Vulnerabilities ›

CVE-2025-58713

Medium

CWE-276 — Weakness Type

                    Published: Apr 8, 2026                      ·  Modified: Apr 11, 2026                      ·  Source: NVD                

CVSS v3

6.4

🔗 NVD Official

📄 Description (English)

A container privilege escalation flaw was found in certain Red Hat Process Automation Manager images. This issue stems from the /etc/passwd file being created with group-writable permissions during build time. In certain conditions, an attacker who can execute commands within an affected container, even as a non-root user, can leverage their membership in the root group to modify the /etc/passwd file. This could allow the attacker to add a new user with any arbitrary UID, including UID 0, leading to full root privileges within the container.

🤖 AI Executive Summary

A privilege escalation vulnerability in Red Hat Process Automation Manager container images allows non-root users to modify /etc/passwd due to improper group-writable permissions set during build time. An attacker with container execution capabilities can add arbitrary users with UID 0 to gain full root privileges. This poses significant risk to organizations running containerized automation workflows, particularly in Saudi financial and government sectors relying on Red Hat technologies.

📄 Description (Arabic)

🤖 AI Intelligence Analysis Analyzed: May 14, 2026 06:02

🇸🇦 Saudi Arabia Impact Assessment

High impact for Saudi banking sector (SAMA-regulated institutions) using Red Hat Process Automation Manager for transaction processing and workflow automation. Government agencies (NCA oversight) utilizing containerized automation systems face critical risk. Healthcare organizations (MOH) running clinical workflow automation, energy sector (ARAMCO, SEC) managing operational technology automation, and telecom providers (STC, Mobily) operating billing and network automation systems are all vulnerable. Container escape could lead to lateral movement across enterprise infrastructure.

🏢 Affected Saudi Sectors

Banking and Financial Services Government and Public Administration Healthcare Energy and Utilities Telecommunications Manufacturing

🎯 MITRE ATT&CK Techniques

T1548.002 - Abuse Elevation Control Mechanism: Bypass User Account Control T1548.004 - Abuse Elevation Control Mechanism: Elevated Execution with Prompt T1134.003 - Access Token Manipulation: Make and Impersonate Token T1547.001 - Boot or Logon Initialization Scripts: Logon Script (Windows) T1098.001 - Account Manipulation: Additional Cloud Credentials

⚖️ Saudi Risk Score (AI)

7.2

/ 10.0

🔧 Remediation Steps (English)

IMMEDIATE ACTIONS:

1. Audit all Red Hat Process Automation Manager container deployments to identify affected image versions

2. Implement network segmentation to restrict container-to-host communication

3. Enable container runtime security monitoring (AppArmor/SELinux enforcement)

4. Review container execution policies to restrict non-root user capabilities



COMPENSATING CONTROLS (until patch available):

5. Rebuild container images with corrected /etc/passwd permissions (chmod 644 /etc/passwd, verify group ownership is root:root)

6. Implement Pod Security Standards (PSS) with restricted profile

7. Use read-only root filesystem where possible

8. Enforce securityContext with runAsNonRoot=true and allowPrivilegeEscalation=false

9. Deploy container image scanning to detect permission misconfigurations

10. Monitor /etc/passwd modifications within containers using auditd or container runtime hooks



DETECTION:

- Alert on file permission changes to /etc/passwd within containers

- Monitor for new UID 0 user creation attempts

- Track group membership changes for root group

🔧 خطوات المعالجة (العربية)

الإجراءات الفورية:

1. تدقيق جميع نشرات Red Hat Process Automation Manager لتحديد إصدارات الصور المتأثرة

2. تطبيق تقسيم الشبكة لتقييد الاتصال بين الحاوية والمضيف

3. تفعيل مراقبة أمان وقت تشغيل الحاوية (فرض AppArmor/SELinux)

4. مراجعة سياسات تنفيذ الحاوية لتقييد قدرات المستخدم غير الجذر



الضوابط البديلة (حتى توفر التصحيح):

5. إعادة بناء صور الحاوية بأذونات /etc/passwd صحيحة

6. تطبيق معايير أمان Pod المقيدة

7. استخدام نظام ملفات الجذر للقراءة فقط حيثما أمكن

8. فرض securityContext مع runAsNonRoot=true

9. نشر فحص صور الحاوية

10. مراقبة تعديلات /etc/passwd داخل الحاويات

📋 Regulatory Compliance Mapping

🟢 NCA ECC 2024

ECC 2024 A.5.1.1 - Access Control Policies ECC 2024 A.5.3.1 - User Access Management ECC 2024 A.8.2.1 - User Endpoint Devices ECC 2024 A.8.3.1 - Information Access Restriction

🔵 SAMA CSF

SAMA CSF ID.AM-1 - Asset Management SAMA CSF PR.AC-1 - Access Control SAMA CSF PR.AC-4 - Access Rights Management SAMA CSF DE.CM-1 - System Monitoring

🟡 ISO 27001:2022

ISO 27001:2022 A.5.2 - Information Security Policies ISO 27001:2022 A.8.2 - User Access Management ISO 27001:2022 A.8.3 - User Responsibilities ISO 27001:2022 A.8.6 - Access Rights Review

🟣 PCI DSS v4.0.1

PCI DSS 2.1 - Configuration Standards PCI DSS 7.1 - Access Control Implementation

🔗 References & Sources 2

🔗

https://access.redhat.com/security/cve/CVE-2025-58713

secalert@redhat.com

🔗

https://bugzilla.redhat.com/show_bug.cgi?id=2394419

secalert@redhat.com

📊 CVSS Score

6.4

/ 10.0 — Medium

📊 CVSS Vector

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

Attack VectorL — Low / Local

Attack ComplexityH — High

Privileges RequiredH — High

User InteractionN — None / Network

ScopeU — Unchanged

ConfidentialityH — High

IntegrityH — High

AvailabilityH — High

📋 Quick Facts

Severity Medium

CVSS Score6.4

CWECWE-276

EPSS0.00%

Exploit No

Patch ✗ No

Published 2026-04-08

Source Feed nvd

🇸🇦 Saudi Risk Score

7.2

/ 10.0 — Saudi Risk

Priority: HIGH

🏷️ Tags

CWE-276

⚡ Actions

🔗 NVD Official Page ⚡ Exploit-DB Search 🐙 GitHub PoC Search 🎯 MITRE ATT&CK 📊 CVE Details

CVE-2025-58713

Introduce Yourself

Sign In Required