Skip to main content

Red Hat EUVDEUVD-2025-209306

| CVE-2025-58713 MEDIUM
Incorrect Default Permissions (CWE-276)
2026-04-08 redhat GHSA-7qwf-6qxg-9cq5
6.4
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
6.4 MEDIUM
AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
Red Hat
6.4 MEDIUM
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
High
Privileges Required
High
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

3
EUVD ID Assigned
Apr 08, 2026 - 14:16 euvd
EUVD-2025-209306
Analysis Generated
Apr 08, 2026 - 14:16 vuln.today
CVE Published
Apr 08, 2026 - 13:55 nvd
MEDIUM 6.4

DescriptionCVE.org

A container privilege escalation flaw was found in certain Red Hat Process Automation Manager images. This issue stems from the /etc/passwd file being created with group-writable permissions during build time. In certain conditions, an attacker who can execute commands within an affected container, even as a non-root user, can leverage their membership in the root group to modify the /etc/passwd file. This could allow the attacker to add a new user with any arbitrary UID, including UID 0, leading to full root privileges within the container.

AnalysisAI

Red Hat Process Automation Manager container images allow local privilege escalation when the /etc/passwd file is created with group-writable permissions during the build process. An attacker with non-root command execution capability who is a member of the root group can modify /etc/passwd to create a new user with UID 0, gaining full root privileges within the container. This requires high privileges (membership in root group) and challenging conditions (AC:H), but affects all versions of Red Hat Process Automation 7 distributed as container images. No public exploit code has been identified at the time of analysis.

Technical ContextAI

The vulnerability stems from improper file permissions during container image build time, specifically CWE-276 (Incorrect Default Permissions). The /etc/passwd file, which is essential for user authentication and identity resolution in Linux systems, is created with group-writable permissions (mode allowing the owning group to modify the file). Red Hat Process Automation Manager, an enterprise process automation and business rules platform, packages its application as container images. When /etc/passwd has group-writable permissions and a user belongs to the root group (GID 0), that user can modify the file despite lacking traditional root (UID 0) privileges. This allows injection of arbitrary user entries, including entries with UID 0, effectively elevating privileges to root within the container namespace. The CPE data indicates this affects Red Hat Process Automation 7 across all versions and update streams.

RemediationAI

Rebuild Red Hat Process Automation Manager 7 container images with corrected /etc/passwd file permissions (removing group-write permissions, typically mode 0644 or 0444). Obtain the patched container images from Red Hat's container registry; consult the official security advisory at https://access.redhat.com/security/cve/CVE-2025-58713 for specific patched image tags and versions. As an interim mitigation, restrict group membership in running containers to only necessary groups, remove users from the root group (GID 0) unless explicitly required, and enforce read-only root filesystems or immutable /etc/passwd files via container runtime policies or Kubernetes Pod Security Standards to prevent runtime modification of critical system files.

Vendor StatusVendor

Share

EUVD-2025-209306 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy