Early versions of Operator-SDK provided an insecure method to allow operator containers to run in environments that used a random UID. Operator-SDK before 0.15.2 provided a script, user_setup, which modifies the permissions of the /etc/passwd file to 664 during build time. Developers who used Operator-SDK before 0.15.2 to scaffold their operator may still be impacted by this if the insecure user_setup script is still being used to build new container images.

In affected images, the /etc/passwd file is created during build time with group-writable permissions and a group ownership of root (gid=0). An attacker who can execute commands within an affected container, even as a non-root user, may be able to leverage their membership in the root group to modify the /etc/passwd file. This could allow the attacker to add a new user with any arbitrary UID, including UID 0, leading to full root privileges within the container.
Fixes

Solution

No solution given by the vendor.


Workaround

In Red Hat OpenShift Container Platform, the following default configurations reduce the impact of this vulnerability. Security Context Constraints (SCCs): The default SCC, Restricted-v2, applies several crucial security settings to containers. Capabilities: drop: ALL removes all Linux capabilities, including SETUID and SETGID. This prevents a process from changing its user or group ID, a common step in privilege escalation attacks. The SETUID and SETGID capabilities can also be dropped explicitly if other capabilities are still required. allowPrivilegeEscalation: false ensures that a process cannot gain more privileges than its parent process. This blocks attempts by a compromised container process to grant itself additional capabilities. SELinux Mandatory Access Control (MAC): Pods are required to run with a pre-allocated Multi-Category Security (MCS) label. This SELinux feature provides a strong layer of isolation between containers and from the host system. A properly configured SELinux policy can prevent a container escape, even if an attacker gains elevated permissions within the container itself. Filesystem Hardening: While not a default setting, a common security practice is to set readOnlyRootFilesystem: true in a container's security context. In this specific scenario, this configuration would prevent an attacker from modifying critical files like /etc/passwd, even if they managed to gain file-level write permissions.

History

Sun, 31 Aug 2025 06:15:00 +0000

Type Values Removed Values Added
First Time appeared Redhat apicurio Registry
Redhat container Native Virtualization
Redhat devworkspace
Redhat jboss Fuse
Redhat webterminal
CPEs cpe:/a:redhat:apicurio_registry:3
cpe:/a:redhat:container_native_virtualization:4
cpe:/a:redhat:devworkspace
cpe:/a:redhat:jboss_fuse:7
cpe:/a:redhat:webterminal:1
Vendors & Products Redhat apicurio Registry
Redhat container Native Virtualization
Redhat devworkspace
Redhat jboss Fuse
Redhat webterminal

Fri, 08 Aug 2025 19:45:00 +0000

Type Values Removed Values Added
Description Early versions of Operator-SDK provided an insecure method to allow operator containers to run in environments that used a random UID. Operator-SDK before 0.15.2 provided a script, user_setup, which modifies the permissions of the /etc/passwd file to 664 during build time. Developers who used Operator-SDK before 0.15.2 to scaffold their operator may still be impacted by this if the insecure user_setup script is still being used to build new container images. In affected images, the /etc/passwd file was created during build time with group-writable permissions and a group ownership of root (gid=0). An attacker who can execute commands within an affected container, even as a non-root user, may be able to leverage their membership in the root group to modify the /etc/passwd file. This could allow the attacker to add a new user with any arbitrary UID, including UID 0, leading to full root privileges within the container. Early versions of Operator-SDK provided an insecure method to allow operator containers to run in environments that used a random UID. Operator-SDK before 0.15.2 provided a script, user_setup, which modifies the permissions of the /etc/passwd file to 664 during build time. Developers who used Operator-SDK before 0.15.2 to scaffold their operator may still be impacted by this if the insecure user_setup script is still being used to build new container images. In affected images, the /etc/passwd file is created during build time with group-writable permissions and a group ownership of root (gid=0). An attacker who can execute commands within an affected container, even as a non-root user, may be able to leverage their membership in the root group to modify the /etc/passwd file. This could allow the attacker to add a new user with any arbitrary UID, including UID 0, leading to full root privileges within the container.

Fri, 08 Aug 2025 00:15:00 +0000

Type Values Removed Values Added
References
Metrics threat_severity

None

threat_severity

Moderate


Thu, 07 Aug 2025 20:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Thu, 07 Aug 2025 19:15:00 +0000

Type Values Removed Values Added
Description Early versions of Operator-SDK provided an insecure method to allow operator containers to run in environments that used a random UID. Operator-SDK before 0.15.2 provided a script, user_setup, which modifies the permissions of the /etc/passwd file to 664 during build time. Developers who used Operator-SDK before 0.15.2 to scaffold their operator may still be impacted by this if the insecure user_setup script is still being used to build new container images. In affected images, the /etc/passwd file was created during build time with group-writable permissions and a group ownership of root (gid=0). An attacker who can execute commands within an affected container, even as a non-root user, may be able to leverage their membership in the root group to modify the /etc/passwd file. This could allow the attacker to add a new user with any arbitrary UID, including UID 0, leading to full root privileges within the container.
Title Operator-sdk: privilege escalation due to incorrect permissions of /etc/passwd
First Time appeared Redhat
Redhat acm
Redhat advanced Cluster Security
Redhat multicluster Engine
Redhat multicluster Globalhub
Redhat openshift
Redhat openshift Data Foundation
Redhat openshift File Integrity Operator
Weaknesses CWE-276
CPEs cpe:/a:redhat:acm:2
cpe:/a:redhat:advanced_cluster_security:4
cpe:/a:redhat:multicluster_engine
cpe:/a:redhat:multicluster_globalhub
cpe:/a:redhat:openshift:4
cpe:/a:redhat:openshift_data_foundation:4
cpe:/a:redhat:openshift_file_integrity_operator:1
Vendors & Products Redhat
Redhat acm
Redhat advanced Cluster Security
Redhat multicluster Engine
Redhat multicluster Globalhub
Redhat openshift
Redhat openshift Data Foundation
Redhat openshift File Integrity Operator
References
Metrics cvssV3_1

{'score': 5.2, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:H/A:L'}


cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published:

Updated: 2025-09-18T14:20:48.063Z

Reserved: 2025-07-07T08:45:21.278Z

Link: CVE-2025-7195

cve-icon Vulnrichment

Updated: 2025-08-07T19:23:17.337Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2025-08-07T19:15:29.367

Modified: 2025-08-08T20:15:26.950

Link: CVE-2025-7195

cve-icon Redhat

Severity : Moderate

Publid Date: 2025-08-07T18:59:00Z

Links: CVE-2025-7195 - Bugzilla

cve-icon OpenCVE Enrichment

No data.