Description
A container privilege escalation flaw was found in certain Fuse images. This issue stems from the /etc/passwd file being created with group-writable permissions during build time. In certain conditions, an attacker who can execute commands within an affected container, even as a non-root user, can leverage their membership in the root group to modify the /etc/passwd file. This could allow the attacker to add a new user with any arbitrary UID, including UID 0, leading to full root privileges within the container.
Published: 2026-03-13
Score: 6.4 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Privilege Escalation
Action: Patch
AI Analysis

Impact

A container privilege escalation flaw exists in certain Red Hat Fuse 7 images. The build process creates /etc/passwd with group-writable permissions (CWE-276). As a result, a non-root user who can execute commands inside the container and belongs to the root group can modify /etc/passwd. By creating a new entry with an arbitrary UID, the attacker can add a UID 0 account and thereby gain full root privileges within the container, compromising confidentiality, integrity, and availability.

Affected Systems

The vulnerability affects Red Hat Fuse 7 container images, identified by the CPE cpe:/a:redhat:jboss_fuse:7. No specific version numbers were supplied, so any Fuse 7 image built from the indicated sources is potentially vulnerable. Red Hat publishes advisories at https://access.redhat.com/security/cve/CVE-2025-57849.

Risk and Exploitability

The CVSS base score is 6.4, indicating moderate risk. The EPSS score is reported as less than 1%, signifying low exploitation probability. The vulnerability is not listed in CISA’s KEV catalog. Exploitation requires an attacker who can execute code inside the container and is a member of the root group; the likely attack vector is local container privilege escalation. Once the attacker creates a UID 0 entry, they can run arbitrary commands with root privileges within the container, potentially affecting the host if privileged containers or breakout is feasible.

Generated by OpenCVE AI on March 19, 2026 at 14:43 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update affected Red Hat Fuse 7 images to a patched version where /etc/passwd is created with non-group-writable permissions.
  • Verify that new or restored images do not set group-writable permissions on /etc/passwd.
  • Restrict membership in the root group within containers or the host to trusted users only.
  • Monitor container runtimes for the creation of new UID 0 accounts and for changes to root group membership.
  • Consider using image signing and integrity checks to prevent deployment of untrusted or modified images.

Generated by OpenCVE AI on March 19, 2026 at 14:43 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 16 Mar 2026 10:15:00 +0000

Type Values Removed Values Added
First Time appeared Redhat fuse
Vendors & Products Redhat fuse

Fri, 13 Mar 2026 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Fri, 13 Mar 2026 12:15:00 +0000

Type Values Removed Values Added
References
Metrics threat_severity

None

 threat_severity

Moderate

Fri, 13 Mar 2026 03:45:00 +0000

Type Values Removed Values Added
Description A container privilege escalation flaw was found in certain Fuse images. This issue stems from the /etc/passwd file being created with group-writable permissions during build time. In certain conditions, an attacker who can execute commands within an affected container, even as a non-root user, can leverage their membership in the root group to modify the /etc/passwd file. This could allow the attacker to add a new user with any arbitrary UID, including UID 0, leading to full root privileges within the container.
Title Fuse: privilege escalation via excessive /etc/passwd permissions
First Time appeared Redhat
Redhat jboss Fuse
Weaknesses CWE-276
CPEs cpe:/a:redhat:jboss_fuse:7
Vendors & Products Redhat
Redhat jboss Fuse
References
Metrics cvssV3_1

{'score': 6.4, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H'}

Subscriptions

Redhat Fuse Jboss Fuse
cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published:

Updated: 2026-03-13T14:13:19.030Z

Reserved: 2025-08-21T14:40:40.822Z

Link: CVE-2025-57849

cve-icon Vulnrichment

Updated: 2026-03-13T14:13:14.575Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-03-13T19:53:52.313

Modified: 2026-03-16T14:54:11.293

Link: CVE-2025-57849

cve-icon Redhat

Severity : Moderate

Publid Date: 2026-03-13T02:52:00Z

Links: CVE-2025-57849 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-03-23T09:59:47Z

Weaknesses