CVE-2025-57852
Published: Sep 30, 2025
Modified: Mar 6, 2026
CVSS v3.1
6.4
Description
A container privilege escalation flaw was found in KServe ModelMesh container images. This issue stems from the /etc/passwd file being created with group-writable permissions during build time. In certain conditions, an attacker who can execute commands within an affected container, even as a non-root user, can leverage their membership in the root group to modify the /etc/passwd file. This could allow the attacker to add a new user with any arbitrary UID, including UID 0, leading to full root privileges within the container.
| Vendor | Product | Versions |
|---|---|---|
Red Hat | Red Hat OpenShift AI 2.16 | unaffected sha256:97e2bd9b587f08e135a9aeb9b3e0dc6eafa1a9bdacbb5ecb681ce9bd5aa37fc9 - < * |
Red Hat | Red Hat OpenShift AI 2.19 | unaffected sha256:53ac36baa374159b9065c718a9ede821bbb61d9ebe9502b2243e0a9f7aca0d16 - < * |
Red Hat | Red Hat OpenShift AI 2.21 | unaffected sha256:687c8eeed55f021ecaab1307f0e88b5b16d91f72d63b3d7168d7bbee90e8947b - < * |
Red Hat | Red Hat OpenShift AI 2.22 | unaffected sha256:1709fa3c79aad4ba7eb9be8299949396092c8e20210124e0c0936385bc04e839 - < * |
Red Hat | Red Hat OpenShift AI 2.24 | unaffected sha256:92629b1462ca2ed121dd2f3069a005d78e00e1344d330d6a8710f53ec58b74b8 - < * |
Weaknesses (CWE)
CVSS v3.1 Details
CVSS v3.1 Vector
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
References
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now