CVE-2025-58713: Incorrect Default Permissions in Red Hat Red Hat Process Automation 7
CVE-2025-58713 is a container privilege escalation vulnerability in certain Red Hat Process Automation Manager 7 container images. The issue arises because the /etc/passwd file is created with group-writable permissions during the container build process. An attacker with command execution inside the container and membership in the root group can modify /etc/passwd to add a user with arbitrary UID, including UID 0, thereby gaining root privileges within the container.
AI Analysis
Technical Summary
This vulnerability involves incorrect default permissions on the /etc/passwd file in some Red Hat Process Automation Manager 7 container images. Specifically, the file is group-writable, allowing users in the root group who can execute commands inside the container to alter /etc/passwd. By adding a new user with UID 0, an attacker can escalate privileges to root within the container environment. The CVSS 3.1 score is 6.4 (medium severity), reflecting the requirement for high privileges (root group membership) and local access to the container.
Potential Impact
Successful exploitation allows an attacker with existing command execution and root group membership inside the container to escalate privileges to full root within that container. This could lead to unauthorized administrative control over the containerized environment. There is no indication of impact beyond the container boundary or on the host system. No known exploits in the wild have been reported.
Mitigation Recommendations
Patch status is not yet confirmed — check the Red Hat advisory at https://access.redhat.com/security/cve/CVE-2025-58713 for current remediation guidance. Until an official fix is available, restrict membership in the root group within containers and avoid running untrusted code with such privileges. Review container build processes to ensure /etc/passwd permissions are correctly set to prevent group-writable access.
CVE-2025-58713: Incorrect Default Permissions in Red Hat Red Hat Process Automation 7
Description
CVE-2025-58713 is a container privilege escalation vulnerability in certain Red Hat Process Automation Manager 7 container images. The issue arises because the /etc/passwd file is created with group-writable permissions during the container build process. An attacker with command execution inside the container and membership in the root group can modify /etc/passwd to add a user with arbitrary UID, including UID 0, thereby gaining root privileges within the container.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
This vulnerability involves incorrect default permissions on the /etc/passwd file in some Red Hat Process Automation Manager 7 container images. Specifically, the file is group-writable, allowing users in the root group who can execute commands inside the container to alter /etc/passwd. By adding a new user with UID 0, an attacker can escalate privileges to root within the container environment. The CVSS 3.1 score is 6.4 (medium severity), reflecting the requirement for high privileges (root group membership) and local access to the container.
Potential Impact
Successful exploitation allows an attacker with existing command execution and root group membership inside the container to escalate privileges to full root within that container. This could lead to unauthorized administrative control over the containerized environment. There is no indication of impact beyond the container boundary or on the host system. No known exploits in the wild have been reported.
Mitigation Recommendations
Patch status is not yet confirmed — check the Red Hat advisory at https://access.redhat.com/security/cve/CVE-2025-58713 for current remediation guidance. Until an official fix is available, restrict membership in the root group within containers and avoid running untrusted code with such privileges. Review container build processes to ensure /etc/passwd permissions are correctly set to prevent group-writable access.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- redhat
- Date Reserved
- 2025-09-03T15:20:52.037Z
- Cvss Version
- 3.1
- State
- PUBLISHED
- Remediation Level
- null
- Vendor Advisory Urls
- [{"url":"https://access.redhat.com/security/cve/CVE-2025-58713","vendor":"Red Hat"}]
Threat ID: 69d664421cc7ad14da7c09be
Added to database: 4/8/2026, 2:20:50 PM
Last enriched: 4/15/2026, 3:57:04 PM
Last updated: 5/23/2026, 10:56:37 PM
Views: 64
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.