CVE-2025-3528

Mirror-registry: local privilege escalation due to incorrect permissions in mirror-registry

CVSS 8.2 HIGHEPSS 0.2%CWE-276

Vexday Risk Score

21Bajo

Decisión SSVC (CISA)

Track

Sin señal de explotación → monitorear

CVSS 8.2EPSS 0.2%KEV nãoPoC —Nuclei —Metasploit —Patch referenciado

Ciclo de vida

09 may 2025Publicada en NVD

Recomendación: Monitorear — sin señal de explotación por ahora.

A flaw was found in the Mirror Registry. The quay-app container shipped as part of the Mirror Registry for OpenShift has write access to the `/etc/passwd`. This flaw allows a malicious actor with access to the container to modify the passwd file and elevate their privileges to the root user within that pod.

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

Productos afectados

mirror-registryRed Hat · MIRROR-REGISTRY-2.0-RHEL-8 Red Hat · mirror registry for Red Hat OpenShift

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://access.redhat.com/errata/RHBA-2025:9645 https://access.redhat.com/security/cve/CVE-2025-3528 https://bugzilla.redhat.com/show_bug.cgi?id=2359143