What is CVE-2025-57847?

A privilege escalation flaw in certain Ansible Automation Platform images could allow attackers to gain root privileges. Organizations should prioritize patching to mitigate risks associated with this vulnerability.

What is the severity of CVE-2025-57847?

CVE-2025-57847 has a severity rating of MEDIUM with a CVSS base score of 6.4.

CVE-2025-57847 | Medium Vulnerability in RedHat Ansible Automation Platform

A container privilege escalation flaw was found in certain Ansible Automation Platform images. This issue arises from the /etc/passwd file being created with group-writable permissions during the build process. In certain conditions, an attacker who can execute commands within an affected container, even as a non-root user, can leverage their membership in the root group to modify the /etc/passwd file. This vulnerability allows an attacker to add a new user with any arbitrary UID, including UID 0, gaining full root privileges within the container.

The severity of this vulnerability is classified as medium with a CVSS score of 6.4. Organizations should understand the real-world risk context of this vulnerability, especially in environments utilizing containerized applications.

Risk to organizations includes potential unauthorized access and modifications to sensitive data within containers. Given the nature of container environments, attackers may exploit this issue to escalate privileges and execute malicious commands, leading to a compromised container.

Organizations should prioritize patching immediately to mitigate the risks associated with this vulnerability.

Vulnerability Details

The vulnerability is officially described as a container privilege escalation flaw. It is associated with CWE-276, which pertains to incorrect assignment of permissions. The vulnerability affects RedHat's Ansible Automation Platform, specifically versions up to and including 2.6. It was published on April 8, 2026.

Technical Analysis

The root cause of this vulnerability stems from the /etc/passwd file being created with group-writable permissions during the build process of Ansible Automation Platform images. This configuration leads to an attack vector that requires local access to the container, posing a high attack complexity. Attackers must possess high privileges within the container but need no user interaction to exploit the flaw.

The impact on confidentiality, integrity, and availability is high, as attackers may modify critical system files, potentially leading to unauthorized access and service disruptions.

Risk & Impact Analysis

Real-world deployment risk is significant, as the vulnerability allows for privilege escalation within containers. This could result in unauthorized access to sensitive information and critical system components. Organizations using the affected versions of Ansible Automation Platform should assess their exposure and respond accordingly.

The urgency for addressing this vulnerability is classified as medium, aligning with its CVSS score. Organizations should incorporate this vulnerability into their priority patch cycle to mitigate potential risks.

Exploitation Status

Signal	Status
Known Exploit	No
Public PoC	No
Actively Exploited	No
Ransomware Use	No

Affected Versions

The affected product is the Ansible Automation Platform, specifically all versions prior to vendor patch 2.6.

Mitigation & Remediation

Organizations should prioritize applying the latest patches to their Ansible Automation Platform installations. If an immediate patch is unavailable, consider implementing configuration hardening measures to restrict access to /etc/passwd, thereby mitigating the risk of privilege escalation. Additionally, organizations can benefit from engaging in penetration testing to evaluate their security posture.

Detection Guidance

Monitor logs for any unauthorized attempts to modify the /etc/passwd file. Look for behavioral anomalies that indicate privilege escalation attempts, including unexpected user creation or modifications by non-root users. Implement network signatures to detect unusual command executions within containers.

AppSecure Threat Intelligence Insight

The long-term significance of CVE-2025-57847 lies in its illustration of how misconfigured permissions can lead to severe vulnerabilities in containerized environments. Security teams must prioritize container security and regularly audit permissions to prevent similar vulnerabilities.

This vulnerability highlights the importance of understanding the attack surface within containerized applications. Organizations should consider reviewing their security best practices and engaging in proactive security measures.

For further insights on vulnerability management, organizations can refer to our vulnerability management program design.

Additionally, security teams can benefit from exploring our insights on penetration testing methodology to enhance their security measures.

Lastly, understanding the risks associated with cloud environments can further support organizations in their security initiatives. Our cloud penetration testing guide provides essential strategies for securing cloud-based applications.

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

CVE ID	Title	Severity	Vulnerability Type	Published
CVE-2025-65418	CVE-2025-65418: High Vulnerability in docuFORM Managed Print Service Client	HIGH	Path Traversal	May 11, 2026
CVE-2025-65417	CVE-2025-65417: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	XSS	May 11, 2026
CVE-2025-65416	CVE-2025-65416: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Unrestricted File Upload	May 11, 2026
CVE-2025-65415	CVE-2025-65415: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Session Fixation	May 11, 2026
CVE-2025-61314	CVE-2025-61314: High Vulnerability in GmbH Mecury Managed Print Services	HIGH	XSS	May 11, 2026

CVE-2025-57847: Medium Vulnerability in RedHat Ansible Automation Platform