CVE-2025-58713
Received Received - Intake
Container Privilege Escalation in Red Hat Process Automation Manager

Publication date: 2026-04-08

Last updated on: 2026-05-04

Assigner: Red Hat, Inc.

Description
A container privilege escalation flaw was found in certain Red Hat Process Automation Manager images. This issue stems from the /etc/passwd file being created with group-writable permissions during build time. In certain conditions, an attacker who can execute commands within an affected container, even as a non-root user, can leverage their membership in the root group to modify the /etc/passwd file. This could allow the attacker to add a new user with any arbitrary UID, including UID 0, leading to full root privileges within the container.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-04-08
Last Modified
2026-05-04
Generated
2026-05-07
AI Q&A
2026-04-08
EPSS Evaluated
2026-05-05
NVD
CVE-2025-58713
EUVD
EUVD-2025-209306
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
redhat process_automation_manager 7.0
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-276 During installation, installed file permissions are set to allow anyone to modify those files.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

CVE-2025-58713 is a privilege escalation vulnerability found in certain Red Hat Process Automation Manager container images. The issue arises because the /etc/passwd file is created with group-writable permissions during the build process.

An attacker who can run commands inside the affected container, even if they are not root, can exploit their membership in the root group to modify the /etc/passwd file. By doing this, the attacker can add a new user with any user ID, including UID 0, which is the root user ID.

This allows the attacker to gain full root privileges within the container, effectively escalating their permissions.


How can this vulnerability impact me? :

This vulnerability can allow an attacker with limited access inside a container to escalate their privileges to full root access within that container.

With root privileges, the attacker can perform any action inside the container, including modifying system files, installing malicious software, or disrupting container operations.

Such unauthorized control can lead to compromise of the container environment, potential data breaches, and disruption of services running inside the container.


How can this vulnerability be detected on my network or system? Can you suggest some commands?

This vulnerability can be detected by checking the permissions of the /etc/passwd file inside the affected Red Hat Process Automation Manager container images. Specifically, you should verify if the /etc/passwd file has group-writable permissions, which is the root cause of the issue.

  • Run the command inside the container to check the permissions of /etc/passwd: ls -l /etc/passwd
  • Look for group-writable permissions indicated by a 'w' in the group section of the permission string (e.g., -rw-rw-r--).
  • Check if the user executing commands inside the container is a member of the root group by running: groups

What immediate steps should I take to mitigate this vulnerability?

Immediate mitigation steps include correcting the permissions of the /etc/passwd file inside the affected containers to remove group-writable access.

  • Change the permissions of /etc/passwd to remove group write access by running: chmod 644 /etc/passwd
  • Ensure that users inside the container do not have unnecessary membership in the root group.
  • Apply any patches or updates provided by Red Hat for the Process Automation Manager images that address this issue.

Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart