A container privilege escalation flaw was found in certain Multi-Cloud Object Gateway Core images. This issue stems from the /etc/passwd file being created with group-writable permissions during build time. In certain conditions, an attacker who can execute commands within an affected container, even as a non-root user, can leverage their membership in the root group to modify the /etc/passwd file. This could allow the attacker to add a new user with any arbitrary UID, including UID 0, leading to full root privileges within the container
CVE-2025-8766
Score 6.4 from GitHub Security Advisory published 2026-03-13. the CNA's CVSS baseline 6.4; sources differ by 0.0.
- Lower severity and no public exploit yet
No vendor fix yet — apply a workaround or compensating control (WAF / firewall / segmentation) and watch for a patch.
- CVSS v3
- 6.4
- EG Score
- 6.4(medium)
- EPSS
- 6.1%
- KEV
- Not listed
Published
March 13, 2026
Last Modified
July 10, 2026
Advisory Details (3)
Auto-updated Jul 9, 20262387265 – (CVE-2025-8766) CVE-2025-8766 noobaa-core: Excessive permissions of /etc could lead to escalation of privilege in the noobaa-core container
https://bugzilla.redhat.com/show_bug.cgi?id=2387265Vendor Advisories for CVE-2025-8766(2)
These vendors published their own advisory mentioning this CVE — often with vendor-specific remediation steps + affected product lists not in NVD.
- RHSA-2026:37387Red Hat Product SecurityHigh
Red Hat Security Advisory: Red Hat OpenShift Data Foundation 4.22.0 security, enhancement & bug fix update
- GHSA-fmgm-mwqg-8w89GitHub Security AdvisoriesMedium
A container privilege escalation flaw was found in certain Multi-Cloud Object Gateway Core images...
Frequently asked(5)
What is CVE-2025-8766?
When was CVE-2025-8766 disclosed?
Is CVE-2025-8766 actively exploited?
What is the CVSS score of CVE-2025-8766?
How do I remediate CVE-2025-8766?
Dependency Blast Radius
Explore the affected products and dependency analysis for CVE-2025-8766
Is Your Infrastructure Affected by CVE-2025-8766?
EchelonGraph automatically scans your cloud infrastructure and maps CVE exposure using blast radius analysis.