Description

Early versions of Operator-SDK provided an insecure method to allow operator containers to run in environments that used a random UID. Operator-SDK before 0.15.2 provided a script, user_setup, which modifies the permissions of the /etc/passwd file to 664 during build time. Developers who used Operator-SDK before 0.15.2 to scaffold their operator may still be impacted by this if the insecure user_setup script is still being used to build new container images. In affected images, the /etc/passwd file is created during build time with group-writable permissions and a group ownership of root (gid=0). An attacker who can execute commands within an affected container, even as a non-root user, may be able to leverage their membership in the root group to modify the /etc/passwd file. This could allow the attacker to add a new user with any arbitrary UID, including UID 0, leading to full root privileges within the container.

INFO

Published Date :

2025-08-07T19:05:08.756Z

Last Modified :

2026-04-16T21:54:06.831Z

Source :

redhat
AFFECTED PRODUCTS

The following products are affected by CVE-2025-7195 vulnerability.

Vendors Products
Redhat
  • Acm
  • Advanced Cluster Security
  • Apicurio Registry
  • Container Native Virtualization
  • Jboss Fuse
  • Multicluster Engine
  • Multicluster Globalhub
  • Openshift
  • Openshift Compliance Operator
  • Openshift Data Foundation
  • Openshift File Integrity Operator
  • Service Registry
  • Webterminal
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-7195.

URL Resource
https://access.redhat.com/errata/RHEA-2025:23406 cve-icon cve-icon
https://access.redhat.com/errata/RHEA-2025:23478 cve-icon cve-icon
https://access.redhat.com/errata/RHEA-2026:0129 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:19332 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:19335 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:19958 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:19961 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:21368 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:21885 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:22415 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:22416 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:22418 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:22420 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:22683 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:22684 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:23528 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:23529 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:23542 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2026:0627 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2026:0718 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2026:0722 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2026:0737 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2026:2572 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2026:5633 cve-icon cve-icon
https://access.redhat.com/security/cve/CVE-2025-7195 cve-icon cve-icon
https://bugzilla.redhat.com/show_bug.cgi?id=2376300 cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2025-7195 cve-icon
https://www.cve.org/CVERecord?id=CVE-2025-7195 cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact