerability exploits improper file permission configuration at container build time, rooted in CWE-276 (Incorrect Default Permissions). The /etc/passwd file, typically a critical system authentication database, was created with group-writable permissions during the OSUS image build process. In Linux containers, membership in the root group (GID 0) combined with group-write access to /etc/passwd enables arbitrary modification of user records without requiring root UID ownership. An attacker can append a new entry with UID 0 to escalate from their current privilege level to full root access, effectively breaking container isolation boundaries. The vulnerability affects Red Hat OpenShift Update Service (cpe:2.3:a:red_hat:red_hat_openshift_update_service:*:*:*:*:*:*:*:*) across affected versions.

Affected Products

Red Hat OpenShift Update Service (OSUS) across all versions matching the CPE cpe:2.3:a:red_hat:red_hat_openshift_update_service:*:*:*:*:*:*:*:* are affected. Specific affected versions were not enumerated in the available references. Users should consult the Red Hat Security Advisory at https://access.redhat.com/security/cve/CVE-2025-57854 and the associated Bugzilla tracker (https://bugzilla.redhat.com/show_bug.cgi?id=2391107) for the definitive list of impacted versions and fixed release versions.

Remediation

Apply the vendor-released patch from Red Hat for OpenShift Update Service; consult https://access.redhat.com/security/cve/CVE-2025-57854 for the specific patched version applicable to your deployment. The primary fix involves rebuilding affected OSUS container images with proper /etc/passwd file permissions (non-group-writable, typically 0644 or 0444). As an immediate workaround in container deployments, restrict group membership and ensure containers run with minimal privilege levels (non-root user, dropped capabilities) and enforce read-only root filesystems where feasible. Verify that container build processes enforce restrictive default file permissions and implement image scanning to detect group-writable critical system files in existing images.

Priority Score

32
Low Medium High Critical
KEV: 0
EPSS: +0.0
CVSS: +32
POC: 0

Share

CVE-2025-57854 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy