Skip to main content

Red Hat Ansible Automation Platform 2 CVE-2025-57847

| EUVDEUVD-2025-209298 MEDIUM
Incorrect Default Permissions (CWE-276)
2026-04-08 redhat GHSA-49g2-wpmf-55pv
6.4
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
6.4 MEDIUM
AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
Red Hat
6.4 MEDIUM
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
High
Privileges Required
High
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

3
EUVD ID Assigned
Apr 08, 2026 - 14:16 euvd
EUVD-2025-209298
Analysis Generated
Apr 08, 2026 - 14:16 vuln.today
CVE Published
Apr 08, 2026 - 13:55 nvd
MEDIUM 6.4

DescriptionCVE.org

A container privilege escalation flaw was found in certain Ansible Automation Platform images. This issue arises from the /etc/passwd file being created with group-writable permissions during the build process. In certain conditions, an attacker who can execute commands within an affected container, even as a non-root user, can leverage their membership in the root group to modify the /etc/passwd file. This vulnerability allows an attacker to add a new user with any arbitrary UID, including UID 0, gaining full root privileges within the container.

AnalysisAI

Container privilege escalation in Red Hat Ansible Automation Platform 2 allows non-root users within affected container images to gain root privileges by modifying the group-writable /etc/passwd file. During the container build process, /etc/passwd is created with overly permissive group-write permissions, enabling any user in the root group to add arbitrary entries including a UID 0 account. This vulnerability requires local container execution access and elevated group membership, but results in complete container compromise when exploited.

Technical ContextAI

The vulnerability stems from improper file permissions (CWE-276: Incorrect Default Permissions) set during container image construction in Red Hat Ansible Automation Platform 2. The /etc/passwd file, a critical authentication and identity database on Unix-like systems, is created with group-writable permissions instead of the secure default of 0644 (owner read-write, group and others read-only). When a non-root user is a member of the root group (GID 0) within the container, they can directly edit /etc/passwd to insert new user entries. By adding an entry with UID 0 and appropriate shell configuration, an attacker gains full root-level access within the container's namespace. This is a container-specific privilege escalation that exploits the container build pipeline rather than kernel or runtime vulnerabilities.

RemediationAI

Organizations should apply patched container images from Red Hat's official container registry. Red Hat's security advisory (https://access.redhat.com/security/cve/CVE-2025-57847) provides the specific patched versions and remediation guidance. As an interim workaround, container operators can manually correct /etc/passwd file permissions in existing container images by rebuilding them with corrected Dockerfile directives that explicitly set /etc/passwd to 0644 permissions (e.g., RUN chmod 644 /etc/passwd), and restrict root group membership to only necessary system accounts. All running containers based on affected images should be redeployed with patched versions.

Vendor StatusVendor

Share

CVE-2025-57847 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy