CVE-2025-7195
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-08-07

Last updated on: 2026-03-24

Assigner: Red Hat, Inc.

Description
Early versions of Operator-SDK provided an insecure method to allow operator containers to run in environments that used a random UID. Operator-SDK before 0.15.2 provided a script, user_setup, which modifies the permissions of the /etc/passwd file to 664 during build time. Developers who used Operator-SDK before 0.15.2 to scaffold their operator may still be impacted by this if the insecure user_setup script is still being used to build new container images. In affected images, the /etc/passwd file is created during build time with group-writable permissions and a group ownership of root (gid=0). An attacker who can execute commands within an affected container, even as a non-root user, may be able to leverage their membership in the root group to modify the /etc/passwd file. This could allow the attacker to add a new user with any arbitrary UID, including UID 0, leading to full root privileges within the container.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-08-07
Last Modified
2026-03-24
Generated
2026-05-27
AI Q&A
2025-08-07
EPSS Evaluated
2026-05-25
NVD
CVE-2025-7195
Affected Vendors & Products
Showing 12 associated CPEs
Vendor Product Version / Range
redhat multicluster_engine_for_kubernetes 2.9.1
redhat openshift_data_foundation 4.14
redhat openshift_data_foundation 4.16
redhat openshift_data_foundation 4.18
redhat advanced_cluster_management_for_kubernetes 2.14.1
redhat advanced_cluster_management_for_kubernetes 2.12.6
redhat multicluster_engine_for_kubernetes 2.7.7
redhat multicluster_engine_for_kubernetes 2.6
redhat advanced_cluster_management_for_kubernetes 2.11.9
redhat openshift_data_foundation 4.15
redhat openshift_file_integrity_operator 1.3.8
redhat openshift_data_foundation 4.17
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-276 During installation, installed file permissions are set to allow anyone to modify those files.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability exists in early versions of Operator-SDK before 0.15.2, where a script called user_setup modifies the permissions of the /etc/passwd file to be group-writable (664) and assigns it group ownership of root during container build time. This insecure permission setting allows an attacker who can execute commands inside the container, even as a non-root user, to modify the /etc/passwd file. By doing so, the attacker can add a new user with any UID, including UID 0 (root), thereby gaining full root privileges within the container.


How can this vulnerability impact me? :

If you use affected Operator-SDK versions and build container images with the insecure user_setup script, an attacker with command execution inside the container could escalate their privileges to root. This could lead to unauthorized full control over the container environment, potentially compromising the security and integrity of your applications running inside the container.


What immediate steps should I take to mitigate this vulnerability?

To mitigate this vulnerability, ensure that you are not using Operator-SDK versions before 0.15.2. Avoid using the insecure user_setup script that modifies /etc/passwd permissions to 664 with root group ownership during build time. Rebuild your operator container images using Operator-SDK version 0.15.2 or later, which does not include this insecure script. Additionally, verify that the /etc/passwd file inside your container images does not have group-writable permissions or root group ownership to prevent unauthorized modifications.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart