CVE-2025-57849
Analyzed Analyzed - Analysis Complete
Container Privilege Escalation via Group-Writable /etc/passwd in Fuse Images

Publication date: 2026-03-13

Last updated on: 2026-06-05

Assigner: Red Hat, Inc.

Description
A container privilege escalation flaw was found in certain Fuse images. This issue stems from the /etc/passwd file being created with group-writable permissions during build time. In certain conditions, an attacker who can execute commands within an affected container, even as a non-root user, can leverage their membership in the root group to modify the /etc/passwd file. This could allow the attacker to add a new user with any arbitrary UID, including UID 0, leading to full root privileges within the container.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-13
Last Modified
2026-06-05
Generated
2026-06-16
AI Q&A
2026-03-13
EPSS Evaluated
2026-06-14
NVD
CVE-2025-57849
EUVD
EUVD-2025-208627
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
redhat fuse 7.0.0
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-276 During installation, installed file permissions are set to allow anyone to modify those files.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2025-57849 is a container privilege escalation vulnerability found in certain Fuse images. The issue arises because the /etc/passwd file is created with group-writable permissions during the build process. This means that users who are part of the root group inside the container can modify this file.

An attacker who can execute commands inside the affected container, even if they are not root, can exploit this flaw by modifying the /etc/passwd file. They can add a new user with any user ID they choose, including UID 0, which is the root user ID. This effectively grants the attacker full root privileges within the container.

Impact Analysis

This vulnerability can allow an attacker with limited privileges inside a container to escalate their privileges to root level. This means they can gain full control over the container environment.

With root privileges, the attacker can perform any action within the container, such as accessing sensitive data, modifying system files, installing malicious software, or disrupting services running inside the container.

Compliance Impact

I don't know

Detection Guidance

This vulnerability can be detected by checking the permissions of the /etc/passwd file inside the affected containers. Specifically, you should verify if the /etc/passwd file has group-writable permissions, which is the root cause of this issue.

  • Run the command: ls -l /etc/passwd
  • Check if the group permissions include write access (e.g., -rw-rw-r--).

Additionally, verify if any non-root users inside the container are members of the root group, as this membership enables exploitation of the vulnerability.

  • Run the command: groups <username>
Mitigation Strategies

Immediate mitigation steps include correcting the permissions of the /etc/passwd file inside the affected containers to remove group-writable access.

  • Change the permissions of /etc/passwd to be non-group-writable using: chmod 644 /etc/passwd

Also, review and restrict group memberships to ensure that non-root users are not members of the root group within the container.

Consider rebuilding the container images with corrected file permissions during build time to prevent recurrence of this issue.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-57849. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart