cvelistv5 - cve-2025-58712

CVE-2025-58712 (GCVE-0-2025-58712)

Vulnerability from cvelistv5

Published

2025-10-22 18:19

Modified

2025-10-22 18:44

Severity ?

5.2 (Medium) - CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:H/A:L

CWE

CWE-276 - Incorrect Default Permissions

Summary

A container privilege escalation flaw was found in certain AMQ Broker images. This issue stems from the /etc/passwd file being created with group-writable permissions during build time. In certain conditions, an attacker who can execute commands within an affected container, even as a non-root user, can leverage their membership in the root group to modify the /etc/passwd file. This could allow the attacker to add a new user with any arbitrary UID, including UID 0, leading to full root privileges within the container.

References

URL

Tags

	secalert@redhat.com	https://access.redhat.com/errata/RHSA-2025:17562
	secalert@redhat.com	https://access.redhat.com/security/cve/CVE-2025-58712
	secalert@redhat.com	https://bugzilla.redhat.com/show_bug.cgi?id=2394418

Impacted products

Vendor

Product

Version

Red Hat

RHEL-9 based Middleware Containers

Unaffected: 7.13.2-1 < *
cpe:/a:redhat:rhosemc:1.0::el9

Red Hat	RHEL-9 based Middleware Containers	Unaffected: 7.13.2-1 < * cpe:/a:redhat:rhosemc:1.0::el9
Red Hat	RHEL-9 based Middleware Containers	Unaffected: 7.13.2-1 < * cpe:/a:redhat:rhosemc:1.0::el9
Red Hat	RHEL-9 based Middleware Containers	Unaffected: 7.13.2-1 < * cpe:/a:redhat:rhosemc:1.0::el9
Red Hat	RHEL-9 based Middleware Containers	Unaffected: 7.13.2-1 < * cpe:/a:redhat:rhosemc:1.0::el9
Red Hat	RHEL-9 based Middleware Containers	Unaffected: 7.13.2-1 < * cpe:/a:redhat:rhosemc:1.0::el9
Red Hat	Red Hat AMQ Broker 7	cpe:/a:redhat:amq_broker:7
Red Hat	Red Hat AMQ Broker 7	cpe:/a:redhat:amq_broker:7
Red Hat	Red Hat AMQ Broker 7	cpe:/a:redhat:amq_broker:7
Red Hat	Red Hat AMQ Broker 7	cpe:/a:redhat:amq_broker:7

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-58712",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-10-22T18:25:27.188744Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-22T18:37:06.272Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:rhosemc:1.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "amq7/amq-broker-init-rhel9",
          "product": "RHEL-9 based Middleware Containers",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "7.13.2-1",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:rhosemc:1.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "amq7/amq-broker-rhel9",
          "product": "RHEL-9 based Middleware Containers",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "7.13.2-1",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:rhosemc:1.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "amq7/amq-broker-rhel9-operator",
          "product": "RHEL-9 based Middleware Containers",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "7.13.2-1",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:rhosemc:1.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "amq7/amq-broker-rhel9-operator-bundle",
          "product": "RHEL-9 based Middleware Containers",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "7.13.2-1",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:rhosemc:1.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "amq7-tech-preview/amq-broker-console-plugin-rhel9",
          "product": "RHEL-9 based Middleware Containers",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "7.13.2-1",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:rhosemc:1.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "amq7-tech-preview/amq-broker-jolokia-api-server-rhel9",
          "product": "RHEL-9 based Middleware Containers",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "7.13.2-1",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:amq_broker:7"
          ],
          "defaultStatus": "affected",
          "packageName": "amq-broker-init-rhel8",
          "product": "Red Hat AMQ Broker 7",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:amq_broker:7"
          ],
          "defaultStatus": "affected",
          "packageName": "amq-broker-init-rhel9",
          "product": "Red Hat AMQ Broker 7",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:amq_broker:7"
          ],
          "defaultStatus": "affected",
          "packageName": "amq-broker-rhel8",
          "product": "Red Hat AMQ Broker 7",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:amq_broker:7"
          ],
          "defaultStatus": "affected",
          "packageName": "amq-broker-rhel9",
          "product": "Red Hat AMQ Broker 7",
          "vendor": "Red Hat"
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Red Hat would like to thank Antony Di Scala and Mike Whale for reporting this issue."
        }
      ],
      "datePublic": "2025-10-07T14:26:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A container privilege escalation flaw was found in certain AMQ Broker images. This issue stems from the /etc/passwd file being created with group-writable permissions during build time. In certain conditions, an attacker who can execute commands within an affected container, even as a non-root user, can leverage their membership in the root group to modify the /etc/passwd file. This could allow the attacker to add a new user with any arbitrary UID, including UID 0, leading to full root privileges within the container."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "namespace": "https://access.redhat.com/security/updates/classification/",
              "value": "Moderate"
            },
            "type": "Red Hat severity rating"
          }
        },
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "LOW",
            "baseScore": 5.2,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:H/A:L",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-276",
              "description": "Incorrect Default Permissions",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-10-22T18:44:00.684Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "RHSA-2025:17562",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:17562"
        },
        {
          "tags": [
            "vdb-entry",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/security/cve/CVE-2025-58712"
        },
        {
          "name": "RHBZ#2394418",
          "tags": [
            "issue-tracking",
            "x_refsource_REDHAT"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2394418"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2025-09-10T17:28:57.860000+00:00",
          "value": "Reported to Red Hat."
        },
        {
          "lang": "en",
          "time": "2025-10-07T14:26:00+00:00",
          "value": "Made public."
        }
      ],
      "title": "Amq: privilege escalation via excessive /etc/passwd permissions",
      "x_redhatCweChain": "CWE-276: Incorrect Default Permissions"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2025-58712",
    "datePublished": "2025-10-22T18:19:06.763Z",
    "dateReserved": "2025-09-03T15:20:52.036Z",
    "dateUpdated": "2025-10-22T18:44:00.684Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2025-58712\",\"sourceIdentifier\":\"secalert@redhat.com\",\"published\":\"2025-10-22T19:15:34.270\",\"lastModified\":\"2025-10-22T21:12:32.330\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A container privilege escalation flaw was found in certain AMQ Broker images. This issue stems from the /etc/passwd file being created with group-writable permissions during build time. In certain conditions, an attacker who can execute commands within an affected container, even as a non-root user, can leverage their membership in the root group to modify the /etc/passwd file. This could allow the attacker to add a new user with any arbitrary UID, including UID 0, leading to full root privileges within the container.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"secalert@redhat.com\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:H/A:L\",\"baseScore\":5.2,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"LOW\"},\"exploitabilityScore\":0.5,\"impactScore\":4.7}]},\"weaknesses\":[{\"source\":\"secalert@redhat.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-276\"}]}],\"references\":[{\"url\":\"https://access.redhat.com/errata/RHSA-2025:17562\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://access.redhat.com/security/cve/CVE-2025-58712\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=2394418\",\"source\":\"secalert@redhat.com\"}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-58712\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-10-22T18:25:27.188744Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-10-22T18:36:57.927Z\"}}], \"cna\": {\"title\": \"Amq: privilege escalation via excessive /etc/passwd permissions\", \"credits\": [{\"lang\": \"en\", \"value\": \"Red Hat would like to thank Antony Di Scala and Mike Whale for reporting this issue.\"}], \"metrics\": [{\"other\": {\"type\": \"Red Hat severity rating\", \"content\": {\"value\": \"Moderate\", \"namespace\": \"https://access.redhat.com/security/updates/classification/\"}}}, {\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 5.2, \"attackVector\": \"LOCAL\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:H/A:L\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"HIGH\", \"availabilityImpact\": \"LOW\", \"privilegesRequired\": \"HIGH\", \"confidentialityImpact\": \"LOW\"}}], \"affected\": [{\"cpes\": [\"cpe:/a:redhat:rhosemc:1.0::el9\"], \"vendor\": \"Red Hat\", \"product\": \"RHEL-9 based Middleware Containers\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"7.13.2-1\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"amq7/amq-broker-init-rhel9\", \"collectionURL\": \"https://catalog.redhat.com/software/containers/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:rhosemc:1.0::el9\"], \"vendor\": \"Red Hat\", \"product\": \"RHEL-9 based Middleware Containers\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"7.13.2-1\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"amq7/amq-broker-rhel9\", \"collectionURL\": \"https://catalog.redhat.com/software/containers/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:rhosemc:1.0::el9\"], \"vendor\": \"Red Hat\", \"product\": \"RHEL-9 based Middleware Containers\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"7.13.2-1\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"amq7/amq-broker-rhel9-operator\", \"collectionURL\": \"https://catalog.redhat.com/software/containers/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:rhosemc:1.0::el9\"], \"vendor\": \"Red Hat\", \"product\": \"RHEL-9 based Middleware Containers\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"7.13.2-1\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"amq7/amq-broker-rhel9-operator-bundle\", \"collectionURL\": \"https://catalog.redhat.com/software/containers/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:rhosemc:1.0::el9\"], \"vendor\": \"Red Hat\", \"product\": \"RHEL-9 based Middleware Containers\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"7.13.2-1\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"amq7-tech-preview/amq-broker-console-plugin-rhel9\", \"collectionURL\": \"https://catalog.redhat.com/software/containers/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:rhosemc:1.0::el9\"], \"vendor\": \"Red Hat\", \"product\": \"RHEL-9 based Middleware Containers\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"7.13.2-1\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"amq7-tech-preview/amq-broker-jolokia-api-server-rhel9\", \"collectionURL\": \"https://catalog.redhat.com/software/containers/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:amq_broker:7\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat AMQ Broker 7\", \"packageName\": \"amq-broker-init-rhel8\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:amq_broker:7\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat AMQ Broker 7\", \"packageName\": \"amq-broker-init-rhel9\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:amq_broker:7\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat AMQ Broker 7\", \"packageName\": \"amq-broker-rhel8\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:amq_broker:7\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat AMQ Broker 7\", \"packageName\": \"amq-broker-rhel9\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}], \"timeline\": [{\"lang\": \"en\", \"time\": \"2025-09-10T17:28:57.860000+00:00\", \"value\": \"Reported to Red Hat.\"}, {\"lang\": \"en\", \"time\": \"2025-10-07T14:26:00+00:00\", \"value\": \"Made public.\"}], \"datePublic\": \"2025-10-07T14:26:00.000Z\", \"references\": [{\"url\": \"https://access.redhat.com/errata/RHSA-2025:17562\", \"name\": \"RHSA-2025:17562\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/security/cve/CVE-2025-58712\", \"tags\": [\"vdb-entry\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=2394418\", \"name\": \"RHBZ#2394418\", \"tags\": [\"issue-tracking\", \"x_refsource_REDHAT\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"A container privilege escalation flaw was found in certain AMQ Broker images. This issue stems from the /etc/passwd file being created with group-writable permissions during build time. In certain conditions, an attacker who can execute commands within an affected container, even as a non-root user, can leverage their membership in the root group to modify the /etc/passwd file. This could allow the attacker to add a new user with any arbitrary UID, including UID 0, leading to full root privileges within the container.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-276\", \"description\": \"Incorrect Default Permissions\"}]}], \"providerMetadata\": {\"orgId\": \"53f830b8-0a3f-465b-8143-3b8a9948e749\", \"shortName\": \"redhat\", \"dateUpdated\": \"2025-10-22T18:44:00.684Z\"}, \"x_redhatCweChain\": \"CWE-276: Incorrect Default Permissions\"}}",
      "cveMetadata": "{\"cveId\": \"CVE-2025-58712\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-10-22T18:44:00.684Z\", \"dateReserved\": \"2025-09-03T15:20:52.036Z\", \"assignerOrgId\": \"53f830b8-0a3f-465b-8143-3b8a9948e749\", \"datePublished\": \"2025-10-22T18:19:06.763Z\", \"assignerShortName\": \"redhat\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

