CVE-2025-57850
BaseFortify
Publication date: 2025-12-02
Last updated on: 2026-03-07
Assigner: Red Hat, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| redhat | codeready_ws | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-276 | During installation, installed file permissions are set to allow anyone to modify those files. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a container privilege escalation flaw found in certain CodeReady Workspaces images. It occurs because the /etc/passwd file is created with group-writable permissions during build time. An attacker who can run commands inside the affected container, even as a non-root user, and who is a member of the root group, can modify the /etc/passwd file. This allows the attacker to add a new user with any user ID, including UID 0, effectively gaining full root privileges within the container.
How can this vulnerability impact me? :
This vulnerability can allow an attacker with limited access inside a container to escalate their privileges to root within that container. This means the attacker could gain full control over the container environment, potentially leading to unauthorized actions, data modification, or disruption of services running inside the container.