CVE-2025-7195

MEDIUM EPSS 10.6%

Published Aug 7, 202510mo ago · Modified Jun 17, 20261w ago

6.4 CVSS 3.1

Medium

Published Aug 7, 2025 10mo ago

Last Modified Jun 17, 2026 1w ago

Description

Early versions of Operator-SDK provided an insecure method to allow operator containers to run in environments that used a random UID. Operator-SDK before 0.15.2 provided a script, user_setup, which modifies the permissions of the /etc/passwd file to 664 during build time. Developers who used Operator-SDK before 0.15.2 to scaffold their operator may still be impacted by this if the insecure user_setup script is still being used to build new container images. In affected images, the /etc/passwd file is created during build time with group-writable permissions and a group ownership of root (gid=0). An attacker who can execute commands within an affected container, even as a non-root user, may be able to leverage their membership in the root group to modify the /etc/passwd file. This could allow the attacker to add a new user with any arbitrary UID, including UID 0, leading to full root privileges within the container.

CVSS Details

Base Score

6.4

Exploitability

0.5

Impact

5.9

Vector string

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

Attack Vector Local

Attack Complexity High

Privileges Required High

User Interaction None

Scope Unchanged

Confidentiality High

Integrity High

Availability High

Threat Intelligence

EPSS Exploit Probability

10.6% percentile

Exploit & Patch Status

No Known Exploit

No Patch Available

Weaknesses 1

CWE-276

References 26

access.redhat.com https://access.redhat.com/errata/RHEA-2025:23406
access.redhat.com https://access.redhat.com/errata/RHEA-2025:23478
access.redhat.com https://access.redhat.com/errata/RHEA-2026:0129
access.redhat.com https://access.redhat.com/errata/RHSA-2025:19332
access.redhat.com https://access.redhat.com/errata/RHSA-2025:19335
access.redhat.com https://access.redhat.com/errata/RHSA-2025:19958
access.redhat.com https://access.redhat.com/errata/RHSA-2025:19961
access.redhat.com https://access.redhat.com/errata/RHSA-2025:21368
access.redhat.com https://access.redhat.com/errata/RHSA-2025:21885
access.redhat.com https://access.redhat.com/errata/RHSA-2025:22415
access.redhat.com https://access.redhat.com/errata/RHSA-2025:22416
access.redhat.com https://access.redhat.com/errata/RHSA-2025:22418
access.redhat.com https://access.redhat.com/errata/RHSA-2025:22420
access.redhat.com https://access.redhat.com/errata/RHSA-2025:22683
access.redhat.com https://access.redhat.com/errata/RHSA-2025:22684
access.redhat.com https://access.redhat.com/errata/RHSA-2025:23528
access.redhat.com https://access.redhat.com/errata/RHSA-2025:23529
access.redhat.com https://access.redhat.com/errata/RHSA-2025:23542
access.redhat.com https://access.redhat.com/errata/RHSA-2026:0627
access.redhat.com https://access.redhat.com/errata/RHSA-2026:0718
access.redhat.com https://access.redhat.com/errata/RHSA-2026:0722
access.redhat.com https://access.redhat.com/errata/RHSA-2026:0737
access.redhat.com https://access.redhat.com/errata/RHSA-2026:2572
access.redhat.com https://access.redhat.com/errata/RHSA-2026:5633
access.redhat.com https://access.redhat.com/security/cve/CVE-2025-7195
bugzilla.redhat.com https://bugzilla.redhat.com/show_bug.cgi?id=2376300

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.