Search

Find a vulnerability

Search criteria

    12 vulnerabilities found for cert-manager operator for Red Hat OpenShift 1.16 by Red Hat

    CVE-2025-8941 (GCVE-0-2025-8941)

    Vulnerability from nvd – Published: 2025-08-13 14:42 – Updated: 2026-02-26 17:48
    VLAI
    Title
    Linux-pam: incomplete fix for cve-2025-6020
    Summary
    A flaw was found in linux-pam. The pam_namespace module may improperly handle user-controlled paths, allowing local users to exploit symlink attacks and race conditions to elevate their privileges to root. This CVE provides a "complete" fix for CVE-2025-6020.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
    Assigner
    References
    URL Tags
    https://access.redhat.com/errata/RHSA-2025:14557 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:15099 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:15100 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:15101 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:15102 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:15103 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:15104 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:15105 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:15106 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:15107 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:15709 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:15827 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:15828 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:16524 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:17181 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:18219 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:21885 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/security/cve/CVE-2025-8941 vdb-entryx_refsource_REDHAT
    https://bugzilla.redhat.com/show_bug.cgi?id=2388220 issue-trackingx_refsource_REDHAT
    Impacted products
    Vendor Product Version
    Red Hat Red Hat Enterprise Linux 7 Extended Lifecycle Support Unaffected: 0:1.1.8-23.el7_9.2 , < * (rpm)
        cpe:/o:redhat:rhel_els:7
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8 Unaffected: 0:1.3.1-38.el8_10 , < * (rpm)
        cpe:/o:redhat:enterprise_linux:8::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.2 Advanced Update Support Unaffected: 0:1.3.1-8.el8_2.2 , < * (rpm)
        cpe:/o:redhat:rhel_aus:8.2::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support Unaffected: 0:1.3.1-14.el8_4.2 , < * (rpm)
        cpe:/o:redhat:rhel_eus_long_life:8.4::baseos
        cpe:/o:redhat:rhel_aus:8.4::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On Unaffected: 0:1.3.1-14.el8_4.2 , < * (rpm)
        cpe:/o:redhat:rhel_eus_long_life:8.4::baseos
        cpe:/o:redhat:rhel_aus:8.4::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support Unaffected: 0:1.3.1-16.el8_6.3 , < * (rpm)
        cpe:/o:redhat:rhel_e4s:8.6::baseos
        cpe:/o:redhat:rhel_tus:8.6::baseos
        cpe:/o:redhat:rhel_aus:8.6::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.6 Telecommunications Update Service Unaffected: 0:1.3.1-16.el8_6.3 , < * (rpm)
        cpe:/o:redhat:rhel_e4s:8.6::baseos
        cpe:/o:redhat:rhel_tus:8.6::baseos
        cpe:/o:redhat:rhel_aus:8.6::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions Unaffected: 0:1.3.1-16.el8_6.3 , < * (rpm)
        cpe:/o:redhat:rhel_e4s:8.6::baseos
        cpe:/o:redhat:rhel_tus:8.6::baseos
        cpe:/o:redhat:rhel_aus:8.6::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.8 Telecommunications Update Service Unaffected: 0:1.3.1-26.el8_8.2 , < * (rpm)
        cpe:/o:redhat:rhel_e4s:8.8::baseos
        cpe:/o:redhat:rhel_tus:8.8::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions Unaffected: 0:1.3.1-26.el8_8.2 , < * (rpm)
        cpe:/o:redhat:rhel_e4s:8.8::baseos
        cpe:/o:redhat:rhel_tus:8.8::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9 Unaffected: 0:1.5.1-26.el9_6 , < * (rpm)
        cpe:/a:redhat:enterprise_linux:9::appstream
        cpe:/o:redhat:enterprise_linux:9::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions Unaffected: 0:1.5.1-9.el9_0.3 , < * (rpm)
        cpe:/a:redhat:rhel_e4s:9.0::appstream
        cpe:/o:redhat:rhel_e4s:9.0::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions Unaffected: 0:1.5.1-15.el9_2.2 , < * (rpm)
        cpe:/a:redhat:rhel_e4s:9.2::appstream
        cpe:/o:redhat:rhel_e4s:9.2::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9.4 Extended Update Support Unaffected: 0:1.5.1-24.el9_4.1 , < * (rpm)
        cpe:/o:redhat:rhel_eus:9.4::baseos
        cpe:/a:redhat:rhel_eus:9.4::appstream
    Create a notification for this product.
    Red Hat Red Hat Web Terminal 1.11 on RHEL 9 Unaffected: 1.11-19 , < * (rpm)
        cpe:/a:redhat:webterminal:1.11::el9
    Create a notification for this product.
    Red Hat Red Hat Web Terminal 1.11 on RHEL 9 Unaffected: 1.11-8 , < * (rpm)
        cpe:/a:redhat:webterminal:1.11::el9
    Create a notification for this product.
    Red Hat Red Hat Web Terminal 1.12 on RHEL 9 Unaffected: 1.12-4 , < * (rpm)
        cpe:/a:redhat:webterminal:1.12::el9
    Create a notification for this product.
    Red Hat cert-manager operator for Red Hat OpenShift 1.16 Unaffected: sha256:330e8b5ab4841a21f8f5f23cc7fb192197872f11639b12bf4b1e70831f636323 , < * (rpm)
        cpe:/a:redhat:cert_manager:1.16::el9
    Create a notification for this product.
    Red Hat Compliance Operator 1 Unaffected: sha256:c953e9f9abf9cf25bf65bb3ffdc86ccf49b3e69a1cf3fbb47b6972e421fd6628 , < * (rpm)
        cpe:/a:redhat:openshift_compliance_operator:1::el9
    Create a notification for this product.
    Red Hat Red Hat Discovery 2 Unaffected: sha256:c85cfbcaf7888885e57596b7b8bde3894718cfc33326499b24961a66a62cf083 , < * (rpm)
        cpe:/a:redhat:discovery:2::el9
    Create a notification for this product.
    Red Hat Red Hat Insights proxy 1.5 Unaffected: sha256:4ca38b33efec0d2dd17a8fd822a7c18281810676ceabb0c1db90953cb91cd5ea , < * (rpm)
        cpe:/a:redhat:insights_proxy:1.5::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift sandboxed containers 1.1 Unaffected: sha256:24722900db1425bf0c27f6ad6f3fb7d79ff9ebc433bdab58423fa71bab76122b , < * (rpm)
        cpe:/a:redhat:confidential_compute_attestation:1.10::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift sandboxed containers 1.1 Unaffected: sha256:f5e1602d72177d77f1b879c76e6f6cfbc2979c136c06ca9f03ea97ffb369b7a6 , < * (rpm)
        cpe:/a:redhat:confidential_compute_attestation:1.10::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift sandboxed containers 1.1 Unaffected: sha256:cead623ceda4048cabaa81c371ed2a8143f5c5514276fca1d71685bd9e6d1e65 , < * (rpm)
        cpe:/a:redhat:confidential_compute_attestation:1.10::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift sandboxed containers 1.1 Unaffected: sha256:59fb1f7f1653361d94f7d48b42d8fe19ed3263c1c78654837c11f2135544c1ac , < * (rpm)
        cpe:/a:redhat:confidential_compute_attestation:1.10::el9
    Create a notification for this product.
    Date Public
    2025-08-13 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-8941",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-08-14T03:56:02.437686Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-26T17:48:41.074Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://github.com/linux-pam/linux-pam",
              "defaultStatus": "unaffected",
              "packageName": "linux-pam"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:rhel_els:7"
              ],
              "defaultStatus": "affected",
              "packageName": "pam",
              "product": "Red Hat Enterprise Linux 7 Extended Lifecycle Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.1.8-23.el7_9.2",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:8::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "pam",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.3.1-38.el8_10",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:rhel_aus:8.2::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "pam",
              "product": "Red Hat Enterprise Linux 8.2 Advanced Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.3.1-8.el8_2.2",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:rhel_eus_long_life:8.4::baseos",
                "cpe:/o:redhat:rhel_aus:8.4::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "pam",
              "product": "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.3.1-14.el8_4.2",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:rhel_eus_long_life:8.4::baseos",
                "cpe:/o:redhat:rhel_aus:8.4::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "pam",
              "product": "Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.3.1-14.el8_4.2",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:rhel_e4s:8.6::baseos",
                "cpe:/o:redhat:rhel_tus:8.6::baseos",
                "cpe:/o:redhat:rhel_aus:8.6::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "pam",
              "product": "Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.3.1-16.el8_6.3",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:rhel_e4s:8.6::baseos",
                "cpe:/o:redhat:rhel_tus:8.6::baseos",
                "cpe:/o:redhat:rhel_aus:8.6::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "pam",
              "product": "Red Hat Enterprise Linux 8.6 Telecommunications Update Service",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.3.1-16.el8_6.3",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:rhel_e4s:8.6::baseos",
                "cpe:/o:redhat:rhel_tus:8.6::baseos",
                "cpe:/o:redhat:rhel_aus:8.6::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "pam",
              "product": "Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.3.1-16.el8_6.3",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:rhel_e4s:8.8::baseos",
                "cpe:/o:redhat:rhel_tus:8.8::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "pam",
              "product": "Red Hat Enterprise Linux 8.8 Telecommunications Update Service",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.3.1-26.el8_8.2",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:rhel_e4s:8.8::baseos",
                "cpe:/o:redhat:rhel_tus:8.8::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "pam",
              "product": "Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.3.1-26.el8_8.2",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:enterprise_linux:9::appstream",
                "cpe:/o:redhat:enterprise_linux:9::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "pam",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.5.1-26.el9_6",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:enterprise_linux:9::appstream",
                "cpe:/o:redhat:enterprise_linux:9::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "pam",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.5.1-26.el9_6",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_e4s:9.0::appstream",
                "cpe:/o:redhat:rhel_e4s:9.0::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "pam",
              "product": "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.5.1-9.el9_0.3",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_e4s:9.2::appstream",
                "cpe:/o:redhat:rhel_e4s:9.2::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "pam",
              "product": "Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.5.1-15.el9_2.2",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:rhel_eus:9.4::baseos",
                "cpe:/a:redhat:rhel_eus:9.4::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "pam",
              "product": "Red Hat Enterprise Linux 9.4 Extended Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.5.1-24.el9_4.1",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:webterminal:1.11::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "web-terminal/web-terminal-rhel9-operator",
              "product": "Red Hat Web Terminal 1.11 on RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1.11-19",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:webterminal:1.11::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "web-terminal/web-terminal-tooling-rhel9",
              "product": "Red Hat Web Terminal 1.11 on RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1.11-8",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:webterminal:1.12::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "web-terminal/web-terminal-tooling-rhel9",
              "product": "Red Hat Web Terminal 1.12 on RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1.12-4",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:cert_manager:1.16::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "cert-manager/jetstack-cert-manager-rhel9",
              "product": "cert-manager operator for Red Hat OpenShift 1.16",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "sha256:330e8b5ab4841a21f8f5f23cc7fb192197872f11639b12bf4b1e70831f636323",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_compliance_operator:1::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "compliance/openshift-compliance-openscap-rhel8",
              "product": "Compliance Operator 1",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "sha256:c953e9f9abf9cf25bf65bb3ffdc86ccf49b3e69a1cf3fbb47b6972e421fd6628",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:discovery:2::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "discovery/discovery-server-rhel9",
              "product": "Red Hat Discovery 2",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "sha256:c85cfbcaf7888885e57596b7b8bde3894718cfc33326499b24961a66a62cf083",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:insights_proxy:1.5::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "insights-proxy/insights-proxy-container-rhel9",
              "product": "Red Hat Insights proxy 1.5",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "sha256:4ca38b33efec0d2dd17a8fd822a7c18281810676ceabb0c1db90953cb91cd5ea",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:confidential_compute_attestation:1.10::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-sandboxed-containers/osc-cloud-api-adaptor-rhel9",
              "product": "Red Hat OpenShift sandboxed containers 1.1",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "sha256:24722900db1425bf0c27f6ad6f3fb7d79ff9ebc433bdab58423fa71bab76122b",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:confidential_compute_attestation:1.10::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-sandboxed-containers/osc-monitor-rhel9",
              "product": "Red Hat OpenShift sandboxed containers 1.1",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "sha256:f5e1602d72177d77f1b879c76e6f6cfbc2979c136c06ca9f03ea97ffb369b7a6",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:confidential_compute_attestation:1.10::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-sandboxed-containers/osc-podvm-builder-rhel9",
              "product": "Red Hat OpenShift sandboxed containers 1.1",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "sha256:cead623ceda4048cabaa81c371ed2a8143f5c5514276fca1d71685bd9e6d1e65",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:confidential_compute_attestation:1.10::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-sandboxed-containers/osc-podvm-payload-rhel9",
              "product": "Red Hat OpenShift sandboxed containers 1.1",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "sha256:59fb1f7f1653361d94f7d48b42d8fe19ed3263c1c78654837c11f2135544c1ac",
                  "versionType": "rpm"
                }
              ]
            }
          ],
          "datePublic": "2025-08-13T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A flaw was found in linux-pam. The pam_namespace module may improperly handle user-controlled paths, allowing local users to exploit symlink attacks and race conditions to elevate their privileges to root. This CVE provides a \"complete\" fix for CVE-2025-6020."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Important"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-22",
                  "description": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-12-10T20:56:35.028Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "RHSA-2025:14557",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:14557"
            },
            {
              "name": "RHSA-2025:15099",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:15099"
            },
            {
              "name": "RHSA-2025:15100",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:15100"
            },
            {
              "name": "RHSA-2025:15101",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:15101"
            },
            {
              "name": "RHSA-2025:15102",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:15102"
            },
            {
              "name": "RHSA-2025:15103",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:15103"
            },
            {
              "name": "RHSA-2025:15104",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:15104"
            },
            {
              "name": "RHSA-2025:15105",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:15105"
            },
            {
              "name": "RHSA-2025:15106",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:15106"
            },
            {
              "name": "RHSA-2025:15107",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:15107"
            },
            {
              "name": "RHSA-2025:15709",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:15709"
            },
            {
              "name": "RHSA-2025:15827",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:15827"
            },
            {
              "name": "RHSA-2025:15828",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:15828"
            },
            {
              "name": "RHSA-2025:16524",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:16524"
            },
            {
              "name": "RHSA-2025:17181",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:17181"
            },
            {
              "name": "RHSA-2025:18219",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:18219"
            },
            {
              "name": "RHSA-2025:21885",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:21885"
            },
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2025-8941"
            },
            {
              "name": "RHBZ#2388220",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2388220"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-08-13T12:11:55.270Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2025-08-13T00:00:00.000Z",
              "value": "Made public."
            }
          ],
          "title": "Linux-pam: incomplete fix for cve-2025-6020",
          "workarounds": [
            {
              "lang": "en",
              "value": "Disable the `pam_namespace` module if it is not essential for your environment, or carefully review and configure it to avoid operating on any directories or paths that can be influenced or controlled by unprivileged users, such as user home directories or world-writable locations like `/tmp`."
            }
          ],
          "x_generator": {
            "engine": "cvelib 1.8.0"
          },
          "x_redhatCweChain": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2025-8941",
        "datePublished": "2025-08-13T14:42:37.570Z",
        "dateReserved": "2025-08-13T12:24:47.522Z",
        "dateUpdated": "2026-02-26T17:48:41.074Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-7425 (GCVE-0-2025-7425)

    Vulnerability from nvd – Published: 2025-07-10 13:53 – Updated: 2026-06-29 20:46
    VLAI
    Title
    Libxslt: libxml2: heap use-after-free in libxslt caused by atype corruption in xmlattrptr
    Summary
    A flaw was found in libxslt where the attribute type, atype, flags are modified in a way that corrupts internal memory management. When XSLT functions, such as the key() process, result in tree fragments, this corruption prevents the proper cleanup of ID attributes. As a result, the system may access freed memory, causing crashes or enabling attackers to trigger heap corruption.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://access.redhat.com/errata/RHBA-2025:12345 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:12447 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:12450 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:13267 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:13308 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:13309 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:13310 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:13311 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:13312 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:13313 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:13314 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:13335 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:13464 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:13622 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:14059 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:14396 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:14818 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:14819 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:14853 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:14858 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:15308 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:15672 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:15827 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:15828 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:18219 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:21885 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:21913 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:0934 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:11503 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/security/cve/CVE-2025-7425 vdb-entryx_refsource_REDHAT
    https://bugzilla.redhat.com/show_bug.cgi?id=2379274 issue-trackingx_refsource_REDHAT
    https://gitlab.gnome.org/GNOME/libxslt/-/issues/140
    https://lists.debian.org/debian-lts-announce/2025…
    http://seclists.org/fulldisclosure/2025/Aug/0
    http://seclists.org/fulldisclosure/2025/Jul/37
    http://seclists.org/fulldisclosure/2025/Jul/35
    http://seclists.org/fulldisclosure/2025/Jul/32
    http://seclists.org/fulldisclosure/2025/Jul/30
    http://www.openwall.com/lists/oss-security/2025/07/11/2
    https://cert-portal.siemens.com/productcert/html/…
    https://cert-portal.siemens.com/productcert/html/…
    https://cert-portal.siemens.com/productcert/html/…
    https://cert-portal.siemens.com/productcert/html/…
    Impacted products
    Vendor Product Version
    GNOME libxml2 Affected: 0 , < 2.15.2 (semver)
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 10 Unaffected: 0:2.12.5-8.el10_0 , < * (rpm)
        cpe:/o:redhat:enterprise_linux:10.0
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 10 Unaffected: 0:1.1.39-8.el10_0 , < * (rpm)
        cpe:/o:redhat:enterprise_linux:10.0
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 7 Extended Lifecycle Support Unaffected: 0:2.9.1-6.el7_9.12 , < * (rpm)
        cpe:/o:redhat:rhel_els:7
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8 Unaffected: 0:2.9.7-21.el8_10.2 , < * (rpm)
        cpe:/a:redhat:enterprise_linux:8::appstream
        cpe:/o:redhat:enterprise_linux:8::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.2 Advanced Update Support Unaffected: 0:2.9.7-9.el8_2.4 , < * (rpm)
        cpe:/a:redhat:rhel_aus:8.2::appstream
        cpe:/o:redhat:rhel_aus:8.2::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support Unaffected: 0:2.9.7-9.el8_4.7 , < * (rpm)
        cpe:/a:redhat:rhel_aus:8.4::appstream
        cpe:/a:redhat:rhel_eus_long_life:8.4::appstream
        cpe:/o:redhat:rhel_aus:8.4::baseos
        cpe:/o:redhat:rhel_eus_long_life:8.4::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On Unaffected: 0:2.9.7-9.el8_4.7 , < * (rpm)
        cpe:/a:redhat:rhel_aus:8.4::appstream
        cpe:/a:redhat:rhel_eus_long_life:8.4::appstream
        cpe:/o:redhat:rhel_aus:8.4::baseos
        cpe:/o:redhat:rhel_eus_long_life:8.4::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support Unaffected: 0:2.9.7-13.el8_6.11 , < * (rpm)
        cpe:/a:redhat:rhel_aus:8.6::appstream
        cpe:/a:redhat:rhel_e4s:8.6::appstream
        cpe:/a:redhat:rhel_tus:8.6::appstream
        cpe:/o:redhat:rhel_aus:8.6::baseos
        cpe:/o:redhat:rhel_e4s:8.6::baseos
        cpe:/o:redhat:rhel_tus:8.6::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.6 Telecommunications Update Service Unaffected: 0:2.9.7-13.el8_6.11 , < * (rpm)
        cpe:/a:redhat:rhel_aus:8.6::appstream
        cpe:/a:redhat:rhel_e4s:8.6::appstream
        cpe:/a:redhat:rhel_tus:8.6::appstream
        cpe:/o:redhat:rhel_aus:8.6::baseos
        cpe:/o:redhat:rhel_e4s:8.6::baseos
        cpe:/o:redhat:rhel_tus:8.6::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions Unaffected: 0:2.9.7-13.el8_6.11 , < * (rpm)
        cpe:/a:redhat:rhel_aus:8.6::appstream
        cpe:/a:redhat:rhel_e4s:8.6::appstream
        cpe:/a:redhat:rhel_tus:8.6::appstream
        cpe:/o:redhat:rhel_aus:8.6::baseos
        cpe:/o:redhat:rhel_e4s:8.6::baseos
        cpe:/o:redhat:rhel_tus:8.6::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.8 Telecommunications Update Service Unaffected: 0:2.9.7-16.el8_8.10 , < * (rpm)
        cpe:/a:redhat:rhel_e4s:8.8::appstream
        cpe:/a:redhat:rhel_tus:8.8::appstream
        cpe:/o:redhat:rhel_e4s:8.8::baseos
        cpe:/o:redhat:rhel_tus:8.8::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions Unaffected: 0:2.9.7-16.el8_8.10 , < * (rpm)
        cpe:/a:redhat:rhel_e4s:8.8::appstream
        cpe:/a:redhat:rhel_tus:8.8::appstream
        cpe:/o:redhat:rhel_e4s:8.8::baseos
        cpe:/o:redhat:rhel_tus:8.8::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9 Unaffected: 0:2.9.13-11.el9_6 , < * (rpm)
        cpe:/a:redhat:enterprise_linux:9::appstream
        cpe:/o:redhat:enterprise_linux:9::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions Unaffected: 0:2.9.13-1.el9_0.6 , < * (rpm)
        cpe:/a:redhat:rhel_e4s:9.0::appstream
        cpe:/o:redhat:rhel_e4s:9.0::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions Unaffected: 0:2.9.13-3.el9_2.8 , < * (rpm)
        cpe:/a:redhat:rhel_e4s:9.2::appstream
        cpe:/o:redhat:rhel_e4s:9.2::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9.4 Extended Update Support Unaffected: 0:2.9.13-11.el9_4 , < * (rpm)
        cpe:/a:redhat:rhel_eus:9.4::appstream
        cpe:/o:redhat:rhel_eus:9.4::baseos
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.12 Unaffected: 412.86.202509030110-0 , < * (rpm)
        cpe:/a:redhat:openshift:4.12::el8
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.13 Unaffected: 413.92.202509030117-0 , < * (rpm)
        cpe:/a:redhat:openshift:4.13::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.14 Unaffected: 414.92.202508270040-0 , < * (rpm)
        cpe:/a:redhat:openshift:4.14::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.15 Unaffected: 415.92.202508192014-0 , < * (rpm)
        cpe:/a:redhat:openshift:4.15::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.16 Unaffected: 416.94.202508261955-0 , < * (rpm)
        cpe:/a:redhat:openshift:4.16::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.17 Unaffected: 417.94.202508141510-0 , < * (rpm)
        cpe:/a:redhat:openshift:4.17::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.18 Unaffected: 418.94.202508261658-0 , < * (rpm)
        cpe:/a:redhat:openshift:4.18::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.19 Unaffected: 4.19.9.6.202508271124-0 , < * (rpm)
        cpe:/a:redhat:openshift:4.19::el9
    Create a notification for this product.
    Red Hat Red Hat Web Terminal 1.11 on RHEL 9 Unaffected: 1.11-19 , < * (rpm)
        cpe:/a:redhat:webterminal:1.11::el9
    Create a notification for this product.
    Red Hat Red Hat Web Terminal 1.11 on RHEL 9 Unaffected: 1.11-8 , < * (rpm)
        cpe:/a:redhat:webterminal:1.11::el9
    Create a notification for this product.
    Red Hat Red Hat Web Terminal 1.12 on RHEL 9 Unaffected: 1.12-4 , < * (rpm)
        cpe:/a:redhat:webterminal:1.12::el9
    Create a notification for this product.
    Red Hat RHOSS-1.36-RHEL-8 Unaffected: 1.36.0-11 , < * (rpm)
        cpe:/a:redhat:openshift_serverless:1.36::el8
    Create a notification for this product.
    Red Hat RHOSS-1.36-RHEL-8 Unaffected: 1.36.0-10 , < * (rpm)
        cpe:/a:redhat:openshift_serverless:1.36::el8
    Create a notification for this product.
    Red Hat RHOSS-1.36-RHEL-8 Unaffected: 1.36.0-4 , < * (rpm)
        cpe:/a:redhat:openshift_serverless:1.36::el8
    Create a notification for this product.
    Red Hat RHOSS-1.36-RHEL-8 Unaffected: 1.36.0-9 , < * (rpm)
        cpe:/a:redhat:openshift_serverless:1.36::el8
    Create a notification for this product.
    Red Hat RHOSS-1.36-RHEL-8 Unaffected: 1.36.0-12 , < * (rpm)
        cpe:/a:redhat:openshift_serverless:1.36::el8
    Create a notification for this product.
    Red Hat RHOSS-1.36-RHEL-8 Unaffected: 1.36.0-18 , < * (rpm)
        cpe:/a:redhat:openshift_serverless:1.36::el8
    Create a notification for this product.
    Red Hat RHOSS-1.36-RHEL-8 Unaffected: 1.36.0-7 , < * (rpm)
        cpe:/a:redhat:openshift_serverless:1.36::el8
    Create a notification for this product.
    Red Hat cert-manager operator for Red Hat OpenShift 1.16 Unaffected: v1.16.5-1760515757 , < * (rpm)
        cpe:/a:redhat:cert_manager:1.16::el9
    Create a notification for this product.
    Red Hat OpenShift Compliance Operator 1 Unaffected: 1.8.0 , < * (rpm)
        cpe:/a:redhat:openshift_compliance_operator:1::el9
    Create a notification for this product.
    Red Hat OpenShift File Integrity Operator - FIO 1 Unaffected: v1.3 , < * (rpm)
        cpe:/a:redhat:openshift_file_integrity_operator:1::el9
    Create a notification for this product.
    Red Hat Red Hat Discovery 2 Unaffected: 2.0.1-1754478727 , < * (rpm)
        cpe:/a:redhat:discovery:2::el9
    Create a notification for this product.
    Red Hat Red Hat Hardened Images Unaffected: 2.15.3-0.1.hum1 , < * (rpm)
        cpe:/a:redhat:hummingbird:1
    Create a notification for this product.
    Red Hat Red Hat Insights proxy 1.5 Unaffected: 1.5.5-1754504343 , < * (rpm)
        cpe:/a:redhat:insights_proxy:1.5::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift distributed tracing 3.5.1 Unaffected: rhosdt-3.5-1754559657 , < * (rpm)
        cpe:/a:redhat:openshift_distributed_tracing:3.5::el8
    Create a notification for this product.
    Red Hat Red Hat OpenShift distributed tracing 3.5.1 Unaffected: rhosdt-3.5-1754559845 , < * (rpm)
        cpe:/a:redhat:openshift_distributed_tracing:3.5::el8
    Create a notification for this product.
    Red Hat Red Hat OpenShift distributed tracing 3.5.1 Unaffected: rhosdt-3.5-1754559691 , < * (rpm)
        cpe:/a:redhat:openshift_distributed_tracing:3.5::el8
    Create a notification for this product.
    Red Hat Red Hat OpenShift distributed tracing 3.5.1 Unaffected: rhosdt-3.5-1754559660 , < * (rpm)
        cpe:/a:redhat:openshift_distributed_tracing:3.5::el8
    Create a notification for this product.
    Red Hat Red Hat OpenShift distributed tracing 3.5.1 Unaffected: rhosdt-3.5-1754559663 , < * (rpm)
        cpe:/a:redhat:openshift_distributed_tracing:3.5::el8
    Create a notification for this product.
    Red Hat Red Hat OpenShift distributed tracing 3.5.1 Unaffected: rhosdt-3.5-1754569861 , < * (rpm)
        cpe:/a:redhat:openshift_distributed_tracing:3.5::el8
    Create a notification for this product.
    Red Hat Red Hat OpenShift distributed tracing 3.5.1 Unaffected: rhosdt-3.5-1754559846 , < * (rpm)
        cpe:/a:redhat:openshift_distributed_tracing:3.5::el8
    Create a notification for this product.
    Red Hat Red Hat OpenShift distributed tracing 3.5.1 Unaffected: rhosdt-3.5-1754559651 , < * (rpm)
        cpe:/a:redhat:openshift_distributed_tracing:3.5::el8
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 6     cpe:/o:redhat:enterprise_linux:6
    Create a notification for this product.
    Siemens RUGGEDCOM ROX MX5000 Affected: 0 , < V2.17.1 (custom)
    Create a notification for this product.
    Siemens RUGGEDCOM ROX MX5000RE Affected: 0 , < V2.17.1 (custom)
    Create a notification for this product.
    Siemens RUGGEDCOM ROX RX1400 Affected: 0 , < V2.17.1 (custom)
    Create a notification for this product.
    Siemens RUGGEDCOM ROX RX1500 Affected: 0 , < V2.17.1 (custom)
    Create a notification for this product.
    Siemens RUGGEDCOM ROX RX1501 Affected: 0 , < V2.17.1 (custom)
    Create a notification for this product.
    Siemens RUGGEDCOM ROX RX1510 Affected: 0 , < V2.17.1 (custom)
    Create a notification for this product.
    Siemens RUGGEDCOM ROX RX1511 Affected: 0 , < V2.17.1 (custom)
    Create a notification for this product.
    Siemens RUGGEDCOM ROX RX1512 Affected: 0 , < V2.17.1 (custom)
    Create a notification for this product.
    Siemens RUGGEDCOM ROX RX1524 Affected: 0 , < V2.17.1 (custom)
    Create a notification for this product.
    Siemens RUGGEDCOM ROX RX1536 Affected: 0 , < V2.17.1 (custom)
    Create a notification for this product.
    Siemens RUGGEDCOM ROX RX5000 Affected: 0 , < V2.17.1 (custom)
    Create a notification for this product.
    Siemens SIMATIC CN 4100 Affected: 0 , < V5.0 (custom)
    Create a notification for this product.
    Siemens SIMATIC S7-1500 CPU 1518-4 PN/DP MFP Affected: V3.1.5 , < * (custom)
    Create a notification for this product.
    Siemens SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP Affected: V3.1.5 , < * (custom)
    Create a notification for this product.
    Siemens SIMATIC S7-1500 TM MFP - GNU/Linux subsystem Affected: 0 , < * (custom)
    Create a notification for this product.
    Siemens SIPLUS S7-1500 CPU 1518-4 PN/DP MFP Affected: V3.1.5 , < * (custom)
    Create a notification for this product.
    Date Public
    2025-07-10 00:00
    Credits
    Red Hat would like to thank Sergei Glazunov (Google Project Zero) for reporting this issue.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-7425",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-07-10T15:21:27.766014Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-07-10T15:21:30.858Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://gitlab.gnome.org/GNOME/libxslt/-/issues/140"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2025-11-04T21:14:55.508Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "https://lists.debian.org/debian-lts-announce/2025/09/msg00035.html"
              },
              {
                "url": "http://seclists.org/fulldisclosure/2025/Aug/0"
              },
              {
                "url": "http://seclists.org/fulldisclosure/2025/Jul/37"
              },
              {
                "url": "http://seclists.org/fulldisclosure/2025/Jul/35"
              },
              {
                "url": "http://seclists.org/fulldisclosure/2025/Jul/32"
              },
              {
                "url": "http://seclists.org/fulldisclosure/2025/Jul/30"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2025/07/11/2"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "defaultStatus": "unknown",
                "product": "RUGGEDCOM ROX MX5000",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V2.17.1",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "RUGGEDCOM ROX MX5000RE",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V2.17.1",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "RUGGEDCOM ROX RX1400",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V2.17.1",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "RUGGEDCOM ROX RX1500",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V2.17.1",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "RUGGEDCOM ROX RX1501",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V2.17.1",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "RUGGEDCOM ROX RX1510",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V2.17.1",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "RUGGEDCOM ROX RX1511",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V2.17.1",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "RUGGEDCOM ROX RX1512",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V2.17.1",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "RUGGEDCOM ROX RX1524",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V2.17.1",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "RUGGEDCOM ROX RX1536",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V2.17.1",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "RUGGEDCOM ROX RX5000",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V2.17.1",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SIMATIC CN 4100",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V5.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SIMATIC S7-1500 CPU 1518-4 PN/DP MFP",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "V3.1.5",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SIMATIC S7-1500 CPU 1518-4 PN/DP MFP",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "V3.1.5",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "V3.1.5",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "V3.1.5",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SIMATIC S7-1500 TM MFP - GNU/Linux subsystem",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SIPLUS S7-1500 CPU 1518-4 PN/DP MFP",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "V3.1.5",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-12T12:02:33.327Z",
              "orgId": "0b142b55-0307-4c5a-b3c9-f314f3fb7c5e",
              "shortName": "siemens-SADP"
            },
            "references": [
              {
                "url": "https://cert-portal.siemens.com/productcert/html/ssa-265688.html"
              },
              {
                "url": "https://cert-portal.siemens.com/productcert/html/ssa-082556.html"
              },
              {
                "url": "https://cert-portal.siemens.com/productcert/html/ssa-577017.html"
              },
              {
                "url": "https://cert-portal.siemens.com/productcert/html/ssa-032379.html"
              }
            ],
            "x_adpType": "supplier"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://gitlab.gnome.org/GNOME/libxml2/",
              "defaultStatus": "unaffected",
              "packageName": "libxml2",
              "product": "libxml2",
              "vendor": "GNOME",
              "versions": [
                {
                  "lessThan": "2.15.2",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:10.0"
              ],
              "defaultStatus": "affected",
              "packageName": "libxml2",
              "product": "Red Hat Enterprise Linux 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.12.5-8.el10_0",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:10.0"
              ],
              "defaultStatus": "affected",
              "packageName": "libxslt",
              "product": "Red Hat Enterprise Linux 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.1.39-8.el10_0",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:rhel_els:7"
              ],
              "defaultStatus": "affected",
              "packageName": "libxml2",
              "product": "Red Hat Enterprise Linux 7 Extended Lifecycle Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.9.1-6.el7_9.12",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:enterprise_linux:8::appstream",
                "cpe:/o:redhat:enterprise_linux:8::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "libxml2",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.9.7-21.el8_10.2",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:enterprise_linux:8::appstream",
                "cpe:/o:redhat:enterprise_linux:8::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "libxml2",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.9.7-21.el8_10.2",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_aus:8.2::appstream",
                "cpe:/o:redhat:rhel_aus:8.2::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "libxml2",
              "product": "Red Hat Enterprise Linux 8.2 Advanced Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.9.7-9.el8_2.4",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_aus:8.4::appstream",
                "cpe:/a:redhat:rhel_eus_long_life:8.4::appstream",
                "cpe:/o:redhat:rhel_aus:8.4::baseos",
                "cpe:/o:redhat:rhel_eus_long_life:8.4::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "libxml2",
              "product": "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.9.7-9.el8_4.7",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_aus:8.4::appstream",
                "cpe:/a:redhat:rhel_eus_long_life:8.4::appstream",
                "cpe:/o:redhat:rhel_aus:8.4::baseos",
                "cpe:/o:redhat:rhel_eus_long_life:8.4::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "libxml2",
              "product": "Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.9.7-9.el8_4.7",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_aus:8.6::appstream",
                "cpe:/a:redhat:rhel_e4s:8.6::appstream",
                "cpe:/a:redhat:rhel_tus:8.6::appstream",
                "cpe:/o:redhat:rhel_aus:8.6::baseos",
                "cpe:/o:redhat:rhel_e4s:8.6::baseos",
                "cpe:/o:redhat:rhel_tus:8.6::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "libxml2",
              "product": "Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.9.7-13.el8_6.11",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_aus:8.6::appstream",
                "cpe:/a:redhat:rhel_e4s:8.6::appstream",
                "cpe:/a:redhat:rhel_tus:8.6::appstream",
                "cpe:/o:redhat:rhel_aus:8.6::baseos",
                "cpe:/o:redhat:rhel_e4s:8.6::baseos",
                "cpe:/o:redhat:rhel_tus:8.6::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "libxml2",
              "product": "Red Hat Enterprise Linux 8.6 Telecommunications Update Service",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.9.7-13.el8_6.11",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_aus:8.6::appstream",
                "cpe:/a:redhat:rhel_e4s:8.6::appstream",
                "cpe:/a:redhat:rhel_tus:8.6::appstream",
                "cpe:/o:redhat:rhel_aus:8.6::baseos",
                "cpe:/o:redhat:rhel_e4s:8.6::baseos",
                "cpe:/o:redhat:rhel_tus:8.6::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "libxml2",
              "product": "Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.9.7-13.el8_6.11",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_e4s:8.8::appstream",
                "cpe:/a:redhat:rhel_tus:8.8::appstream",
                "cpe:/o:redhat:rhel_e4s:8.8::baseos",
                "cpe:/o:redhat:rhel_tus:8.8::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "libxml2",
