CVE-2025-3528

Mirror-registry: local privilege escalation due to incorrect permissions in mirror-registry

CVSS 8.2 HIGHEPSS 0.2%CWE-276

Vexday Risk Score

21Baixo

Decisão SSVC (CISA)

Track

Sem sinal de exploração → monitorar

CVSS 8.2EPSS 0.2%KEV nãoPoC —Nuclei —Metasploit —Patch referenciado

Ciclo de vida

09 mai 2025Publicada no NVD

Recomendação: Monitorar — sem sinal de exploração no momento.

A flaw was found in the Mirror Registry. The quay-app container shipped as part of the Mirror Registry for OpenShift has write access to the `/etc/passwd`. This flaw allows a malicious actor with access to the container to modify the passwd file and elevate their privileges to the root user within that pod.

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

Produtos afetados

mirror-registryRed Hat · MIRROR-REGISTRY-2.0-RHEL-8 Red Hat · mirror registry for Red Hat OpenShift

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://access.redhat.com/errata/RHBA-2025:9645 https://access.redhat.com/security/cve/CVE-2025-3528 https://bugzilla.redhat.com/show_bug.cgi?id=2359143