CVE-2025-7195 | THREATINT

Description

Early versions of Operator-SDK provided an insecure method to allow operator containers to run in environments that used a random UID. Operator-SDK before 0.15.2 provided a script, user_setup, which modifies the permissions of the /etc/passwd file to 664 during build time. Developers who used Operator-SDK before 0.15.2 to scaffold their operator may still be impacted by this if the insecure user_setup script is still being used to build new container images. In affected images, the /etc/passwd file is created during build time with group-writable permissions and a group ownership of root (gid=0). An attacker who can execute commands within an affected container, even as a non-root user, may be able to leverage their membership in the root group to modify the /etc/passwd file. This could allow the attacker to add a new user with any arbitrary UID, including UID 0, leading to full root privileges within the container.

PUBLISHED Reserved 2025-07-07 | Published 2025-08-07 | Updated 2025-11-16 | Assigner redhat

MEDIUM: 5.2CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:H/A:L

Problem types

Incorrect Default Permissions

Product status

Default status

affected

sha256:1c49bf643ea000a0f92a1d93114a4a866ff51f47947c6a7102fb8e200ae57e8a (rpm) before *

unaffected

Default status

affected

sha256:072da24a7a4f1b61822ae7c86f8cc0b07462591168ad8a8dd89a02cf3bb33fa5 (rpm) before *

unaffected

Default status

affected

sha256:0488dca3cb2db097732fe153483af7c4b2acdb7b0bc241f30e78cdb0474d11bb (rpm) before *

unaffected

Default status

affected

sha256:b996388849ae27f7721c24987d19e8f0b561ba3c0d03496c89fe1d987a64fe7e (rpm) before *

unaffected

Default status

affected

sha256:ff0c848b18b366afbe60b4fe97c876c0f71999262c9b92eae89db03b1158496f (rpm) before *

unaffected

Default status

affected

sha256:1a2ef170407505193e8d1ab4832ae0b945ec2fd9245c5a93134ce73f959ea34c (rpm) before *

unaffected

Default status

affected

sha256:295cce4181249098c7903b70ef34afe257731e062c9cb944845663929ca8075c (rpm) before *

unaffected

Default status

affected

sha256:0755c4e05987fce669d4fb7d021b9202efe9b5da35fc4776441a6a963a4e7f05 (rpm) before *

unaffected

Default status

affected

sha256:08038f377c65aefa81d3c7ecae4994d28d052bd4bad585e18e8a1a68ab17cae7 (rpm) before *

unaffected

Default status

affected

sha256:e268332aeeeebd1d10688d513fa422c1ddf6d2e448f558ddae25ac719dc4f608 (rpm) before *

unaffected

Default status

affected

sha256:6ea6ea4f6425b574d708dabec4dc9f42e39b9553d4969b91663e2ffd866d8bb7 (rpm) before *

unaffected

Default status

affected

sha256:495c95d1a2df101e0bf9c0eaa3caeb575f596d6098782c3a0a1dcb0342589886 (rpm) before *

unaffected

Default status

affected

sha256:b488d0482849357ec15b94803eba470bd3c96a3aa70eb401e5e010d939996fd5 (rpm) before *

unaffected

Default status

affected

sha256:36c26ae9529d584fbd4ed24376ff8a83fd583190d4b13461a484e8f49c3ac3b3 (rpm) before *

unaffected

Default status

affected

sha256:8bd6b32078b7aceea003fdcd90f51a963e056a16dbe5ea54d56cbdfc6de029d5 (rpm) before *

unaffected

Default status

affected

sha256:f2b3e838d78b6bd89e5c9f401326d08696fb29b862fa99b701a3b0aa8b705fe4 (rpm) before *

unaffected

Default status

affected

sha256:dbb96a4e7584a48e7a61a00485ccbcb23919dcbdd47af01cec452bd4f0fd0bdc (rpm) before *

unaffected

Default status

affected

sha256:e780559caf89469f58e9d6646c389031a4cb080853aad7d471a5e7339c39f28c (rpm) before *

unaffected

Default status

affected

sha256:1690d6c99f4626289bcdd78c8521edffb61c91da1a45aa2eb2b6ab2af137b7c1 (rpm) before *

unaffected

Default status

affected

sha256:7c02ce667bc7b6693596ba249e34d7233a95fdb1966ce317927b2363518a564f (rpm) before *

unaffected

Default status

affected

sha256:e0d3839cbb1734c0e224e0c076c7c8b4d0e0888e31989b8a6a611418ea2c72bc (rpm) before *

unaffected

Default status

affected

sha256:00bdcca61bc8765fbbc838deeb86392ce25c72f0170241c270484ec9b77bd263 (rpm) before *

