CVE-2025-57851

Name of the Vulnerable Software and Affected Versions Multicluster Engine for Kubernetes (affected versions not specified)

Description A container privilege escalation flaw exists in certain Multicluster Engine for Kubernetes images. The issue arises from the /etc/passwd file being created with group-writable permissions during the build process. An attacker executing commands within an affected container, even as a non-root user, can exploit their root group membership to modify the /etc/passwd file. This allows the attacker to add a new user with an arbitrary UID, including UID 0, potentially granting full root privileges within the container.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.