              "product": "Red Hat Enterprise Linux 8.8 Telecommunications Update Service",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.9.7-16.el8_8.10",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_e4s:8.8::appstream",
                "cpe:/a:redhat:rhel_tus:8.8::appstream",
                "cpe:/o:redhat:rhel_e4s:8.8::baseos",
                "cpe:/o:redhat:rhel_tus:8.8::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "libxml2",
              "product": "Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.9.7-16.el8_8.10",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:enterprise_linux:9::appstream",
                "cpe:/o:redhat:enterprise_linux:9::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "libxml2",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.9.13-11.el9_6",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:enterprise_linux:9::appstream",
                "cpe:/o:redhat:enterprise_linux:9::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "libxml2",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.9.13-11.el9_6",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_e4s:9.0::appstream",
                "cpe:/o:redhat:rhel_e4s:9.0::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "libxml2",
              "product": "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.9.13-1.el9_0.6",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_e4s:9.2::appstream",
                "cpe:/o:redhat:rhel_e4s:9.2::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "libxml2",
              "product": "Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.9.13-3.el9_2.8",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_eus:9.4::appstream",
                "cpe:/o:redhat:rhel_eus:9.4::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "libxml2",
              "product": "Red Hat Enterprise Linux 9.4 Extended Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.9.13-11.el9_4",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift:4.12::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "rhcos",
              "product": "Red Hat OpenShift Container Platform 4.12",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "412.86.202509030110-0",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift:4.13::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "rhcos",
              "product": "Red Hat OpenShift Container Platform 4.13",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "413.92.202509030117-0",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift:4.14::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "rhcos",
              "product": "Red Hat OpenShift Container Platform 4.14",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "414.92.202508270040-0",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift:4.15::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "rhcos",
              "product": "Red Hat OpenShift Container Platform 4.15",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "415.92.202508192014-0",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift:4.16::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "rhcos",
              "product": "Red Hat OpenShift Container Platform 4.16",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "416.94.202508261955-0",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift:4.17::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "rhcos",
              "product": "Red Hat OpenShift Container Platform 4.17",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "417.94.202508141510-0",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift:4.18::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "rhcos",
              "product": "Red Hat OpenShift Container Platform 4.18",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "418.94.202508261658-0",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift:4.19::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "rhcos",
              "product": "Red Hat OpenShift Container Platform 4.19",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "4.19.9.6.202508271124-0",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:webterminal:1.11::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "web-terminal/web-terminal-rhel9-operator",
              "product": "Red Hat Web Terminal 1.11 on RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1.11-19",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:webterminal:1.11::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "web-terminal/web-terminal-tooling-rhel9",
              "product": "Red Hat Web Terminal 1.11 on RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1.11-8",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:webterminal:1.12::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "web-terminal/web-terminal-tooling-rhel9",
              "product": "Red Hat Web Terminal 1.12 on RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1.12-4",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_serverless:1.36::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-serverless-1/logic-data-index-ephemeral-rhel8",
              "product": "RHOSS-1.36-RHEL-8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1.36.0-11",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_serverless:1.36::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-serverless-1/logic-data-index-postgresql-rhel8",
              "product": "RHOSS-1.36-RHEL-8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1.36.0-11",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_serverless:1.36::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-serverless-1/logic-db-migrator-tool-rhel8",
              "product": "RHOSS-1.36-RHEL-8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1.36.0-11",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_serverless:1.36::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-serverless-1/logic-jobs-service-ephemeral-rhel8",
              "product": "RHOSS-1.36-RHEL-8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1.36.0-10",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_serverless:1.36::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-serverless-1/logic-jobs-service-postgresql-rhel8",
              "product": "RHOSS-1.36-RHEL-8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1.36.0-10",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_serverless:1.36::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8",
              "product": "RHOSS-1.36-RHEL-8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1.36.0-4",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_serverless:1.36::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-serverless-1/logic-management-console-rhel8",
              "product": "RHOSS-1.36-RHEL-8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1.36.0-9",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_serverless:1.36::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-serverless-1/logic-operator-bundle",
              "product": "RHOSS-1.36-RHEL-8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1.36.0-12",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_serverless:1.36::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-serverless-1/logic-rhel8-operator",
              "product": "RHOSS-1.36-RHEL-8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1.36.0-18",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_serverless:1.36::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-serverless-1/logic-swf-builder-rhel8",
              "product": "RHOSS-1.36-RHEL-8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1.36.0-11",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_serverless:1.36::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-serverless-1/logic-swf-devmode-rhel8",
              "product": "RHOSS-1.36-RHEL-8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1.36.0-7",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:cert_manager:1.16::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "cert-manager/jetstack-cert-manager-rhel9",
              "product": "cert-manager operator for Red Hat OpenShift 1.16",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v1.16.5-1760515757",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_compliance_operator:1::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "compliance/openshift-compliance-must-gather-rhel8",
              "product": "OpenShift Compliance Operator 1",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1.8.0",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_compliance_operator:1::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "compliance/openshift-compliance-openscap-rhel8",
              "product": "OpenShift Compliance Operator 1",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1.8.0",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_compliance_operator:1::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "compliance/openshift-compliance-rhel8-operator",
              "product": "OpenShift Compliance Operator 1",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1.8.0",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_file_integrity_operator:1::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "compliance/openshift-file-integrity-rhel8-operator",
              "product": "OpenShift File Integrity Operator - FIO 1",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v1.3",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:discovery:2::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "discovery/discovery-server-rhel9",
              "product": "Red Hat Discovery 2",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "2.0.1-1754478727",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:hummingbird:1"
              ],
              "defaultStatus": "affected",
              "packageName": "libxml2-main",
              "product": "Red Hat Hardened Images",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "2.15.3-0.1.hum1",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:insights_proxy:1.5::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "insights-proxy/insights-proxy-container-rhel9",
              "product": "Red Hat Insights proxy 1.5",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1.5.5-1754504343",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_distributed_tracing:3.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "rhosdt/jaeger-agent-rhel8",
              "product": "Red Hat OpenShift distributed tracing 3.5.1",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "rhosdt-3.5-1754559657",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_distributed_tracing:3.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "rhosdt/jaeger-all-in-one-rhel8",
              "product": "Red Hat OpenShift distributed tracing 3.5.1",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "rhosdt-3.5-1754559845",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_distributed_tracing:3.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "rhosdt/jaeger-collector-rhel8",
              "product": "Red Hat OpenShift distributed tracing 3.5.1",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "rhosdt-3.5-1754559691",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_distributed_tracing:3.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "rhosdt/jaeger-es-index-cleaner-rhel8",
              "product": "Red Hat OpenShift distributed tracing 3.5.1",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "rhosdt-3.5-1754559660",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_distributed_tracing:3.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "rhosdt/jaeger-es-rollover-rhel8",
              "product": "Red Hat OpenShift distributed tracing 3.5.1",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "rhosdt-3.5-1754559663",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_distributed_tracing:3.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "rhosdt/jaeger-ingester-rhel8",
              "product": "Red Hat OpenShift distributed tracing 3.5.1",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "rhosdt-3.5-1754559657",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_distributed_tracing:3.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "rhosdt/jaeger-operator-bundle",
              "product": "Red Hat OpenShift distributed tracing 3.5.1",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "rhosdt-3.5-1754569861",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_distributed_tracing:3.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "rhosdt/jaeger-query-rhel8",
              "product": "Red Hat OpenShift distributed tracing 3.5.1",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "rhosdt-3.5-1754559846",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_distributed_tracing:3.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "rhosdt/jaeger-rhel8-operator",
              "product": "Red Hat OpenShift distributed tracing 3.5.1",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "rhosdt-3.5-1754559651",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:6"
              ],
              "defaultStatus": "unknown",
              "packageName": "libxslt",
              "product": "Red Hat Enterprise Linux 6",
              "vendor": "Red Hat"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Red Hat would like to thank Sergei Glazunov (Google Project Zero) for reporting this issue."
            }
          ],
          "datePublic": "2025-07-10T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A flaw was found in libxslt where the attribute type, atype, flags are modified in a way that corrupts internal memory management. When XSLT functions, such as the key() process, result in tree fragments, this corruption prevents the proper cleanup of ID attributes. As a result, the system may access freed memory, causing crashes or enabling attackers to trigger heap corruption."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Important"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-416",
                  "description": "Use After Free",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-29T20:46:23.255Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "RHBA-2025:12345",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHBA-2025:12345"
            },
            {
              "name": "RHSA-2025:12447",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:12447"
            },
            {
              "name": "RHSA-2025:12450",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:12450"
            },
            {
              "name": "RHSA-2025:13267",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:13267"
            },
            {
              "name": "RHSA-2025:13308",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:13308"
            },
            {
              "name": "RHSA-2025:13309",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:13309"
            },
            {
              "name": "RHSA-2025:13310",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:13310"
            },
            {
              "name": "RHSA-2025:13311",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:13311"
            },
            {
              "name": "RHSA-2025:13312",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:13312"
            },
            {
              "name": "RHSA-2025:13313",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:13313"
            },
            {
              "name": "RHSA-2025:13314",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:13314"
            },
            {
              "name": "RHSA-2025:13335",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:13335"
            },
            {
              "name": "RHSA-2025:13464",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:13464"
            },
            {
              "name": "RHSA-2025:13622",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:13622"
            },
            {
              "name": "RHSA-2025:14059",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:14059"
            },
            {
              "name": "RHSA-2025:14396",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:14396"
            },
            {
              "name": "RHSA-2025:14818",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:14818"
            },
            {
              "name": "RHSA-2025:14819",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:14819"
            },
            {
              "name": "RHSA-2025:14853",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:14853"
            },
            {
              "name": "RHSA-2025:14858",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:14858"
            },
            {
              "name": "RHSA-2025:15308",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:15308"
            },
            {
              "name": "RHSA-2025:15672",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:15672"
            },
            {
              "name": "RHSA-2025:15827",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:15827"
            },
            {
              "name": "RHSA-2025:15828",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:15828"
            },
            {
              "name": "RHSA-2025:18219",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:18219"
            },
            {
              "name": "RHSA-2025:21885",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:21885"
            },
            {
              "name": "RHSA-2025:21913",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:21913"
            },
            {
              "name": "RHSA-2026:0934",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2026:0934"
            },
            {
              "name": "RHSA-2026:11503",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2026:11503"
            },
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2025-7425"
            },
            {
              "name": "RHBZ#2379274",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2379274"
            },
            {
              "url": "https://gitlab.gnome.org/GNOME/libxslt/-/issues/140"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-07-10T09:37:28.172Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2025-07-10T00:00:00.000Z",
              "value": "Made public."
            }
          ],
          "title": "Libxslt: libxml2: heap use-after-free in libxslt caused by atype corruption in xmlattrptr",
          "workarounds": [
            {
              "lang": "en",
              "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
            }
          ],
          "x_generator": {
            "engine": "cvelib 1.8.0"
          },
          "x_redhatCweChain": "CWE-416: Use After Free"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2025-7425",
        "datePublished": "2025-07-10T13:53:37.295Z",
        "dateReserved": "2025-07-10T08:44:06.287Z",
        "dateUpdated": "2026-06-29T20:46:23.255Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-6020 (GCVE-0-2025-6020)

    Vulnerability from nvd – Published: 2025-06-17 12:44 – Updated: 2026-06-30 10:40
    VLAI
    Title
    Linux-pam: linux-pam directory traversal
    Summary
    A flaw was found in linux-pam. The module pam_namespace may use access user-controlled paths without proper protection, allowing local users to elevate their privileges to root via multiple symlink attacks and race conditions.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
    Assigner
    References
    URL Tags
    https://access.redhat.com/errata/RHSA-2025:10024 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:10027 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:10180 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:10354 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:10357 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:10358 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:10359 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:10361 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:10362 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:10735 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:10823 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:11386 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:11487 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:14557 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:15099 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:15709 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:15827 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:15828 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:16524 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:17181 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:18219 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:20181 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:21885 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:22019 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:9526 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:0934 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/security/cve/CVE-2025-6020 vdb-entryx_refsource_REDHAT
    https://bugzilla.redhat.com/show_bug.cgi?id=2372512 issue-trackingx_refsource_REDHAT
    https://github.com/linux-pam/linux-pam/security/a…
    http://www.openwall.com/lists/oss-security/2025/06/17/1
    https://lists.debian.org/debian-lts-announce/2025…
    https://cert-portal.siemens.com/productcert/html/…
    Impacted products
    Vendor Product Version
    Affected: 0 , < 1.7.1 (semver)
    Red Hat Red Hat Enterprise Linux 10 Unaffected: 0:1.6.1-8.el10 , < * (rpm)
        cpe:/o:redhat:enterprise_linux:10.1
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 10.0 Extended Update Support Unaffected: 0:1.6.1-8.el10_0 , < * (rpm)
        cpe:/o:redhat:enterprise_linux_eus:10.0
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 7 Extended Lifecycle Support Unaffected: 0:1.1.8-23.el7_9.1 , < * (rpm)
        cpe:/o:redhat:rhel_els:7
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8 Unaffected: 0:1.3.1-37.el8_10 , < * (rpm)
        cpe:/o:redhat:enterprise_linux:8::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8 Unaffected: 0:1.3.1-38.el8_10 , < * (rpm)
        cpe:/o:redhat:enterprise_linux:8::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.2 Advanced Update Support Unaffected: 0:1.3.1-8.el8_2.1 , < * (rpm)
        cpe:/o:redhat:rhel_aus:8.2::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support Unaffected: 0:1.3.1-14.el8_4.1 , < * (rpm)
        cpe:/o:redhat:rhel_aus:8.4::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support Unaffected: 0:1.3.1-16.el8_6.2 , < * (rpm)
        cpe:/o:redhat:rhel_aus:8.6::baseos
        cpe:/o:redhat:rhel_e4s:8.6::baseos
        cpe:/o:redhat:rhel_tus:8.6::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.6 Telecommunications Update Service Unaffected: 0:1.3.1-16.el8_6.2 , < * (rpm)
        cpe:/o:redhat:rhel_aus:8.6::baseos
        cpe:/o:redhat:rhel_e4s:8.6::baseos
        cpe:/o:redhat:rhel_tus:8.6::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions Unaffected: 0:1.3.1-16.el8_6.2 , < * (rpm)
        cpe:/o:redhat:rhel_aus:8.6::baseos
        cpe:/o:redhat:rhel_e4s:8.6::baseos
        cpe:/o:redhat:rhel_tus:8.6::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.8 Telecommunications Update Service Unaffected: 0:1.3.1-26.el8_8.1 , < * (rpm)
        cpe:/o:redhat:rhel_e4s:8.8::baseos
        cpe:/o:redhat:rhel_tus:8.8::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions Unaffected: 0:1.3.1-26.el8_8.1 , < * (rpm)
        cpe:/o:redhat:rhel_e4s:8.8::baseos
        cpe:/o:redhat:rhel_tus:8.8::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9 Unaffected: 0:1.5.1-26.el9_6 , < * (rpm)
        cpe:/a:redhat:enterprise_linux:9::appstream
        cpe:/o:redhat:enterprise_linux:9::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9 Unaffected: 0:1.5.1-25.el9_6 , < * (rpm)
        cpe:/a:redhat:enterprise_linux:9::appstream
        cpe:/o:redhat:enterprise_linux:9::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions Unaffected: 0:1.5.1-9.el9_0.2 , < * (rpm)
        cpe:/a:redhat:rhel_e4s:9.0::appstream
        cpe:/o:redhat:rhel_e4s:9.0::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions Unaffected: 0:1.5.1-15.el9_2.1 , < * (rpm)
        cpe:/a:redhat:rhel_e4s:9.2::appstream
        cpe:/o:redhat:rhel_e4s:9.2::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9.4 Extended Update Support Unaffected: 0:1.5.1-24.el9_4 , < * (rpm)
        cpe:/a:redhat:rhel_eus:9.4::appstream
        cpe:/o:redhat:rhel_eus:9.4::baseos
    Create a notification for this product.
    Red Hat Red Hat Web Terminal 1.11 on RHEL 9 Unaffected: 1.11-19 , < * (rpm)
        cpe:/a:redhat:webterminal:1.11::el9
    Create a notification for this product.
    Red Hat Red Hat Web Terminal 1.11 on RHEL 9 Unaffected: 1.11-8 , < * (rpm)
        cpe:/a:redhat:webterminal:1.11::el9
    Create a notification for this product.
    Red Hat Red Hat Web Terminal 1.12 on RHEL 9 Unaffected: 1.12-4 , < * (rpm)
        cpe:/a:redhat:webterminal:1.12::el9
    Create a notification for this product.
    Red Hat RHEL-8 based Middleware Containers Unaffected: 7.13.5-4.1752066672 , < * (rpm)
        cpe:/a:redhat:rhosemc:1.0::el8
    Create a notification for this product.
    Red Hat RHEL-8 based Middleware Containers Unaffected: 7.13.5-4.1752065732 , < * (rpm)
        cpe:/a:redhat:rhosemc:1.0::el8
    Create a notification for this product.
    Red Hat RHEL-8 based Middleware Containers Unaffected: 7.13.5-3.1752065737 , < * (rpm)
        cpe:/a:redhat:rhosemc:1.0::el8
    Create a notification for this product.
    Red Hat RHEL-8 based Middleware Containers Unaffected: 7.13.5-4.1752065731 , < * (rpm)
        cpe:/a:redhat:rhosemc:1.0::el8
    Create a notification for this product.
    Red Hat RHEL-8 based Middleware Containers Unaffected: 7.13.5-25 , < * (rpm)
        cpe:/a:redhat:rhosemc:1.0::el8
    Create a notification for this product.
    Red Hat RHEL-8 based Middleware Containers Unaffected: 7.13.5-4.1752065736 , < * (rpm)
        cpe:/a:redhat:rhosemc:1.0::el8
    Create a notification for this product.
    Red Hat RHEL-8 based Middleware Containers Unaffected: 7.13.5-2.1752065733 , < * (rpm)
        cpe:/a:redhat:rhosemc:1.0::el8
    Create a notification for this product.
    Red Hat RHEL-8 based Middleware Containers Unaffected: 7.13.5-4.1752065755 , < * (rpm)
        cpe:/a:redhat:rhosemc:1.0::el8
    Create a notification for this product.
    Red Hat RHOSS-1.36-RHEL-8 Unaffected: 1.36.0-11 , < * (rpm)
        cpe:/a:redhat:openshift_serverless:1.36::el8
    Create a notification for this product.
    Red Hat RHOSS-1.36-RHEL-8 Unaffected: 1.36.0-10 , < * (rpm)
        cpe:/a:redhat:openshift_serverless:1.36::el8
    Create a notification for this product.
    Red Hat RHOSS-1.36-RHEL-8 Unaffected: 1.36.0-4 , < * (rpm)
        cpe:/a:redhat:openshift_serverless:1.36::el8
    Create a notification for this product.
    Red Hat RHOSS-1.36-RHEL-8 Unaffected: 1.36.0-9 , < * (rpm)
        cpe:/a:redhat:openshift_serverless:1.36::el8
    Create a notification for this product.
    Red Hat RHOSS-1.36-RHEL-8 Unaffected: 1.36.0-12 , < * (rpm)
        cpe:/a:redhat:openshift_serverless:1.36::el8
    Create a notification for this product.
    Red Hat RHOSS-1.36-RHEL-8 Unaffected: 1.36.0-18 , < * (rpm)
        cpe:/a:redhat:openshift_serverless:1.36::el8
    Create a notification for this product.
    Red Hat RHOSS-1.36-RHEL-8 Unaffected: 1.36.0-7 , < * (rpm)
        cpe:/a:redhat:openshift_serverless:1.36::el8
    Create a notification for this product.
    Red Hat cert-manager operator for Red Hat OpenShift 1.16 Unaffected: v1.16.5-1760515757 , < * (rpm)
        cpe:/a:redhat:cert_manager:1.16::el9
    Create a notification for this product.
    Red Hat OpenShift Compliance Operator 1 Unaffected: 1.8.0 , < * (rpm)
        cpe:/a:redhat:openshift_compliance_operator:1::el9
    Create a notification for this product.
    Red Hat Red Hat Discovery 2 Unaffected: 2.0.0-1752592913 , < * (rpm)
        cpe:/a:redhat:discovery:2::el9
    Create a notification for this product.
    Red Hat Red Hat Discovery 2 Unaffected: 2.2.1-1758555934 , < * (rpm)
        cpe:/a:redhat:discovery:2::el9
    Create a notification for this product.
    Red Hat Red Hat Insights proxy 1.5 Unaffected: 1.5.7-1759331989 , < * (rpm)
        cpe:/a:redhat:insights_proxy:1.5::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift distributed tracing 3.6.0 Unaffected: rhosdt-3.6-1752046452 , < * (rpm)
        cpe:/a:redhat:openshift_distributed_tracing:3.6::el8
    Create a notification for this product.
    Red Hat Red Hat OpenShift distributed tracing 3.6.0 Unaffected: rhosdt-3.6-1752046437 , < * (rpm)
        cpe:/a:redhat:openshift_distributed_tracing:3.6::el8
    Create a notification for this product.
    Red Hat Red Hat OpenShift distributed tracing 3.6.0 Unaffected: rhosdt-3.6-1752046439 , < * (rpm)
        cpe:/a:redhat:openshift_distributed_tracing:3.6::el8
    Create a notification for this product.
    Red Hat Red Hat OpenShift distributed tracing 3.6.0 Unaffected: rhosdt-3.6-1752070865 , < * (rpm)
        cpe:/a:redhat:openshift_distributed_tracing:3.6::el8
    Create a notification for this product.
    Red Hat Red Hat OpenShift distributed tracing 3.6.0 Unaffected: rhosdt-3.6-1752070873 , < * (rpm)
        cpe:/a:redhat:openshift_distributed_tracing:3.6::el8
    Create a notification for this product.
    Red Hat Red Hat OpenShift distributed tracing 3.6.0 Unaffected: rhosdt-3.6-1751993590 , < * (rpm)
        cpe:/a:redhat:openshift_distributed_tracing:3.6::el8
    Create a notification for this product.
    Red Hat Red Hat OpenShift distributed tracing 3.6.0 Unaffected: rhosdt-3.6-1752070827 , < * (rpm)
        cpe:/a:redhat:openshift_distributed_tracing:3.6::el8
    Create a notification for this product.
    Red Hat Red Hat OpenShift distributed tracing 3.6.0 Unaffected: rhosdt-3.6-1752070833 , < * (rpm)
        cpe:/a:redhat:openshift_distributed_tracing:3.6::el8
    Create a notification for this product.
    Red Hat Red Hat OpenShift distributed tracing 3.6.0 Unaffected: rhosdt-3.6-1752070866 , < * (rpm)
        cpe:/a:redhat:openshift_distributed_tracing:3.6::el8
    Create a notification for this product.
