PatchSiren

PatchSiren cyber security CVE debrief

CVE-2025-57849 Red Hat CVE debrief

A container privilege escalation flaw was found in certain Fuse images. This issue stems from the /etc/passwd file being created with group-writable permissions during build time. In certain conditions, an attacker who can execute commands within an affected container, even as a non-root user, can leverage their membership in the root group to modify the /etc/passwd file. This could allow the attacker to add a new user with any arbitrary UID, including UID 0, leading to full root privileges within the container.

Vendor
Red Hat
Product
Red Hat Fuse 7
CVSS
MEDIUM 6.4
CISA KEV
Not listed in stored evidence
Original CVE published
2026-03-13
Original CVE updated
2026-06-05
Advisory published
2026-03-13
Advisory updated
2026-06-05

Who should care

Users of Red Hat Fuse 7.0.0 who run containers with Fuse images.

Technical summary

The /etc/passwd file in certain Fuse images is created with group-writable permissions. An attacker who can execute commands within an affected container as a non-root user, but is a member of the root group, can modify /etc/passwd to add a new user with arbitrary UID, including UID 0, gaining full root privileges within the container.

Defensive priority

MEDIUM

Recommended defensive actions

  • Apply patches or updates provided by Red Hat to ensure the /etc/passwd file is created with proper permissions.
  • Restrict write access to the /etc/passwd file within containers.
  • Monitor container environments for suspicious activity, especially related to user creation or privilege escalation.

Evidence notes

CVE-2025-57849 has a CVSS score of 6.4 and is classified as MEDIUM severity. The vulnerability was published on 2026-03-13T19:53:52.313Z and modified on 2026-06-05T19:57:46.430Z.

Official resources

CVE-2025-57849 was published on 2026-03-13T19:53:52.313Z and modified on 2026-06-05T19:57:46.430Z.