CVE-2025-57851

MEDIUM SEVERITY

CVSS Score & Metrics

Base Score

6.4 / 10

Vector String

                                        CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H                                    

Vulnerability Description

A container privilege escalation flaw was found in certain Multicluster Engine for Kubernetes images. This issue stems from the /etc/passwd file being created with group-writable permissions during build time. In certain conditions, an attacker who can execute commands within an affected container, even as a non-root user, can leverage their membership in the root group to modify the /etc/passwd file. This could allow the attacker to add a new user with any arbitrary UID, including UID 0, leading to full root privileges within the container.

Vulnerability Details

Published Date

April 08, 2026

Last Modified

April 08, 2026

CWE ID

CWE-276

Source

NVD

Vendor

Red Hat

Product

Multicluster Engine for Kubernetes

External References

https://access.redhat.com/security/cve/CVE-2025-57851
https://bugzilla.redhat.com/show_bug.cgi?id=2391104

CVE-2025-57851

CVSS Score & Metrics

Vulnerability Description

Vulnerability Details

External References

Discussion (0)

Add Comment