Platform
linux
Component
ansible-automation-platform
Fixed in
2.5.4
CVE-2025-57847 represents a container privilege escalation vulnerability discovered in specific Red Hat Ansible Automation Platform images. An attacker with command execution capabilities within an affected container, even without root privileges, can potentially modify the /etc/passwd file due to group-writable permissions. This manipulation allows the attacker to create a new user with root privileges, effectively gaining full control within the container environment. The vulnerability affects versions 2.0.0 through 2.5.3, and a patch is available in version 2.5.4.
A container privilege escalation vulnerability has been identified in certain Ansible Automation Platform images (CVE-2025-57847). The root cause is that the /etc/passwd file is created with group-writable permissions during the build process. This means an attacker who can execute commands within an affected container, even as a non-root user, and is a member of the root group, can potentially modify this file. Successful modification allows the attacker to add a new user with an arbitrary UID, potentially gaining root access to the system. The vulnerability is rated as CVSS 6.4, indicating a moderate risk. Updating to version 2.5.4 or higher is crucial to mitigate this risk.
Exploitation of this vulnerability requires the attacker to have the ability to execute commands within an affected container. This could be achieved through a vulnerability in an application running within the container or through exploiting misconfiguration. The attacker must also be a member of the 'root' group to modify the /etc/passwd file. Once the attacker has modified the /etc/passwd file to add a new user with root UID, they can authenticate as that user and gain root access to the system. The complexity of exploitation depends on the existence of an execution path within the container and group membership.
Exploit Status
EPSS
0.00% (0% percentile)
CISA SSVC
CVSS Vector
The recommended solution is to upgrade Ansible Automation Platform to version 2.5.4 or higher. This version includes a fix that prevents the /etc/passwd file from being created with group-writable permissions. If immediate upgrade is not possible, review container configurations to restrict write permissions on the /etc directory. Adhering to the principle of least privilege, ensuring users within containers only have necessary permissions, is also vital. Monitoring container activity and implementing robust security policies can further aid in detecting and preventing potential exploits. The absence of a KEV (Kernel Exploitability Enumeration) indicates no public exploits have been found, but updating remains essential for security.
Actualice a la versión 2.5.4 o posterior de Red Hat Ansible Automation Platform. Esta versión corrige la vulnerabilidad al asegurar que el archivo /etc/passwd no se cree con permisos de escritura de grupo, previniendo la escalada de privilegios.
Vulnerability analysis and critical alerts directly to your inbox.
Versions prior to 2.5.4 are vulnerable to this vulnerability.
Yes, it is recommended to restart containers for the fix to take effect.
Implement temporary mitigation measures, such as restricting write permissions on /etc and applying the principle of least privilege.
Currently, no public exploit has been found, but updating is recommended to avoid future risks.
Check the version of Ansible Automation Platform you are using. If it is prior to 2.5.4, it is vulnerable.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.