CVE-2025-58713: Incorrect Default Permissions in Red Hat Red Hat Process Automation 7
CVE-2025-58713 is a container privilege escalation vulnerability in certain Red Hat Process Automation Manager 7 container images. The issue arises because the /etc/passwd file is created with group-writable permissions during the container build process. An attacker with command execution inside the container and membership in the root group can modify /etc/passwd to add a user with arbitrary UID, including UID 0, gaining root privileges within the container. The vulnerability has a CVSS score of 6. 4, indicating medium severity. No official patch or remediation level has been confirmed from the vendor advisory at this time.
AI Analysis
Technical Summary
This vulnerability involves incorrect default permissions on the /etc/passwd file inside specific Red Hat Process Automation Manager 7 container images. The file is group-writable, allowing users in the root group to modify it. An attacker able to execute commands in the container and belonging to the root group can exploit this to add a new user with UID 0, effectively escalating privileges to root within the container environment. The vulnerability is local (AV:L), requires high attack complexity (AC:H), and privileges (PR:H), with no user interaction needed (UI:N).
Potential Impact
Successful exploitation allows an attacker with existing command execution and root group membership inside the container to escalate privileges to root by modifying /etc/passwd. This leads to full root privileges within the container, potentially compromising container integrity and security. The impact is limited to the container environment and does not imply host-level compromise. No known exploits are reported in the wild.
Mitigation Recommendations
Patch status is not yet confirmed — check the Red Hat advisory at https://access.redhat.com/security/cve/CVE-2025-58713 for current remediation guidance. Until an official fix is available, restrict container access to trusted users only and avoid granting root group membership inside containers. Review container build processes to ensure /etc/passwd permissions are correctly set to prevent group-writable access.
CVE-2025-58713: Incorrect Default Permissions in Red Hat Red Hat Process Automation 7
Description
CVE-2025-58713 is a container privilege escalation vulnerability in certain Red Hat Process Automation Manager 7 container images. The issue arises because the /etc/passwd file is created with group-writable permissions during the container build process. An attacker with command execution inside the container and membership in the root group can modify /etc/passwd to add a user with arbitrary UID, including UID 0, gaining root privileges within the container. The vulnerability has a CVSS score of 6. 4, indicating medium severity. No official patch or remediation level has been confirmed from the vendor advisory at this time.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
This vulnerability involves incorrect default permissions on the /etc/passwd file inside specific Red Hat Process Automation Manager 7 container images. The file is group-writable, allowing users in the root group to modify it. An attacker able to execute commands in the container and belonging to the root group can exploit this to add a new user with UID 0, effectively escalating privileges to root within the container environment. The vulnerability is local (AV:L), requires high attack complexity (AC:H), and privileges (PR:H), with no user interaction needed (UI:N).
Potential Impact
Successful exploitation allows an attacker with existing command execution and root group membership inside the container to escalate privileges to root by modifying /etc/passwd. This leads to full root privileges within the container, potentially compromising container integrity and security. The impact is limited to the container environment and does not imply host-level compromise. No known exploits are reported in the wild.
Mitigation Recommendations
Patch status is not yet confirmed — check the Red Hat advisory at https://access.redhat.com/security/cve/CVE-2025-58713 for current remediation guidance. Until an official fix is available, restrict container access to trusted users only and avoid granting root group membership inside containers. Review container build processes to ensure /etc/passwd permissions are correctly set to prevent group-writable access.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- redhat
- Date Reserved
- 2025-09-03T15:20:52.037Z
- Cvss Version
- 3.1
- State
- PUBLISHED
- Remediation Level
- null
- Vendor Advisory Urls
- [{"url":"https://access.redhat.com/security/cve/CVE-2025-58713","vendor":"Red Hat"}]
Threat ID: 69d664421cc7ad14da7c09be
Added to database: 4/8/2026, 2:20:50 PM
Last enriched: 4/8/2026, 2:35:48 PM
Last updated: 4/8/2026, 3:32:24 PM
Views: 5
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.