CVE-2025-57848

Name of the Vulnerable Software and Affected Versions Container-native Virtualization (affected versions not specified)

Description A flaw exists that allows for privilege escalation within containers. The issue arises from the /etc/passwd file being created with group-writable permissions during the image build process. An attacker with the ability to execute commands inside an affected container, even without root privileges, can exploit their root group membership to modify the /etc/passwd file. This modification can involve adding a new user with an arbitrary UID, potentially including UID 0, which grants full root access within the container.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.