Operator-sdk: privilege escalation due to incorrect permissions of /etc/passwd

Summary

CVECVE-2025-7195
StatePUBLISHED
Assignerredhat
Source PriorityCVE Program / NVD first with legacy fallback
Published2025-08-07 19:15:29 UTC
Updated2026-06-26 00:16:49 UTC
DescriptionEarly versions of Operator-SDK provided an insecure method to allow operator containers to run in environments that used a random UID. Operator-SDK before 0.15.2 provided a script, user_setup, which modifies the permissions of the /etc/passwd file to 664 during build time. Developers who used Operator-SDK before 0.15.2 to scaffold their operator may still be impacted by this if the insecure user_setup script is still being used to build new container images. In affected images, the /etc/passwd file is created during build time with group-writable permissions and a group ownership of root (gid=0). An attacker who can execute commands within an affected container, even as a non-root user, may be able to leverage their membership in the root group to modify the /etc/passwd file. This could allow the attacker to add a new user with any arbitrary UID, including UID 0, leading to full root privileges within the container.

Risk And Classification

Primary CVSS: v3.1 6.4 MEDIUM from [email protected]

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

EPSS: 0.002050000 probability, percentile 0.105980000 (date 2026-06-29)

Problem Types: CWE-276 | CWE-276 Incorrect Default Permissions


VersionSourceTypeScoreSeverityVector
3.1[email protected]Secondary6.4MEDIUMCVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
3.1CNACVSS6.4MEDIUMCVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

CVSS v3.1 Breakdown

Attack Vector
Local
Attack Complexity
High
Privileges Required
High
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

