CVE-2025-7195

CVSS v3 5.2 MEDIUM

5.2^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 0.5 / Impact : 4.7

Attack Vector LOCAL

Attack Complexity HIGH

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact HIGH

Availability Impact LOW

Scope UNCHANGED

arly versions of Operator-SDK provided an insecure method to allow operator containers to run in environments that used a random UID. Operator-SDK before 0.15.2 provided a script, user_setup, which modifies the permissions of the /etc/passwd file to 664 during build time. Developers who used Operator-SDK before 0.15.2 to scaffold their operator may still be impacted by this if the insecure user_setup script is still being used to build new container images. In affected images, the /etc/passwd file is created during build time with group-writable permissions and a group ownership of root (gid=0). An attacker who can execute commands within an affected container, even as a non-root user, may be able to leverage their membership in the root group to modify the /etc/passwd file. This could allow the attacker to add a new user with any arbitrary UID, including UID 0, leading to full root privileges within the container.

References

Link	Resource
https://access.redhat.com/errata/RHEA-2025:23406
https://access.redhat.com/errata/RHEA-2025:23478
https://access.redhat.com/errata/RHEA-2026:0129
https://access.redhat.com/errata/RHSA-2025:19332
https://access.redhat.com/errata/RHSA-2025:19335
https://access.redhat.com/errata/RHSA-2025:19958
https://access.redhat.com/errata/RHSA-2025:19961
https://access.redhat.com/errata/RHSA-2025:21368
https://access.redhat.com/errata/RHSA-2025:21885
https://access.redhat.com/errata/RHSA-2025:22415
https://access.redhat.com/errata/RHSA-2025:22416
https://access.redhat.com/errata/RHSA-2025:22418
https://access.redhat.com/errata/RHSA-2025:22420
https://access.redhat.com/errata/RHSA-2025:22683
https://access.redhat.com/errata/RHSA-2025:22684
https://access.redhat.com/errata/RHSA-2025:23528
https://access.redhat.com/errata/RHSA-2025:23529
https://access.redhat.com/errata/RHSA-2025:23542
https://access.redhat.com/errata/RHSA-2026:0627
https://access.redhat.com/errata/RHSA-2026:0718
https://access.redhat.com/errata/RHSA-2026:0722
https://access.redhat.com/errata/RHSA-2026:0737
https://access.redhat.com/errata/RHSA-2026:2572
https://access.redhat.com/security/cve/CVE-2025-7195
https://bugzilla.redhat.com/show_bug.cgi?id=2376300

Configurations

No configuration.

History

11 Feb 2026, 17:16

Type	Values Removed	Values Added
References		() https://access.redhat.com/errata/RHSA-2026:2572 -

16 Jan 2026, 00:16

Type	Values Removed	Values Added
References		() https://access.redhat.com/errata/RHSA-2026:0737 -

15 Jan 2026, 22:16

Type	Values Removed	Values Added
References		() https://access.redhat.com/errata/RHSA-2026:0722 -

15 Jan 2026, 17:16

Type	Values Removed	Values Added
References		() https://access.redhat.com/errata/RHSA-2026:0718 -

14 Jan 2026, 22:15

Type	Values Removed	Values Added
References		() https://access.redhat.com/errata/RHSA-2026:0627 -

09 Jan 2026, 00:15

Type	Values Removed	Values Added
References		() https://access.redhat.com/errata/RHEA-2025:23406 - () https://access.redhat.com/errata/RHEA-2026:0129 -

06 Jan 2026, 16:15

Type	Values Removed	Values Added
References		() https://access.redhat.com/errata/RHEA-2025:23478 -

17 Dec 2025, 21:16

Type	Values Removed	Values Added
References		() https://access.redhat.com/errata/RHSA-2025:23528 - () https://access.redhat.com/errata/RHSA-2025:23529 - () https://access.redhat.com/errata/RHSA-2025:23542 -

04 Dec 2025, 00:15

Type	Values Removed	Values Added
References		() https://access.redhat.com/errata/RHSA-2025:22684 -

03 Dec 2025, 23:15

Type	Values Removed	Values Added
References		() https://access.redhat.com/errata/RHSA-2025:22683 -

01 Dec 2025, 13:16

Type	Values Removed	Values Added
References		() https://access.redhat.com/errata/RHSA-2025:22415 - () https://access.redhat.com/errata/RHSA-2025:22418 - () https://access.redhat.com/errata/RHSA-2025:22420 -

01 Dec 2025, 12:15

Type	Values Removed	Values Added
References		() https://access.redhat.com/errata/RHSA-2025:22416 -

20 Nov 2025, 21:16

Type	Values Removed	Values Added
References		() https://access.redhat.com/errata/RHSA-2025:21885 -

13 Nov 2025, 23:15

Type	Values Removed	Values Added
References		() https://access.redhat.com/errata/RHSA-2025:21368 -

10 Nov 2025, 02:15

Type	Values Removed	Values Added
References		() https://access.redhat.com/errata/RHSA-2025:19958 - () https://access.redhat.com/errata/RHSA-2025:19961 -

07 Nov 2025, 00:15

Type	Values Removed	Values Added
References		() https://access.redhat.com/errata/RHSA-2025:19332 -

30 Oct 2025, 13:15

Type	Values Removed	Values Added
References		() https://access.redhat.com/errata/RHSA-2025:19335 -

08 Aug 2025, 20:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-08-07 19:15

Updated : 2026-02-11 17:16

NVD link : CVE-2025-7195

Mitre link : CVE-2025-7195

CVE.ORG link : CVE-2025-7195

JSON object : View

Products Affected

No product.

CWE

CWE-276

Incorrect Default Permissions

5.2 /10