CVE-2025-8766
high
Red Hat CVSS v3 Base Score
6.4
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
EPSS Score
0.0%
Exploitation probability in 30 days
Top 100% most likely to be exploited
Attack Characteristics
Attack Vector
Local
Attack Complexity
High
Privileges Required
High
User Interaction
None
Confidentiality
High
Integrity
High
Availability
High
Published: March 13, 2026 (62 days ago)
Last Modified: March 13, 2026
Vendor: Red Hat
Source: REDHAT
Vulnerability Report
Generated by CyberWatcher
Description
A container privilege escalation flaw was found in certain Multi-Cloud Object Gateway Core images. This issue stems from the /etc/passwd file being created with group-writable permissions during build time. In certain conditions, an attacker who can execute commands within an affected container, even as a non-root user, can leverage their membership in the root group to modify the /etc/passwd file. This could allow the attacker to add a new user with any arbitrary UID, including UID 0, leading to full root privileges within the container
CWE
CWE-276Affected Products
Red Hat Openshift Data Foundation 4