CVE-2025-8766: Incorrect Default Permissions in Red Hat Red Hat Openshift Data Foundation 4
A container privilege escalation flaw was found in certain Multi-Cloud Object Gateway Core images. This issue stems from the /etc/passwd file being created with group-writable permissions during build time. In certain conditions, an attacker who can execute commands within an affected container, even as a non-root user, can leverage their membership in the root group to modify the /etc/passwd file. This could allow the attacker to add a new user with any arbitrary UID, including UID 0, leading to full root privileges within the container
AI Analysis
Technical Summary
This vulnerability involves incorrect default permissions on the /etc/passwd file in certain container images of Red Hat Openshift Data Foundation 4. Because the file is group-writable, an attacker who can execute commands inside the container and is part of the root group can modify /etc/passwd to create a new user with root privileges. This leads to privilege escalation within the container environment. The vulnerability has a CVSS 3.1 base score of 6.4 (medium severity) with attack vector local, high attack complexity, high privileges required, no user interaction, and impacts confidentiality, integrity, and availability. The vendor advisory URL is provided but does not explicitly confirm patch availability or remediation steps.
Potential Impact
Successful exploitation allows an attacker with local command execution and root group membership inside the container to escalate privileges to full root within that container. This compromises confidentiality, integrity, and availability of the container environment. There are no known exploits in the wild at this time.
Mitigation Recommendations
Patch status is not yet confirmed — check the Red Hat advisory at https://access.redhat.com/security/cve/CVE-2025-8766 for current remediation guidance. Until an official fix is available, restrict access to container environments to trusted users only and avoid granting unnecessary root group membership within containers. Monitor vendor communications for updates on patches or workarounds.
CVE-2025-8766: Incorrect Default Permissions in Red Hat Red Hat Openshift Data Foundation 4
Description
A container privilege escalation flaw was found in certain Multi-Cloud Object Gateway Core images. This issue stems from the /etc/passwd file being created with group-writable permissions during build time. In certain conditions, an attacker who can execute commands within an affected container, even as a non-root user, can leverage their membership in the root group to modify the /etc/passwd file. This could allow the attacker to add a new user with any arbitrary UID, including UID 0, leading to full root privileges within the container
CVSS v3.1
Score 6.4medium
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
This vulnerability involves incorrect default permissions on the /etc/passwd file in certain container images of Red Hat Openshift Data Foundation 4. Because the file is group-writable, an attacker who can execute commands inside the container and is part of the root group can modify /etc/passwd to create a new user with root privileges. This leads to privilege escalation within the container environment. The vulnerability has a CVSS 3.1 base score of 6.4 (medium severity) with attack vector local, high attack complexity, high privileges required, no user interaction, and impacts confidentiality, integrity, and availability. The vendor advisory URL is provided but does not explicitly confirm patch availability or remediation steps.
Potential Impact
Successful exploitation allows an attacker with local command execution and root group membership inside the container to escalate privileges to full root within that container. This compromises confidentiality, integrity, and availability of the container environment. There are no known exploits in the wild at this time.
Mitigation Recommendations
Patch status is not yet confirmed — check the Red Hat advisory at https://access.redhat.com/security/cve/CVE-2025-8766 for current remediation guidance. Until an official fix is available, restrict access to container environments to trusted users only and avoid granting unnecessary root group membership within containers. Monitor vendor communications for updates on patches or workarounds.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- redhat
- Date Reserved
- 2025-08-08T16:07:52.076Z
- Cvss Version
- 3.1
- State
- PUBLISHED
- Vendor Advisory Urls
- [{"url":"https://access.redhat.com/security/cve/CVE-2025-8766","vendor":"Red Hat"}]
Threat ID: 69b37da62f860ef94357f3fe
Added to database: 3/13/2026, 2:59:50 AM
Last enriched: 6/6/2026, 8:03:38 PM
Last updated: 6/12/2026, 12:16:47 PM
Views: 165
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.