CVE-2025-8766
A container privilege escalation flaw was found in certain Multi-Cloud Object Gateway Core images. This issue stems from the /etc/passwd fil
CVSS
6.4
Medio
EPSS
0.2%
p6
KEV
—
Exploit Today
2
0-100
Publicado: 13 mar 2026 · Última mod.: 15 jul 2026 · CWE-276
A container privilege escalation flaw was found in certain Multi-Cloud Object Gateway Core images. This issue stems from the /etc/passwd file being created with group-writable permissions during build time. In certain conditions, an attacker who can execute commands within an affected container, even as a non-root user, can leverage their membership in the root group to modify the /etc/passwd file. This could allow the attacker to add a new user with any arbitrary UID, including UID 0, leading to full root privileges within the container
- access.redhat.comhttps://access.redhat.com/errata/RHSA-2026:37387
- access.redhat.comhttps://access.redhat.com/security/cve/CVE-2025-8766
- bugzilla.redhat.comhttps://bugzilla.redhat.com/show_bug.cgi?id=2387265
- access.redhat.comhttps://access.redhat.com/errata/RHSA-2026:37387
- access.redhat.comhttps://access.redhat.com/security/cve/CVE-2025-8766
- bugzilla.redhat.comhttps://bugzilla.redhat.com/show_bug.cgi?id=2387265
- security.access.redhat.comhttps://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-8766.json