Privilege Escalation Vulnerability in Multi-Cloud Object Gateway from Red Hat
CVE-2025-8766

6.4MEDIUM

Key Information:

Vendor: Red Hat
Status: Red Hat Openshift Data Foundation 4
Vendor: CVE Published:; 13 March 2026

What is CVE-2025-8766?

A privilege escalation flaw has been discovered in the Multi-Cloud Object Gateway Core images, which allows unauthorized modification of the /etc/passwd file. During the build process, this file is created with group-writable permissions, posing a significant risk. Attackers who gain command execution capabilities within an affected container, even as non-root users, can exploit their affiliation with the root group to alter user configurations. This vulnerability allows the addition of users with arbitrary UIDs, including the ability to grant full root privileges within the container context, vastly increasing the potential for compromised systems.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://access.redhat.com/security/cve/CVE-2025-8766

vdb-entryx_refsource_REDHAT

https://bugzilla.redhat.com/show_bug.cgi?id=2387265

issue-trackingx_refsource_REDHAT

CVSS V3.1

Score:

6.4

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Mar 13, 2026
Vulnerability Reserved
Aug 8, 2025

Credit

Red Hat would like to thank Antony Di Scala and Michael Whale for reporting this issue.

JSON

Red Hat

What is CVE-2025-8766?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

References

CVSS V3.1

Timeline

Credit

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.