Ansible Automation Platform images can be hijacked by non-root users

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

6.4

Ansible Automation Platform images can be hijacked by non-root users

CVE-2025-57847

Summary

Certain Ansible images have a security flaw that allows a non-root user to gain full control of the container by manipulating the /etc/passwd file, potentially allowing unauthorized access to sensitive data or systems. This issue affects users who run Ansible containers in environments where users can execute commands within the container. To mitigate this risk, update to the latest Ansible images or apply the recommended patches.

Original title

Original description

A container privilege escalation flaw was found in certain Ansible Automation Platform images. This issue arises from the /etc/passwd file being created with group-writable permissions during the build process. In certain conditions, an attacker who can execute commands within an affected container, even as a non-root user, can leverage their membership in the root group to modify the /etc/passwd file. This vulnerability allows an attacker to add a new user with any arbitrary UID, including UID 0, gaining full root privileges within the container.

nvd CVSS3.1 6.4

Vulnerability type

CWE-276 Incorrect Default Permissions

Published: 8 Apr 2026 · Updated: 9 Apr 2026 · First seen: 8 Apr 2026