ghsa-r36m-fwrr-9f4g

Vulnerability from github

Published

2025-10-22 21:31

Modified

2025-10-22 21:31

Severity ?

5.2 (Medium) - CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:H/A:L

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2025-58712"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-276"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-10-22T19:15:34Z",
    "severity": "MODERATE"
  },
  "details": "A container privilege escalation flaw was found in certain AMQ Broker images. This issue stems from the /etc/passwd file being created with group-writable permissions during build time. In certain conditions, an attacker who can execute commands within an affected container, even as a non-root user, can leverage their membership in the root group to modify the /etc/passwd file. This could allow the attacker to add a new user with any arbitrary UID, including UID 0, leading to full root privileges within the container.",
  "id": "GHSA-r36m-fwrr-9f4g",
  "modified": "2025-10-22T21:31:33Z",
  "published": "2025-10-22T21:31:33Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58712"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2025:17562"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/security/cve/CVE-2025-58712"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2394418"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:H/A:L",
      "type": "CVSS_V3"
    }
  ]
}

rhsa-2025:17562

Vulnerability from csaf_redhat

Published

2025-10-08 14:38

Modified

2025-10-23 04:50

Summary

Red Hat Security Advisory: AMQ Broker 7.13.2.OPR.1.GA Container Images release and security update

Notes

Topic

This is the multiarch release of the AMQ Broker 7.13.2 aligned Operator and associated container images on Red Hat Enterprise Linux for the OpenShift Container Platform. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Details

Red Hat Middleware for OpenShift provides images for many of the Red Hat Middleware products for use within the OpenShift Container Platform cloud computing Platform-as-a-Service (PaaS) for on-premise or private cloud deployments. This release of Red Hat AMQ Broker 7.13.2 includes security and bug fixes, and enhancements. For further information, refer to the release notes linked to in the References section. Security Fix(es): * (CVE-2025-58712) amq-broker-init-rhel9: privilege escalation via excessive /etc/passwd permissions * (CVE-2025-58712) amq-broker-rhel9: privilege escalation via excessive /etc/passwd permissions For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. For information on supported configurations, see Red Hat AMQ Broker 7 Supported Configurations at https://access.redhat.com/articles/2791941

This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "This is the multiarch release of the AMQ Broker 7.13.2 aligned Operator and associated container images on Red Hat Enterprise Linux for the OpenShift Container Platform.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "Red Hat Middleware for OpenShift provides images for many of the Red Hat Middleware products for use within the OpenShift Container Platform cloud computing Platform-as-a-Service (PaaS) for on-premise or private cloud deployments.\n\nThis release of Red Hat AMQ Broker 7.13.2 includes security and bug fixes, and enhancements. For further information, refer to the release notes linked to in the References section.\n\nSecurity Fix(es):\n\n* (CVE-2025-58712) amq-broker-init-rhel9: privilege escalation via excessive /etc/passwd permissions\n* (CVE-2025-58712) amq-broker-rhel9: privilege escalation via excessive /etc/passwd permissions\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.\n\nFor information on supported configurations, see Red Hat AMQ Broker 7 Supported Configurations at https://access.redhat.com/articles/2791941",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2025:17562",
        "url": "https://access.redhat.com/errata/RHSA-2025:17562"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#moderate",
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification#moderate",
        "url": "https://access.redhat.com/security/updates/classification#moderate"
      },
      {
        "category": "external",
        "summary": "https://docs.redhat.com/en/documentation/red_hat_amq_broker/",
        "url": "https://docs.redhat.com/en/documentation/red_hat_amq_broker/"
      },
      {
        "category": "external",
        "summary": "2394418",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2394418"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_17562.json"
      }
    ],
    "title": "Red Hat Security Advisory: AMQ Broker 7.13.2.OPR.1.GA Container Images release and security update",
    "tracking": {
      "current_release_date": "2025-10-23T04:50:31+00:00",
      "generator": {
        "date": "2025-10-23T04:50:31+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.6.9"
        }
      },
      "id": "RHSA-2025:17562",
      "initial_release_date": "2025-10-08T14:38:05+00:00",
      "revision_history": [
        {
          "date": "2025-10-08T14:38:05+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2025-10-08T14:38:05+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2025-10-23T04:50:31+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Middleware Containers for Openshift",
                "product": {
                  "name": "Middleware Containers for Openshift",
                  "product_id": "9Base-RHOSE-Middleware",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhosemc:1.0::el9"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat OpenShift Enterprise"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "amq7/amq-broker-init-rhel9@sha256:725b875c9ca96582d691aef2220b14e22f75e6840b987f48bf1333f428cfa1f7_ppc64le",
                "product": {
                  "name": "amq7/amq-broker-init-rhel9@sha256:725b875c9ca96582d691aef2220b14e22f75e6840b987f48bf1333f428cfa1f7_ppc64le",
                  "product_id": "amq7/amq-broker-init-rhel9@sha256:725b875c9ca96582d691aef2220b14e22f75e6840b987f48bf1333f428cfa1f7_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/amq-broker-init-rhel9@sha256:725b875c9ca96582d691aef2220b14e22f75e6840b987f48bf1333f428cfa1f7?arch=ppc64le\u0026repository_url=registry.redhat.io/amq7/amq-broker-init-rhel9\u0026tag=7.13.2-1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "amq7-tech-preview/amq-broker-jolokia-api-server-rhel9@sha256:e03e5adcfe23118c42cfe6eaa5de710128ebcd1188582c3d39cd2fd0f16af01e_ppc64le",
                "product": {
                  "name": "amq7-tech-preview/amq-broker-jolokia-api-server-rhel9@sha256:e03e5adcfe23118c42cfe6eaa5de710128ebcd1188582c3d39cd2fd0f16af01e_ppc64le",
                  "product_id": "amq7-tech-preview/amq-broker-jolokia-api-server-rhel9@sha256:e03e5adcfe23118c42cfe6eaa5de710128ebcd1188582c3d39cd2fd0f16af01e_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/amq-broker-jolokia-api-server-rhel9@sha256:e03e5adcfe23118c42cfe6eaa5de710128ebcd1188582c3d39cd2fd0f16af01e?arch=ppc64le\u0026repository_url=registry.redhat.io/amq7-tech-preview/amq-broker-jolokia-api-server-rhel9\u0026tag=7.13.2-1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "amq7/amq-broker-rhel9@sha256:9a3b7a41a2d0e7ab6a6f804d092f271feae675c39db3101f20318201360ca840_ppc64le",
                "product": {
                  "name": "amq7/amq-broker-rhel9@sha256:9a3b7a41a2d0e7ab6a6f804d092f271feae675c39db3101f20318201360ca840_ppc64le",
                  "product_id": "amq7/amq-broker-rhel9@sha256:9a3b7a41a2d0e7ab6a6f804d092f271feae675c39db3101f20318201360ca840_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/amq-broker-rhel9@sha256:9a3b7a41a2d0e7ab6a6f804d092f271feae675c39db3101f20318201360ca840?arch=ppc64le\u0026repository_url=registry.redhat.io/amq7/amq-broker-rhel9\u0026tag=7.13.2-1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "amq7/amq-broker-rhel9-operator@sha256:d3d35ae65371c65e84c93608d1dc4f1516e822d078d60a712c2bbb59a4350991_ppc64le",
                "product": {
                  "name": "amq7/amq-broker-rhel9-operator@sha256:d3d35ae65371c65e84c93608d1dc4f1516e822d078d60a712c2bbb59a4350991_ppc64le",
                  "product_id": "amq7/amq-broker-rhel9-operator@sha256:d3d35ae65371c65e84c93608d1dc4f1516e822d078d60a712c2bbb59a4350991_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/amq-broker-rhel9-operator@sha256:d3d35ae65371c65e84c93608d1dc4f1516e822d078d60a712c2bbb59a4350991?arch=ppc64le\u0026repository_url=registry.redhat.io/amq7/amq-broker-rhel9-operator\u0026tag=7.13.2-1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "amq7-tech-preview/amq-broker-console-plugin-rhel9@sha256:df06cfeedcc4d41d66a392a95cd103d4562b6a33f4ca665c35f310b099e61bc2_ppc64le",
                "product": {
                  "name": "amq7-tech-preview/amq-broker-console-plugin-rhel9@sha256:df06cfeedcc4d41d66a392a95cd103d4562b6a33f4ca665c35f310b099e61bc2_ppc64le",
                  "product_id": "amq7-tech-preview/amq-broker-console-plugin-rhel9@sha256:df06cfeedcc4d41d66a392a95cd103d4562b6a33f4ca665c35f310b099e61bc2_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/amq-broker-console-plugin-rhel9@sha256:df06cfeedcc4d41d66a392a95cd103d4562b6a33f4ca665c35f310b099e61bc2?arch=ppc64le\u0026repository_url=registry.redhat.io/amq7-tech-preview/amq-broker-console-plugin-rhel9\u0026tag=7.13.2-1"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "amq7/amq-broker-init-rhel9@sha256:1855ee7290a6b7446e5adc64ca447cb5d3fb462fb11a0d01cb9b5ef67ad666bb_amd64",
                "product": {
                  "name": "amq7/amq-broker-init-rhel9@sha256:1855ee7290a6b7446e5adc64ca447cb5d3fb462fb11a0d01cb9b5ef67ad666bb_amd64",
                  "product_id": "amq7/amq-broker-init-rhel9@sha256:1855ee7290a6b7446e5adc64ca447cb5d3fb462fb11a0d01cb9b5ef67ad666bb_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/amq-broker-init-rhel9@sha256:1855ee7290a6b7446e5adc64ca447cb5d3fb462fb11a0d01cb9b5ef67ad666bb?arch=amd64\u0026repository_url=registry.redhat.io/amq7/amq-broker-init-rhel9\u0026tag=7.13.2-1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "amq7-tech-preview/amq-broker-jolokia-api-server-rhel9@sha256:860d4857f8f78e187700097f7e284881ebcd3cc546be5c5e10dbecf062fb0743_amd64",
                "product": {
                  "name": "amq7-tech-preview/amq-broker-jolokia-api-server-rhel9@sha256:860d4857f8f78e187700097f7e284881ebcd3cc546be5c5e10dbecf062fb0743_amd64",
                  "product_id": "amq7-tech-preview/amq-broker-jolokia-api-server-rhel9@sha256:860d4857f8f78e187700097f7e284881ebcd3cc546be5c5e10dbecf062fb0743_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/amq-broker-jolokia-api-server-rhel9@sha256:860d4857f8f78e187700097f7e284881ebcd3cc546be5c5e10dbecf062fb0743?arch=amd64\u0026repository_url=registry.redhat.io/amq7-tech-preview/amq-broker-jolokia-api-server-rhel9\u0026tag=7.13.2-1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "amq7/amq-broker-rhel9@sha256:ea91a6449ec9b6311ed3ff1294212dd746dc64a040bb797b5fda42f4f29efcb5_amd64",
                "product": {
                  "name": "amq7/amq-broker-rhel9@sha256:ea91a6449ec9b6311ed3ff1294212dd746dc64a040bb797b5fda42f4f29efcb5_amd64",
                  "product_id": "amq7/amq-broker-rhel9@sha256:ea91a6449ec9b6311ed3ff1294212dd746dc64a040bb797b5fda42f4f29efcb5_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/amq-broker-rhel9@sha256:ea91a6449ec9b6311ed3ff1294212dd746dc64a040bb797b5fda42f4f29efcb5?arch=amd64\u0026repository_url=registry.redhat.io/amq7/amq-broker-rhel9\u0026tag=7.13.2-1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "amq7/amq-broker-rhel9-operator-bundle@sha256:33f584255364b8f5cc7e37f14d7a257b4414716872323433374001df2eb47c7d_amd64",
                "product": {
                  "name": "amq7/amq-broker-rhel9-operator-bundle@sha256:33f584255364b8f5cc7e37f14d7a257b4414716872323433374001df2eb47c7d_amd64",
                  "product_id": "amq7/amq-broker-rhel9-operator-bundle@sha256:33f584255364b8f5cc7e37f14d7a257b4414716872323433374001df2eb47c7d_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/amq-broker-rhel9-operator-bundle@sha256:33f584255364b8f5cc7e37f14d7a257b4414716872323433374001df2eb47c7d?arch=amd64\u0026repository_url=registry.redhat.io/amq7/amq-broker-rhel9-operator-bundle\u0026tag=7.13.2-1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "amq7/amq-broker-rhel9-operator@sha256:e06ad5a9fb69f76088bdd5ab5a4271ca62c78659fbffd9e7c632a8e5466cfd6b_amd64",
                "product": {
                  "name": "amq7/amq-broker-rhel9-operator@sha256:e06ad5a9fb69f76088bdd5ab5a4271ca62c78659fbffd9e7c632a8e5466cfd6b_amd64",
                  "product_id": "amq7/amq-broker-rhel9-operator@sha256:e06ad5a9fb69f76088bdd5ab5a4271ca62c78659fbffd9e7c632a8e5466cfd6b_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/amq-broker-rhel9-operator@sha256:e06ad5a9fb69f76088bdd5ab5a4271ca62c78659fbffd9e7c632a8e5466cfd6b?arch=amd64\u0026repository_url=registry.redhat.io/amq7/amq-broker-rhel9-operator\u0026tag=7.13.2-1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "amq7-tech-preview/amq-broker-console-plugin-rhel9@sha256:0c2b3d12e0c749b62659fd95781f17510e71abd8659d8e8e2e77b37e43297f6c_amd64",
                "product": {
                  "name": "amq7-tech-preview/amq-broker-console-plugin-rhel9@sha256:0c2b3d12e0c749b62659fd95781f17510e71abd8659d8e8e2e77b37e43297f6c_amd64",
                  "product_id": "amq7-tech-preview/amq-broker-console-plugin-rhel9@sha256:0c2b3d12e0c749b62659fd95781f17510e71abd8659d8e8e2e77b37e43297f6c_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/amq-broker-console-plugin-rhel9@sha256:0c2b3d12e0c749b62659fd95781f17510e71abd8659d8e8e2e77b37e43297f6c?arch=amd64\u0026repository_url=registry.redhat.io/amq7-tech-preview/amq-broker-console-plugin-rhel9\u0026tag=7.13.2-1"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "amd64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "amq7/amq-broker-init-rhel9@sha256:869954655497885a4567939746a1d044df1479321b4cac63ee93d629738124dc_arm64",
                "product": {
                  "name": "amq7/amq-broker-init-rhel9@sha256:869954655497885a4567939746a1d044df1479321b4cac63ee93d629738124dc_arm64",
                  "product_id": "amq7/amq-broker-init-rhel9@sha256:869954655497885a4567939746a1d044df1479321b4cac63ee93d629738124dc_arm64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/amq-broker-init-rhel9@sha256:869954655497885a4567939746a1d044df1479321b4cac63ee93d629738124dc?arch=arm64\u0026repository_url=registry.redhat.io/amq7/amq-broker-init-rhel9\u0026tag=7.13.2-1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "amq7-tech-preview/amq-broker-jolokia-api-server-rhel9@sha256:5bea712e835fa8531b0a2c25ebd89fbd43cb1efbf86361bd66886f6894ac8660_arm64",
                "product": {
                  "name": "amq7-tech-preview/amq-broker-jolokia-api-server-rhel9@sha256:5bea712e835fa8531b0a2c25ebd89fbd43cb1efbf86361bd66886f6894ac8660_arm64",
                  "product_id": "amq7-tech-preview/amq-broker-jolokia-api-server-rhel9@sha256:5bea712e835fa8531b0a2c25ebd89fbd43cb1efbf86361bd66886f6894ac8660_arm64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/amq-broker-jolokia-api-server-rhel9@sha256:5bea712e835fa8531b0a2c25ebd89fbd43cb1efbf86361bd66886f6894ac8660?arch=arm64\u0026repository_url=registry.redhat.io/amq7-tech-preview/amq-broker-jolokia-api-server-rhel9\u0026tag=7.13.2-1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "amq7/amq-broker-rhel9@sha256:9ab9abec5a6a22c5b8b893c03e5257c3362a8afeb93b6f171d411b35acd02d87_arm64",
                "product": {
                  "name": "amq7/amq-broker-rhel9@sha256:9ab9abec5a6a22c5b8b893c03e5257c3362a8afeb93b6f171d411b35acd02d87_arm64",
                  "product_id": "amq7/amq-broker-rhel9@sha256:9ab9abec5a6a22c5b8b893c03e5257c3362a8afeb93b6f171d411b35acd02d87_arm64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/amq-broker-rhel9@sha256:9ab9abec5a6a22c5b8b893c03e5257c3362a8afeb93b6f171d411b35acd02d87?arch=arm64\u0026repository_url=registry.redhat.io/amq7/amq-broker-rhel9\u0026tag=7.13.2-1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "amq7/amq-broker-rhel9-operator@sha256:3ae4080c838322980d13a5acb981c5584ec1512c7d59b7d6cee0bdc157682851_arm64",
                "product": {
                  "name": "amq7/amq-broker-rhel9-operator@sha256:3ae4080c838322980d13a5acb981c5584ec1512c7d59b7d6cee0bdc157682851_arm64",
                  "product_id": "amq7/amq-broker-rhel9-operator@sha256:3ae4080c838322980d13a5acb981c5584ec1512c7d59b7d6cee0bdc157682851_arm64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/amq-broker-rhel9-operator@sha256:3ae4080c838322980d13a5acb981c5584ec1512c7d59b7d6cee0bdc157682851?arch=arm64\u0026repository_url=registry.redhat.io/amq7/amq-broker-rhel9-operator\u0026tag=7.13.2-1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "amq7-tech-preview/amq-broker-console-plugin-rhel9@sha256:8018dcfd760803867e3b5d7d52679343325e42fb9e7bd6286fbf3edcfaf3f721_arm64",
                "product": {
                  "name": "amq7-tech-preview/amq-broker-console-plugin-rhel9@sha256:8018dcfd760803867e3b5d7d52679343325e42fb9e7bd6286fbf3edcfaf3f721_arm64",
                  "product_id": "amq7-tech-preview/amq-broker-console-plugin-rhel9@sha256:8018dcfd760803867e3b5d7d52679343325e42fb9e7bd6286fbf3edcfaf3f721_arm64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/amq-broker-console-plugin-rhel9@sha256:8018dcfd760803867e3b5d7d52679343325e42fb9e7bd6286fbf3edcfaf3f721?arch=arm64\u0026repository_url=registry.redhat.io/amq7-tech-preview/amq-broker-console-plugin-rhel9\u0026tag=7.13.2-1"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "arm64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "amq7/amq-broker-init-rhel9@sha256:341a80c596eb555d435d2489132cb89fe47e9a0e40f2045b5773a81889063946_s390x",
                "product": {
                  "name": "amq7/amq-broker-init-rhel9@sha256:341a80c596eb555d435d2489132cb89fe47e9a0e40f2045b5773a81889063946_s390x",
                  "product_id": "amq7/amq-broker-init-rhel9@sha256:341a80c596eb555d435d2489132cb89fe47e9a0e40f2045b5773a81889063946_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/amq-broker-init-rhel9@sha256:341a80c596eb555d435d2489132cb89fe47e9a0e40f2045b5773a81889063946?arch=s390x\u0026repository_url=registry.redhat.io/amq7/amq-broker-init-rhel9\u0026tag=7.13.2-1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "amq7-tech-preview/amq-broker-jolokia-api-server-rhel9@sha256:03189040dfd46fb9d77821e82b6e476c827d435780fd5601a14a2fc427c62ac8_s390x",
                "product": {
                  "name": "amq7-tech-preview/amq-broker-jolokia-api-server-rhel9@sha256:03189040dfd46fb9d77821e82b6e476c827d435780fd5601a14a2fc427c62ac8_s390x",
                  "product_id": "amq7-tech-preview/amq-broker-jolokia-api-server-rhel9@sha256:03189040dfd46fb9d77821e82b6e476c827d435780fd5601a14a2fc427c62ac8_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/amq-broker-jolokia-api-server-rhel9@sha256:03189040dfd46fb9d77821e82b6e476c827d435780fd5601a14a2fc427c62ac8?arch=s390x\u0026repository_url=registry.redhat.io/amq7-tech-preview/amq-broker-jolokia-api-server-rhel9\u0026tag=7.13.2-1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "amq7/amq-broker-rhel9@sha256:6ee2d7b346cf6c7fe9a3dd7846e0907bfe7241cd9b8139cf6eaeb0a8dbb0a427_s390x",
                "product": {
                  "name": "amq7/amq-broker-rhel9@sha256:6ee2d7b346cf6c7fe9a3dd7846e0907bfe7241cd9b8139cf6eaeb0a8dbb0a427_s390x",
                  "product_id": "amq7/amq-broker-rhel9@sha256:6ee2d7b346cf6c7fe9a3dd7846e0907bfe7241cd9b8139cf6eaeb0a8dbb0a427_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/amq-broker-rhel9@sha256:6ee2d7b346cf6c7fe9a3dd7846e0907bfe7241cd9b8139cf6eaeb0a8dbb0a427?arch=s390x\u0026repository_url=registry.redhat.io/amq7/amq-broker-rhel9\u0026tag=7.13.2-1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "amq7/amq-broker-rhel9-operator@sha256:98291e2f50cc6f2313096ab5b51dcaa1e0d3232236fa6d839cfe63fbeaec0cb5_s390x",
                "product": {
                  "name": "amq7/amq-broker-rhel9-operator@sha256:98291e2f50cc6f2313096ab5b51dcaa1e0d3232236fa6d839cfe63fbeaec0cb5_s390x",
                  "product_id": "amq7/amq-broker-rhel9-operator@sha256:98291e2f50cc6f2313096ab5b51dcaa1e0d3232236fa6d839cfe63fbeaec0cb5_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/amq-broker-rhel9-operator@sha256:98291e2f50cc6f2313096ab5b51dcaa1e0d3232236fa6d839cfe63fbeaec0cb5?arch=s390x\u0026repository_url=registry.redhat.io/amq7/amq-broker-rhel9-operator\u0026tag=7.13.2-1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "amq7-tech-preview/amq-broker-console-plugin-rhel9@sha256:d165fa9eaa342e52b7ea9f17edff7a8b816acab21610ddedb34c0fd45c255004_s390x",
                "product": {
                  "name": "amq7-tech-preview/amq-broker-console-plugin-rhel9@sha256:d165fa9eaa342e52b7ea9f17edff7a8b816acab21610ddedb34c0fd45c255004_s390x",
                  "product_id": "amq7-tech-preview/amq-broker-console-plugin-rhel9@sha256:d165fa9eaa342e52b7ea9f17edff7a8b816acab21610ddedb34c0fd45c255004_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/amq-broker-console-plugin-rhel9@sha256:d165fa9eaa342e52b7ea9f17edff7a8b816acab21610ddedb34c0fd45c255004?arch=s390x\u0026repository_url=registry.redhat.io/amq7-tech-preview/amq-broker-console-plugin-rhel9\u0026tag=7.13.2-1"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "amq7-tech-preview/amq-broker-console-plugin-rhel9@sha256:0c2b3d12e0c749b62659fd95781f17510e71abd8659d8e8e2e77b37e43297f6c_amd64 as a component of Middleware Containers for Openshift",
          "product_id": "9Base-RHOSE-Middleware:amq7-tech-preview/amq-broker-console-plugin-rhel9@sha256:0c2b3d12e0c749b62659fd95781f17510e71abd8659d8e8e2e77b37e43297f6c_amd64"
        },
        "product_reference": "amq7-tech-preview/amq-broker-console-plugin-rhel9@sha256:0c2b3d12e0c749b62659fd95781f17510e71abd8659d8e8e2e77b37e43297f6c_amd64",
        "relates_to_product_reference": "9Base-RHOSE-Middleware"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "amq7-tech-preview/amq-broker-console-plugin-rhel9@sha256:8018dcfd760803867e3b5d7d52679343325e42fb9e7bd6286fbf3edcfaf3f721_arm64 as a component of Middleware Containers for Openshift",
          "product_id": "9Base-RHOSE-Middleware:amq7-tech-preview/amq-broker-console-plugin-rhel9@sha256:8018dcfd760803867e3b5d7d52679343325e42fb9e7bd6286fbf3edcfaf3f721_arm64"
        },
        "product_reference": "amq7-tech-preview/amq-broker-console-plugin-rhel9@sha256:8018dcfd760803867e3b5d7d52679343325e42fb9e7bd6286fbf3edcfaf3f721_arm64",
        "relates_to_product_reference": "9Base-RHOSE-Middleware"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "amq7-tech-preview/amq-broker-console-plugin-rhel9@sha256:d165fa9eaa342e52b7ea9f17edff7a8b816acab21610ddedb34c0fd45c255004_s390x as a component of Middleware Containers for Openshift",
          "product_id": "9Base-RHOSE-Middleware:amq7-tech-preview/amq-broker-console-plugin-rhel9@sha256:d165fa9eaa342e52b7ea9f17edff7a8b816acab21610ddedb34c0fd45c255004_s390x"
        },
        "product_reference": "amq7-tech-preview/amq-broker-console-plugin-rhel9@sha256:d165fa9eaa342e52b7ea9f17edff7a8b816acab21610ddedb34c0fd45c255004_s390x",
        "relates_to_product_reference": "9Base-RHOSE-Middleware"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "amq7-tech-preview/amq-broker-console-plugin-rhel9@sha256:df06cfeedcc4d41d66a392a95cd103d4562b6a33f4ca665c35f310b099e61bc2_ppc64le as a component of Middleware Containers for Openshift",
          "product_id": "9Base-RHOSE-Middleware:amq7-tech-preview/amq-broker-console-plugin-rhel9@sha256:df06cfeedcc4d41d66a392a95cd103d4562b6a33f4ca665c35f310b099e61bc2_ppc64le"
        },
        "product_reference": "amq7-tech-preview/amq-broker-console-plugin-rhel9@sha256:df06cfeedcc4d41d66a392a95cd103d4562b6a33f4ca665c35f310b099e61bc2_ppc64le",
        "relates_to_product_reference": "9Base-RHOSE-Middleware"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "amq7-tech-preview/amq-broker-jolokia-api-server-rhel9@sha256:03189040dfd46fb9d77821e82b6e476c827d435780fd5601a14a2fc427c62ac8_s390x as a component of Middleware Containers for Openshift",
          "product_id": "9Base-RHOSE-Middleware:amq7-tech-preview/amq-broker-jolokia-api-server-rhel9@sha256:03189040dfd46fb9d77821e82b6e476c827d435780fd5601a14a2fc427c62ac8_s390x"
        },
        "product_reference": "amq7-tech-preview/amq-broker-jolokia-api-server-rhel9@sha256:03189040dfd46fb9d77821e82b6e476c827d435780fd5601a14a2fc427c62ac8_s390x",
        "relates_to_product_reference": "9Base-RHOSE-Middleware"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "amq7-tech-preview/amq-broker-jolokia-api-server-rhel9@sha256:5bea712e835fa8531b0a2c25ebd89fbd43cb1efbf86361bd66886f6894ac8660_arm64 as a component of Middleware Containers for Openshift",
          "product_id": "9Base-RHOSE-Middleware:amq7-tech-preview/amq-broker-jolokia-api-server-rhel9@sha256:5bea712e835fa8531b0a2c25ebd89fbd43cb1efbf86361bd66886f6894ac8660_arm64"
        },
        "product_reference": "amq7-tech-preview/amq-broker-jolokia-api-server-rhel9@sha256:5bea712e835fa8531b0a2c25ebd89fbd43cb1efbf86361bd66886f6894ac8660_arm64",
        "relates_to_product_reference": "9Base-RHOSE-Middleware"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "amq7-tech-preview/amq-broker-jolokia-api-server-rhel9@sha256:860d4857f8f78e187700097f7e284881ebcd3cc546be5c5e10dbecf062fb0743_amd64 as a component of Middleware Containers for Openshift",
          "product_id": "9Base-RHOSE-Middleware:amq7-tech-preview/amq-broker-jolokia-api-server-rhel9@sha256:860d4857f8f78e187700097f7e284881ebcd3cc546be5c5e10dbecf062fb0743_amd64"
        },
        "product_reference": "amq7-tech-preview/amq-broker-jolokia-api-server-rhel9@sha256:860d4857f8f78e187700097f7e284881ebcd3cc546be5c5e10dbecf062fb0743_amd64",
        "relates_to_product_reference": "9Base-RHOSE-Middleware"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "amq7-tech-preview/amq-broker-jolokia-api-server-rhel9@sha256:e03e5adcfe23118c42cfe6eaa5de710128ebcd1188582c3d39cd2fd0f16af01e_ppc64le as a component of Middleware Containers for Openshift",
          "product_id": "9Base-RHOSE-Middleware:amq7-tech-preview/amq-broker-jolokia-api-server-rhel9@sha256:e03e5adcfe23118c42cfe6eaa5de710128ebcd1188582c3d39cd2fd0f16af01e_ppc64le"
        },
        "product_reference": "amq7-tech-preview/amq-broker-jolokia-api-server-rhel9@sha256:e03e5adcfe23118c42cfe6eaa5de710128ebcd1188582c3d39cd2fd0f16af01e_ppc64le",
        "relates_to_product_reference": "9Base-RHOSE-Middleware"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "amq7/amq-broker-init-rhel9@sha256:1855ee7290a6b7446e5adc64ca447cb5d3fb462fb11a0d01cb9b5ef67ad666bb_amd64 as a component of Middleware Containers for Openshift",
          "product_id": "9Base-RHOSE-Middleware:amq7/amq-broker-init-rhel9@sha256:1855ee7290a6b7446e5adc64ca447cb5d3fb462fb11a0d01cb9b5ef67ad666bb_amd64"
        },
        "product_reference": "amq7/amq-broker-init-rhel9@sha256:1855ee7290a6b7446e5adc64ca447cb5d3fb462fb11a0d01cb9b5ef67ad666bb_amd64",
        "relates_to_product_reference": "9Base-RHOSE-Middleware"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "amq7/amq-broker-init-rhel9@sha256:341a80c596eb555d435d2489132cb89fe47e9a0e40f2045b5773a81889063946_s390x as a component of Middleware Containers for Openshift",
          "product_id": "9Base-RHOSE-Middleware:amq7/amq-broker-init-rhel9@sha256:341a80c596eb555d435d2489132cb89fe47e9a0e40f2045b5773a81889063946_s390x"
        },
        "product_reference": "amq7/amq-broker-init-rhel9@sha256:341a80c596eb555d435d2489132cb89fe47e9a0e40f2045b5773a81889063946_s390x",
        "relates_to_product_reference": "9Base-RHOSE-Middleware"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "amq7/amq-broker-init-rhel9@sha256:725b875c9ca96582d691aef2220b14e22f75e6840b987f48bf1333f428cfa1f7_ppc64le as a component of Middleware Containers for Openshift",
          "product_id": "9Base-RHOSE-Middleware:amq7/amq-broker-init-rhel9@sha256:725b875c9ca96582d691aef2220b14e22f75e6840b987f48bf1333f428cfa1f7_ppc64le"
        },
        "product_reference": "amq7/amq-broker-init-rhel9@sha256:725b875c9ca96582d691aef2220b14e22f75e6840b987f48bf1333f428cfa1f7_ppc64le",
        "relates_to_product_reference": "9Base-RHOSE-Middleware"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "amq7/amq-broker-init-rhel9@sha256:869954655497885a4567939746a1d044df1479321b4cac63ee93d629738124dc_arm64 as a component of Middleware Containers for Openshift",
          "product_id": "9Base-RHOSE-Middleware:amq7/amq-broker-init-rhel9@sha256:869954655497885a4567939746a1d044df1479321b4cac63ee93d629738124dc_arm64"
        },
        "product_reference": "amq7/amq-broker-init-rhel9@sha256:869954655497885a4567939746a1d044df1479321b4cac63ee93d629738124dc_arm64",
        "relates_to_product_reference": "9Base-RHOSE-Middleware"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "amq7/amq-broker-rhel9-operator-bundle@sha256:33f584255364b8f5cc7e37f14d7a257b4414716872323433374001df2eb47c7d_amd64 as a component of Middleware Containers for Openshift",
          "product_id": "9Base-RHOSE-Middleware:amq7/amq-broker-rhel9-operator-bundle@sha256:33f584255364b8f5cc7e37f14d7a257b4414716872323433374001df2eb47c7d_amd64"
        },
        "product_reference": "amq7/amq-broker-rhel9-operator-bundle@sha256:33f584255364b8f5cc7e37f14d7a257b4414716872323433374001df2eb47c7d_amd64",
        "relates_to_product_reference": "9Base-RHOSE-Middleware"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "amq7/amq-broker-rhel9-operator@sha256:3ae4080c838322980d13a5acb981c5584ec1512c7d59b7d6cee0bdc157682851_arm64 as a component of Middleware Containers for Openshift",
          "product_id": "9Base-RHOSE-Middleware:amq7/amq-broker-rhel9-operator@sha256:3ae4080c838322980d13a5acb981c5584ec1512c7d59b7d6cee0bdc157682851_arm64"
        },
        "product_reference": "amq7/amq-broker-rhel9-operator@sha256:3ae4080c838322980d13a5acb981c5584ec1512c7d59b7d6cee0bdc157682851_arm64",
        "relates_to_product_reference": "9Base-RHOSE-Middleware"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "amq7/amq-broker-rhel9-operator@sha256:98291e2f50cc6f2313096ab5b51dcaa1e0d3232236fa6d839cfe63fbeaec0cb5_s390x as a component of Middleware Containers for Openshift",
          "product_id": "9Base-RHOSE-Middleware:amq7/amq-broker-rhel9-operator@sha256:98291e2f50cc6f2313096ab5b51dcaa1e0d3232236fa6d839cfe63fbeaec0cb5_s390x"
        },
        "product_reference": "amq7/amq-broker-rhel9-operator@sha256:98291e2f50cc6f2313096ab5b51dcaa1e0d3232236fa6d839cfe63fbeaec0cb5_s390x",
        "relates_to_product_reference": "9Base-RHOSE-Middleware"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "amq7/amq-broker-rhel9-operator@sha256:d3d35ae65371c65e84c93608d1dc4f1516e822d078d60a712c2bbb59a4350991_ppc64le as a component of Middleware Containers for Openshift",
          "product_id": "9Base-RHOSE-Middleware:amq7/amq-broker-rhel9-operator@sha256:d3d35ae65371c65e84c93608d1dc4f1516e822d078d60a712c2bbb59a4350991_ppc64le"
        },
        "product_reference": "amq7/amq-broker-rhel9-operator@sha256:d3d35ae65371c65e84c93608d1dc4f1516e822d078d60a712c2bbb59a4350991_ppc64le",
        "relates_to_product_reference": "9Base-RHOSE-Middleware"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "amq7/amq-broker-rhel9-operator@sha256:e06ad5a9fb69f76088bdd5ab5a4271ca62c78659fbffd9e7c632a8e5466cfd6b_amd64 as a component of Middleware Containers for Openshift",
          "product_id": "9Base-RHOSE-Middleware:amq7/amq-broker-rhel9-operator@sha256:e06ad5a9fb69f76088bdd5ab5a4271ca62c78659fbffd9e7c632a8e5466cfd6b_amd64"
        },
        "product_reference": "amq7/amq-broker-rhel9-operator@sha256:e06ad5a9fb69f76088bdd5ab5a4271ca62c78659fbffd9e7c632a8e5466cfd6b_amd64",
        "relates_to_product_reference": "9Base-RHOSE-Middleware"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "amq7/amq-broker-rhel9@sha256:6ee2d7b346cf6c7fe9a3dd7846e0907bfe7241cd9b8139cf6eaeb0a8dbb0a427_s390x as a component of Middleware Containers for Openshift",
          "product_id": "9Base-RHOSE-Middleware:amq7/amq-broker-rhel9@sha256:6ee2d7b346cf6c7fe9a3dd7846e0907bfe7241cd9b8139cf6eaeb0a8dbb0a427_s390x"
        },
        "product_reference": "amq7/amq-broker-rhel9@sha256:6ee2d7b346cf6c7fe9a3dd7846e0907bfe7241cd9b8139cf6eaeb0a8dbb0a427_s390x",
        "relates_to_product_reference": "9Base-RHOSE-Middleware"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "amq7/amq-broker-rhel9@sha256:9a3b7a41a2d0e7ab6a6f804d092f271feae675c39db3101f20318201360ca840_ppc64le as a component of Middleware Containers for Openshift",
          "product_id": "9Base-RHOSE-Middleware:amq7/amq-broker-rhel9@sha256:9a3b7a41a2d0e7ab6a6f804d092f271feae675c39db3101f20318201360ca840_ppc64le"
        },
        "product_reference": "amq7/amq-broker-rhel9@sha256:9a3b7a41a2d0e7ab6a6f804d092f271feae675c39db3101f20318201360ca840_ppc64le",
        "relates_to_product_reference": "9Base-RHOSE-Middleware"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "amq7/amq-broker-rhel9@sha256:9ab9abec5a6a22c5b8b893c03e5257c3362a8afeb93b6f171d411b35acd02d87_arm64 as a component of Middleware Containers for Openshift",
          "product_id": "9Base-RHOSE-Middleware:amq7/amq-broker-rhel9@sha256:9ab9abec5a6a22c5b8b893c03e5257c3362a8afeb93b6f171d411b35acd02d87_arm64"
        },
        "product_reference": "amq7/amq-broker-rhel9@sha256:9ab9abec5a6a22c5b8b893c03e5257c3362a8afeb93b6f171d411b35acd02d87_arm64",
        "relates_to_product_reference": "9Base-RHOSE-Middleware"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "amq7/amq-broker-rhel9@sha256:ea91a6449ec9b6311ed3ff1294212dd746dc64a040bb797b5fda42f4f29efcb5_amd64 as a component of Middleware Containers for Openshift",
          "product_id": "9Base-RHOSE-Middleware:amq7/amq-broker-rhel9@sha256:ea91a6449ec9b6311ed3ff1294212dd746dc64a040bb797b5fda42f4f29efcb5_amd64"
        },
        "product_reference": "amq7/amq-broker-rhel9@sha256:ea91a6449ec9b6311ed3ff1294212dd746dc64a040bb797b5fda42f4f29efcb5_amd64",
        "relates_to_product_reference": "9Base-RHOSE-Middleware"
      }
    ]
  },
  "vulnerabilities": [
    {
      "acknowledgments": [
        {
          "names": [
            "Antony Di Scala",
            "Mike Whale"
          ]
        }
      ],
      "cve": "CVE-2025-58712",
      "cwe": {
        "id": "CWE-276",
        "name": "Incorrect Default Permissions"
      },
      "discovery_date": "2025-09-10T17:28:57.860000+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2394418"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A container privilege escalation flaw was found in certain AMQ Broker images. This issue stems from the /etc/passwd file being created with group-writable permissions during build time. In certain conditions, an attacker who can execute commands within an affected container, even as a non-root user, can leverage their membership in the root group to modify the /etc/passwd file. This could allow the attacker to add a new user with any arbitrary UID, including UID 0, leading to full root privileges within the container.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "amq: privilege escalation via excessive /etc/passwd permissions",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "9Base-RHOSE-Middleware:amq7-tech-preview/amq-broker-console-plugin-rhel9@sha256:0c2b3d12e0c749b62659fd95781f17510e71abd8659d8e8e2e77b37e43297f6c_amd64",
          "9Base-RHOSE-Middleware:amq7-tech-preview/amq-broker-console-plugin-rhel9@sha256:8018dcfd760803867e3b5d7d52679343325e42fb9e7bd6286fbf3edcfaf3f721_arm64",
          "9Base-RHOSE-Middleware:amq7-tech-preview/amq-broker-console-plugin-rhel9@sha256:d165fa9eaa342e52b7ea9f17edff7a8b816acab21610ddedb34c0fd45c255004_s390x",
          "9Base-RHOSE-Middleware:amq7-tech-preview/amq-broker-console-plugin-rhel9@sha256:df06cfeedcc4d41d66a392a95cd103d4562b6a33f4ca665c35f310b099e61bc2_ppc64le",
          "9Base-RHOSE-Middleware:amq7-tech-preview/amq-broker-jolokia-api-server-rhel9@sha256:03189040dfd46fb9d77821e82b6e476c827d435780fd5601a14a2fc427c62ac8_s390x",
          "9Base-RHOSE-Middleware:amq7-tech-preview/amq-broker-jolokia-api-server-rhel9@sha256:5bea712e835fa8531b0a2c25ebd89fbd43cb1efbf86361bd66886f6894ac8660_arm64",
          "9Base-RHOSE-Middleware:amq7-tech-preview/amq-broker-jolokia-api-server-rhel9@sha256:860d4857f8f78e187700097f7e284881ebcd3cc546be5c5e10dbecf062fb0743_amd64",
          "9Base-RHOSE-Middleware:amq7-tech-preview/amq-broker-jolokia-api-server-rhel9@sha256:e03e5adcfe23118c42cfe6eaa5de710128ebcd1188582c3d39cd2fd0f16af01e_ppc64le",
          "9Base-RHOSE-Middleware:amq7/amq-broker-init-rhel9@sha256:1855ee7290a6b7446e5adc64ca447cb5d3fb462fb11a0d01cb9b5ef67ad666bb_amd64",
          "9Base-RHOSE-Middleware:amq7/amq-broker-init-rhel9@sha256:341a80c596eb555d435d2489132cb89fe47e9a0e40f2045b5773a81889063946_s390x",
          "9Base-RHOSE-Middleware:amq7/amq-broker-init-rhel9@sha256:725b875c9ca96582d691aef2220b14e22f75e6840b987f48bf1333f428cfa1f7_ppc64le",
          "9Base-RHOSE-Middleware:amq7/amq-broker-init-rhel9@sha256:869954655497885a4567939746a1d044df1479321b4cac63ee93d629738124dc_arm64",
          "9Base-RHOSE-Middleware:amq7/amq-broker-rhel9-operator-bundle@sha256:33f584255364b8f5cc7e37f14d7a257b4414716872323433374001df2eb47c7d_amd64",
