Vulnerability-Lookup

WID-SEC-W-2026-1033

Vulnerability from csaf_certbund - Published: 2026-04-08 22:00 - Updated: 2026-04-08 22:00

Summary

Verschiedene Red Hat Produkte: Mehrere Schwachstellen ermöglichen Erlangen von Administratorrechten

Severity

Mittel

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung: Red Hat Ansible Automation Platform ist eine End-to-End-Automatisierungsplattform für die Systemkonfiguration, die Softwarebereitstellung und die Orchestrierung erweiterter Workflows. Red Hat Enterprise Linux (RHEL) ist eine populäre Linux-Distribution. Red Hat OpenShift ist eine "Platform as a Service" (PaaS) Lösung zur Bereitstellung von Applikationen in der Cloud. Red Hat Process Automation Manager ist eine Plattform zur Entwicklung von containerisierten Microservices und Anwendungen, die Geschäftsentscheidungen und -prozesse automatisieren.

Angriff: Ein lokaler Angreifer kann mehrere Schwachstellen in mehreren Red Hat-Produkten ausnutzen, um Administratorrechte zu erlangen.

Betroffene Betriebssysteme: - Sonstiges - UNIX

CVE-2025-57847

Affected products

Known affected 5 products

Product	Identifier	Version
Red Hat Ansible Automation Platform Red Hat	`cpe:/a:redhat:ansible_automation_platform:-`	—
Red Hat Enterprise Linux Multicluster Engine for Kubernetes Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:multicluster_engine_for_kubernetes`	Multicluster Engine for Kubernetes
Red Hat Process Automation Manager Red Hat	`cpe:/a:redhat:process_automation_manager:-`	—
Red Hat Enterprise Linux Web Terminal Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:web_terminal`	Web Terminal
Red Hat OpenShift Update Service Red Hat / OpenShift	`cpe:/a:redhat:openshift:update_service`	Update Service

CVE-2025-57851

Affected products

Known affected 5 products

Product	Identifier	Version
Red Hat Ansible Automation Platform Red Hat	`cpe:/a:redhat:ansible_automation_platform:-`	—
Red Hat Enterprise Linux Multicluster Engine for Kubernetes Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:multicluster_engine_for_kubernetes`	Multicluster Engine for Kubernetes
Red Hat Process Automation Manager Red Hat	`cpe:/a:redhat:process_automation_manager:-`	—
Red Hat Enterprise Linux Web Terminal Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:web_terminal`	Web Terminal
Red Hat OpenShift Update Service Red Hat / OpenShift	`cpe:/a:redhat:openshift:update_service`	Update Service

CVE-2025-57853

Affected products

Known affected 5 products

Product	Identifier	Version
Red Hat Ansible Automation Platform Red Hat	`cpe:/a:redhat:ansible_automation_platform:-`	—
Red Hat Enterprise Linux Multicluster Engine for Kubernetes Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:multicluster_engine_for_kubernetes`	Multicluster Engine for Kubernetes
Red Hat Process Automation Manager Red Hat	`cpe:/a:redhat:process_automation_manager:-`	—
Red Hat Enterprise Linux Web Terminal Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:web_terminal`	Web Terminal
Red Hat OpenShift Update Service Red Hat / OpenShift	`cpe:/a:redhat:openshift:update_service`	Update Service

CVE-2025-57854

Affected products

Known affected 5 products

Product	Identifier	Version
Red Hat Ansible Automation Platform Red Hat	`cpe:/a:redhat:ansible_automation_platform:-`	—
Red Hat Enterprise Linux Multicluster Engine for Kubernetes Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:multicluster_engine_for_kubernetes`	Multicluster Engine for Kubernetes
Red Hat Process Automation Manager Red Hat	`cpe:/a:redhat:process_automation_manager:-`	—
Red Hat Enterprise Linux Web Terminal Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:web_terminal`	Web Terminal
Red Hat OpenShift Update Service Red Hat / OpenShift	`cpe:/a:redhat:openshift:update_service`	Update Service

CVE-2025-58713

Affected products

Known affected 5 products

Product	Identifier	Version
Red Hat Ansible Automation Platform Red Hat	`cpe:/a:redhat:ansible_automation_platform:-`	—
Red Hat Enterprise Linux Multicluster Engine for Kubernetes Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:multicluster_engine_for_kubernetes`	Multicluster Engine for Kubernetes
Red Hat Process Automation Manager Red Hat	`cpe:/a:redhat:process_automation_manager:-`	—
Red Hat Enterprise Linux Web Terminal Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:web_terminal`	Web Terminal
Red Hat OpenShift Update Service Red Hat / OpenShift	`cpe:/a:redhat:openshift:update_service`	Update Service

References

12 references

URL	Category
https://wid.cert-bund.de/.well-known/csaf/white/2…	self
https://wid.cert-bund.de/portal/wid/securityadvis…	self
https://access.redhat.com/security/cve/cve-2025-57847	external
https://bugzilla.redhat.com/show_bug.cgi?id=2391092	external
https://access.redhat.com/security/cve/CVE-2025-57851	external
https://bugzilla.redhat.com/show_bug.cgi?id=2391104	external
https://access.redhat.com/security/cve/CVE-2025-57853	external
https://bugzilla.redhat.com/show_bug.cgi?id=2391106	external
https://access.redhat.com/security/cve/CVE-2025-57854	external
https://bugzilla.redhat.com/show_bug.cgi?id=2391107	external
https://access.redhat.com/security/cve/CVE-2025-58713	external
https://bugzilla.redhat.com/show_bug.cgi?id=2394419	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "mittel"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Red Hat Ansible Automation Platform ist eine End-to-End-Automatisierungsplattform f\u00fcr die Systemkonfiguration, die Softwarebereitstellung und die Orchestrierung erweiterter Workflows.\r\nRed Hat Enterprise Linux (RHEL) ist eine popul\u00e4re Linux-Distribution.\r\nRed Hat OpenShift ist eine \"Platform as a Service\" (PaaS) L\u00f6sung zur Bereitstellung von Applikationen in der Cloud.\r\nRed Hat Process Automation Manager ist eine Plattform zur Entwicklung von containerisierten Microservices und Anwendungen, die Gesch\u00e4ftsentscheidungen und -prozesse automatisieren.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein lokaler Angreifer kann mehrere Schwachstellen in mehreren Red Hat-Produkten ausnutzen, um Administratorrechte zu erlangen.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Sonstiges\n- UNIX",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2026-1033 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2026/wid-sec-w-2026-1033.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2026-1033 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-1033"
      },
      {
        "category": "external",
        "summary": "Red Hat Customer Portal CVE-2025-57847 vom 2026-04-08",
        "url": "https://access.redhat.com/security/cve/cve-2025-57847"
      },
      {
        "category": "external",
        "summary": "Red Hat Bugzilla \u2013 Bug 2391092 vom 2026-04-08",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2391092"
      },
      {
        "category": "external",
        "summary": "Red Hat Customer Portal CVE-2025-57851 vom 2026-04-08",
        "url": "https://access.redhat.com/security/cve/CVE-2025-57851"
      },
      {
        "category": "external",
        "summary": "Red Hat Bugzilla \u2013 Bug 2391104 vom 2026-04-08",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2391104"
      },
      {
        "category": "external",
        "summary": "Red Hat Customer Portal CVE-2025-57853 vom 2026-04-08",
        "url": "https://access.redhat.com/security/cve/CVE-2025-57853"
      },
      {
        "category": "external",
        "summary": "Red Hat Bugzilla \u2013 Bug 2391106 vom 2026-04-08",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2391106"
      },
      {
        "category": "external",
        "summary": "Red Hat Customer Portal CVE-2025-57854 vom 2026-04-08",
        "url": "https://access.redhat.com/security/cve/CVE-2025-57854"
      },
      {
        "category": "external",
        "summary": "Red Hat Bugzilla \u2013 Bug 2391107 vom 2026-04-08",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2391107"
      },
      {
        "category": "external",
        "summary": "Red Hat Customer Portal CVE-2025-58713 vom 2026-04-08",
        "url": "https://access.redhat.com/security/cve/CVE-2025-58713"
      },
      {
        "category": "external",
        "summary": "Red Hat Bugzilla \u2013 Bug 2394419 vom 2026-04-08",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2394419"
      }
    ],
    "source_lang": "en-US",
    "title": "Verschiedene Red Hat Produkte: Mehrere Schwachstellen erm\u00f6glichen Erlangen von Administratorrechten",
    "tracking": {
      "current_release_date": "2026-04-08T22:00:00.000+00:00",
      "generator": {
        "date": "2026-04-09T11:10:19.504+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.5.0"
        }
      },
      "id": "WID-SEC-W-2026-1033",
      "initial_release_date": "2026-04-08T22:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2026-04-08T22:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Red Hat Ansible Automation Platform",
            "product": {
              "name": "Red Hat Ansible Automation Platform",
              "product_id": "T052593",
              "product_identification_helper": {
                "cpe": "cpe:/a:redhat:ansible_automation_platform:-"
              }
            }
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "Multicluster Engine for Kubernetes",
                "product": {
                  "name": "Red Hat Enterprise Linux Multicluster Engine for Kubernetes",
                  "product_id": "T052594",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:multicluster_engine_for_kubernetes"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "Web Terminal",
                "product": {
                  "name": "Red Hat Enterprise Linux Web Terminal",
                  "product_id": "T052595",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:web_terminal"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Enterprise Linux"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "Update Service",
                "product": {
                  "name": "Red Hat OpenShift Update Service",
                  "product_id": "T052596",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:openshift:update_service"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "OpenShift"
          },
          {
            "category": "product_name",
            "name": "Red Hat Process Automation Manager",
            "product": {
              "name": "Red Hat Process Automation Manager",
              "product_id": "T052597",
              "product_identification_helper": {
                "cpe": "cpe:/a:redhat:process_automation_manager:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2025-57847",
      "product_status": {
        "known_affected": [
          "T052593",
          "T052594",
          "T052597",
          "T052595",
          "T052596"
        ]
      },
      "release_date": "2026-04-08T22:00:00.000+00:00",
      "title": "CVE-2025-57847"
    },
    {
      "cve": "CVE-2025-57851",
      "product_status": {
        "known_affected": [
          "T052593",
          "T052594",
          "T052597",
          "T052595",
          "T052596"
        ]
      },
      "release_date": "2026-04-08T22:00:00.000+00:00",
      "title": "CVE-2025-57851"
    },
    {
      "cve": "CVE-2025-57853",
      "product_status": {
        "known_affected": [
          "T052593",
          "T052594",
          "T052597",
          "T052595",
          "T052596"
        ]
      },
      "release_date": "2026-04-08T22:00:00.000+00:00",
      "title": "CVE-2025-57853"
    },
    {
      "cve": "CVE-2025-57854",
      "product_status": {
        "known_affected": [
          "T052593",
          "T052594",
          "T052597",
          "T052595",
          "T052596"
        ]
      },
      "release_date": "2026-04-08T22:00:00.000+00:00",
      "title": "CVE-2025-57854"
    },
    {
      "cve": "CVE-2025-58713",
      "product_status": {
        "known_affected": [
          "T052593",
          "T052594",
          "T052597",
          "T052595",
          "T052596"
        ]
      },
      "release_date": "2026-04-08T22:00:00.000+00:00",
      "title": "CVE-2025-58713"
    }
  ]
}

