Zero Day MonitorZDM

← Back to list

6.4

CVE-2025-57847

red hat · red hat ansible automation platform

Ansible-automation-platform: privilege escalation via excessive group writable /etc/passwd permissions

Description

A container privilege escalation flaw was found in certain Ansible Automation Platform images. This issue arises from the /etc/passwd file being created with group-writable permissions during the build process. In certain conditions, an attacker who can execute commands within an affected container, even as a non-root user, can leverage their membership in the root group to modify the /etc/passwd file. This vulnerability allows an attacker to add a new user with any arbitrary UID, including UID 0, gaining full root privileges within the container.

Affected Products

Vendor	Product	Versions
red hat	red hat ansible automation platform	—

Also Affects

Downstream vendors/products affected by this vulnerability

Vendor	Product	Source	Confidence
red hat	red hat process automation	cert_advisory	90%
red hat	enterprise linux	cert_advisory	90%
red hat	openshift	cert_advisory	90%
red hat	red hat ansible automation	cert_advisory	90%

References

https://access.redhat.com/security/cve/CVE-2025-57847(vdb-entry, x_refsource_REDHAT)
https://bugzilla.redhat.com/show_bug.cgi?id=2391092(issue-tracking, x_refsource_REDHAT)

Related News (2 articles)

Tier B

BSI Advisories1d ago

[NEU] [UNGEPATCHT] [mittel] Verschiedene Red Hat Produkte: Mehrere Schwachstellen ermöglichen Erlangen von Administratorrechten

→ No new info (linked only)

Tier C

VulDB2d ago

CVE-2025-57847 | Red Hat Ansible Automation Platform 2 default permission

→ No new info (linked only)

CVSS 3.16.4 NONE

CISA KEV❌ No

Actively exploited❌ No

CWECWE-276

PublishedApr 8, 2026

Last enriched1d agov2

Tags

CVE-2025-57847

Trending Score33

Source articles2

Independent2

Info Completeness7/14

Missing: versions, epss, kev, exploit, patch, iocs, mitre_attack

Community Vote

0 upvotes0 downvotes

No votes yet

Related CVEs (5)

HIGHCVE-2026-4634EXP

Keycloak: keycloak: denial of service via excessive processing of openid connect scope parameters

HIGHCVE-2026-4636EXP

Keycloak: keycloak: uma policy bypass allows authenticated users to gain unauthorized access to victim-owned resources.

NONECVE-2026-4282EXP

Keycloak: keycloak: privilege escalation via forged authorization codes due to singleuseobjectprovider isolation flaw

NONECVE-2026-3872EXP

Keycloak: keycloak: information disclosure due to redirect_uri validation bypass

NONECVE-2025-58713

Rhpam: privilege escalation via excessive /etc/passwd permissions

Pin to Dashboard

Verification

State: unverified

Confidence: 0%

Vulnerability Timeline

CVE Published

Apr 8, 2026

Discovered by ZDM

Apr 8, 2026

Updated: severity, tags

Apr 8, 2026

Version History

v2

Last enriched 1d ago

v2Tier C1d ago

Updated severity to CRITICAL and added CVE-2025-57847 as a new tag.

severitytags

via VulDB

v12d ago

Initial creation