CVE-2025-58712 identifies a privilege escalation vulnerability in Red Hat RHEL-9 based middleware containers, notably certain AMQ Broker container images. The root cause is the /etc/passwd file being created with group-writable permissions during the container image build process. This misconfiguration allows any user who can execute commands inside the container and who is a member of the root group to modify the /etc/passwd file. By altering this file, the attacker can add new user entries with arbitrary user IDs, including UID 0, effectively granting themselves root privileges inside the container environment. The vulnerability requires that the attacker already have command execution capabilities within the container and be part of the root group, which implies a prerequisite level of access. The CVSS v3.1 base score is 5.2, reflecting medium severity due to the need for high privileges and local access. The impact primarily affects container confidentiality, integrity, and availability within the container boundary but does not directly escalate privileges on the host system. No public exploits have been reported, but the vulnerability highlights the risks of improper file permission settings in container images and the importance of secure container build practices.

For European organizations, this vulnerability poses a significant risk to containerized environments running Red Hat RHEL-9 based middleware containers, especially those utilizing AMQ Broker images. Exploitation could allow attackers with limited container access to escalate privileges to root within the container, potentially enabling unauthorized data access, manipulation, or disruption of containerized services. This could lead to lateral movement within internal networks if container isolation is weak or misconfigured. Organizations relying on container orchestration platforms like Kubernetes may face increased risk if compromised containers are used as footholds. The vulnerability does not directly affect the host OS but undermines container security, which is critical for multi-tenant environments and cloud deployments common in Europe. The medium severity score suggests moderate urgency, but the potential for privilege escalation inside containers necessitates prompt remediation to maintain compliance with European data protection regulations and cybersecurity standards.

European organizations should immediately audit their Red Hat RHEL-9 based middleware container images, particularly AMQ Broker images, to verify the permissions of critical files such as /etc/passwd. Containers should be rebuilt with corrected file permissions, ensuring /etc/passwd is not group-writable. Implement strict container build pipelines with automated security checks to detect improper file permissions. Limit container user group memberships to the minimum necessary, avoiding unnecessary root group membership. Employ runtime security tools to monitor and restrict unauthorized file modifications within containers. Use container security best practices such as running containers with least privilege, enabling user namespaces, and applying mandatory access controls (e.g., SELinux, AppArmor). Regularly update container images with vendor patches once available. Additionally, restrict access to container shells and command execution capabilities to trusted users only, and monitor container logs for suspicious activities indicative of privilege escalation attempts.