CVE-2025-57847 (GCVE-0-2025-57847)

Vulnerability from cvelistv5 – Published: 2026-04-08 13:55 – Updated: 2026-04-08 16:13

Title

Ansible-automation-platform: privilege escalation via excessive group writable /etc/passwd permissions

Summary

A container privilege escalation flaw was found in certain Ansible Automation Platform images. This issue arises from the /etc/passwd file being created with group-writable permissions during the build process. In certain conditions, an attacker who can execute commands within an affected container, even as a non-root user, can leverage their membership in the root group to modify the /etc/passwd file. This vulnerability allows an attacker to add a new user with any arbitrary UID, including UID 0, gaining full root privileges within the container.

Severity

6.4 (Medium)


                        
                          CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

SSVC

Exploitation: none Automatable: no Technical Impact: total

CISA Coordinator (v2.0.3)

CWE

CWE-276 - Incorrect Default Permissions

Assigner

redhat

References

2 references

URL	Tags
https://access.redhat.com/security/cve/CVE-2025-57847	vdb-entryx_refsource_REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=2391092	issue-trackingx_refsource_REDHAT

Impacted products

1 product

Vendor	Product	Version
Red Hat	Red Hat Ansible Automation Platform 2	cpe:/a:redhat:ansible_automation_platform:2

Date Public

2026-04-08 13:47

Credits

Red Hat would like to thank Antony Di Scala and Mike Whale for reporting this issue.

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-57847",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-04-08T15:42:54.958669Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-04-08T16:13:23.024Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform:2"
          ],
          "defaultStatus": "affected",
          "packageName": "ansible-automation-platform-24/controller-rhel8",
          "product": "Red Hat Ansible Automation Platform 2",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform:2"
          ],
          "defaultStatus": "affected",
          "packageName": "ansible-automation-platform-24/de-minimal-rhel8",
          "product": "Red Hat Ansible Automation Platform 2",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform:2"
          ],
          "defaultStatus": "affected",
          "packageName": "ansible-automation-platform-24/de-minimal-rhel9",
          "product": "Red Hat Ansible Automation Platform 2",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform:2"
          ],
          "defaultStatus": "affected",
          "packageName": "ansible-automation-platform-24/ee-29-rhel8",
          "product": "Red Hat Ansible Automation Platform 2",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform:2"
          ],
          "defaultStatus": "affected",
          "packageName": "ansible-automation-platform-24/ee-minimal-rhel8",
          "product": "Red Hat Ansible Automation Platform 2",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform:2"
          ],
          "defaultStatus": "affected",
          "packageName": "ansible-automation-platform-24/ee-minimal-rhel9",
          "product": "Red Hat Ansible Automation Platform 2",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform:2"
          ],
          "defaultStatus": "affected",
          "packageName": "ansible-automation-platform-25/ansible-dev-tools-rhel8",
          "product": "Red Hat Ansible Automation Platform 2",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform:2"
          ],
          "defaultStatus": "affected",
          "packageName": "ansible-automation-platform-25/controller-rhel8-operator",
          "product": "Red Hat Ansible Automation Platform 2",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform:2"
          ],
          "defaultStatus": "affected",
          "packageName": "ansible-automation-platform-25/de-minimal-rhel8",
          "product": "Red Hat Ansible Automation Platform 2",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform:2"
          ],
          "defaultStatus": "affected",
          "packageName": "ansible-automation-platform-25/de-minimal-rhel9",
          "product": "Red Hat Ansible Automation Platform 2",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform:2"
          ],
          "defaultStatus": "affected",
          "packageName": "ansible-automation-platform-25/ee-minimal-rhel8",
          "product": "Red Hat Ansible Automation Platform 2",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform:2"
          ],
          "defaultStatus": "affected",
          "packageName": "ansible-automation-platform-25/ee-minimal-rhel9",
          "product": "Red Hat Ansible Automation Platform 2",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform:2"
          ],
          "defaultStatus": "unaffected",
          "packageName": "ansible-automation-platform/ee-29-rhel8",
          "product": "Red Hat Ansible Automation Platform 2",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform:2"
          ],
          "defaultStatus": "affected",
          "packageName": "ansible-automation-platform/ee-minimal-rhel8",
          "product": "Red Hat Ansible Automation Platform 2",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform:2"
          ],
          "defaultStatus": "affected",
          "packageName": "ansible-automation-platform/ee-minimal-rhel9",
          "product": "Red Hat Ansible Automation Platform 2",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform:2"
          ],
          "defaultStatus": "affected",
          "packageName": "ansible-automation-platform-tech-preview/ansible-devspaces-rhel9",
          "product": "Red Hat Ansible Automation Platform 2",
          "vendor": "Red Hat"
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Red Hat would like to thank Antony Di Scala and Mike Whale for reporting this issue."
        }
      ],
      "datePublic": "2026-04-08T13:47:09.259Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A container privilege escalation flaw was found in certain Ansible Automation Platform images. This issue arises from the /etc/passwd file being created with group-writable permissions during the build process. In certain conditions, an attacker who can execute commands within an affected container, even as a non-root user, can leverage their membership in the root group to modify the /etc/passwd file. This vulnerability allows an attacker to add a new user with any arbitrary UID, including UID 0, gaining full root privileges within the container."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "namespace": "https://access.redhat.com/security/updates/classification/",
              "value": "Moderate"
            },
            "type": "Red Hat severity rating"
          }
        },
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 6.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-276",
              "description": "Incorrect Default Permissions",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-08T13:55:00.729Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "vdb-entry",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/security/cve/CVE-2025-57847"
        },
        {
          "name": "RHBZ#2391092",
          "tags": [
            "issue-tracking",
            "x_refsource_REDHAT"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2391092"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2025-08-26T17:29:34.376Z",
          "value": "Reported to Red Hat."
        },
        {
          "lang": "en",
          "time": "2026-04-08T13:47:09.259Z",
          "value": "Made public."
        }
      ],
      "title": "Ansible-automation-platform: privilege escalation via excessive group writable /etc/passwd permissions",
      "x_generator": {
        "engine": "cvelib 1.8.0"
      },
      "x_redhatCweChain": "CWE-276: Incorrect Default Permissions"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2025-57847",
    "datePublished": "2026-04-08T13:55:00.729Z",
    "dateReserved": "2025-08-21T14:40:40.821Z",
    "dateUpdated": "2026-04-08T16:13:23.024Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-57851 (GCVE-0-2025-57851)

Vulnerability from cvelistv5 – Published: 2026-04-08 13:55 – Updated: 2026-05-01 20:44

Title

Mce: privilege escalation via excessive /etc/passwd permissions

Summary

A container privilege escalation flaw was found in certain Multicluster Engine for Kubernetes images. This issue stems from the /etc/passwd file being created with group-writable permissions during build time. In certain conditions, an attacker who can execute commands within an affected container, even as a non-root user, can leverage their membership in the root group to modify the /etc/passwd file. This could allow the attacker to add a new user with any arbitrary UID, including UID 0, leading to full root privileges within the container.

Severity

6.4 (Medium)


                        
                          CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

SSVC

Exploitation: none Automatable: no Technical Impact: total

CISA Coordinator (v2.0.3)

CWE

CWE-276 - Incorrect Default Permissions

Assigner

redhat

References

2 references

URL	Tags
https://access.redhat.com/security/cve/CVE-2025-57851	vdb-entryx_refsource_REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=2391104	issue-trackingx_refsource_REDHAT

Impacted products

1 product

Vendor	Product	Version
Red Hat	Multicluster Engine for Kubernetes	cpe:/a:redhat:multicluster_engine

Date Public

2026-04-08 13:45

Credits

Red Hat would like to thank Antony Di Scala and Michael Whale for reporting this issue.

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-57851",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-04-08T15:18:31.297261Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-04-08T15:18:38.990Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:multicluster_engine"
          ],
          "defaultStatus": "affected",
          "packageName": "multicluster-engine/agent-service-rhel8",
          "product": "Multicluster Engine for Kubernetes",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:multicluster_engine"
          ],
          "defaultStatus": "affected",
          "packageName": "multicluster-engine/assisted-service-8-rhel8",
          "product": "Multicluster Engine for Kubernetes",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:multicluster_engine"
          ],
          "defaultStatus": "affected",
          "packageName": "multicluster-engine/assisted-service-9-rhel9",
          "product": "Multicluster Engine for Kubernetes",
          "vendor": "Red Hat"
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Red Hat would like to thank Antony Di Scala and Michael Whale for reporting this issue."
        }
      ],
      "datePublic": "2026-04-08T13:45:54.565Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A container privilege escalation flaw was found in certain Multicluster Engine for Kubernetes images. This issue stems from the /etc/passwd file being created with group-writable permissions during build time. In certain conditions, an attacker who can execute commands within an affected container, even as a non-root user, can leverage their membership in the root group to modify the /etc/passwd file. This could allow the attacker to add a new user with any arbitrary UID, including UID 0, leading to full root privileges within the container."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "namespace": "https://access.redhat.com/security/updates/classification/",
              "value": "Moderate"
            },
            "type": "Red Hat severity rating"
          }
        },
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 6.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-276",
              "description": "Incorrect Default Permissions",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-01T20:44:04.799Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "vdb-entry",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/security/cve/CVE-2025-57851"
        },
        {
          "name": "RHBZ#2391104",
          "tags": [
            "issue-tracking",
            "x_refsource_REDHAT"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2391104"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2025-08-26T18:44:31.833Z",
          "value": "Reported to Red Hat."
        },
        {
          "lang": "en",
          "time": "2026-04-08T13:45:54.565Z",
          "value": "Made public."
        }
      ],
      "title": "Mce: privilege escalation via excessive /etc/passwd permissions",
      "x_generator": {
        "engine": "cvelib 1.8.0"
      },
      "x_redhatCweChain": "CWE-276: Incorrect Default Permissions"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2025-57851",
    "datePublished": "2026-04-08T13:55:00.925Z",
    "dateReserved": "2025-08-21T14:40:40.822Z",
    "dateUpdated": "2026-05-01T20:44:04.799Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-57853 (GCVE-0-2025-57853)

Vulnerability from cvelistv5 – Published: 2026-04-08 13:55 – Updated: 2026-04-08 16:06

Title

Web-terminal: privilege escalation via excessive /etc/passwd permissions

Summary

A container privilege escalation flaw was found in certain Web Terminal images. This issue stems from the /etc/passwd file being created with group-writable permissions during build time. In certain conditions, an attacker who can execute commands within an affected container, even as a non-root user, can leverage their membership in the root group to modify the /etc/passwd file. This could allow the attacker to add a new user with any arbitrary UID, including UID 0, leading to full root privileges within the container.

Severity

6.4 (Medium)


                        
                          CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

SSVC

Exploitation: none Automatable: no Technical Impact: total

CISA Coordinator (v2.0.3)

CWE

CWE-276 - Incorrect Default Permissions

Assigner

redhat

References

2 references

URL	Tags
https://access.redhat.com/security/cve/CVE-2025-57853	vdb-entryx_refsource_REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=2391106	issue-trackingx_refsource_REDHAT

Impacted products

1 product

Vendor	Product	Version
Red Hat	Red Hat Web Terminal	cpe:/a:redhat:webterminal:1

Date Public

2026-04-08 13:45

Credits

Red Hat would like to thank Antony Di Scala and Michael Whale for reporting this issue.

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-57853",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-04-08T16:06:12.221957Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-04-08T16:06:20.933Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:webterminal:1"
          ],
          "defaultStatus": "affected",
          "packageName": "web-terminal/web-terminal-tooling-rhel9",
          "product": "Red Hat Web Terminal",
          "vendor": "Red Hat"
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Red Hat would like to thank Antony Di Scala and Michael Whale for reporting this issue."
        }
      ],
      "datePublic": "2026-04-08T13:45:39.234Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A container privilege escalation flaw was found in certain Web Terminal images. This issue stems from the /etc/passwd file being created with group-writable permissions during build time. In certain conditions, an attacker who can execute commands within an affected container, even as a non-root user, can leverage their membership in the root group to modify the /etc/passwd file. This could allow the attacker to add a new user with any arbitrary UID, including UID 0, leading to full root privileges within the container."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "namespace": "https://access.redhat.com/security/updates/classification/",
              "value": "Moderate"
            },
            "type": "Red Hat severity rating"
          }
        },
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 6.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-276",
              "description": "Incorrect Default Permissions",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-08T13:55:06.787Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "vdb-entry",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/security/cve/CVE-2025-57853"
        },
        {
          "name": "RHBZ#2391106",
          "tags": [
            "issue-tracking",
            "x_refsource_REDHAT"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2391106"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2025-08-26T18:47:53.227Z",
          "value": "Reported to Red Hat."
        },
        {
          "lang": "en",
          "time": "2026-04-08T13:45:39.234Z",
          "value": "Made public."
        }
      ],
      "title": "Web-terminal: privilege escalation via excessive /etc/passwd permissions",
      "x_generator": {
        "engine": "cvelib 1.8.0"
      },
      "x_redhatCweChain": "CWE-276: Incorrect Default Permissions"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2025-57853",
    "datePublished": "2026-04-08T13:55:06.787Z",
    "dateReserved": "2025-08-21T14:40:40.822Z",
    "dateUpdated": "2026-04-08T16:06:20.933Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-57854 (GCVE-0-2025-57854)

Vulnerability from cvelistv5 – Published: 2026-04-08 13:55 – Updated: 2026-04-08 14:42

Title

Osus-operator: privilege escalation via excessive /etc/passwd permissions

Summary

A container privilege escalation flaw was found in certain OpenShift Update Service (OSUS) images. This issue stems from the /etc/passwd file being created with group-writable permissions during build time. In certain conditions, an attacker who can execute commands within an affected container, even as a non-root user, may be able to leverage their membership in the root group to modify the /etc/passwd file. This could allow the attacker to add a new user with any arbitrary UID, including UID 0, leading to full root privileges within the container.

Severity

6.4 (Medium)


                        
                          CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

SSVC

Exploitation: none Automatable: no Technical Impact: total

CISA Coordinator (v2.0.3)

CWE

CWE-276 - Incorrect Default Permissions

Assigner

redhat

References

2 references

URL	Tags
https://access.redhat.com/security/cve/CVE-2025-57854	vdb-entryx_refsource_REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=2391107	issue-trackingx_refsource_REDHAT

Impacted products

1 product

Vendor	Product	Version
Red Hat	Red Hat OpenShift Update Service	cpe:/a:redhat:openshift_update_service:5

Date Public

2026-04-08 13:45

Credits

Red Hat would like to thank Antony Di Scala and Michael Whale for reporting this issue.

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-57854",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-04-08T14:42:17.931810Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-04-08T14:42:32.600Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:openshift_update_service:5"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift-update-service/openshift-update-service-rhel8-operator",
          "product": "Red Hat OpenShift Update Service",
          "vendor": "Red Hat"
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Red Hat would like to thank Antony Di Scala and Michael Whale for reporting this issue."
        }
      ],
      "datePublic": "2026-04-08T13:45:19.938Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A container privilege escalation flaw was found in certain OpenShift Update Service (OSUS) images. This issue stems from the /etc/passwd file being created with group-writable permissions during build time. In certain conditions, an attacker who can execute commands within an affected container, even as a non-root user, may be able to leverage their membership in the root group to modify the /etc/passwd file. This could allow the attacker to add a new user with any arbitrary UID, including UID 0, leading to full root privileges within the container."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "namespace": "https://access.redhat.com/security/updates/classification/",
              "value": "Moderate"
            },
            "type": "Red Hat severity rating"
          }
        },
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 6.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-276",
              "description": "Incorrect Default Permissions",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-08T13:55:06.739Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "vdb-entry",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/security/cve/CVE-2025-57854"
        },
        {
          "name": "RHBZ#2391107",
          "tags": [
            "issue-tracking",
            "x_refsource_REDHAT"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2391107"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2025-08-26T18:49:32.486Z",
          "value": "Reported to Red Hat."
        },
        {
          "lang": "en",
          "time": "2026-04-08T13:45:19.938Z",
          "value": "Made public."
        }
      ],
      "title": "Osus-operator: privilege escalation via excessive /etc/passwd permissions",
      "x_generator": {
        "engine": "cvelib 1.8.0"
      },
      "x_redhatCweChain": "CWE-276: Incorrect Default Permissions"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2025-57854",
    "datePublished": "2026-04-08T13:55:06.739Z",
    "dateReserved": "2025-08-21T14:40:40.822Z",
    "dateUpdated": "2026-04-08T14:42:32.600Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-58713 (GCVE-0-2025-58713)

Vulnerability from cvelistv5 – Published: 2026-04-08 13:55 – Updated: 2026-04-08 14:28

Title

Rhpam: privilege escalation via excessive /etc/passwd permissions

Summary

A container privilege escalation flaw was found in certain Red Hat Process Automation Manager images. This issue stems from the /etc/passwd file being created with group-writable permissions during build time. In certain conditions, an attacker who can execute commands within an affected container, even as a non-root user, can leverage their membership in the root group to modify the /etc/passwd file. This could allow the attacker to add a new user with any arbitrary UID, including UID 0, leading to full root privileges within the container.

Severity

6.4 (Medium)


                        
                          CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

SSVC

Exploitation: none Automatable: no Technical Impact: total

CISA Coordinator (v2.0.3)

CWE

CWE-276 - Incorrect Default Permissions

Assigner

redhat

References

2 references

URL	Tags
https://access.redhat.com/security/cve/CVE-2025-58713	vdb-entryx_refsource_REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=2394419	issue-trackingx_refsource_REDHAT

Impacted products

1 product

Vendor	Product	Version
Red Hat	Red Hat Process Automation 7	cpe:/a:redhat:jboss_enterprise_bpms_platform:7

Date Public

2026-04-08 13:44

Credits

Red Hat would like to thank Antony Di Scala and Michael Whale for reporting this issue.

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-58713",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-04-08T14:28:06.782039Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-04-08T14:28:41.733Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_bpms_platform:7"
          ],
          "defaultStatus": "unknown",
          "packageName": "rhpam-businesscentral-monitoring-rhel8",
          "product": "Red Hat Process Automation 7",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_bpms_platform:7"
          ],
          "defaultStatus": "unknown",
          "packageName": "rhpam-businesscentral-rhel8",
          "product": "Red Hat Process Automation 7",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_bpms_platform:7"
          ],
          "defaultStatus": "unknown",
          "packageName": "rhpam-controller-rhel8",
          "product": "Red Hat Process Automation 7",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_bpms_platform:7"
          ],
          "defaultStatus": "unknown",
          "packageName": "rhpam-dashbuilder-rhel8",
          "product": "Red Hat Process Automation 7",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_bpms_platform:7"
          ],
          "defaultStatus": "unknown",
          "packageName": "rhpam-kieserver-rhel8",
          "product": "Red Hat Process Automation 7",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_bpms_platform:7"
          ],
          "defaultStatus": "unknown",
          "packageName": "rhpam-process-migration-rhel8",
          "product": "Red Hat Process Automation 7",
          "vendor": "Red Hat"
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Red Hat would like to thank Antony Di Scala and Michael Whale for reporting this issue."
        }
      ],
      "datePublic": "2026-04-08T13:44:47.211Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A container privilege escalation flaw was found in certain Red Hat Process Automation Manager images. This issue stems from the /etc/passwd file being created with group-writable permissions during build time. In certain conditions, an attacker who can execute commands within an affected container, even as a non-root user, can leverage their membership in the root group to modify the /etc/passwd file. This could allow the attacker to add a new user with any arbitrary UID, including UID 0, leading to full root privileges within the container."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "namespace": "https://access.redhat.com/security/updates/classification/",
              "value": "Moderate"
            },
            "type": "Red Hat severity rating"
          }
        },
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 6.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-276",
              "description": "Incorrect Default Permissions",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-08T13:55:11.428Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "vdb-entry",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/security/cve/CVE-2025-58713"
        },
        {
          "name": "RHBZ#2394419",
          "tags": [
            "issue-tracking",
            "x_refsource_REDHAT"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2394419"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2025-09-10T17:32:17.181Z",
          "value": "Reported to Red Hat."
        },
        {
          "lang": "en",
          "time": "2026-04-08T13:44:47.211Z",
          "value": "Made public."
        }
      ],
      "title": "Rhpam: privilege escalation via excessive /etc/passwd permissions",
      "x_generator": {
        "engine": "cvelib 1.8.0"
      },
      "x_redhatCweChain": "CWE-276: Incorrect Default Permissions"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2025-58713",
    "datePublished": "2026-04-08T13:55:11.428Z",
    "dateReserved": "2025-09-03T15:20:52.037Z",
    "dateUpdated": "2026-04-08T14:28:41.733Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

WID-SEC-W-2026-1033

CVE-2025-57847 (GCVE-0-2025-57847)

CVE-2025-57851 (GCVE-0-2025-57851)

CVE-2025-57853 (GCVE-0-2025-57853)

CVE-2025-57854 (GCVE-0-2025-57854)

CVE-2025-58713 (GCVE-0-2025-58713)

Tags

Sightings

Nomenclature