EUVD-2025-209300

| CVE-2025-57851 MEDIUM
2026-04-08 redhat
6.4
CVSS 3.1
Share

CVSS Vector

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
High
Privileges Required
High
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

3
Analysis Generated
Apr 08, 2026 - 14:16 vuln.today
EUVD ID Assigned
Apr 08, 2026 - 14:16 euvd
EUVD-2025-209300
CVE Published
Apr 08, 2026 - 13:55 nvd
MEDIUM 6.4

Tags

Privilege Escalation Kubernetes

Description

A container privilege escalation flaw was found in certain Multicluster Engine for Kubernetes images. This issue stems from the /etc/passwd file being created with group-writable permissions during build time. In certain conditions, an attacker who can execute commands within an affected container, even as a non-root user, can leverage their membership in the root group to modify the /etc/passwd file. This could allow the attacker to add a new user with any arbitrary UID, including UID 0, leading to full root privileges within the container.

Analysis

Container privilege escalation in Red Hat Multicluster Engine for Kubernetes allows authenticated local attackers to escalate from non-root container execution to full root privileges by exploiting group-writable permissions on the /etc/passwd file created during container image build time, enabling arbitrary UID assignment including UID 0.

Technical Context

The vulnerability stems from improper file permission configuration (CWE-276: Incorrect Default Permissions) applied to the /etc/passwd file during container image construction. The /etc/passwd file is created with group-writable permissions, allowing any user in the root group to modify user account entries. Within a container context, attackers with local command execution capabilities can leverage group membership to append new user entries with arbitrary UIDs. By specifying UID 0 during passwd file modification, an attacker can create a new user account with root-level privileges, effectively achieving privilege escalation from a constrained container execution context to full root access. This affects Red Hat Multicluster Engine for Kubernetes container images across multiple versions, as indicated by the wildcard version CPE entries provided.

Affected Products

Red Hat Multicluster Engine for Kubernetes is affected across multiple versions. The provided CPE entries (cpe:2.3:a:red_hat:multicluster_engine_for_kubernetes:*:*:*:*:*:*:*:*) indicate the vulnerability impacts the product broadly, though specific version boundaries are not delineated in the current intelligence. Additional details regarding precise affected version ranges and build numbers should be obtained from the Red Hat security advisory at https://access.redhat.com/security/cve/CVE-2025-57851 and the corresponding bugzilla tracker at https://bugzilla.redhat.com/show_bug.cgi?id=2391104.

Remediation

Apply the vendor-released security patch from Red Hat for Multicluster Engine for Kubernetes, available through the Red Hat security advisory portal at https://access.redhat.com/security/cve/CVE-2025-57851. The fix addresses improper file permissions by ensuring /etc/passwd is created with correct restrictive permissions during image build time, preventing non-root users and group members from modifying user account entries. Immediate patching is recommended for production environments, particularly those running multi-tenant or untrusted workload scenarios. Organizations should verify the exact patched version number from the Red Hat advisory and update container images accordingly. Container runtime security policies should also be reviewed to limit the execution privileges of container processes where feasible.

Priority Score

32
Low Medium High Critical
KEV: 0
EPSS: +0.0
CVSS: +32
POC: 0

Share

EUVD-2025-209300 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy