CVE-2025-57847

| EUVD-2025-209298 MEDIUM
2026-04-08 redhat GHSA-49g2-wpmf-55pv
6.4
CVSS 3.1
Share

CVSS Vector

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
High
Privileges Required
High
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

3
Analysis Generated
Apr 08, 2026 - 14:16 vuln.today
EUVD ID Assigned
Apr 08, 2026 - 14:16 euvd
EUVD-2025-209298
CVE Published
Apr 08, 2026 - 13:55 nvd
MEDIUM 6.4

Tags

Privilege Escalation

Description

A container privilege escalation flaw was found in certain Ansible Automation Platform images. This issue arises from the /etc/passwd file being created with group-writable permissions during the build process. In certain conditions, an attacker who can execute commands within an affected container, even as a non-root user, can leverage their membership in the root group to modify the /etc/passwd file. This vulnerability allows an attacker to add a new user with any arbitrary UID, including UID 0, gaining full root privileges within the container.

Analysis

Container privilege escalation in Red Hat Ansible Automation Platform 2 allows non-root users within affected container images to gain root privileges by modifying the group-writable /etc/passwd file. During the container build process, /etc/passwd is created with overly permissive group-write permissions, enabling any user in the root group to add arbitrary entries including a UID 0 account. This vulnerability requires local container execution access and elevated group membership, but results in complete container compromise when exploited.

Technical Context

The vulnerability stems from improper file permissions (CWE-276: Incorrect Default Permissions) set during container image construction in Red Hat Ansible Automation Platform 2. The /etc/passwd file, a critical authentication and identity database on Unix-like systems, is created with group-writable permissions instead of the secure default of 0644 (owner read-write, group and others read-only). When a non-root user is a member of the root group (GID 0) within the container, they can directly edit /etc/passwd to insert new user entries. By adding an entry with UID 0 and appropriate shell configuration, an attacker gains full root-level access within the container's namespace. This is a container-specific privilege escalation that exploits the container build pipeline rather than kernel or runtime vulnerabilities.

Affected Products

Red Hat Ansible Automation Platform 2 is affected across all versions, as indicated by the CPE matching pattern cpe:2.3:a:red_hat:red_hat_ansible_automation_platform_2:*:*:*:*:*:*:*:*. The vulnerability is present in container images shipped with the platform. Specific affected version ranges are not granularly specified in the provided data; Red Hat's security advisory at https://access.redhat.com/security/cve/CVE-2025-57847 and the associated Bugzilla issue at https://bugzilla.redhat.com/show_bug.cgi?id=2391092 contain detailed version information and patch availability.

Remediation

Organizations should apply patched container images from Red Hat's official container registry. Red Hat's security advisory (https://access.redhat.com/security/cve/CVE-2025-57847) provides the specific patched versions and remediation guidance. As an interim workaround, container operators can manually correct /etc/passwd file permissions in existing container images by rebuilding them with corrected Dockerfile directives that explicitly set /etc/passwd to 0644 permissions (e.g., RUN chmod 644 /etc/passwd), and restrict root group membership to only necessary system accounts. All running containers based on affected images should be redeployed with patched versions.

Priority Score

32
Low Medium High Critical
KEV: 0
EPSS: +0.0
CVSS: +32
POC: 0

Share

CVE-2025-57847 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy