{
  "threat_severity" : "Important",
  "public_date" : "2024-04-11T00:00:00Z",
  "bugzilla" : {
    "description" : "mirror-registry: Local privilege escalation due to incorrect permissions in mirror-registry",
    "id" : "2359143",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2359143"
  },
  "cvss3" : {
    "cvss3_base_score" : "8.2",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
    "status" : "verified"
  },
  "cwe" : "CWE-276",
  "details" : [ "A flaw was found in the Mirror Registry. The quay-app container shipped as part of the Mirror Registry for OpenShift has write access to the `/etc/passwd`. This flaw allows a malicious actor with access to the container to modify the passwd file and elevate their privileges to the root user within that pod.", "A flaw was found in the Mirror Registry. The quay-app container shipped as part of the Mirror Registry for OpenShift has write access to the `/etc/passwd`. This flaw allows a malicious actor with access to the container to modify the passwd file and elevate their privileges to the root user within that pod." ],
  "statement" : "This issue was classified with and Important severity according to the severity ratings described at https://access.redhat.com/security/updates/classification. This rating was given because the attacker, when a successfully attack is performed, can  elevate its privilege to the root user.",
  "acknowledgement" : "Red Hat would like to thank Antony Di Scala and Mike Whale for reporting this issue.",
  "affected_release" : [ {
    "product_name" : "MIRROR-REGISTRY-2.0-RHEL-8",
    "release_date" : "2025-07-14T00:00:00Z",
    "advisory" : "RHBA-2025:9645",
    "cpe" : "cpe:/a:redhat:mirror_registry:2.0.0::el8",
    "package" : "openshift/mirror-registry-rhel8:v2.0.7-9"
  } ],
  "package_state" : [ {
    "product_name" : "mirror registry for Red Hat OpenShift",
    "fix_state" : "Affected",
    "package_name" : "mirror-registry-container",
    "cpe" : "cpe:/a:redhat:mirror_registry:1"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2025-3528\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-3528" ],
  "name" : "CVE-2025-3528",
  "mitigation" : {
    "value" : "This issue can be mitigated by setting this line in each mirror registry systemd configurations:\n--security-opt=no-new-privileges\nThis would prevent any privilege escalation until the issue is fixed.",
    "lang" : "en:us"
  },
  "csaw" : false
}