Vendor Declared Affected Products

SourceVendorProductVersionPlatforms
CNA Operator-framework Operator-sdk affected 0.15.2 semver Not specified
CNA Red Hat RHEL-9-CNV-4.17 unaffected v4.17.39-2 * rpm Not specified
CNA Red Hat RHEL-9-CNV-4.18 unaffected v4.18.25-3 * rpm Not specified
CNA Red Hat RHEL-9-CNV-4.20 unaffected v4.20.3-3 * rpm Not specified
CNA Red Hat Multicluster Engine For Kubernetes 2.6 unaffected v2.6 * rpm Not specified
CNA Red Hat Multicluster Engine For Kubernetes 2.6 unaffected v2.6 * rpm Not specified
CNA Red Hat Multicluster Engine For Kubernetes 2.6 unaffected v2.6 * rpm Not specified
CNA Red Hat Multicluster Engine For Kubernetes 2.6 unaffected v2.6 * rpm Not specified
CNA Red Hat Multicluster Engine For Kubernetes 2.6 unaffected v2.6 * rpm Not specified
CNA Red Hat Multicluster Engine For Kubernetes 2.6 unaffected v2.6 * rpm Not specified
CNA Red Hat Multicluster Engine For Kubernetes 2.6 unaffected v2.6 * rpm Not specified
CNA Red Hat Multicluster Engine For Kubernetes 2.7 unaffected v2.7 * rpm Not specified
CNA Red Hat Multicluster Engine For Kubernetes 2.7 unaffected v2.7 * rpm Not specified
CNA Red Hat Multicluster Engine For Kubernetes 2.7 unaffected v2.7 * rpm Not specified
CNA Red Hat Multicluster Engine For Kubernetes 2.7 unaffected v2.7 * rpm Not specified
CNA Red Hat Multicluster Engine For Kubernetes 2.7 unaffected v2.7 * rpm Not specified
CNA Red Hat Multicluster Engine For Kubernetes 2.7 unaffected v2.7 * rpm Not specified
CNA Red Hat Multicluster Engine For Kubernetes 2.7 unaffected v2.7 * rpm Not specified
CNA Red Hat Multicluster Engine For Kubernetes 2.7 unaffected v2.7 * rpm Not specified
CNA Red Hat Multicluster Engine For Kubernetes 2.7 unaffected v2.7 * rpm Not specified
CNA Red Hat Multicluster Engine For Kubernetes 2.7 unaffected v2.7 * rpm Not specified
CNA Red Hat Multicluster Engine For Kubernetes 2.7 unaffected v2.7 * rpm Not specified
CNA Red Hat Multicluster Engine For Kubernetes 2.7 unaffected v2.7 * rpm Not specified
CNA Red Hat Multicluster Engine For Kubernetes 2.7 unaffected v2.7 * rpm Not specified
CNA Red Hat Multicluster Engine For Kubernetes 2.7 unaffected v2.7 * rpm Not specified
CNA Red Hat Multicluster Engine For Kubernetes 2.7 unaffected v2.7 * rpm Not specified
CNA Red Hat Multicluster Engine For Kubernetes 2.7 unaffected v2.7 * rpm Not specified
CNA Red Hat Multicluster Engine For Kubernetes 2.8 unaffected 1765872406 * rpm Not specified
CNA Red Hat Multicluster Engine For Kubernetes 2.8 unaffected 1766360304 * rpm Not specified
CNA Red Hat Multicluster Engine For Kubernetes 2.8 unaffected 1765669648 * rpm Not specified
CNA Red Hat Multicluster Engine For Kubernetes 2.8 unaffected 1765866268 * rpm Not specified
CNA Red Hat Multicluster Engine For Kubernetes 2.8 unaffected 1765872399 * rpm Not specified
CNA Red Hat Multicluster Engine For Kubernetes 2.8 unaffected 1765872402 * rpm Not specified
CNA Red Hat Multicluster Engine For Kubernetes 2.8 unaffected 1765872398 * rpm Not specified
CNA Red Hat Multicluster Engine For Kubernetes 2.8 unaffected 1765872400 * rpm Not specified
CNA Red Hat Multicluster Engine For Kubernetes 2.9 unaffected v2.9 * rpm Not specified
CNA Red Hat Multicluster Engine For Kubernetes 2.9 unaffected v2.9 * rpm Not specified
CNA Red Hat Multicluster Engine For Kubernetes 2.9 unaffected v2.9 * rpm Not specified
