CVE-2025-57854

MEDIUM EPSS 4.2%

Published Apr 8, 20262mo ago · Modified Jun 17, 20261w ago

6.4 CVSS 3.1

Medium

Published Apr 8, 2026 2mo ago

Last Modified Jun 17, 2026 1w ago

Description

A container privilege escalation flaw was found in certain OpenShift Update Service (OSUS) images. This issue stems from the /etc/passwd file being created with group-writable permissions during build time. In certain conditions, an attacker who can execute commands within an affected container, even as a non-root user, may be able to leverage their membership in the root group to modify the /etc/passwd file. This could allow the attacker to add a new user with any arbitrary UID, including UID 0, leading to full root privileges within the container.

CVSS Details

Base Score

6.4

Exploitability

0.5

Impact

5.9

Vector string

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

Attack Vector Local

Attack Complexity High

Privileges Required High

User Interaction None

Scope Unchanged

Confidentiality High

Integrity High

Availability High

Threat Intelligence

EPSS Exploit Probability

4.2% percentile

Exploit & Patch Status

No Known Exploit

No Patch Available

Weaknesses 1

CWE-276

Affected Products 1

Vendor	Product	Version	Range
redhat	openshift_update_service	*	any

References 2

access.redhat.com https://access.redhat.com/security/cve/CVE-2025-57854

Vendor Advisory
bugzilla.redhat.com https://bugzilla.redhat.com/show_bug.cgi?id=2391107

Issue TrackingVendor Advisory

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.