CVE-2025-8766

{"id": "CVE-2025-8766", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "secalert@redhat.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.4, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 0.5}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.4, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 0.5}]}, "published": "2026-03-13T19:53:56.157", "references": [{"url": "https://access.redhat.com/security/cve/CVE-2025-8766", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2387265", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "secalert@redhat.com", "description": [{"lang": "en", "value": "CWE-276"}]}], "descriptions": [{"lang": "en", "value": "A container privilege escalation flaw was found in certain Multi-Cloud Object Gateway Core images. This issue stems from the /etc/passwd file being created with group-writable permissions during build time. In certain conditions, an attacker who can execute commands within an affected container, even as a non-root user, can leverage their membership in the root group to modify the /etc/passwd file. This could allow the attacker to add a new user with any arbitrary UID, including UID 0, leading to full root privileges within the container"}, {"lang": "es", "value": "Se encontr\u00f3 una falla de escalada de privilegios de contenedor en ciertas im\u00e1genes de Multi-Cloud Object Gateway Core. Este problema se origina en la creaci\u00f3n del archivo /etc /passwd con permisos de escritura para el grupo durante el tiempo de compilaci\u00f3n. En ciertas condiciones, un atacante que puede ejecutar comandos dentro de un contenedor afectado, incluso como un usuario no-root, puede aprovechar su pertenencia al grupo root para modificar el archivo /etc /passwd. Esto podr\u00eda permitir al atacante a\u00f1adir un nuevo usuario con cualquier UID arbitrario, incluyendo UID 0, lo que llevar\u00eda a privilegios de root completos dentro del contenedor."}], "lastModified": "2026-06-05T19:54:17.780", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:redhat:openshift_data_foundation:4.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0E2C021C-A9F0-4EB4-ADED-81D8B57B4563"}], "operator": "OR"}]}], "sourceIdentifier": "secalert@redhat.com"}