CNA Red Hat Multicluster Engine For Kubernetes 2.9 unaffected v2.9 * rpm Not specified
CNA Red Hat Multicluster Engine For Kubernetes 2.9 unaffected v2.9 * rpm Not specified
CNA Red Hat Multicluster Engine For Kubernetes 2.9 unaffected v2.9 * rpm Not specified
CNA Red Hat Multicluster Engine For Kubernetes 2.9 unaffected v2.9 * rpm Not specified
CNA Red Hat Multicluster Engine For Kubernetes 2.9 unaffected v2.9 * rpm Not specified
CNA Red Hat OpenShift Compliance Operator 1 unaffected 1.8.0 * rpm Not specified
CNA Red Hat OpenShift Compliance Operator 1 unaffected 1768172669 * rpm Not specified
CNA Red Hat OpenShift File Integrity Operator - FIO 1 unaffected v1.3 * rpm Not specified
CNA Red Hat Red Hat Advanced Cluster Management For Kubernetes 2.11 unaffected v2.11 * rpm Not specified
CNA Red Hat Red Hat Advanced Cluster Management For Kubernetes 2.11 unaffected v2.11 * rpm Not specified
CNA Red Hat Red Hat Advanced Cluster Management For Kubernetes 2.11 unaffected v2.11 * rpm Not specified
CNA Red Hat Red Hat Advanced Cluster Management For Kubernetes 2.11 unaffected v2.11 * rpm Not specified
CNA Red Hat Red Hat Advanced Cluster Management For Kubernetes 2.12 unaffected v2.12 * rpm Not specified
CNA Red Hat Red Hat Advanced Cluster Management For Kubernetes 2.12 unaffected v2.12 * rpm Not specified
CNA Red Hat Red Hat Advanced Cluster Management For Kubernetes 2.12 unaffected v2.12 * rpm Not specified
CNA Red Hat Red Hat Advanced Cluster Management For Kubernetes 2.12 unaffected v2.12 * rpm Not specified
CNA Red Hat Red Hat Advanced Cluster Management For Kubernetes 2.12 unaffected v2.12 * rpm Not specified
CNA Red Hat Red Hat Advanced Cluster Management For Kubernetes 2.12 unaffected v2.12 * rpm Not specified
CNA Red Hat Red Hat Advanced Cluster Management For Kubernetes 2.12 unaffected v2.12 * rpm Not specified
CNA Red Hat Red Hat Advanced Cluster Management For Kubernetes 2.12 unaffected 1773285089 * rpm Not specified
CNA Red Hat Red Hat Advanced Cluster Management For Kubernetes 2.12 unaffected 1773259164 * rpm Not specified
CNA Red Hat Red Hat Advanced Cluster Management For Kubernetes 2.12 unaffected 1773259182 * rpm Not specified
CNA Red Hat Red Hat Advanced Cluster Management For Kubernetes 2.12 unaffected 1773358651 * rpm Not specified
CNA Red Hat Red Hat Advanced Cluster Management For Kubernetes 2.12 unaffected 1773090513 * rpm Not specified
CNA Red Hat Red Hat Advanced Cluster Management For Kubernetes 2.13 unaffected 1767569821 * rpm Not specified
CNA Red Hat Red Hat Advanced Cluster Management For Kubernetes 2.13 unaffected 1767829032 * rpm Not specified
CNA Red Hat Red Hat Advanced Cluster Management For Kubernetes 2.13 unaffected 1767569821 * rpm Not specified
CNA Red Hat Red Hat Advanced Cluster Management For Kubernetes 2.13 unaffected 1767656229 * rpm Not specified
CNA Red Hat Red Hat Advanced Cluster Management For Kubernetes 2.13 unaffected 1767829032 * rpm Not specified
CNA Red Hat Red Hat Advanced Cluster Management For Kubernetes 2.14 unaffected v2.14 * rpm Not specified
CNA Red Hat Red Hat Advanced Cluster Management For Kubernetes 2.14 unaffected v2.14 * rpm Not specified
CNA Red Hat Red Hat Advanced Cluster Management For Kubernetes 2.14 unaffected v2.14 * rpm Not specified
CNA Red Hat Red Hat Advanced Cluster Management For Kubernetes 2.14 unaffected v2.14 * rpm Not specified
CNA Red Hat Red Hat Advanced Cluster Management For Kubernetes 2.14 unaffected v2.14 * rpm Not specified
CNA Red Hat Red Hat Advanced Cluster Management For Kubernetes 2.14 unaffected v2.14 * rpm Not specified
CNA Red Hat Red Hat Advanced Cluster Management For Kubernetes 2.14 unaffected 1769720041 * rpm Not specified
CNA Red Hat Red Hat Advanced Cluster Management For Kubernetes 2.14 unaffected 1770343757 * rpm Not specified
CNA Red Hat Red Hat Advanced Cluster Management For Kubernetes 2.14 unaffected 1769721579 * rpm Not specified
CNA Red Hat Red Hat Advanced Cluster Management For Kubernetes 2.14 unaffected 1770336554 * rpm Not specified
CNA Red Hat Red Hat Openshift Data Foundation 4.14 unaffected v4.14-1764178221 * rpm Not specified
CNA Red Hat Red Hat Openshift Data Foundation 4.14 unaffected v4.14-1764178222 * rpm Not specified
CNA Red Hat Red Hat Openshift Data Foundation 4.14 unaffected v4.14-1764178236 * rpm Not specified
CNA Red Hat Red Hat Openshift Data Foundation 4.14 unaffected v4.14-1764178273 * rpm Not specified
CNA Red Hat Red Hat Openshift Data Foundation 4.14 unaffected v4.14-1764178715 * rpm Not specified
CNA Red Hat Red Hat Openshift Data Foundation 4.14 unaffected v4.14-1764178261 * rpm Not specified
CNA Red Hat Red Hat Openshift Data Foundation 4.14 unaffected v4.14-1764178354 * rpm Not specified
CNA Red Hat Red Hat Openshift Data Foundation 4.14 unaffected v4.14-1764178419 * rpm Not specified
CNA Red Hat Red Hat Openshift Data Foundation 4.14 unaffected v4.14-1764178768 * rpm Not specified
CNA Red Hat Red Hat Openshift Data Foundation 4.14 unaffected v4.14-1764178319 * rpm Not specified
CNA Red Hat Red Hat Openshift Data Foundation 4.14 unaffected v4.14-1764178386 * rpm Not specified
CNA Red Hat Red Hat Openshift Data Foundation 4.14 unaffected v4.14-1764178406 * rpm Not specified
CNA Red Hat Red Hat Openshift Data Foundation 4.14 unaffected v4.14-1764178615 * rpm Not specified
CNA Red Hat Red Hat Openshift Data Foundation 4.14 unaffected v4.14-1764178379 * rpm Not specified
CNA Red Hat Red Hat Openshift Data Foundation 4.14 unaffected v4.14-1764178329 * rpm Not specified
CNA Red Hat Red Hat Openshift Data Foundation 4.14 unaffected v4.14-1764178423 * rpm Not specified
CNA Red Hat Red Hat Openshift Data Foundation 4.14 unaffected v4.14-1764178419 * rpm Not specified
CNA Red Hat Red Hat Openshift Data Foundation 4.14 unaffected v4.14-1764215448 * rpm Not specified
CNA Red Hat Red Hat Openshift Data Foundation 4.15 unaffected v4.15-1764176261 * rpm Not specified
CNA Red Hat Red Hat Openshift Data Foundation 4.15 unaffected v4.15-1764176342 * rpm Not specified
CNA Red Hat Red Hat Openshift Data Foundation 4.15 unaffected v4.15-1764176372 * rpm Not specified
CNA Red Hat Red Hat Openshift Data Foundation 4.15 unaffected v4.15-1764176892 * rpm Not specified
CNA Red Hat Red Hat Openshift Data Foundation 4.15 unaffected v4.15-1764176485 * rpm Not specified
CNA Red Hat Red Hat Openshift Data Foundation 4.15 unaffected v4.15-1764176698 * rpm Not specified
CNA Red Hat Red Hat Openshift Data Foundation 4.15 unaffected v4.15-1764176699 * rpm Not specified
CNA Red Hat Red Hat Openshift Data Foundation 4.15 unaffected v4.15-1764176675 * rpm Not specified
CNA Red Hat Red Hat Openshift Data Foundation 4.15 unaffected v4.15-1764177101 * rpm Not specified
CNA Red Hat Red Hat Openshift Data Foundation 4.15 unaffected v4.15-1764176690 * rpm Not specified
CNA Red Hat Red Hat Openshift Data Foundation 4.15 unaffected v4.15-1764221806 * rpm Not specified
CNA Red Hat Red Hat Openshift Data Foundation 4.15 unaffected v4.15-1764222436 * rpm Not specified
CNA Red Hat Red Hat Openshift Data Foundation 4.15 unaffected v4.15-1764177174 * rpm Not specified
CNA Red Hat Red Hat Openshift Data Foundation 4.15 unaffected v4.15-1764177033 * rpm Not specified
CNA Red Hat Red Hat Openshift Data Foundation 4.15 unaffected v4.15-1764176958 * rpm Not specified
CNA Red Hat Red Hat Openshift Data Foundation 4.15 unaffected v4.15-1764177101 * rpm Not specified
CNA Red Hat Red Hat Openshift Data Foundation 4.15 unaffected v4.15-1764177020 * rpm Not specified
CNA Red Hat Red Hat Openshift Data Foundation 4.15 unaffected v4.15-1764177029 * rpm Not specified
CNA Red Hat Red Hat Openshift Data Foundation 4.16 unaffected v4.16-1764168955 * rpm Not specified
CNA Red Hat Red Hat Openshift Data Foundation 4.16 unaffected v4.16-1764169118 * rpm Not specified
CNA Red Hat Red Hat Openshift Data Foundation 4.16 unaffected v4.16-1764169242 * rpm Not specified
CNA Red Hat Red Hat Openshift Data Foundation 4.16 unaffected v4.16-1764169544 * rpm Not specified
CNA Red Hat Red Hat Openshift Data Foundation 4.16 unaffected v4.16-1764169347 * rpm Not specified
CNA Red Hat Red Hat Openshift Data Foundation 4.16 unaffected v4.16-1764169479 * rpm Not specified
CNA Red Hat Red Hat Openshift Data Foundation 4.16 unaffected v4.16-1764169526 * rpm Not specified
CNA Red Hat Red Hat Openshift Data Foundation 4.16 unaffected v4.16-1764169464 * rpm Not specified
CNA Red Hat Red Hat Openshift Data Foundation 4.16 unaffected v4.16-1764169687 * rpm Not specified
CNA Red Hat Red Hat Openshift Data Foundation 4.16 unaffected v4.16-1764169457 * rpm Not specified
CNA Red Hat Red Hat Openshift Data Foundation 4.16 unaffected v4.16-1764169527 * rpm Not specified
CNA Red Hat Red Hat Openshift Data Foundation 4.16 unaffected v4.16-1764169577 * rpm Not specified
CNA Red Hat Red Hat Openshift Data Foundation 4.16 unaffected v4.16-1764169730 * rpm Not specified
CNA Red Hat Red Hat Openshift Data Foundation 4.16 unaffected v4.16-1764169598 * rpm Not specified
CNA Red Hat Red Hat Openshift Data Foundation 4.16 unaffected v4.16-1764169623 * rpm Not specified
CNA Red Hat Red Hat Openshift Data Foundation 4.16 unaffected v4.16-1764169710 * rpm Not specified
CNA Red Hat Red Hat Openshift Data Foundation 4.16 unaffected v4.16-1764170019 * rpm Not specified
CNA Red Hat Red Hat Openshift Data Foundation 4.16 unaffected v4.16-1764170021 * rpm Not specified
CNA Red Hat Red Hat Openshift Data Foundation 4.17 unaffected v4.17-1764167834 * rpm Not specified
CNA Red Hat Red Hat Openshift Data Foundation 4.17 unaffected v4.17-1764167795 * rpm Not specified
CNA Red Hat Red Hat Openshift Data Foundation 4.17 unaffected v4.17-1764167826 * rpm Not specified
CNA Red Hat Red Hat Openshift Data Foundation 4.17 unaffected v4.17-1764167876 * rpm Not specified
CNA Red Hat Red Hat Openshift Data Foundation 4.17 unaffected v4.17-1764168179 * rpm Not specified
CNA Red Hat Red Hat Openshift Data Foundation 4.17 unaffected v4.17-1764167987 * rpm Not specified
CNA Red Hat Red Hat Openshift Data Foundation 4.17 unaffected v4.17-1764168476 * rpm Not specified
CNA Red Hat Red Hat Openshift Data Foundation 4.17 unaffected v4.17-1764168475 * rpm Not specified
CNA Red Hat Red Hat Openshift Data Foundation 4.17 unaffected v4.17-1764168431 * rpm Not specified
CNA Red Hat Red Hat Openshift Data Foundation 4.17 unaffected v4.17-1764168662 * rpm Not specified
CNA Red Hat Red Hat Openshift Data Foundation 4.17 unaffected v4.17-1764168475 * rpm Not specified
CNA Red Hat Red Hat Openshift Data Foundation 4.17 unaffected v4.17-1764168536 * rpm Not specified
CNA Red Hat Red Hat Openshift Data Foundation 4.17 unaffected v4.17-1764168609 * rpm Not specified
CNA Red Hat Red Hat Openshift Data Foundation 4.17 unaffected v4.17-1764168731 * rpm Not specified
CNA Red Hat Red Hat Openshift Data Foundation 4.17 unaffected v4.17-1764168699 * rpm Not specified
CNA Red Hat Red Hat Openshift Data Foundation 4.17 unaffected v4.17-1764168859 * rpm Not specified
CNA Red Hat Red Hat Openshift Data Foundation 4.17 unaffected v4.17-1764169063 * rpm Not specified
CNA Red Hat Red Hat Openshift Data Foundation 4.17 unaffected v4.17-1764169125 * rpm Not specified
CNA Red Hat Red Hat Openshift Data Foundation 4.17 unaffected v4.17-1764169222 * rpm Not specified
CNA Red Hat Red Hat Openshift Data Foundation 4.18 unaffected v4.18-1761854289 * rpm Not specified
CNA Red Hat Red Hat Openshift Data Foundation 4.18 unaffected v4.18-1761854280 * rpm Not specified
CNA Red Hat Red Hat Openshift Data Foundation 4.18 unaffected v4.18-1761854280 * rpm Not specified
CNA Red Hat Red Hat Openshift Data Foundation 4.18 unaffected v4.18-1761854319 * rpm Not specified
CNA Red Hat Red Hat Openshift Data Foundation 4.18 unaffected v4.18-1761855549 * rpm Not specified
CNA Red Hat Red Hat Openshift Data Foundation 4.18 unaffected v4.18-1761854321 * rpm Not specified
CNA Red Hat Red Hat Openshift Data Foundation 4.18 unaffected v4.18-1761854422 * rpm Not specified
CNA Red Hat Red Hat Openshift Data Foundation 4.18 unaffected v4.18-1761854430 * rpm Not specified
CNA Red Hat Red Hat Openshift Data Foundation 4.18 unaffected v4.18-1761854457 * rpm Not specified
CNA Red Hat Red Hat Openshift Data Foundation 4.18 unaffected v4.18-1761854484 * rpm Not specified
CNA Red Hat Red Hat Openshift Data Foundation 4.18 unaffected v4.18-1761854398 * rpm Not specified
CNA Red Hat Red Hat Openshift Data Foundation 4.18 unaffected v4.18-1761854494 * rpm Not specified
CNA Red Hat Red Hat Openshift Data Foundation 4.18 unaffected v4.18-1761854493 * rpm Not specified
CNA Red Hat Red Hat Openshift Data Foundation 4.18 unaffected v4.18-1761854504 * rpm Not specified
CNA Red Hat Red Hat Openshift Data Foundation 4.18 unaffected v4.18-1761854489 * rpm Not specified
CNA Red Hat Red Hat Openshift Data Foundation 4.18 unaffected v4.18-1761855467 * rpm Not specified
CNA Red Hat Red Hat Openshift Data Foundation 4.18 unaffected v4.18-1761854524 * rpm Not specified
CNA Red Hat Red Hat Openshift Data Foundation 4.18 unaffected v4.18-1762335558 * rpm Not specified
CNA Red Hat Red Hat Openshift Data Foundation 4.18 unaffected v4.18-1761855234 * rpm Not specified
CNA Red Hat Multicluster Engine For Kubernetes Not specified Not specified
CNA Red Hat Multicluster Engine For Kubernetes Not specified Not specified
CNA Red Hat Multicluster Engine For Kubernetes Not specified Not specified
CNA Red Hat Multicluster Engine For Kubernetes Not specified Not specified
CNA Red Hat Multicluster Engine For Kubernetes Not specified Not specified
CNA Red Hat Multicluster Engine For Kubernetes Not specified Not specified
