Plataforma
linux
Componente
openshift-update-service
Corrigido em
1.10.0
2.5.4
CVE-2025-57854 describes a privilege escalation vulnerability discovered in Red Hat OpenShift Update Service (OSUS) images. This flaw allows attackers with command execution capabilities within a container to potentially gain root privileges by manipulating the /etc/passwd file. The vulnerability impacts versions 1.0.0 through 2.5.3 of OSUS, and a fix is available in version 2.5.4.
The core of the vulnerability lies in the group-writable permissions assigned to the /etc/passwd file during the build process of affected OSUS images. An attacker who can execute commands within a container, even with non-root privileges, can exploit this by leveraging their membership in the root group. By modifying the /etc/passwd file, the attacker can create a new user with an arbitrary UID, including UID 0 (root). This grants them complete control over the container, enabling them to execute arbitrary commands, access sensitive data, and potentially compromise the underlying host system if container breakout is possible. The blast radius extends to any data or services accessible within the container, and the potential for lateral movement depends on the container's network configuration and access to other resources.
CVE-2025-57854 was publicly disclosed on 2026-04-08. Its severity is rated as medium. Currently, there are no publicly available proof-of-concept exploits. The vulnerability has been added to the CISA KEV catalog, indicating a potential for exploitation. The ease of exploitation is likely moderate, as it requires command execution within a container, but the potential impact is significant due to the possibility of root privilege escalation.
Organizations utilizing Red Hat OpenShift Update Service in production environments, particularly those running versions 1.0.0 through 2.5.3, are at risk. Environments with less stringent container security policies or those relying on default configurations are especially vulnerable. Shared hosting environments using OSUS also face increased risk due to the potential for cross-container contamination.
• linux / server:
journalctl -u osus -g 'passwd modification'• linux / server:
find / -perm -g+w -name 'passwd' 2>/dev/null• linux / server:
ps aux | grep -i passwddisclosure
Status do Exploit
EPSS
0.00% (percentil 0%)
CISA SSVC
Vetor CVSS
The primary mitigation for CVE-2025-57854 is to upgrade to Red Hat OpenShift Update Service version 2.5.4 or later, which includes a fix for the group-writable permissions issue. If an immediate upgrade is not feasible, consider implementing stricter container security policies to limit the potential impact of a successful exploitation. This includes restricting container privileges, implementing strong access controls, and regularly auditing container configurations. While not a direct fix, using a Web Application Firewall (WAF) or reverse proxy can help detect and block malicious requests attempting to exploit the vulnerability. Monitor container logs for suspicious activity, particularly attempts to modify the /etc/passwd file. After upgrading, verify the fix by attempting to create a new user with UID 0 within an affected container and confirming that the operation fails.
Actualice a la versión 2.5.4 o posterior de Red Hat OpenShift Update Service. Esta versión corrige el problema al asegurar que el archivo /etc/passwd se cree con permisos adecuados, evitando la modificación no autorizada por usuarios con privilegios de grupo root.
Análise de vulnerabilidades e alertas críticos diretamente no seu e-mail.
CVE-2025-57854 is a medium severity vulnerability in Red Hat OpenShift Update Service allowing attackers to potentially gain root privileges within a container by modifying the /etc/passwd file.
You are affected if you are running Red Hat OpenShift Update Service versions 1.0.0 through 2.5.3. Upgrade to 2.5.4 or later to mitigate the risk.
Upgrade to Red Hat OpenShift Update Service version 2.5.4 or later. Consider stricter container security policies as an interim measure.
Currently, there are no confirmed reports of active exploitation, but the vulnerability has been added to the CISA KEV catalog, indicating potential risk.
Refer to the official Red Hat security advisory for detailed information and updates: https://access.redhat.com/security/cve/CVE-2025-57854
Envie seu arquivo de dependências e descubra na hora se esta e outras CVEs te atingem.