Severity by source
AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
3DescriptionCVE.org
A container privilege escalation flaw was found in certain Red Hat Process Automation Manager images. This issue stems from the /etc/passwd file being created with group-writable permissions during build time. In certain conditions, an attacker who can execute commands within an affected container, even as a non-root user, can leverage their membership in the root group to modify the /etc/passwd file. This could allow the attacker to add a new user with any arbitrary UID, including UID 0, leading to full root privileges within the container.
AnalysisAI
Red Hat Process Automation Manager container images allow local privilege escalation when the /etc/passwd file is created with group-writable permissions during the build process. An attacker with non-root command execution capability who is a member of the root group can modify /etc/passwd to create a new user with UID 0, gaining full root privileges within the container. This requires high privileges (membership in root group) and challenging conditions (AC:H), but affects all versions of Red Hat Process Automation 7 distributed as container images. No public exploit code has been identified at the time of analysis.
Technical ContextAI
The vulnerability stems from improper file permissions during container image build time, specifically CWE-276 (Incorrect Default Permissions). The /etc/passwd file, which is essential for user authentication and identity resolution in Linux systems, is created with group-writable permissions (mode allowing the owning group to modify the file). Red Hat Process Automation Manager, an enterprise process automation and business rules platform, packages its application as container images. When /etc/passwd has group-writable permissions and a user belongs to the root group (GID 0), that user can modify the file despite lacking traditional root (UID 0) privileges. This allows injection of arbitrary user entries, including entries with UID 0, effectively elevating privileges to root within the container namespace. The CPE data indicates this affects Red Hat Process Automation 7 across all versions and update streams.
RemediationAI
Rebuild Red Hat Process Automation Manager 7 container images with corrected /etc/passwd file permissions (removing group-write permissions, typically mode 0644 or 0444). Obtain the patched container images from Red Hat's container registry; consult the official security advisory at https://access.redhat.com/security/cve/CVE-2025-58713 for specific patched image tags and versions. As an interim mitigation, restrict group membership in running containers to only necessary groups, remove users from the root group (GID 0) unless explicitly required, and enforce read-only root filesystems or immutable /etc/passwd files via container runtime policies or Kubernetes Pod Security Standards to prevent runtime modification of critical system files.
Same weakness CWE-276 – Incorrect Default Permissions
View allSame technique Privilege Escalation
View allVendor StatusVendor
Share
External POC / Exploit Code
Leaving vuln.today
EUVD-2025-209306
GHSA-7qwf-6qxg-9cq5