Container Privilege Escalation Flaw in KServe ModelMesh by Red Hat
CVE-2025-57852

5.2MEDIUM

Key Information:

Vendor: Red Hat
Status: Red Hat Openshift Ai 2.16; Red Hat Openshift Ai 2.19; Red Hat Openshift Ai 2.21; Red Hat Openshift Ai 2.22
Vendor: CVE Published:; 30 September 2025

What is CVE-2025-57852?

A potential security flaw has been identified in the KServe ModelMesh container images, allowing for privilege escalation due to improperly set permissions on the /etc/passwd file. During the container's build process, this file can be left with group-writable permissions. This allows an attacker, who gains access to the container environment—even as a non-root user—to exploit their membership in the root group. If successful, the attacker can modify the /etc/passwd file to create a new user with arbitrary User IDs, including the highly privileged UID 0, potentially providing them with full root access within the container environment.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch