Container Privilege Escalation Vulnerability in OpenShift Update Service
CVE-2025-57854

6.4MEDIUM

Key Information:

Vendor: Red Hat
Status: Red Hat Openshift Update Service
Vendor: CVE Published:; 8 April 2026

What is CVE-2025-57854?

A vulnerability in OpenShift Update Service (OSUS) exposes containers to privilege escalation due to improperly set permissions on the /etc/passwd file during the build process. An attacker who can execute commands within an affected container may leverage their root group membership to alter the /etc/passwd file, potentially adding arbitrary users, including a user with UID 0. This could enable an attacker to gain complete root privileges within the container, posing significant security risks.

References

https://access.redhat.com/security/cve/CVE-2025-57854

vdb-entryx_refsource_REDHAT

https://bugzilla.redhat.com/show_bug.cgi?id=2391107

issue-trackingx_refsource_REDHAT

CVSS V3.1

Score:

6.4

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 8, 2026
Vulnerability Reserved
Aug 21, 2025

Credit

Red Hat would like to thank Antony Di Scala and Michael Whale for reporting this issue.

CVE-2025-57854 Data

JSON