CVE-2025-7195

MEDIUM

Operator-framework Operator-sdk - Incorrect Default Permissions

Title source: rule

Description

Early versions of Operator-SDK provided an insecure method to allow operator containers to run in environments that used a random UID. Operator-SDK before 0.15.2 provided a script, user_setup, which modifies the permissions of the /etc/passwd file to 664 during build time. Developers who used Operator-SDK before 0.15.2 to scaffold their operator may still be impacted by this if the insecure user_setup script is still being used to build new container images. In affected images, the /etc/passwd file is created during build time with group-writable permissions and a group ownership of root (gid=0). An attacker who can execute commands within an affected container, even as a non-root user, may be able to leverage their membership in the root group to modify the /etc/passwd file. This could allow the attacker to add a new user with any arbitrary UID, including UID 0, leading to full root privileges within the container.

References (26)

[Vendor Advisory] https://access.redhat.com/errata/RHEA-2025:23406

[Vendor Advisory] https://access.redhat.com/errata/RHEA-2025:23478

[Vendor Advisory] https://access.redhat.com/errata/RHEA-2026:0129

[Vendor Advisory] https://access.redhat.com/errata/RHSA-2025:19332

[Vendor Advisory] https://access.redhat.com/errata/RHSA-2025:19335

[Vendor Advisory] https://access.redhat.com/errata/RHSA-2025:19958

[Vendor Advisory] https://access.redhat.com/errata/RHSA-2025:19961

[Vendor Advisory] https://access.redhat.com/errata/RHSA-2025:21368

[Vendor Advisory] https://access.redhat.com/errata/RHSA-2025:21885

[Vendor Advisory] https://access.redhat.com/errata/RHSA-2025:22415

[Vendor Advisory] https://access.redhat.com/errata/RHSA-2025:22416

[Vendor Advisory] https://access.redhat.com/errata/RHSA-2025:22418

[Vendor Advisory] https://access.redhat.com/errata/RHSA-2025:22420

[Vendor Advisory] https://access.redhat.com/errata/RHSA-2025:22683

[Vendor Advisory] https://access.redhat.com/errata/RHSA-2025:22684

[Vendor Advisory] https://access.redhat.com/errata/RHSA-2025:23528

[Vendor Advisory] https://access.redhat.com/errata/RHSA-2025:23529

[Vendor Advisory] https://access.redhat.com/errata/RHSA-2025:23542

[Vendor Advisory] https://access.redhat.com/errata/RHSA-2026:0627

[Vendor Advisory] https://access.redhat.com/errata/RHSA-2026:0718

... and 6 more

Scores

CVSS v3 6.4

EPSS 0.0001

EPSS Percentile 0.8%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-276

Status published

Products (50)

operator-framework/operator-sdk < 0.15.2

operator-framework/operator-sdk 0 - 0.15.2Go

Red Hat/Compliance Operator 1 sha256:0903a7a5c857d96c84fd022e5785514eff201047e2fdd5d6699d79f17440ef02

Red Hat/Compliance Operator 1 sha256:0deacfbd0d55638fb334e2435007586fcfd3a08328c3a7c9b2908bb0cab759c2

Red Hat/Compliance Operator 1 sha256:296761e66fbac8934c137df3e0f0027e823b5db5a32eddf24f97489e24f4b8bf

Red Hat/Compliance Operator 1 sha256:525c4d55fde92557bd0c3123961cb32eee28edca3aaa884e224d5efa4f3c4f83

Red Hat/Compliance Operator 1 sha256:74010cf229f6fa17a927e56f63db06f9fe4ce61dce5e8bece77d05a082c49e3b

Red Hat/Compliance Operator 1 sha256:9bc1fca7173d0080640ff9900d362512e480012a616922f4763e8e6becd8f520

Red Hat/Compliance Operator 1 sha256:e043fdf674a120f56d62a0c6ff2b91bc8c61875d5ce371abc3540714928e0528

Red Hat/Compliance Operator 1 sha256:eaddf506bddce47e0ea3fc4e5e827533a7349d228964dfbc919044f8e7f7108d

... and 40 more

Published Aug 07, 2025

Tracked Since Feb 18, 2026