{"id":"CVE-2025-7195","summary":"Operator-sdk: privilege escalation due to incorrect permissions of /etc/passwd","details":"Early versions of Operator-SDK provided an insecure method to allow operator containers to run in environments that used a random UID. Operator-SDK before 0.15.2 provided a script, user_setup, which modifies the permissions of the /etc/passwd file to 664 during build time. Developers who used Operator-SDK before 0.15.2 to scaffold their operator may still be impacted by this if the insecure user_setup script is still being used to build new container images. \n\nIn affected images, the /etc/passwd file is created during build time with group-writable permissions and a group ownership of root (gid=0). An attacker who can execute commands within an affected container, even as a non-root user, may be able to leverage their membership in the root group to modify the /etc/passwd file. This could allow the attacker to add a new user with any arbitrary UID, including UID 0, leading to full root privileges within the container.","aliases":["GHSA-856v-8qm2-9wjv","GO-2025-3852"],"modified":"2026-07-08T08:06:53.551539591Z","published":"2025-08-07T19:05:08.756Z","related":["SUSE-SU-2025:02912-1","openSUSE-SU-2025:15434-1"],"database_specific":{"cwe_ids":["CWE-276"],"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/7xxx/CVE-2025-7195.json","cna_assigner":"redhat"},"references":[{"type":"WEB","url":"https://access.redhat.com/downloads/content/package-browser/"},{"type":"WEB","url":"https://catalog.redhat.com/software/containers/"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHEA-2025:23406"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHEA-2025:23478"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHEA-2026:0129"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2025:19332"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2025:19335"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2025:19958"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2025:19961"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2025:21368"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2025:21885"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2025:22415"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2025:22416"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2025:22418"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2025:22420"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2025:22683"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2025:22684"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2025:23528"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2025:23529"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2025:23542"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2026:0627"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2026:0718"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2026:0722"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2026:0737"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2026:2572"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2026:5633"},{"type":"ADVISORY","url":"https://access.redhat.com/security/cve/CVE-2025-7195"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/7xxx/CVE-2025-7195.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-7195"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2376300"},{"type":"PACKAGE","url":"https://github.com/operator-framework/operator-sdk"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/operator-framework/operator-sdk","events":[{"introduced":"0"},{"fixed":"ffaf278993c8fcb00c6f527c9f20091eb8dd3352"}],"database_specific":{"extracted_events":[{"introduced":"0"},{"fixed":"0.15.2"}],"source":"AFFECTED_FIELD"}}],"versions":["v0.15.1","v0.15.0","v0.14.0","v0.13.0","v0.12.0","v0.11.0","v0.10.0","v0.9.0","v0.8.0","v0.7.0","v0.5.0","v0.6.0","v0.4.0","v0.3.0","v0.2.0","v0.1.0","v0.0.6","v0.0.5","v0.0.4","v0.0.3","v0.0.2","v0.0.1"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-7195.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H"}]}