Plattform
linux
Komponente
ansible-automation-platform
Behoben in
2.5.4
CVE-2025-57847 identifies a container privilege escalation vulnerability in Red Hat Ansible Automation Platform. This flaw arises from the creation of a group-writable /etc/passwd file during the build process, allowing a non-root user within a container to potentially gain root privileges. The vulnerability affects versions 2.0.0 through 2.5.3 and is resolved in version 2.5.4.
An attacker who can execute commands within an affected container, even as a non-root user, can leverage their membership in the root group to modify the /etc/passwd file. This allows the attacker to add a new user with UID 0 (root), effectively gaining full root privileges within the container. This can lead to complete compromise of the container and potentially access to sensitive data or systems accessible from the container. The blast radius depends on the container's access and privileges within the broader infrastructure.
The exploitation context for CVE-2025-57847 is currently unknown. No public exploits have been reported. The vulnerability was published on 2026-04-08. Severity: MEDIUM (CVSS 6.4).
Exploit-Status
EPSS
0.00% (0% Perzentil)
CISA SSVC
CVSS-Vektor
The primary mitigation for CVE-2025-57847 is to upgrade to Red Hat Ansible Automation Platform version 2.5.4 or later. If upgrading is not immediately possible, restrict access to the container and implement strong container security policies. Regularly scan containers for vulnerabilities and enforce the principle of least privilege. Consider using container runtime security tools to detect and prevent unauthorized modifications to the /etc/passwd file. After upgrading, verify the fix by attempting to create a new user with UID 0 within a container and confirming the operation fails.
Actualice a la versión 2.5.4 o posterior de Red Hat Ansible Automation Platform. Esta versión corrige la vulnerabilidad al asegurar que el archivo /etc/passwd no se cree con permisos de escritura de grupo, previniendo la escalada de privilegios.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
Versions prior to 2.5.4 are vulnerable to this vulnerability.
Yes, it is recommended to restart containers for the fix to take effect.
Implement temporary mitigation measures, such as restricting write permissions on /etc and applying the principle of least privilege.
Currently, no public exploit has been found, but updating is recommended to avoid future risks.
Check the version of Ansible Automation Platform you are using. If it is prior to 2.5.4, it is vulnerable.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.