{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-57854", "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "state": "PUBLISHED", "assignerShortName": "redhat", "dateReserved": "2025-08-21T14:40:40.822Z", "datePublished": "2026-04-08T13:55:06.739Z", "dateUpdated": "2026-04-08T14:42:32.600Z"}, "containers": {"cna": {"title": "Osus-operator: privilege escalation via excessive /etc/passwd permissions", "metrics": [{"other": {"content": {"value": "Moderate", "namespace": "https://access.redhat.com/security/updates/classification/"}, "type": "Red Hat severity rating"}}, {"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS"}], "descriptions": [{"lang": "en", "value": "A container privilege escalation flaw was found in certain OpenShift Update Service (OSUS) images. This issue stems from the /etc/passwd file being created with group-writable permissions during build time. In certain conditions, an attacker who can execute commands within an affected container, even as a non-root user, may be able to leverage their membership in the root group to modify the /etc/passwd file. This could allow the attacker to add a new user with any arbitrary UID, including UID 0, leading to full root privileges within the container."}], "affected": [{"vendor": "Red Hat", "product": "Red Hat OpenShift Update Service", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "openshift-update-service/openshift-update-service-rhel8-operator", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:openshift_update_service:5"]}], "references": [{"url": "https://access.redhat.com/security/cve/CVE-2025-57854", "tags": ["vdb-entry", "x_refsource_REDHAT"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2391107", "name": "RHBZ#2391107", "tags": ["issue-tracking", "x_refsource_REDHAT"]}], "datePublic": "2026-04-08T13:45:19.938Z", "problemTypes": [{"descriptions": [{"cweId": "CWE-276", "description": "Incorrect Default Permissions", "lang": "en", "type": "CWE"}]}], "x_redhatCweChain": "CWE-276: Incorrect Default Permissions", "timeline": [{"lang": "en", "time": "2025-08-26T18:49:32.486Z", "value": "Reported to Red Hat."}, {"lang": "en", "time": "2026-04-08T13:45:19.938Z", "value": "Made public."}], "credits": [{"lang": "en", "value": "Red Hat would like to thank Antony Di Scala and Michael Whale for reporting this issue."}], "providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2026-04-08T13:55:06.739Z"}, "x_generator": {"engine": "cvelib 1.8.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-08T14:42:17.931810Z", "id": "CVE-2025-57854", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-08T14:42:32.600Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-57854", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-04-08T14:42:17.931810Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-08T14:42:26.460Z"}}], "cna": {"title": "Osus-operator: privilege escalation via excessive /etc/passwd permissions", "credits": [{"lang": "en", "value": "Red Hat would like to thank Antony Di Scala and Michael Whale for reporting this issue."}], "metrics": [{"other": {"type": "Red Hat severity rating", "content": {"value": "Moderate", "namespace": "https://access.redhat.com/security/updates/classification/"}}}, {"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.4, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}}], "affected": [{"cpes": ["cpe:/a:redhat:openshift_update_service:5"], "vendor": "Red Hat", "product": "Red Hat OpenShift Update Service", "packageName": "openshift-update-service/openshift-update-service-rhel8-operator", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}], "timeline": [{"lang": "en", "time": "2025-08-26T18:49:32.486Z", "value": "Reported to Red Hat."}, {"lang": "en", "time": "2026-04-08T13:45:19.938Z", "value": "Made public."}], "datePublic": "2026-04-08T13:45:19.938Z", "references": [{"url": "https://access.redhat.com/security/cve/CVE-2025-57854", "tags": ["vdb-entry", "x_refsource_REDHAT"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2391107", "name": "RHBZ#2391107", "tags": ["issue-tracking", "x_refsource_REDHAT"]}], "x_generator": {"engine": "cvelib 1.8.0"}, "descriptions": [{"lang": "en", "value": "A container privilege escalation flaw was found in certain OpenShift Update Service (OSUS) images. This issue stems from the /etc/passwd file being created with group-writable permissions during build time. In certain conditions, an attacker who can execute commands within an affected container, even as a non-root user, may be able to leverage their membership in the root group to modify the /etc/passwd file. This could allow the attacker to add a new user with any arbitrary UID, including UID 0, leading to full root privileges within the container."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-276", "description": "Incorrect Default Permissions"}]}], "providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2026-04-08T13:55:06.739Z"}, "x_redhatCweChain": "CWE-276: Incorrect Default Permissions"}}, "cveMetadata": {"cveId": "CVE-2025-57854", "state": "PUBLISHED", "dateUpdated": "2026-04-08T14:42:32.600Z", "dateReserved": "2025-08-21T14:40:40.822Z", "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "datePublished": "2026-04-08T13:55:06.739Z", "assignerShortName": "redhat"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A container privilege escalation flaw was found in certain OpenShift Update Service (OSUS) images. This issue stems from the /etc/passwd file being created with group-writable permissions during build time. In certain conditions, an attacker who can execute commands within an affected container, even as a non-root user, may be able to leverage their membership in the root group to modify the /etc/passwd file. This could allow the attacker to add a new user with any arbitrary UID, including UID 0, leading to full root privileges within the container."}], "id": "CVE-2025-57854", "lastModified": "2026-04-08T21:26:13.410", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 0.5, "impactScore": 5.9, "source": "secalert@redhat.com", "type": "Primary"}]}, "published": "2026-04-08T14:16:26.267", "references": [{"source": "secalert@redhat.com", "url": "https://access.redhat.com/security/cve/CVE-2025-57854"}, {"source": "secalert@redhat.com", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2391107"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-276"}], "source": "secalert@redhat.com", "type": "Primary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-08T15:21:07.417435+00:00", "value": {"mitigation_remediation": ["Apply the latest Red\u202fHat OpenShift Update Service patch that removes group write permissions from /etc/passwd.", "Verify that new container images no longer ship /etc/passwd with group\u2011write permissions.", "Re\u2011launched any existing containers with the patched image to eliminate the vulnerability.", "If a patch is not yet available, limit container users to the non\u2011root group and remove root group membership to mitigate the escalation risk."], "summary": {"action": "Immediate Patch", "impact": "Container privilege escalation to root"}, "threat_synthesis": {"affected_systems": "The issue affects Red\u202fHat OpenShift Update Service version\u202f5, as identified by the vendor. Containers built from this image are vulnerable unless the /etc/passwd file is secured. No additional vendor or product variations are listed.", "description_and_impact": "The flaw allows a non\u2011root user that can execute commands in an affected OpenShift Update Service image to exploit a group\u2011writable /etc/passwd file. By modifying this file the attacker can create a user with UID\u202f0 and gain full root privileges inside the container, compromising confidentiality, integrity, and availability of the workloads running in that container. This vulnerability is a classic permission\u2011to\u2011grant escalation described by CWE\u2011276.", "risk_and_exploitability": "The CVSS score of 6.4 indicates medium severity, and the lack of an EPSS score suggests there is no current widespread exploitation data. The flaw requires that the attacker already has the ability to run commands inside the container, which is a non\u2011remote scenario. However, once inside, the attacker can elevate to root, making the impact severe for the affected namespace. Since the vulnerability is not listed in the CISA KEV catalog, it is likely not actively exploited yet, but the potential for full container compromise warrants prompt attention."}}}}, "created": "2026-04-08T19:39:27.239016+00:00", "updated": "2026-04-08T19:39:27.239055+00:00", "vendors": []}