          "9Base-RHOSE-Middleware:amq7/amq-broker-rhel9-operator@sha256:3ae4080c838322980d13a5acb981c5584ec1512c7d59b7d6cee0bdc157682851_arm64",
          "9Base-RHOSE-Middleware:amq7/amq-broker-rhel9-operator@sha256:98291e2f50cc6f2313096ab5b51dcaa1e0d3232236fa6d839cfe63fbeaec0cb5_s390x",
          "9Base-RHOSE-Middleware:amq7/amq-broker-rhel9-operator@sha256:d3d35ae65371c65e84c93608d1dc4f1516e822d078d60a712c2bbb59a4350991_ppc64le",
          "9Base-RHOSE-Middleware:amq7/amq-broker-rhel9-operator@sha256:e06ad5a9fb69f76088bdd5ab5a4271ca62c78659fbffd9e7c632a8e5466cfd6b_amd64",
          "9Base-RHOSE-Middleware:amq7/amq-broker-rhel9@sha256:6ee2d7b346cf6c7fe9a3dd7846e0907bfe7241cd9b8139cf6eaeb0a8dbb0a427_s390x",
          "9Base-RHOSE-Middleware:amq7/amq-broker-rhel9@sha256:9a3b7a41a2d0e7ab6a6f804d092f271feae675c39db3101f20318201360ca840_ppc64le",
          "9Base-RHOSE-Middleware:amq7/amq-broker-rhel9@sha256:9ab9abec5a6a22c5b8b893c03e5257c3362a8afeb93b6f171d411b35acd02d87_arm64",
          "9Base-RHOSE-Middleware:amq7/amq-broker-rhel9@sha256:ea91a6449ec9b6311ed3ff1294212dd746dc64a040bb797b5fda42f4f29efcb5_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2025-58712"
        },
        {
          "category": "external",
          "summary": "RHBZ#2394418",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2394418"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2025-58712",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-58712"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-58712",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58712"
        }
      ],
      "release_date": "2025-10-07T14:26:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2025-10-08T14:38:05+00:00",
          "details": "To update to the latest image please refer to the AMQ container images in the Red Hat Container catalog.",
          "product_ids": [
            "9Base-RHOSE-Middleware:amq7-tech-preview/amq-broker-console-plugin-rhel9@sha256:0c2b3d12e0c749b62659fd95781f17510e71abd8659d8e8e2e77b37e43297f6c_amd64",
            "9Base-RHOSE-Middleware:amq7-tech-preview/amq-broker-console-plugin-rhel9@sha256:8018dcfd760803867e3b5d7d52679343325e42fb9e7bd6286fbf3edcfaf3f721_arm64",
            "9Base-RHOSE-Middleware:amq7-tech-preview/amq-broker-console-plugin-rhel9@sha256:d165fa9eaa342e52b7ea9f17edff7a8b816acab21610ddedb34c0fd45c255004_s390x",
            "9Base-RHOSE-Middleware:amq7-tech-preview/amq-broker-console-plugin-rhel9@sha256:df06cfeedcc4d41d66a392a95cd103d4562b6a33f4ca665c35f310b099e61bc2_ppc64le",
            "9Base-RHOSE-Middleware:amq7-tech-preview/amq-broker-jolokia-api-server-rhel9@sha256:03189040dfd46fb9d77821e82b6e476c827d435780fd5601a14a2fc427c62ac8_s390x",
            "9Base-RHOSE-Middleware:amq7-tech-preview/amq-broker-jolokia-api-server-rhel9@sha256:5bea712e835fa8531b0a2c25ebd89fbd43cb1efbf86361bd66886f6894ac8660_arm64",
            "9Base-RHOSE-Middleware:amq7-tech-preview/amq-broker-jolokia-api-server-rhel9@sha256:860d4857f8f78e187700097f7e284881ebcd3cc546be5c5e10dbecf062fb0743_amd64",
            "9Base-RHOSE-Middleware:amq7-tech-preview/amq-broker-jolokia-api-server-rhel9@sha256:e03e5adcfe23118c42cfe6eaa5de710128ebcd1188582c3d39cd2fd0f16af01e_ppc64le",
            "9Base-RHOSE-Middleware:amq7/amq-broker-init-rhel9@sha256:1855ee7290a6b7446e5adc64ca447cb5d3fb462fb11a0d01cb9b5ef67ad666bb_amd64",
            "9Base-RHOSE-Middleware:amq7/amq-broker-init-rhel9@sha256:341a80c596eb555d435d2489132cb89fe47e9a0e40f2045b5773a81889063946_s390x",
            "9Base-RHOSE-Middleware:amq7/amq-broker-init-rhel9@sha256:725b875c9ca96582d691aef2220b14e22f75e6840b987f48bf1333f428cfa1f7_ppc64le",
            "9Base-RHOSE-Middleware:amq7/amq-broker-init-rhel9@sha256:869954655497885a4567939746a1d044df1479321b4cac63ee93d629738124dc_arm64",
            "9Base-RHOSE-Middleware:amq7/amq-broker-rhel9-operator-bundle@sha256:33f584255364b8f5cc7e37f14d7a257b4414716872323433374001df2eb47c7d_amd64",
            "9Base-RHOSE-Middleware:amq7/amq-broker-rhel9-operator@sha256:3ae4080c838322980d13a5acb981c5584ec1512c7d59b7d6cee0bdc157682851_arm64",
            "9Base-RHOSE-Middleware:amq7/amq-broker-rhel9-operator@sha256:98291e2f50cc6f2313096ab5b51dcaa1e0d3232236fa6d839cfe63fbeaec0cb5_s390x",
            "9Base-RHOSE-Middleware:amq7/amq-broker-rhel9-operator@sha256:d3d35ae65371c65e84c93608d1dc4f1516e822d078d60a712c2bbb59a4350991_ppc64le",
            "9Base-RHOSE-Middleware:amq7/amq-broker-rhel9-operator@sha256:e06ad5a9fb69f76088bdd5ab5a4271ca62c78659fbffd9e7c632a8e5466cfd6b_amd64",
            "9Base-RHOSE-Middleware:amq7/amq-broker-rhel9@sha256:6ee2d7b346cf6c7fe9a3dd7846e0907bfe7241cd9b8139cf6eaeb0a8dbb0a427_s390x",
            "9Base-RHOSE-Middleware:amq7/amq-broker-rhel9@sha256:9a3b7a41a2d0e7ab6a6f804d092f271feae675c39db3101f20318201360ca840_ppc64le",
            "9Base-RHOSE-Middleware:amq7/amq-broker-rhel9@sha256:9ab9abec5a6a22c5b8b893c03e5257c3362a8afeb93b6f171d411b35acd02d87_arm64",
            "9Base-RHOSE-Middleware:amq7/amq-broker-rhel9@sha256:ea91a6449ec9b6311ed3ff1294212dd746dc64a040bb797b5fda42f4f29efcb5_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2025:17562"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "LOW",
            "baseScore": 5.2,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:H/A:L",
            "version": "3.1"
          },
          "products": [
            "9Base-RHOSE-Middleware:amq7-tech-preview/amq-broker-console-plugin-rhel9@sha256:0c2b3d12e0c749b62659fd95781f17510e71abd8659d8e8e2e77b37e43297f6c_amd64",
            "9Base-RHOSE-Middleware:amq7-tech-preview/amq-broker-console-plugin-rhel9@sha256:8018dcfd760803867e3b5d7d52679343325e42fb9e7bd6286fbf3edcfaf3f721_arm64",
            "9Base-RHOSE-Middleware:amq7-tech-preview/amq-broker-console-plugin-rhel9@sha256:d165fa9eaa342e52b7ea9f17edff7a8b816acab21610ddedb34c0fd45c255004_s390x",
            "9Base-RHOSE-Middleware:amq7-tech-preview/amq-broker-console-plugin-rhel9@sha256:df06cfeedcc4d41d66a392a95cd103d4562b6a33f4ca665c35f310b099e61bc2_ppc64le",
            "9Base-RHOSE-Middleware:amq7-tech-preview/amq-broker-jolokia-api-server-rhel9@sha256:03189040dfd46fb9d77821e82b6e476c827d435780fd5601a14a2fc427c62ac8_s390x",
            "9Base-RHOSE-Middleware:amq7-tech-preview/amq-broker-jolokia-api-server-rhel9@sha256:5bea712e835fa8531b0a2c25ebd89fbd43cb1efbf86361bd66886f6894ac8660_arm64",
            "9Base-RHOSE-Middleware:amq7-tech-preview/amq-broker-jolokia-api-server-rhel9@sha256:860d4857f8f78e187700097f7e284881ebcd3cc546be5c5e10dbecf062fb0743_amd64",
            "9Base-RHOSE-Middleware:amq7-tech-preview/amq-broker-jolokia-api-server-rhel9@sha256:e03e5adcfe23118c42cfe6eaa5de710128ebcd1188582c3d39cd2fd0f16af01e_ppc64le",
            "9Base-RHOSE-Middleware:amq7/amq-broker-init-rhel9@sha256:1855ee7290a6b7446e5adc64ca447cb5d3fb462fb11a0d01cb9b5ef67ad666bb_amd64",
            "9Base-RHOSE-Middleware:amq7/amq-broker-init-rhel9@sha256:341a80c596eb555d435d2489132cb89fe47e9a0e40f2045b5773a81889063946_s390x",
            "9Base-RHOSE-Middleware:amq7/amq-broker-init-rhel9@sha256:725b875c9ca96582d691aef2220b14e22f75e6840b987f48bf1333f428cfa1f7_ppc64le",
            "9Base-RHOSE-Middleware:amq7/amq-broker-init-rhel9@sha256:869954655497885a4567939746a1d044df1479321b4cac63ee93d629738124dc_arm64",
            "9Base-RHOSE-Middleware:amq7/amq-broker-rhel9-operator-bundle@sha256:33f584255364b8f5cc7e37f14d7a257b4414716872323433374001df2eb47c7d_amd64",
            "9Base-RHOSE-Middleware:amq7/amq-broker-rhel9-operator@sha256:3ae4080c838322980d13a5acb981c5584ec1512c7d59b7d6cee0bdc157682851_arm64",
            "9Base-RHOSE-Middleware:amq7/amq-broker-rhel9-operator@sha256:98291e2f50cc6f2313096ab5b51dcaa1e0d3232236fa6d839cfe63fbeaec0cb5_s390x",
            "9Base-RHOSE-Middleware:amq7/amq-broker-rhel9-operator@sha256:d3d35ae65371c65e84c93608d1dc4f1516e822d078d60a712c2bbb59a4350991_ppc64le",
            "9Base-RHOSE-Middleware:amq7/amq-broker-rhel9-operator@sha256:e06ad5a9fb69f76088bdd5ab5a4271ca62c78659fbffd9e7c632a8e5466cfd6b_amd64",
            "9Base-RHOSE-Middleware:amq7/amq-broker-rhel9@sha256:6ee2d7b346cf6c7fe9a3dd7846e0907bfe7241cd9b8139cf6eaeb0a8dbb0a427_s390x",
            "9Base-RHOSE-Middleware:amq7/amq-broker-rhel9@sha256:9a3b7a41a2d0e7ab6a6f804d092f271feae675c39db3101f20318201360ca840_ppc64le",
            "9Base-RHOSE-Middleware:amq7/amq-broker-rhel9@sha256:9ab9abec5a6a22c5b8b893c03e5257c3362a8afeb93b6f171d411b35acd02d87_arm64",
            "9Base-RHOSE-Middleware:amq7/amq-broker-rhel9@sha256:ea91a6449ec9b6311ed3ff1294212dd746dc64a040bb797b5fda42f4f29efcb5_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "amq: privilege escalation via excessive /etc/passwd permissions"
    }
  ]
}

fkie_cve-2025-58712

Vulnerability from fkie_nvd

Published

2025-10-22 19:15

Modified

2025-10-22 21:12

Severity ?

5.2 (Medium) - CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:H/A:L

Summary

References

	URL	Tags
	secalert@redhat.com	https://access.redhat.com/errata/RHSA-2025:17562
	secalert@redhat.com	https://access.redhat.com/security/cve/CVE-2025-58712
	secalert@redhat.com	https://bugzilla.redhat.com/show_bug.cgi?id=2394418

Impacted products

	Vendor	Product	Version

JSON

To clipboard

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A container privilege escalation flaw was found in certain AMQ Broker images. This issue stems from the /etc/passwd file being created with group-writable permissions during build time. In certain conditions, an attacker who can execute commands within an affected container, even as a non-root user, can leverage their membership in the root group to modify the /etc/passwd file. This could allow the attacker to add a new user with any arbitrary UID, including UID 0, leading to full root privileges within the container."
    }
  ],
  "id": "CVE-2025-58712",
  "lastModified": "2025-10-22T21:12:32.330",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "LOCAL",
          "availabilityImpact": "LOW",
          "baseScore": 5.2,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "HIGH",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:H/A:L",
          "version": "3.1"
        },
        "exploitabilityScore": 0.5,
        "impactScore": 4.7,
        "source": "secalert@redhat.com",
        "type": "Primary"
      }
    ]
  },
  "published": "2025-10-22T19:15:34.270",
  "references": [
    {
      "source": "secalert@redhat.com",
      "url": "https://access.redhat.com/errata/RHSA-2025:17562"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://access.redhat.com/security/cve/CVE-2025-58712"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2394418"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Awaiting Analysis",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-276"
        }
      ],
      "source": "secalert@redhat.com",
      "type": "Primary"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2025-58712 (GCVE-0-2025-58712)

Vulnerability from cvelistv5

ghsa-r36m-fwrr-9f4g

Vulnerability from github

rhsa-2025:17562

Vulnerability from csaf_redhat

fkie_cve-2025-58712

Vulnerability from fkie_nvd

Tags

Sightings

Nomenclature