OpenShift Update Service images allow non-root users to gain root access

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

6.4

OpenShift Update Service images allow non-root users to gain root access

CVE-2025-57854

Summary

Certain OpenShift Update Service images create a file with weak permissions, allowing a non-root user to gain full control of the container by adding themselves as a root user. To fix this, users should update their OpenShift Update Service images to use the latest versions, which have the permissions issue addressed. If an update is not possible, consider restricting access to the container or using a different image.

Original title

Original description

A container privilege escalation flaw was found in certain OpenShift Update Service (OSUS) images. This issue stems from the /etc/passwd file being created with group-writable permissions during build time. In certain conditions, an attacker who can execute commands within an affected container, even as a non-root user, may be able to leverage their membership in the root group to modify the /etc/passwd file. This could allow the attacker to add a new user with any arbitrary UID, including UID 0, leading to full root privileges within the container.

nvd CVSS3.1 6.4

Vulnerability type

CWE-276 Incorrect Default Permissions

Published: 8 Apr 2026 · Updated: 8 Apr 2026 · First seen: 8 Apr 2026