CVE-2025-3528HIGH 8.2EPSS p8.3%

CVE-2025-3528CVE-2025-3528

Description

A flaw was found in the Mirror Registry. The quay-app container shipped as part of the Mirror Registry for OpenShift has write access to the `/etc/passwd`. This flaw allows a malicious actor with access to the container to modify the passwd file and elevate their privileges to the root user within that pod.

Scoring

CVSS 3.18.2 (HIGH)
VectorCVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
EPSS0.19% probability of exploitation · percentile 8.3% · 2026-06-19T12:03:05Z
Published2025-05-09
Last modified2026-04-15

Underlying weaknesses· 1

CWE-276

References

  1. https://access.redhat.com/errata/RHBA-2025:9645
  2. https://access.redhat.com/security/cve/CVE-2025-3528
  3. https://bugzilla.redhat.com/show_bug.cgi?id=2359143

1

TypeTargetConfidenceTier
WeaknessIncorrect Default Permissionscwe-2760%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-8766
CVE
CVE-2025-57849
CVE
CVE-2025-13888
CVE
CVE-2026-32589
CVE
CVE-2026-7374
CVE
CVE-2025-10725
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.