216.73.216.133

CVE-2025-3528

· Published 09/05/2025 12:15 · Modified 09/05/2025 12:15

Labels: CVE-2025-3528 2025-05-09CVE-2025-3528CWE-276[email protected]

Essential information

Published
09/05/2025 12:15
Modified
09/05/2025 12:15
Author
Creator
CVSS
8.2 HIGH (v3.1)
CISA KEV
No
CWE
CVSS vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

CVSS metrics

Description

A flaw was found in the Mirror Registry. The quay-app container shipped as part of the Mirror Registry for OpenShift has write access to the `/etc/passwd`. This flaw allows a malicious actor with access to the container to modify the passwd file and elevate their privileges to the root user within that pod.

NVD status

Status
Received — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
redhat / quay-app cpe:2.3:a:redhat:quay-app:*:*:*:*:*:openshift:*:*
redhat / mirror registry cpe:2.3:a:redhat:mirror_registry:*:*:*:*:*:*:*:*

References