unaffected

Default status

affected

sha256:49f1e7092bdd19f318580b3d4dfc37dbec8435f814b7d1b863ed34a6ba6157ee (rpm) before *

unaffected

Default status

affected

sha256:a492d94ceced107b6b8dc7339cca181875d2245c5f8ac9ecc51979160a341d76 (rpm) before *

unaffected

Default status

affected

sha256:5aad1d226292a42c700e97575eec56040108869acdcb720a9c5b32d02a0035b3 (rpm) before *

unaffected

Default status

affected

sha256:2b5deb8c15ca85aec11aa24b3c7cdc200e7ece6b8e53cdf0b073898c8f3c87a5 (rpm) before *

unaffected

Default status

affected

sha256:cb4d70c84e2d58e9a4f8108a16ad6f7e1ab78fc4ef7a96dc96f8b5ba788ece0e (rpm) before *

unaffected

Default status

affected

sha256:b14c3a7c4cc6531ed0d9701fe1b07ddc8c85e702ef8b058f0eaaadb1e8852a04 (rpm) before *

unaffected

Default status

affected

sha256:20c7a4f70f6000f204a3c53c153aaa3c08be94c98c09b90f538b2a19156a00e0 (rpm) before *

unaffected

Default status

affected

sha256:599bfb2b83e095f88d90a408d4e8bf66bf10070255c5d174ca9ed8668111d25f (rpm) before *

unaffected

Default status

affected

sha256:40f8584e7ed0be1742fc3d40ee639dfd5323e38c55c7fcae4146d4246abf6cf0 (rpm) before *

unaffected

Default status

affected

sha256:116f99072859f76161266a538d92d7e19e3b463fc18e6084cf7faf7a6b311116 (rpm) before *

unaffected

Default status

affected

sha256:053ad72159390ad37825015b051252dc162f46ebeeab4866e1568af1f0084cab (rpm) before *

unaffected

Default status

affected

sha256:9164cc380719f38594bfef8cd590c16c53b066809ceecfc04ebef36355f42ce9 (rpm) before *

unaffected

Default status

affected

sha256:65c4003dfb7180e015ec74fe9e599bcc313501ab9b9c67d61fc59a68e6c89349 (rpm) before *

unaffected

Default status

affected

sha256:66e773cf82a564ebe81af3d5206e6b24ddf9559ccb1e9f90646f0203b5da6863 (rpm) before *

unaffected

Default status

affected

sha256:25b4647a37692cde90c499460a62a78342827265992adc0740bef650028fc2df (rpm) before *

unaffected

Default status

affected

Default status

affected

Default status

affected

Default status

affected

Default status

unaffected

Default status

affected

Default status

affected

Default status

affected

Default status

affected

Default status

affected

Default status

affected

Default status

affected

Default status

unaffected

Default status

unaffected

Default status

affected

Default status

affected

Default status

affected

Default status

affected

Default status

unaffected

Default status

unaffected

Default status

affected

Default status

unaffected

Default status

unaffected

Default status

unaffected

Default status

unaffected

Default status

unaffected

Default status

affected

Default status

unaffected

Default status

affected

Default status

affected

Default status

unaffected

Default status

affected

Default status

affected

Default status

affected

Default status

affected

Default status

affected

Default status

unaffected

Default status

unaffected

Default status

affected

Default status

affected

Default status

affected

Default status

affected

Default status

affected

Default status

affected

Default status

affected

Default status

affected

Default status

unaffected

Default status

unaffected

Default status

affected

Default status

affected

Default status

affected

Default status

affected

Default status

affected

Default status

affected

Default status

affected

Default status

unaffected

Default status

unaffected

Default status

unaffected

Default status

unaffected

Default status

unaffected

Default status

unaffected

Default status

affected

Default status

affected

Timeline

2025-07-04:	Reported to Red Hat.
2025-08-07:	Made public.

Credits

Red Hat would like to thank Antony Di Scala, James Force, and Michael Whale for reporting this issue.

References

access.redhat.com/errata/RHSA-2025:19332 (RHSA-2025:19332) vendor-advisory

access.redhat.com/errata/RHSA-2025:19335 (RHSA-2025:19335) vendor-advisory

access.redhat.com/errata/RHSA-2025:19958 (RHSA-2025:19958) vendor-advisory

access.redhat.com/errata/RHSA-2025:19961 (RHSA-2025:19961) vendor-advisory

access.redhat.com/errata/RHSA-2025:21368 (RHSA-2025:21368) vendor-advisory

access.redhat.com/security/cve/CVE-2025-7195 vdb-entry

bugzilla.redhat.com/show_bug.cgi?id=2376300 (RHBZ#2376300) issue-tracking

cve.org (CVE-2025-7195)

nvd.nist.gov (CVE-2025-7195)

Download JSON