FKIE_CVE-2025-57852

Vulnerability from fkie_nvd - Published: 2025-09-30 15:15 - Updated: 2026-03-07 00:16
Severity ?
6.4 (Medium) - CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
A container privilege escalation flaw was found in KServe ModelMesh container images. This issue stems from the /etc/passwd file being created with group-writable permissions during build time. In certain conditions, an attacker who can execute commands within an affected container, even as a non-root user, can leverage their membership in the root group to modify the /etc/passwd file. This could allow the attacker to add a new user with any arbitrary UID, including UID 0, leading to full root privileges within the container.
References
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2025:16981
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2025:16982
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2025:16983
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2025:16984
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2025:17501
secalert@redhat.comhttps://access.redhat.com/security/cve/CVE-2025-57852
secalert@redhat.comhttps://bugzilla.redhat.com/show_bug.cgi?id=2391105
Impacted products
Vendor Product Version
To clipboard 

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A container privilege escalation flaw was found in KServe ModelMesh container images. This issue stems from the /etc/passwd file being created with group-writable permissions during build time. In certain conditions, an attacker who can execute commands within an affected container, even as a non-root user, can leverage their membership in the root group to modify the /etc/passwd file. This could allow the attacker to add a new user with any arbitrary UID, including UID 0, leading to full root privileges within the container."
    },
    {
      "lang": "es",
      "value": "Una falla de escalada de privilegios de contenedor fue encontrada en las im\u00e1genes de contenedor de KServe ModelMesh. Este problema se origina en que el archivo /etc /passwd es creado con permisos de escritura para el grupo durante el tiempo de compilaci\u00f3n. En ciertas condiciones, un atacante que puede ejecutar comandos dentro de un contenedor afectado, incluso como un usuario no-root, puede aprovechar su membres\u00eda en el grupo root para modificar el archivo /etc /passwd. Esto podr\u00eda permitir al atacante a\u00f1adir un nuevo usuario con cualquier UID arbitrario, incluyendo UID 0, lo que lleva a privilegios de root completos dentro del contenedor."
    }
  ],
  "id": "CVE-2025-57852",
  "lastModified": "2026-03-07T00:16:11.040",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 6.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 0.5,
        "impactScore": 5.9,
        "source": "secalert@redhat.com",
        "type": "Primary"
      }
    ]
  },
  "published": "2025-09-30T15:15:53.720",
  "references": [
    {
      "source": "secalert@redhat.com",
      "url": "https://access.redhat.com/errata/RHSA-2025:16981"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://access.redhat.com/errata/RHSA-2025:16982"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://access.redhat.com/errata/RHSA-2025:16983"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://access.redhat.com/errata/RHSA-2025:16984"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://access.redhat.com/errata/RHSA-2025:17501"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://access.redhat.com/security/cve/CVE-2025-57852"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2391105"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Awaiting Analysis",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-276"
        }
      ],
      "source": "secalert@redhat.com",
      "type": "Secondary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.