CVE-2025-57854 - Vulnerability Details

- Osus-operator: privilege escalation via excessive /etc/passwd permissions

Description

A container privilege escalation flaw was found in certain OpenShift Update Service (OSUS) images. This issue stems from the /etc/passwd file being created with group-writable permissions during build time. In certain conditions, an attacker who can execute commands within an affected container, even as a non-root user, may be able to leverage their membership in the root group to modify the /etc/passwd file. This could allow the attacker to add a new user with any arbitrary UID, including UID 0, leading to full root privileges within the container.

Published: 2026-04-08

Score: 6.4 Medium

EPSS: n/a

KEV: No

Impact:

Action:

Analysis

Impact

The flaw allows a non‑root user that can execute commands in an affected OpenShift Update Service image to exploit a group‑writable /etc/passwd file. By modifying this file the attacker can create a user with UID 0 and gain full root privileges inside the container, compromising confidentiality, integrity, and availability of the workloads running in that container. This vulnerability is a classic permission‑to‑grant escalation described by CWE‑276.

Affected Systems

The issue affects Red Hat OpenShift Update Service version 5, as identified by the vendor. Containers built from this image are vulnerable unless the /etc/passwd file is secured. No additional vendor or product variations are listed.

Risk and Exploitability

The CVSS score of 6.4 indicates medium severity, and the lack of an EPSS score suggests there is no current widespread exploitation data. The flaw requires that the attacker already has the ability to run commands inside the container, which is a non‑remote scenario. However, once inside, the attacker can elevate to root, making the impact severe for the affected namespace. Since the vulnerability is not listed in the CISA KEV catalog, it is likely not actively exploited yet, but the potential for full container compromise warrants prompt attention.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor	Product	Default status	Versions
Red Hat	Red Hat OpenShift Update Service	affected	—

No data.

No data available yet.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Apply the latest Red Hat OpenShift Update Service patch that removes group write permissions from /etc/passwd.
Verify that new container images no longer ship /etc/passwd with group‑write permissions.
Re‑launched any existing containers with the patched image to eliminate the vulnerability.
If a patch is not yet available, limit container users to the non‑root group and remove root group membership to mitigate the escalation risk.

Generated by OpenCVE AI on April 8, 2026 at 15:21 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

Attack Vector Local

Attack Complexity High

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Exploitation none

Automatable no

Technical Impact total

References

Link	Providers
https://access.redhat.com/security/cve/CVE-2025-57854
https://bugzilla.redhat.com/show_bug.cgi?id=2391107
https://nvd.nist.gov/vuln/detail/CVE-2025-57854
https://www.cve.org/CVERecord?id=CVE-2025-57854

History

Thu, 09 Apr 2026 00:15:00 +0000

Type	Values Removed	Values Added
References		https://nvd.nist.gov/vuln/detail/CVE-2025-57854 https://www.cve.org/CVERecord?id=CVE-2025-57854
Metrics	threat_severity `None`	threat_severity `Moderate`

Wed, 08 Apr 2026 15:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Wed, 08 Apr 2026 14:15:00 +0000

Type	Values Removed	Values Added
Description		A container privilege escalation flaw was found in certain OpenShift Update Service (OSUS) images. This issue stems from the /etc/passwd file being created with group-writable permissions during build time. In certain conditions, an attacker who can execute commands within an affected container, even as a non-root user, may be able to leverage their membership in the root group to modify the /etc/passwd file. This could allow the attacker to add a new user with any arbitrary UID, including UID 0, leading to full root privileges within the container.
Title		Osus-operator: privilege escalation via excessive /etc/passwd permissions
First Time appeared		Redhat Redhat openshift Update Service
Weaknesses		CWE-276
CPEs		cpe:/a:redhat:openshift_update_service:5
Vendors & Products		Redhat Redhat openshift Update Service
References		https://access.redhat.com/security/cve/CVE-2025-57854 https://bugzilla.redhat.com/show_bug.cgi?id=2391107
Metrics		cvssV3_1 `{'score': 6.4, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H'}`

Subscriptions

Redhat Openshift Update Service

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2026-04-08T13:55:06.739Z

Updated: 2026-04-08T14:42:32.600Z

Reserved: 2025-08-21T14:40:40.822Z

Link: CVE-2025-57854

Vulnrichment

Updated: 2026-04-08T14:42:26.460Z

NVD

Status : Awaiting Analysis

Published: 2026-04-08T14:16:26.267

Modified: 2026-04-08T21:26:13.410

Link: CVE-2025-57854

Redhat

Severity : Moderate

Publid Date: 2026-04-08T13:45:19Z

Links: CVE-2025-57854 - Bugzilla

OpenCVE Enrichment

Updated: 2026-04-08T19:39:27Z

Weaknesses

CWE-276

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Local

Attack Complexity High

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Exploitation none

Automatable no

Technical Impact total

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object