Description

A container privilege escalation flaw was found in certain Multicluster Engine for Kubernetes images. This issue stems from the /etc/passwd file being created with group-writable permissions during build time. In certain conditions, an attacker who can execute commands within an affected container, even as a non-root user, can leverage their membership in the root group to modify the /etc/passwd file. This could allow the attacker to add a new user with any arbitrary UID, including UID 0, leading to full root privileges within the container.

INFO

Published Date :

2026-04-08T13:55:00.925Z

Last Modified :

2026-05-01T20:44:04.799Z

Source :

redhat
AFFECTED PRODUCTS

The following products are affected by CVE-2025-57851 vulnerability.

Vendors Products
Redhat
  • Advanced Cluster Management For Kubernetes
  • Multicluster Engine
  • Multicluster Engine For Kubernetes
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-57851.

URL Resource
https://access.redhat.com/security/cve/CVE-2025-57851 cve-icon cve-icon
https://bugzilla.redhat.com/show_bug.cgi?id=2391104 cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2025-57851 cve-icon
https://www.cve.org/CVERecord?id=CVE-2025-57851 cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact