Zero Day MonitorZDM

← Back to list

6.4

CVE-2025-58713

red hat · red hat process automation

Rhpam: privilege escalation via excessive /etc/passwd permissions

Description

A container privilege escalation flaw was found in certain Red Hat Process Automation Manager images. This issue stems from the /etc/passwd file being created with group-writable permissions during build time. In certain conditions, an attacker who can execute commands within an affected container, even as a non-root user, can leverage their membership in the root group to modify the /etc/passwd file. This could allow the attacker to add a new user with any arbitrary UID, including UID 0, leading to full root privileges within the container.

Affected Products

Vendor	Product	Versions
red hat	red hat process automation	—

Also Affects

Downstream vendors/products affected by this vulnerability

Vendor	Product	Source	Confidence
red hat	red hat process automation	cert_advisory	90%
red hat	openshift	cert_advisory	90%
red hat	red hat ansible automation	cert_advisory	90%
red hat	enterprise linux	cert_advisory	90%

References

https://access.redhat.com/security/cve/CVE-2025-58713(vdb-entry, x_refsource_REDHAT)
https://bugzilla.redhat.com/show_bug.cgi?id=2394419(issue-tracking, x_refsource_REDHAT)

Related News (2 articles)

Tier B

BSI Advisories1d ago

[NEU] [UNGEPATCHT] [mittel] Verschiedene Red Hat Produkte: Mehrere Schwachstellen ermöglichen Erlangen von Administratorrechten

→ No new info (linked only)

Tier C

VulDB2d ago

CVE-2025-58713 | Red Hat Process Automation 7 Process Automation Manager default permission

→ No new info (linked only)

CVSS 3.16.4 NONE

CISA KEV❌ No

Actively exploited❌ No

CWECWE-276

PublishedApr 8, 2026

Last enriched1d agov2

Trending Score33

Source articles2

Independent2

Info Completeness7/14

Missing: versions, epss, kev, exploit, patch, iocs, mitre_attack

Community Vote

0 upvotes0 downvotes

No votes yet

Related CVEs (5)

HIGHCVE-2026-4634EXP

Keycloak: keycloak: denial of service via excessive processing of openid connect scope parameters

HIGHCVE-2026-4636EXP

Keycloak: keycloak: uma policy bypass allows authenticated users to gain unauthorized access to victim-owned resources.

NONECVE-2026-4282EXP

Keycloak: keycloak: privilege escalation via forged authorization codes due to singleuseobjectprovider isolation flaw

NONECVE-2026-3872EXP

Keycloak: keycloak: information disclosure due to redirect_uri validation bypass

NONECVE-2026-4775

Libtiff: libtiff: arbitrary code execution or denial of service via signed integer overflow in tiff file processing

Pin to Dashboard

Verification

State: unverified

Confidence: 0%

Vulnerability Timeline

CVE Published

Apr 8, 2026

Discovered by ZDM

Apr 8, 2026

Updated: description, severity

Apr 8, 2026

Version History

v2

Last enriched 1d ago

v2Tier C1d ago

Updated description with new details, changed product to 'red hat process automation 7', and updated severity to CRITICAL.

descriptionseverity

via VulDB

v12d ago

Initial creation