2376300 – (CVE-2025-7195) CVE-2025-7195 operator-sdk: privilege escalation due to incorrect permissions of /etc/passwd

Bug 2376300 (CVE-2025-7195) - CVE-2025-7195 operator-sdk: privilege escalation due to incorrect permissions of /etc/passwd

Summary: CVE-2025-7195 operator-sdk: privilege escalation due to incorrect permissions...

Keywords:
Status:	NEW
Alias:	CVE-2025-7195
Deadline:	2025-08-07
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Product Security DevOps Team
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2025-07-04 10:23 UTC by OSIDB Bzimport
Modified:	2025-08-29 20:18 UTC (History)
CC List:	28 users (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description OSIDB Bzimport 2025-07-04 10:23:35 UTC

Potential privilege escalation due to incorrect permissions of /etc/passwd in Openshift containers and components. The /etc/passwd file has bad permissions.The permissions of /etc/passwd 664 due to which /etc/passwd is group writable and can be used to escalate privileges to root.

Note You need to log in before you can comment on or make changes to this bug.

akoudelk
alcohan
eric.wittmann
fdeutsch
gmalinko
gparvin
hvyas
janstey
lbragsta
manissin
nipatil
njean
oramraz
owatkins
pahickey
pantinor
pdelbell
rhaigner
rkubis
rstepani
sdawley
security-response-team
smullick
stirabos
thason
trathi
wenshen
xiyuan