CVE-2025-57852 is a medium-severity vulnerability affecting Red Hat OpenShift AI (RHOAI), specifically related to the KServe ModelMesh container images. The root cause is an incorrect default permission setting on the /etc/passwd file within these container images. During the container build process, the /etc/passwd file is created with group-writable permissions. This misconfiguration allows users who have command execution capabilities inside the container and belong to the root group to modify the /etc/passwd file. By doing so, an attacker can add new user entries with arbitrary user IDs, including UID 0, which corresponds to root privileges. This effectively enables privilege escalation within the container environment, granting full root access inside the container. The vulnerability requires that the attacker already has some level of command execution within the container and membership in the root group, which limits the ease of exploitation. The CVSS 3.1 base score is 5.2, reflecting a medium severity level, with attack vector local, high attack complexity, high privileges required, no user interaction, unchanged scope, low confidentiality impact, high integrity impact, and low availability impact. No known exploits are currently reported in the wild. This vulnerability highlights a critical misconfiguration in container image permissions that can be leveraged for privilege escalation, which is a common and impactful threat in containerized environments.

For European organizations deploying Red Hat OpenShift AI (RHOAI) with KServe ModelMesh containers, this vulnerability poses a significant risk of container-level privilege escalation. If an attacker gains limited access to a container, they could escalate privileges to root within that container, potentially allowing them to manipulate containerized workloads, access sensitive data processed within the container, or pivot to other parts of the infrastructure. While the vulnerability does not directly allow host-level compromise, container root access can facilitate lateral movement or exploitation of other vulnerabilities. This is particularly concerning for organizations using OpenShift AI for sensitive AI workloads, data processing, or critical business applications. The impact on confidentiality is limited but integrity is highly affected, as attackers can modify user accounts inside the container. Availability impact is low but could increase if attackers disrupt container operations. Given the increasing adoption of container orchestration and AI workloads in European enterprises, this vulnerability could undermine trust in container security and compliance with data protection regulations if exploited.

To mitigate this vulnerability, European organizations should: 1) Immediately update affected container images to versions where /etc/passwd permissions are correctly set to remove group-writable access. If patches are not yet available, rebuild container images ensuring strict file permission policies during the build process. 2) Implement strict container runtime security policies that restrict group memberships, especially preventing non-root users from being in the root group inside containers. 3) Use container security tools to scan images for permission misconfigurations and enforce least privilege principles. 4) Limit command execution capabilities inside containers to trusted users and processes only, reducing the risk of an attacker gaining initial access. 5) Employ runtime monitoring to detect unusual modifications to critical files like /etc/passwd within containers. 6) Consider adopting container image signing and verification to prevent deployment of vulnerable or tampered images. 7) Review and harden OpenShift cluster RBAC policies to minimize privilege escalation opportunities. These steps go beyond generic advice by focusing on build-time permissions, group membership controls, and runtime detection specific to this vulnerability.