CNA Red Hat Multicluster Engine For Kubernetes Not specified Not specified
CNA Red Hat Multicluster Engine For Kubernetes Not specified Not specified
CNA Red Hat Multicluster Engine For Kubernetes Not specified Not specified
CNA Red Hat Multicluster Engine For Kubernetes Not specified Not specified
CNA Red Hat Multicluster Global Hub Not specified Not specified
CNA Red Hat Multicluster Global Hub Not specified Not specified
CNA Red Hat Multicluster Global Hub Not specified Not specified
CNA Red Hat Red Hat Advanced Cluster Management For Kubernetes 2 Not specified Not specified
CNA Red Hat Red Hat Advanced Cluster Management For Kubernetes 2 Not specified Not specified
CNA Red Hat Red Hat Advanced Cluster Management For Kubernetes 2 Not specified Not specified
CNA Red Hat Red Hat Advanced Cluster Management For Kubernetes 2 Not specified Not specified
CNA Red Hat Red Hat Advanced Cluster Management For Kubernetes 2 Not specified Not specified
CNA Red Hat Red Hat Advanced Cluster Management For Kubernetes 2 Not specified Not specified
CNA Red Hat Red Hat Advanced Cluster Management For Kubernetes 2 Not specified Not specified
CNA Red Hat Red Hat Advanced Cluster Management For Kubernetes 2 Not specified Not specified
CNA Red Hat Red Hat Advanced Cluster Management For Kubernetes 2 Not specified Not specified
CNA Red Hat Red Hat Advanced Cluster Management For Kubernetes 2 Not specified Not specified
CNA Red Hat Red Hat Advanced Cluster Management For Kubernetes 2 Not specified Not specified
CNA Red Hat Red Hat Advanced Cluster Management For Kubernetes 2 Not specified Not specified
CNA Red Hat Red Hat Advanced Cluster Management For Kubernetes 2 Not specified Not specified
CNA Red Hat Red Hat Advanced Cluster Management For Kubernetes 2 Not specified Not specified
CNA Red Hat Red Hat Advanced Cluster Management For Kubernetes 2 Not specified Not specified
CNA Red Hat Red Hat Advanced Cluster Management For Kubernetes 2 Not specified Not specified
CNA Red Hat Red Hat Advanced Cluster Security 4 Not specified Not specified
CNA Red Hat Red Hat Build Of Apicurio Registry 2 Not specified Not specified
CNA Red Hat Red Hat Build Of Apicurio Registry 3 Not specified Not specified
CNA Red Hat Red Hat Fuse 7 Not specified Not specified
CNA Red Hat Red Hat OpenShift Container Platform 4 Not specified Not specified
CNA Red Hat Red Hat OpenShift Container Platform 4 Not specified Not specified
CNA Red Hat Red Hat OpenShift Container Platform 4 Not specified Not specified
CNA Red Hat Red Hat OpenShift Container Platform 4 Not specified Not specified
CNA Red Hat Red Hat OpenShift Container Platform 4 Not specified Not specified
CNA Red Hat Red Hat OpenShift Container Platform 4 Not specified Not specified
CNA Red Hat Red Hat OpenShift Virtualization 4 Not specified Not specified
CNA Red Hat Red Hat OpenShift Virtualization 4 Not specified Not specified
CNA Red Hat Red Hat OpenShift Virtualization 4 Not specified Not specified
CNA Red Hat Red Hat OpenShift Virtualization 4 Not specified Not specified
CNA Red Hat Red Hat OpenShift Virtualization 4 Not specified Not specified
CNA Red Hat Red Hat OpenShift Virtualization 4 Not specified Not specified
CNA Red Hat Red Hat OpenShift Virtualization 4 Not specified Not specified
CNA Red Hat Red Hat Web Terminal Not specified Not specified
CNA Red Hat Red Hat Web Terminal Not specified Not specified

