Bug 2376300 (CVE-2025-7195)

Summary: CVE-2025-7195 operator-sdk: privilege escalation due to incorrect permissions of /etc/passwd
Product: [Other] Security Response Reporter: OSIDB Bzimport <bzimport>
Component: vulnerabilityAssignee: Product Security DevOps Team <prodsec-dev>
Status: NEW --- QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: akoudelk, alcohan, eric.wittmann, fdeutsch, gmalinko, gparvin, hvyas, janstey, jbalunas, lbragsta, manissin, nipatil, njean, oramraz, owatkins, pahickey, pantinor, pdelbell, rhaigner, rkubis, rstepani, sdawley, security-response-team, smullick, stirabos, thason, trathi, wenshen, xiyuan
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: ---
Doc Text:
Early versions of Operator-SDK provided an insecure method to allow operator containers to run in environments that used a random UID. Operator-SDK before 0.15.2 provided a script, user_setup, which modifies the permissions of the /etc/passwd file to 664 during build time. Developers who used Operator-SDK before 0.15.2 to scaffold their operator may still be impacted by this if the insecure user_setup script is still being used to build new container images. In affected images, the /etc/passwd file is created during build time with group-writable permissions and a group ownership of root (gid=0). An attacker who can execute commands within an affected container, even as a non-root user, may be able to leverage their membership in the root group to modify the /etc/passwd file. This could allow the attacker to add a new user with any arbitrary UID, including UID 0, leading to full root privileges within the container.
 Story Points: ---
Clone Of: Environment:
Last Closed: Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Deadline: 2025-08-07   

Description OSIDB Bzimport 2025-07-04 10:23:35 UTC 
Potential privilege escalation due to incorrect permissions of /etc/passwd in Openshift containers and components. The /etc/passwd file has bad permissions.The permissions of /etc/passwd 664 due to which /etc/passwd is group writable and can be used to escalate privileges to root.