{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-57851", "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "state": "PUBLISHED", "assignerShortName": "redhat", "dateReserved": "2025-08-21T14:40:40.822Z", "datePublished": "2026-04-08T13:55:00.925Z", "dateUpdated": "2026-04-08T15:18:38.990Z"}, "containers": {"cna": {"title": "Mce: privilege escalation via excessive /etc/passwd permissions", "metrics": [{"other": {"content": {"value": "Moderate", "namespace": "https://access.redhat.com/security/updates/classification/"}, "type": "Red Hat severity rating"}}, {"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS"}], "descriptions": [{"lang": "en", "value": "A container privilege escalation flaw was found in certain Multicluster Engine for Kubernetes images. This issue stems from the /etc/passwd file being created with group-writable permissions during build time. In certain conditions, an attacker who can execute commands within an affected container, even as a non-root user, can leverage their membership in the root group to modify the /etc/passwd file. This could allow the attacker to add a new user with any arbitrary UID, including UID 0, leading to full root privileges within the container."}], "affected": [{"vendor": "Red Hat", "product": "Multicluster Engine for Kubernetes", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "multicluster-engine/agent-service-rhel8", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:multicluster_engine"]}, {"vendor": "Red Hat", "product": "Multicluster Engine for Kubernetes", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "multicluster-engine/assisted-service-8-rhel8", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:multicluster_engine"]}, {"vendor": "Red Hat", "product": "Multicluster Engine for Kubernetes", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "multicluster-engine/assisted-service-9-rhel9", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:multicluster_engine"]}], "references": [{"url": "https://access.redhat.com/security/cve/CVE-2025-57851", "tags": ["vdb-entry", "x_refsource_REDHAT"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2391104", "name": "RHBZ#2391104", "tags": ["issue-tracking", "x_refsource_REDHAT"]}], "datePublic": "2026-04-08T13:45:54.565Z", "problemTypes": [{"descriptions": [{"cweId": "CWE-276", "description": "Incorrect Default Permissions", "lang": "en", "type": "CWE"}]}], "x_redhatCweChain": "CWE-276: Incorrect Default Permissions", "timeline": [{"lang": "en", "time": "2025-08-26T18:44:31.833Z", "value": "Reported to Red Hat."}, {"lang": "en", "time": "2026-04-08T13:45:54.565Z", "value": "Made public."}], "credits": [{"lang": "en", "value": "Red Hat would like to thank Antony Di Scala and Michael Whale for reporting this issue."}], "providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2026-04-08T13:55:00.925Z"}, "x_generator": {"engine": "cvelib 1.8.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-08T15:18:31.297261Z", "id": "CVE-2025-57851", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-08T15:18:38.990Z"}}]}}

{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-57851", "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "state": "PUBLISHED", "assignerShortName": "redhat", "dateReserved": "2025-08-21T14:40:40.822Z", "datePublished": "2026-04-08T13:55:00.925Z", "dateUpdated": "2026-04-08T15:18:38.990Z"}, "containers": {"cna": {"title": "Mce: privilege escalation via excessive /etc/passwd permissions", "metrics": [{"other": {"content": {"value": "Moderate", "namespace": "https://access.redhat.com/security/updates/classification/"}, "type": "Red Hat severity rating"}}, {"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS"}], "descriptions": [{"lang": "en", "value": "A container privilege escalation flaw was found in certain Multicluster Engine for Kubernetes images. This issue stems from the /etc/passwd file being created with group-writable permissions during build time. In certain conditions, an attacker who can execute commands within an affected container, even as a non-root user, can leverage their membership in the root group to modify the /etc/passwd file. This could allow the attacker to add a new user with any arbitrary UID, including UID 0, leading to full root privileges within the container."}], "affected": [{"vendor": "Red Hat", "product": "Multicluster Engine for Kubernetes", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "multicluster-engine/agent-service-rhel8", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:multicluster_engine"]}, {"vendor": "Red Hat", "product": "Multicluster Engine for Kubernetes", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "multicluster-engine/assisted-service-8-rhel8", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:multicluster_engine"]}, {"vendor": "Red Hat", "product": "Multicluster Engine for Kubernetes", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "multicluster-engine/assisted-service-9-rhel9", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:multicluster_engine"]}], "references": [{"url": "https://access.redhat.com/security/cve/CVE-2025-57851", "tags": ["vdb-entry", "x_refsource_REDHAT"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2391104", "name": "RHBZ#2391104", "tags": ["issue-tracking", "x_refsource_REDHAT"]}], "datePublic": "2026-04-08T13:45:54.565Z", "problemTypes": [{"descriptions": [{"cweId": "CWE-276", "description": "Incorrect Default Permissions", "lang": "en", "type": "CWE"}]}], "x_redhatCweChain": "CWE-276: Incorrect Default Permissions", "timeline": [{"lang": "en", "time": "2025-08-26T18:44:31.833Z", "value": "Reported to Red Hat."