References

ReferenceSourceLinkTags
access.redhat.com/errata/RHSA-2025:21368 [email protected] access.redhat.com
access.redhat.com/errata/RHSA-2025:22418 [email protected] access.redhat.com
access.redhat.com/errata/RHSA-2025:21885 [email protected] access.redhat.com
access.redhat.com/errata/RHEA-2025:23406 [email protected] access.redhat.com
access.redhat.com/errata/RHSA-2025:19332 [email protected] access.redhat.com
bugzilla.redhat.com/show_bug.cgi [email protected] bugzilla.redhat.com
access.redhat.com/errata/RHSA-2025:22415 [email protected] access.redhat.com
access.redhat.com/errata/RHSA-2026:2572 [email protected] access.redhat.com
access.redhat.com/errata/RHSA-2025:22683 [email protected] access.redhat.com
access.redhat.com/errata/RHSA-2025:22420 [email protected] access.redhat.com
access.redhat.com/errata/RHSA-2025:22416 [email protected] access.redhat.com
access.redhat.com/errata/RHEA-2025:23478 [email protected] access.redhat.com
access.redhat.com/errata/RHSA-2025:23529 [email protected] access.redhat.com
access.redhat.com/errata/RHSA-2025:23542 [email protected] access.redhat.com
access.redhat.com/errata/RHSA-2025:23528 [email protected] access.redhat.com
access.redhat.com/errata/RHSA-2026:0627 [email protected] access.redhat.com
access.redhat.com/errata/RHSA-2026:5633 [email protected] access.redhat.com
access.redhat.com/errata/RHSA-2026:0718 [email protected] access.redhat.com
access.redhat.com/errata/RHSA-2025:19958 [email protected] access.redhat.com
access.redhat.com/errata/RHEA-2026:0129 [email protected] access.redhat.com
access.redhat.com/errata/RHSA-2025:19961 [email protected] access.redhat.com
access.redhat.com/errata/RHSA-2025:19335 [email protected] access.redhat.com
access.redhat.com/errata/RHSA-2026:0722 [email protected] access.redhat.com
access.redhat.com/errata/RHSA-2026:0737 [email protected] access.redhat.com
access.redhat.com/errata/RHSA-2025:22684 [email protected] access.redhat.com
access.redhat.com/security/cve/CVE-2025-7195 [email protected] access.redhat.com
CVE Program record CVE.ORG www.cve.org canonical
NVD vulnerability detail NVD nvd.nist.gov canonical, analysis

Vendor Comments And Credit

Discovery Credit

CNA: Red Hat would like to thank Antony Di Scala, James Force, and Michael Whale for reporting this issue. (en)

Additional Advisory Data

SourceTimeEvent
CNA2025-07-04T08:54:01.878ZReported to Red Hat.
CNA2025-08-07T18:59:00.000ZMade public.

Workarounds

CNA: In Red Hat OpenShift Container Platform, the following default configurations reduce the impact of this vulnerability. Security Context Constraints (SCCs): The default SCC, Restricted-v2, applies several crucial security settings to containers. Capabilities: drop: ALL removes all Linux capabilities, including SETUID and SETGID. This prevents a process from changing its user or group ID, a common step in privilege escalation attacks. The SETUID and SETGID capabilities can also be dropped explicitly if other capabilities are still required. allowPrivilegeEscalation: false ensures that a process cannot gain more privileges than its parent process. This blocks attempts by a compromised container process to grant itself additional capabilities. SELinux Mandatory Access Control (MAC): Pods are required to run with a pre-allocated Multi-Category Security (MCS) label. This SELinux feature provides a strong layer of isolation between containers and from the host system. A properly configured SELinux policy can prevent a container escape, even if an attacker gains elevated permissions within the container itself. Filesystem Hardening: While not a default setting, a common security practice is to set readOnlyRootFilesystem: true in a container's security context. In this specific scenario, this configuration would prevent an attacker from modifying critical files like /etc/passwd, even if they managed to gain file-level write permissions.

© CVE.report 2026 |

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license.

Free CVE JSON API cve.report/api

CVE.report and Source URL Uptime Status status.cve.report