Description
A container privilege escalation flaw was found in certain Web Terminal images. This issue stems from the /etc/passwd file being created with group-writable permissions during build time. In certain conditions, an attacker who can execute commands within an affected container, even as a non-root user, can leverage their membership in the root group to modify the /etc/passwd file. This could allow the attacker to add a new user with any arbitrary UID, including UID 0, leading to full root privileges within the container.
Published: 2026-04-08
Score: 6.4 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Privilege escalation to root within containers
Action: Apply Patch
AI Analysis

Impact

A flaw in certain Web Terminal images allows a container user with group membership in the root group to alter the /etc/passwd file, which is created with group‑writable permissions. By editing that file an attacker can add a user with any arbitrary UID, including 0, granting full root privileges inside the container. The weakness is an improper permission assignment (CWE‑276).

Affected Systems

The affected product is Red Hat Web Terminal. Any container built from the vulnerable image that leaves /etc/passwd group‑writable is susceptible. Specific versions are not listed; therefore any configuration using the problematic image could be impacted. The vulnerability does not affect the host system directly unless the attacker can escape the container.

Risk and Exploitability

The CVSS score of 6.4 indicates a moderate severity. No EPSS score is available and the flaw is not in the CISA KEV catalog, so the exploitation likelihood is uncertain. An attacker who can execute commands inside the container and is a member of the root group can exploit the issue; correcting the file permissions or applying a vendor patch removes the escalation path.

Generated by OpenCVE AI on April 8, 2026 at 15:50 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest Red Hat Web Terminal patch or upgrade to a version that fixes the permission issue.
  • Verify that the /etc/passwd file in your container images has no group‑write permissions (chmod u+rw,g-w,o-w).
  • Review and adjust user and group configurations to avoid granting non‑root users membership in the root group.
  • Rebuild or retag your Web Terminal containers ensuring the build process does not set /etc/passwd as group‑writable.

Generated by OpenCVE AI on April 8, 2026 at 15:50 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 09 Apr 2026 08:30:00 +0000

Type Values Removed Values Added
First Time appeared Redhat web Terminal
Vendors & Products Redhat web Terminal

Thu, 09 Apr 2026 00:15:00 +0000

Type Values Removed Values Added
References
Metrics threat_severity

None

 threat_severity

Moderate

Wed, 08 Apr 2026 17:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Wed, 08 Apr 2026 14:15:00 +0000

Type Values Removed Values Added
Description A container privilege escalation flaw was found in certain Web Terminal images. This issue stems from the /etc/passwd file being created with group-writable permissions during build time. In certain conditions, an attacker who can execute commands within an affected container, even as a non-root user, can leverage their membership in the root group to modify the /etc/passwd file. This could allow the attacker to add a new user with any arbitrary UID, including UID 0, leading to full root privileges within the container.
Title Web-terminal: privilege escalation via excessive /etc/passwd permissions
First Time appeared Redhat
Redhat webterminal
Weaknesses CWE-276
CPEs cpe:/a:redhat:webterminal:1
Vendors & Products Redhat
Redhat webterminal
References
Metrics cvssV3_1

{'score': 6.4, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H'}

Subscriptions

Redhat Web Terminal Webterminal
cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published:

Updated: 2026-04-08T16:06:20.933Z

Reserved: 2025-08-21T14:40:40.822Z

Link: CVE-2025-57853

cve-icon Vulnrichment

Updated: 2026-04-08T16:06:18.099Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-04-08T14:16:26.020

Modified: 2026-04-08T21:26:13.410

Link: CVE-2025-57853

cve-icon Redhat

Severity : Moderate

Publid Date: 2026-04-08T13:45:39Z

Links: CVE-2025-57853 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-04-09T08:18:52Z

Weaknesses