Base Score

MEDIUM5.2

CVE-2025-58712

A container privilege escalation flaw was found in certain AMQ Broker images. This issue stems from the /etc/passwd file being created with group-writable permissions during build time. In certain conditions, an attacker who can execute commands within an affected container, even as a non-root user, can leverage their membership in the root group to modify the /etc/passwd file. This could allow the attacker to add a new user with any arbitrary UID, including UID 0, leading to full root privileges within the container.

VectorLOCAL

Published Bysecalert@redhat.com

Published DateOct 22, 2025, 19:15

Weakness Type (CWE):CWE-276

CVSS Metrics

Base Score

5.2

Vector String

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:H/A:L

Base Severity

MEDIUM

Version

3.1

Attack Vector (AV)

LOCAL

Attack Complexity (AC)

HIGH

Privileges Required (PR)

HIGH

User Interaction (UI)

NONE

Scope (S)

UNCHANGED

Confidentiality (C)

LOW

Integrity (I)

HIGH

Availability (A)

LOW

References

Base Score

MEDIUM5.2

Weakness Type (CWE):CWE-276

CVSS Metrics

Base Score

5.2

Vector String

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:H/A:L

Base Severity

MEDIUM

Version

3.1

Attack Vector (AV)

LOCAL

Attack Complexity (AC)

HIGH

Privileges Required (PR)

HIGH

User Interaction (UI)

NONE

Scope (S)

UNCHANGED

Confidentiality (C)

LOW

Integrity (I)

HIGH

Availability (A)

LOW