}, {"lang": "en", "time": "2026-04-08T13:45:54.565Z", "value": "Made public."}], "credits": [{"lang": "en", "value": "Red Hat would like to thank Antony Di Scala and Michael Whale for reporting this issue."}], "providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2026-04-08T13:55:00.925Z"}, "x_generator": {"engine": "cvelib 1.8.0"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-57851", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-04-08T15:18:31.297261Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-08T15:18:35.640Z"}}]}}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A container privilege escalation flaw was found in certain Multicluster Engine for Kubernetes images. This issue stems from the /etc/passwd file being created with group-writable permissions during build time. In certain conditions, an attacker who can execute commands within an affected container, even as a non-root user, can leverage their membership in the root group to modify the /etc/passwd file. This could allow the attacker to add a new user with any arbitrary UID, including UID 0, leading to full root privileges within the container."}], "id": "CVE-2025-57851", "lastModified": "2026-04-08T21:26:13.410", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 0.5, "impactScore": 5.9, "source": "secalert@redhat.com", "type": "Primary"}]}, "published": "2026-04-08T14:16:25.817", "references": [{"source": "secalert@redhat.com", "url": "https://access.redhat.com/security/cve/CVE-2025-57851"}, {"source": "secalert@redhat.com", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2391104"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-276"}], "source": "secalert@redhat.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": null}], "enrichment": {"confidence": 100.0, "confidence_source": "manual", "scores": [{"score": 100.0, "source": "manual"}]}, "original": {"product": "Multicluster Engine for Kubernetes", "source": "cna", "vendor": "Red Hat"}, "product": "multicluster_engine_for_kubernetes", "vendor": "redhat"}], "analysis": {"en": {"generated_at": "2026-04-08T15:21:20.552968+00:00", "value": {"mitigation_remediation": ["Apply the patched Multicluster Engine for Kubernetes image released by Red\u00a0Hat that makes /etc/passwd read\u2011only.", "Verify that none of the container images in use contain group\u2011writable /etc/passwd by inspecting file permissions.", "Restrict the root group within containers so that non\u2011root users cannot be members, or run containers with the least privilege.", "Monitor container activity for unexpected elevation attempts and review audit logs.", "If no patch is available immediately, temporarily disable routine processes that modify /etc/passwd from within containers."], "summary": {"action": "Patch", "impact": "Privilege Escalation"}, "threat_synthesis": {"affected_systems": "The vulnerability applies to all Red\u00a0Hat Multicluster Engine for Kubernetes images that include the group\u2011writable /etc/passwd. No specific product version information was supplied, so any image of this product lacking the patch remains vulnerable.", "description_and_impact": "A flaw during the construction of certain Multicluster Engine for Kubernetes images creates the /etc/passwd file as writable by the root group. An attacker with the ability to execute commands inside the container, even as a non\u2011root user, and who is a member of the root group, can modify this file. By inserting a new user entry with a chosen UID\u2014particularly UID\u00a00\u2014the attacker can gain full root privileges within the container, enabling arbitrary code execution and data tampering inside the container environment.", "risk_and_exploitability": "With a CVSS score of 6.4, the issue is considered medium severity. Exploitation requires the attacker to have some level of command execution within the container and membership in the root group; no EPSS data is available and the vulnerability is not listed in CISA\u2019s KEV catalog. While the attack is limited to containers with writable group permissions on /etc/passwd, gaining container root access poses a significant risk to the confidentiality, integrity, and availability of the containerized workloads."}}}}, "created": "2026-04-08T19:26:59.941336+00:00", "updated": "2026-04-08T19:39:28.372556+00:00", "vendors": ["redhat", "redhat$PRODUCT$multicluster_engine_for_kubernetes"]}