CVE-2025-57848
Awaiting Analysis Awaiting Analysis - Queue
BaseFortify

Publication date: 2025-10-23

Last updated on: 2026-03-07

Assigner: Red Hat, Inc.

Description
A container privilege escalation flaw was found in certain Container-native Virtualization images. This issue stems from the /etc/passwd file being created with group-writable permissions during build time. In certain conditions, an attacker who can execute commands within an affected container, even as a non-root user, can leverage their membership in the root group to modify the /etc/passwd file. This could allow the attacker to add a new user with any arbitrary UID, including UID 0, leading to full root privileges within the container.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-10-23
Last Modified
2026-03-07
Generated
2026-05-07
AI Q&A
2025-10-23
EPSS Evaluated
2026-05-05
NVD
CVE-2025-57848
Affected Vendors & Products
Currently, no data is known.
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-276 During installation, installed file permissions are set to allow anyone to modify those files.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability is a container privilege escalation flaw found in certain container-native virtualization images. During the container build process, the /etc/passwd file is created with group-writable permissions. An attacker who can run commands inside the affected container, even as a non-root user, and who is a member of the root group, can modify the /etc/passwd file. This allows the attacker to add a new user with any user ID, including UID 0 (root), thereby gaining full root privileges within the container. [1]


How can this vulnerability be detected on my network or system? Can you suggest some commands?

You can detect this vulnerability by checking if the /etc/passwd file inside your container images has group-writable permissions. For example, run the command `ls -l /etc/passwd` inside the container and verify if the group permissions include write access (e.g., -rw-rw-r--). If the file is group-writable, the container is vulnerable. Additionally, verify if users inside the container belong to the root group, which could allow exploitation. [1]


What immediate steps should I take to mitigate this vulnerability?

Immediate mitigation steps include rebuilding the affected container images ensuring that the /etc/passwd file is created without group-writable permissions (e.g., permissions set to 644 or more restrictive). Also, restrict user group memberships inside containers to prevent non-root users from being in the root group. Applying updated container images or patches from your vendor that address this issue is recommended. [1]


How can this vulnerability impact me? :

This vulnerability can allow an attacker with limited access inside a container to escalate their privileges to full root access within that container. This means the attacker can perform any action as the root user inside the container, potentially compromising the container's security and any applications or data it handles. [1]


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart