Description
A container privilege escalation flaw was found in certain Ansible Automation Platform images. This issue arises from the /etc/passwd file being created with group-writable permissions during the build process. In certain conditions, an attacker who can execute commands within an affected container, even as a non-root user, can leverage their membership in the root group to modify the /etc/passwd file. This vulnerability allows an attacker to add a new user with any arbitrary UID, including UID 0, gaining full root privileges within the container.
Published: 2026-04-08
Score: 6.4 Medium
EPSS: n/a
KEV: No
Impact: Privilege Escalation
Action: Immediate Patch
AI Analysis

Impact

The flaw arises because the /etc/passwd file inside certain Red Hat Ansible Automation Platform 2 container images is created with group‑writable permissions during build. When an attacker can execute commands inside the container, even as a non‑root user, and is a member of the root group, the attacker can modify the passwd file. By adding a new entry with an arbitrary UID, including UID 0, the attacker gains full root privileges inside the container. This is a classic example of unauthorized privilege escalation, classified as CWE‑276.

Affected Systems

The vulnerability applies to Red Hat Ansible Automation Platform version 2 container images. No specific patch or version numbers are provided in the data, so any impacted image that was built with the described permission setting is at risk.

Risk and Exploitability

The CVSS score of 6.4 indicates moderate severity. EPSS information is unavailable, and the vulnerability is not listed in the CISA KEV catalog. The likely attack vector is an attacker who has the ability to run commands inside the affected container and is a member of the root group. The attacker can exploit the permission error to edit /etc/passwd and add a privileged user, leading to full container root access. The risk is therefore significant for deployments where containers run with group root access or where users can elevate their privileges within the container runtime.

Generated by OpenCVE AI on April 8, 2026 at 15:21 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the vendor’s security patch or upgrade to a fixed container image once it is released.
  • Verify that the /etc/passwd file inside the container has permissions 644 and is not group‑writable; adjust the build process if necessary.
  • Limit the membership of the root group within the container and enforce least‑privilege for all container users.
  • Monitor container logs for unauthorized modifications to system files such as /etc/passwd.
  • Consult Red Hat support and review security advisories for updates.

Generated by OpenCVE AI on April 8, 2026 at 15:21 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 09 Apr 2026 00:15:00 +0000

Type Values Removed Values Added
References
Metrics threat_severity

None

 threat_severity

Moderate

Wed, 08 Apr 2026 17:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Wed, 08 Apr 2026 14:15:00 +0000

Type Values Removed Values Added
Description A container privilege escalation flaw was found in certain Ansible Automation Platform images. This issue arises from the /etc/passwd file being created with group-writable permissions during the build process. In certain conditions, an attacker who can execute commands within an affected container, even as a non-root user, can leverage their membership in the root group to modify the /etc/passwd file. This vulnerability allows an attacker to add a new user with any arbitrary UID, including UID 0, gaining full root privileges within the container.
Title Ansible-automation-platform: privilege escalation via excessive group writable /etc/passwd permissions
First Time appeared Redhat
Redhat ansible Automation Platform
Weaknesses CWE-276
CPEs cpe:/a:redhat:ansible_automation_platform:2
Vendors & Products Redhat
Redhat ansible Automation Platform
References
Metrics cvssV3_1

{'score': 6.4, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H'}

Subscriptions

Redhat Ansible Automation Platform
cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published:

Updated: 2026-04-08T16:13:23.024Z

Reserved: 2025-08-21T14:40:40.821Z

Link: CVE-2025-57847

cve-icon Vulnrichment

Updated: 2026-04-08T15:43:00.651Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-04-08T14:16:25.577

Modified: 2026-04-08T21:26:13.410

Link: CVE-2025-57847

cve-icon Redhat

Severity : Moderate

Publid Date: 2026-04-08T13:47:09Z

Links: CVE-2025-57847 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-04-09T08:18:54Z

Weaknesses