Description
A container privilege escalation flaw was found in certain Red Hat Process Automation Manager images. This issue stems from the /etc/passwd file being created with group-writable permissions during build time. In certain conditions, an attacker who can execute commands within an affected container, even as a non-root user, can leverage their membership in the root group to modify the /etc/passwd file. This could allow the attacker to add a new user with any arbitrary UID, including UID 0, leading to full root privileges within the container.
Published: 2026-04-08
Score: 6.4 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Container Privilege Escalation to Root
Action: Apply Patch
AI Analysis

Impact

The vulnerability arises because the /etc/passwd file is built with group‑writable permissions in Red Hat Process Automation Manager container images. An attacker who can run commands inside the container, even as a non‑root user, can take advantage of membership in the root group to modify this file. By adding a user entry with any arbitrary UID—including UID 0—the attacker gains full root privileges within the container. This is a classic privilege escalation flaw identified as CWE‑276.

Affected Systems

The flaw affects Red Hat Process Automation Manager 7 container images (Red Hat Process Automation 7). Specific patch or version numbers are not provided in the advisory. All images built from the affected factory that include the vulnerable /etc/passwd permissions are impacted.

Risk and Exploitability

The CVSS score is 6.4, indicating a moderate severity. No EPSS score is available and the vulnerability is not listed in the CISA KEV catalog. Exploitability requires the attacker to already execute code inside the container, which is a significant but not trivial prerequisite. Once inside, the elevated privileges can be achieved with minimal effort, making the exploit highly valuable if the initial access is gained.

Generated by OpenCVE AI on April 8, 2026 at 15:20 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade to a fixed version of the Red Hat Process Automation Manager container image from Red Hat.
  • Ensure the container runs under the least privilege model and that no non‑root user has joinable membership in the root group.
  • Verify that the /etc/passwd file inside the container has permissions set to 644 and is not group writable.
  • Apply any vendor patches or updates as soon as they become available.
  • Implement runtime container security controls, such as seccomp and SELinux policies, to restrict file write operations.
  • Monitor container logs for unauthorized modifications to /etc/passwd or other critical configuration files.

Generated by OpenCVE AI on April 8, 2026 at 15:20 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 09 Apr 2026 08:30:00 +0000

Type Values Removed Values Added
First Time appeared Redhat process Automation
Vendors & Products Redhat process Automation

Thu, 09 Apr 2026 00:15:00 +0000

Type Values Removed Values Added
References
Metrics threat_severity

None

 threat_severity

Moderate

Wed, 08 Apr 2026 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Wed, 08 Apr 2026 14:15:00 +0000

Type Values Removed Values Added
Description A container privilege escalation flaw was found in certain Red Hat Process Automation Manager images. This issue stems from the /etc/passwd file being created with group-writable permissions during build time. In certain conditions, an attacker who can execute commands within an affected container, even as a non-root user, can leverage their membership in the root group to modify the /etc/passwd file. This could allow the attacker to add a new user with any arbitrary UID, including UID 0, leading to full root privileges within the container.
Title Rhpam: privilege escalation via excessive /etc/passwd permissions
First Time appeared Redhat
Redhat jboss Enterprise Bpms Platform
Weaknesses CWE-276
CPEs cpe:/a:redhat:jboss_enterprise_bpms_platform:7
Vendors & Products Redhat
Redhat jboss Enterprise Bpms Platform
References
Metrics cvssV3_1

{'score': 6.4, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H'}

Subscriptions

Redhat Jboss Enterprise Bpms Platform Process Automation
cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published:

Updated: 2026-04-08T14:28:41.733Z

Reserved: 2025-09-03T15:20:52.037Z

Link: CVE-2025-58713

cve-icon Vulnrichment

Updated: 2026-04-08T14:28:37.875Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-04-08T14:16:26.433

Modified: 2026-04-08T21:26:13.410

Link: CVE-2025-58713

cve-icon Redhat

Severity : Moderate

Publid Date: 2026-04-08T13:44:47Z

Links: CVE-2025-58713 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-04-09T08:18:51Z

Weaknesses