Platform
linux
Component
redhat-web-terminal
Fixed in
1.10.0
2.5.4
CVE-2025-57853 describes a privilege escalation vulnerability affecting Red Hat Web Terminal versions 1.0.0 through 2.5.3. This flaw allows attackers with command execution capabilities within a container to potentially escalate their privileges to root. The vulnerability arises from improperly configured file permissions during the container image build process, and a fix is available in version 2.5.4.
The core of this vulnerability lies in the group-writable permissions assigned to the /etc/passwd file during the Web Terminal container image build. An attacker who can execute commands within a vulnerable container, even as a non-root user, can leverage their group membership (specifically, membership in the root group) to modify this file. By adding a new user with UID 0 (root), the attacker effectively gains full root privileges within the container's isolated environment. This allows for complete control over the container's resources and potentially access to sensitive data stored within it. The blast radius is limited to the container itself, but the impact within that container is severe.
This vulnerability is not currently listed on KEV. The EPSS score is likely to be low to medium, given the requirement for command execution within a container and the relatively complex exploitation steps. There are no publicly known proof-of-concept exploits at this time. The CVE was published on 2026-04-08.
Exploit Status
EPSS
0.00% (0% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2025-57853 is to upgrade Red Hat Web Terminal to version 2.5.4 or later, which corrects the file permission issue. If an immediate upgrade is not feasible, consider implementing container security hardening measures. This includes restricting the capabilities of the container, minimizing the user's privileges within the container, and implementing strict access controls. Review container image build processes to ensure proper file permissions are set. While not a direct fix, using a read-only root filesystem within the container can limit the attacker's ability to modify /etc/passwd. After upgrading, verify the fix by attempting to create a new user with UID 0 within a container running the patched version; this should fail.
Update to version 2.5.4 or higher of Red Hat Web Terminal. This version fixes the issue by ensuring that the /etc/passwd file is created with appropriate permissions, preventing unauthorized modification by non-root users.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2025-57853 is a medium-severity vulnerability in Red Hat Web Terminal versions 1.0.0–2.5.3 that allows attackers to escalate privileges within a container by modifying the /etc/passwd file.
You are affected if you are using Red Hat Web Terminal versions 1.0.0 through 2.5.3 and are running it in a containerized environment.
Upgrade Red Hat Web Terminal to version 2.5.4 or later to resolve the vulnerability. Consider container security hardening measures as an interim step.
There are currently no publicly known active exploitation campaigns for CVE-2025-57853, but it's crucial to apply the patch proactively.
Refer to the official Red Hat security advisory for CVE-2025-57853 on the Red Hat website (search for CVE-2025-57853 on redhat.com).
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.