CVE-2025-57849 - Vulnerability Details - OpenCVE

A container privilege escalation flaw was found in certain Fuse images. This issue stems from the /etc/passwd file being created with group-writable permissions during build time. In certain conditions, an attacker who can execute commands within an affected container, even as a non-root user, can leverage their membership in the root group to modify the /etc/passwd file. This could allow the attacker to add a new user with any arbitrary UID, including UID 0, leading to full root privileges within the container.

No CVSS v4.0

Attack Vector Local

Attack Complexity High

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Key SSVC decision points have not yet been added.

Vendors	Products
Redhat	Jboss Fuse

No data.

No data.

No data.

References

Link	Providers
https://access.redhat.com/security/cve/CVE-2025-57849
https://bugzilla.redhat.com/show_bug.cgi?id=2391100

History

Fri, 13 Mar 2026 03:45:00 +0000

Type	Values Removed	Values Added
Description		A container privilege escalation flaw was found in certain Fuse images. This issue stems from the /etc/passwd file being created with group-writable permissions during build time. In certain conditions, an attacker who can execute commands within an affected container, even as a non-root user, can leverage their membership in the root group to modify the /etc/passwd file. This could allow the attacker to add a new user with any arbitrary UID, including UID 0, leading to full root privileges within the container.
Title		Fuse: privilege escalation via excessive /etc/passwd permissions
First Time appeared		Redhat Redhat jboss Fuse
Weaknesses		CWE-276
CPEs		cpe:/a:redhat:jboss_fuse:7
Vendors & Products		Redhat Redhat jboss Fuse
References		https://access.redhat.com/security/cve/CVE-2025-57849 https://bugzilla.redhat.com/show_bug.cgi?id=2391100
Metrics		cvssV3_1 `{'score': 6.4, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H'}`

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2026-03-13T03:08:32.594Z

Updated: 2026-03-13T03:08:32.594Z

Reserved: 2025-08-21T14:40:40.822Z

Link: CVE-2025-57849

Vulnrichment

No data.

NVD

No data.

Redhat

No data.

OpenCVE Enrichment

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-57849", "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "state": "PUBLISHED", "assignerShortName": "redhat", "dateReserved": "2025-08-21T14:40:40.822Z", "datePublished": "2026-03-13T03:08:32.594Z", "dateUpdated": "2026-03-13T03:08:32.594Z"}, "containers": {"cna": {"title": "Fuse: privilege escalation via excessive /etc/passwd permissions", "metrics": [{"other": {"content": {"value": "Moderate", "namespace": "https://access.redhat.com/security/updates/classification/"}, "type": "Red Hat severity rating"}}, {"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS"}], "descriptions": [{"lang": "en", "value": "A container privilege escalation flaw was found in certain Fuse images. This issue stems from the /etc/passwd file being created with group-writable permissions during build time. In certain conditions, an attacker who can execute commands within an affected container, even as a non-root user, can leverage their membership in the root group to modify the /etc/passwd file. This could allow the attacker to add a new user with any arbitrary UID, including UID 0, leading to full root privileges within the container."}], "affected": [{"vendor": "Red Hat", "product": "Red Hat Fuse 7", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "fuse7/fuse-java-openshift-jdk11-rhel8", "defaultStatus": "unknown", "cpes": ["cpe:/a:redhat:jboss_fuse:7"]}, {"vendor": "Red Hat", "product": "Red Hat Fuse 7", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "fuse7/fuse-java-openshift-jdk17-rhel8", "defaultStatus": "unknown", "cpes": ["cpe:/a:redhat:jboss_fuse:7"]}, {"vendor": "Red Hat", "product": "Red Hat Fuse 7", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "fuse7/fuse-java-openshift-rhel8", "defaultStatus": "unknown", "cpes": ["cpe:/a:redhat:jboss_fuse:7"]}, {"vendor": "Red Hat", "product": "Red Hat Fuse 7", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "fuse7/fuse-karaf-openshift-jdk11-rhel8", "defaultStatus": "unknown", "cpes": ["cpe:/a:redhat:jboss_fuse:7"]}, {"vendor": "Red Hat", "product": "Red Hat Fuse 7", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "fuse7/fuse-karaf-openshift-jdk17-rhel8", "defaultStatus": "unknown", "cpes": ["cpe:/a:redhat:jboss_fuse:7"]}, {"vendor": "Red Hat", "product": "Red Hat Fuse 7", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "fuse7/fuse-karaf-openshift-rhel8", "defaultStatus": "unknown", "cpes": ["cpe:/a:redhat:jboss_fuse:7"]}], "references": [{"url": "https://access.redhat.com/security/cve/CVE-2025-57849", "tags": ["vdb-entry", "x_refsource_REDHAT"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2391100", "name": "RHBZ#2391100", "tags": ["issue-tracking", "x_refsource_REDHAT"]}], "datePublic": "2026-03-13T02:52:00.000Z", "problemTypes": [{"descriptions": [{"cweId": "CWE-276", "description": "Incorrect Default Permissions", "lang": "en", "type": "CWE"}]}], "x_redhatCweChain": "CWE-276: Incorrect Default Permissions", "timeline": [{"lang": "en", "time": "2025-08-26T18:30:47.676Z", "value": "Reported to Red Hat."}, {"lang": "en", "time": "2026-03-13T02:52:00.000Z", "value": "Made public."}], "credits": [{"lang": "en", "value": "Red Hat would like to thank Antony Di Scala and Michael Whale for reporting this issue."}], "providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2026-03-13T03:08:32.594Z"}, "x_generator": {"engine": "cvelib 1.8.0"}}}}