Container Privilege Escalation Vulnerability in AMQ Broker by Red Hat
CVE-2025-58712

5.2MEDIUM

Key Information:

Vendor

Red Hat
Status
Rhel-9 Based Middleware Containers
Red Hat AMQ Broker 7
Vendor
CVE Published:
22 October 2025

What is CVE-2025-58712?

A privilege escalation vulnerability exists in specific AMQ Broker images due to the creation of the /etc/passwd file with group-writable permissions during the build process. Under particular conditions, an attacker with command execution ability within an affected container, even as a non-root user, could exploit their group membership to manipulate the /etc/passwd file. This exploitation may facilitate the addition of a user with arbitrary UID, including UID 0, granting the attacker full root access within the container environment.

Affected Version(s)

RHEL-9 based Middleware Containers 7.13.2-1

RHEL-9 based Middleware Containers 7.13.2-1

RHEL-9 based Middleware Containers 7.13.2-1

References

https://access.redhat.com/errata/RHSA-2025:17562
vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2025-58712
vdb-entryx_refsource_REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=2394418
issue-trackingx_refsource_REDHAT

CVSS V3.1

Score:
5.2
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
High
Availability:
Low
Attack Vector:
Local
Attack Complexity:
High
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Red Hat would like to thank Antony Di Scala and Mike Whale for reporting this issue.
JSON
.
CVE-2025-58712 : Container Privilege Escalation Vulnerability in AMQ Broker by Red Hat