A flaw was found in the Mirror Registry. The quay-app container shipped as part of the Mirror Registry for OpenShift has write access to the `/etc/passwd`. This flaw allows a malicious actor with access to the container to modify the passwd file and elevate their privileges to the root user within that pod.
Fixes

Solution

No solution given by the vendor.


Workaround

This issue can be mitigated by setting this line in each mirror registry systemd configurations: --security-opt=no-new-privileges This would prevent any privilege escalation until the issue is fixed.

History

Thu, 14 Aug 2025 17:30:00 +0000

Type Values Removed Values Added
CPEs cpe:/a:redhat:mirror_registry:2.0.0::el8
References

Wed, 16 Jul 2025 13:45:00 +0000

Type Values Removed Values Added
Metrics epss

{'score': 0.00014}

epss

{'score': 0.00016}


Fri, 09 May 2025 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Fri, 09 May 2025 12:15:00 +0000

Type Values Removed Values Added
Description No description is available for this CVE. A flaw was found in the Mirror Registry. The quay-app container shipped as part of the Mirror Registry for OpenShift has write access to the `/etc/passwd`. This flaw allows a malicious actor with access to the container to modify the passwd file and elevate their privileges to the root user within that pod.
Title mirror-registry: Local privilege escalation due to incorrect permissions in mirror-registry Mirror-registry: local privilege escalation due to incorrect permissions in mirror-registry
First Time appeared Redhat
Redhat mirror Registry
CPEs cpe:/a:redhat:mirror_registry:1
Vendors & Products Redhat
Redhat mirror Registry
References

Sat, 12 Apr 2025 03:00:00 +0000

Type Values Removed Values Added
Description No description is available for this CVE.
Title mirror-registry: Local privilege escalation due to incorrect permissions in mirror-registry
Weaknesses CWE-276
References
Metrics threat_severity

None

cvssV3_1

{'score': 8.2, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H'}

threat_severity

Important


cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published:

Updated: 2025-09-25T02:43:36.147Z

Reserved: 2025-04-11T18:46:42.874Z

Link: CVE-2025-3528

cve-icon Vulnrichment

Updated: 2025-05-09T14:10:19.394Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2025-05-09T12:15:33.223

Modified: 2025-08-14T18:15:29.800

Link: CVE-2025-3528

cve-icon Redhat

Severity : Important

Publid Date: 2024-04-11T00:00:00Z

Links: CVE-2025-3528 - Bugzilla

cve-icon OpenCVE Enrichment

No data.