CVE-2025-8766

Name of the Vulnerable Software and Affected Versions Multi-Cloud Object Gateway Core (affected versions not specified)

Description A container privilege escalation flaw exists in certain Multi-Cloud Object Gateway Core images. The issue originates from the /etc/passwd file being created with group-writable permissions during the build process. An attacker with the ability to execute commands within an affected container, even as a non-root user, can exploit their root group membership to modify the /etc/passwd file. This allows the attacker to add a new user with an arbitrary UID, potentially including UID 0, resulting in full root privileges within the container.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.