RedHat Multi-Cloud Object Gateway Core PrivEsc via /etc/passwd
CVE-2025-8766 Published on March 13, 2026
Noobaa-core: excessive permissions of /etc could lead to escalation of privilege in the noobaa-core container
A container privilege escalation flaw was found in certain Multi-Cloud Object Gateway Core images. This issue stems from the /etc/passwd file being created with group-writable permissions during build time. In certain conditions, an attacker who can execute commands within an affected container, even as a non-root user, can leverage their membership in the root group to modify the /etc/passwd file. This could allow the attacker to add a new user with any arbitrary UID, including UID 0, leading to full root privileges within the container
Vulnerability Analysis
CVE-2025-8766 is exploitable with local system access, and requires user privileges. This vulnerability is consided to have a high level of attack complexity. The potential impact of an exploit of this vulnerability is considered to be very high.
Timeline
Reported to Red Hat.
Made public. 217 days later.
Weakness Type
Incorrect Default Permissions
During installation, installed file permissions are set to allow anyone to modify those files.
Products Associated with CVE-2025-8766
Want to know whenever a new CVE is published for Red Hat Openshift Data Foundation? stack.watch will email you.
Affected Versions
Red Hat Openshift Data Foundation 4.22:- Version 1782932114 and below * is unaffected.
- Version 1782931768 and below * is unaffected.
- Version 1782932104 and below * is unaffected.
- Version 1783536000 and below * is unaffected.
- Version 1783535989 and below * is unaffected.
- Version 1783536515 and below * is unaffected.
- Version 1782932521 and below * is unaffected.
- Version 1783018461 and below * is unaffected.
- Version 1783018421 and below * is unaffected.
- Version 1782932812 and below * is unaffected.
- Version 1783537001 and below * is unaffected.
- Version 1782932919 and below * is unaffected.
- Version 1783537586 and below * is unaffected.
- Version 1782932969 and below * is unaffected.
- Version 1782933015 and below * is unaffected.
- Version 1782933042 and below * is unaffected.
- Version 1783537392 and below * is unaffected.
- Version 1782933235 and below * is unaffected.
- Version 1782933251 and below * is unaffected.
- Version 1783537955 and below * is unaffected.
- Version 1782933417 and below * is unaffected.
- Version 1783537742 and below * is unaffected.
- Version 1782933602 and below * is unaffected.
- Version 1783019377 and below * is unaffected.
- Version 1782934054 and below * is unaffected.
- Version 1782934036 and below * is unaffected.
- Version 1782934284 and below * is unaffected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.