Security Advisory

CVE-2025-3528

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2025-05-09 11:58:24

Last updated 2026-02-27 16:29:37

Assigner redhat

State PUBLISHED

Description

A flaw was found in the Mirror Registry. The quay-app container shipped as part of the Mirror Registry for OpenShift has write access to the `/etc/passwd`. This flaw allows a malicious actor with access to the container to modify the passwd file and elevate their privileges to the root user within that pod.

← Browse all CVEs View on cve.org ↗