    Red Hat Red Hat OpenShift sandboxed containers 1.1 Unaffected: 1.10.2-1757422110 , < * (rpm)
        cpe:/a:redhat:confidential_compute_attestation:1.10::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift sandboxed containers 1.1 Unaffected: 1.10.2-1757421804 , < * (rpm)
        cpe:/a:redhat:confidential_compute_attestation:1.10::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift sandboxed containers 1.1 Unaffected: 1.10.2-1757421879 , < * (rpm)
        cpe:/a:redhat:confidential_compute_attestation:1.10::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift sandboxed containers 1.1 Unaffected: 1.10.2-1757422401 , < * (rpm)
        cpe:/a:redhat:confidential_compute_attestation:1.10::el9
    Create a notification for this product.
    Siemens RUGGEDCOM ROX MX5000 Affected: 0 , < V2.17.1 (custom)
    Create a notification for this product.
    Siemens RUGGEDCOM ROX MX5000RE Affected: 0 , < V2.17.1 (custom)
    Create a notification for this product.
    Siemens RUGGEDCOM ROX RX1400 Affected: 0 , < V2.17.1 (custom)
    Create a notification for this product.
    Siemens RUGGEDCOM ROX RX1500 Affected: 0 , < V2.17.1 (custom)
    Create a notification for this product.
    Siemens RUGGEDCOM ROX RX1501 Affected: 0 , < V2.17.1 (custom)
    Create a notification for this product.
    Siemens RUGGEDCOM ROX RX1510 Affected: 0 , < V2.17.1 (custom)
    Create a notification for this product.
    Siemens RUGGEDCOM ROX RX1511 Affected: 0 , < V2.17.1 (custom)
    Create a notification for this product.
    Siemens RUGGEDCOM ROX RX1512 Affected: 0 , < V2.17.1 (custom)
    Create a notification for this product.
    Siemens RUGGEDCOM ROX RX1524 Affected: 0 , < V2.17.1 (custom)
    Create a notification for this product.
    Siemens RUGGEDCOM ROX RX1536 Affected: 0 , < V2.17.1 (custom)
    Create a notification for this product.
    Siemens RUGGEDCOM ROX RX5000 Affected: 0 , < V2.17.1 (custom)
    Create a notification for this product.
    Date Public
    2025-06-17 00:00
    Credits
    Red Hat would like to thank Olivier BAL-PETRE (ANSSI - French Cybersecurity Agency) for reporting this issue.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-6020",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-06-17T13:30:00.379966Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-03-18T14:14:28.136Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2025-11-03T18:13:57.307Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "http://www.openwall.com/lists/oss-security/2025/06/17/1"
              },
              {
                "url": "https://lists.debian.org/debian-lts-announce/2025/09/msg00021.html"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "defaultStatus": "unknown",
                "product": "RUGGEDCOM ROX MX5000",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V2.17.1",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "RUGGEDCOM ROX MX5000RE",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V2.17.1",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "RUGGEDCOM ROX RX1400",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V2.17.1",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "RUGGEDCOM ROX RX1500",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V2.17.1",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "RUGGEDCOM ROX RX1501",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V2.17.1",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "RUGGEDCOM ROX RX1510",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V2.17.1",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "RUGGEDCOM ROX RX1511",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V2.17.1",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "RUGGEDCOM ROX RX1512",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V2.17.1",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "RUGGEDCOM ROX RX1524",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V2.17.1",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "RUGGEDCOM ROX RX1536",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V2.17.1",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "RUGGEDCOM ROX RX5000",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V2.17.1",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-12T12:02:28.144Z",
              "orgId": "0b142b55-0307-4c5a-b3c9-f314f3fb7c5e",
              "shortName": "siemens-SADP"
            },
            "references": [
              {
                "url": "https://cert-portal.siemens.com/productcert/html/ssa-577017.html"
              }
            ],
            "x_adpType": "supplier"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://github.com/linux-pam/linux-pam",
              "defaultStatus": "unaffected",
              "packageName": "linux-pam",
              "versions": [
                {
                  "lessThan": "1.7.1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:10.1"
              ],
              "defaultStatus": "affected",
              "packageName": "pam",
              "product": "Red Hat Enterprise Linux 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.6.1-8.el10",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux_eus:10.0"
              ],
              "defaultStatus": "affected",
              "packageName": "pam",
              "product": "Red Hat Enterprise Linux 10.0 Extended Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.6.1-8.el10_0",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:rhel_els:7"
              ],
              "defaultStatus": "affected",
              "packageName": "pam",
              "product": "Red Hat Enterprise Linux 7 Extended Lifecycle Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.1.8-23.el7_9.1",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:8::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "pam",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.3.1-37.el8_10",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:8::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "pam",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.3.1-38.el8_10",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:rhel_aus:8.2::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "pam",
              "product": "Red Hat Enterprise Linux 8.2 Advanced Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.3.1-8.el8_2.1",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:rhel_aus:8.4::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "pam",
              "product": "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.3.1-14.el8_4.1",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:rhel_aus:8.6::baseos",
                "cpe:/o:redhat:rhel_e4s:8.6::baseos",
                "cpe:/o:redhat:rhel_tus:8.6::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "pam",
              "product": "Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.3.1-16.el8_6.2",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:rhel_aus:8.6::baseos",
                "cpe:/o:redhat:rhel_e4s:8.6::baseos",
                "cpe:/o:redhat:rhel_tus:8.6::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "pam",
              "product": "Red Hat Enterprise Linux 8.6 Telecommunications Update Service",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.3.1-16.el8_6.2",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:rhel_aus:8.6::baseos",
                "cpe:/o:redhat:rhel_e4s:8.6::baseos",
                "cpe:/o:redhat:rhel_tus:8.6::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "pam",
              "product": "Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.3.1-16.el8_6.2",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:rhel_e4s:8.8::baseos",
                "cpe:/o:redhat:rhel_tus:8.8::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "pam",
              "product": "Red Hat Enterprise Linux 8.8 Telecommunications Update Service",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.3.1-26.el8_8.1",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:rhel_e4s:8.8::baseos",
                "cpe:/o:redhat:rhel_tus:8.8::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "pam",
              "product": "Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.3.1-26.el8_8.1",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:enterprise_linux:9::appstream",
                "cpe:/o:redhat:enterprise_linux:9::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "pam",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.5.1-26.el9_6",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:enterprise_linux:9::appstream",
                "cpe:/o:redhat:enterprise_linux:9::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "pam",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.5.1-25.el9_6",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:enterprise_linux:9::appstream",
                "cpe:/o:redhat:enterprise_linux:9::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "pam",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.5.1-26.el9_6",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:enterprise_linux:9::appstream",
                "cpe:/o:redhat:enterprise_linux:9::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "pam",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.5.1-25.el9_6",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_e4s:9.0::appstream",
                "cpe:/o:redhat:rhel_e4s:9.0::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "pam",
              "product": "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.5.1-9.el9_0.2",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_e4s:9.2::appstream",
                "cpe:/o:redhat:rhel_e4s:9.2::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "pam",
              "product": "Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.5.1-15.el9_2.1",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_eus:9.4::appstream",
                "cpe:/o:redhat:rhel_eus:9.4::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "pam",
              "product": "Red Hat Enterprise Linux 9.4 Extended Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.5.1-24.el9_4",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:webterminal:1.11::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "web-terminal/web-terminal-rhel9-operator",
              "product": "Red Hat Web Terminal 1.11 on RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1.11-19",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:webterminal:1.11::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "web-terminal/web-terminal-tooling-rhel9",
              "product": "Red Hat Web Terminal 1.11 on RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1.11-8",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:webterminal:1.12::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "web-terminal/web-terminal-tooling-rhel9",
              "product": "Red Hat Web Terminal 1.12 on RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1.12-4",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:rhosemc:1.0::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "rhpam-7/rhpam-businesscentral-monitoring-rhel8",
              "product": "RHEL-8 based Middleware Containers",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "7.13.5-4.1752066672",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:rhosemc:1.0::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "rhpam-7/rhpam-businesscentral-rhel8",
              "product": "RHEL-8 based Middleware Containers",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "7.13.5-4.1752065732",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:rhosemc:1.0::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "rhpam-7/rhpam-controller-rhel8",
              "product": "RHEL-8 based Middleware Containers",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "7.13.5-4.1752065732",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:rhosemc:1.0::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "rhpam-7/rhpam-dashbuilder-rhel8",
              "product": "RHEL-8 based Middleware Containers",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "7.13.5-3.1752065737",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:rhosemc:1.0::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "rhpam-7/rhpam-kieserver-rhel8",
              "product": "RHEL-8 based Middleware Containers",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "7.13.5-4.1752065731",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:rhosemc:1.0::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "rhpam-7/rhpam-operator-bundle",
              "product": "RHEL-8 based Middleware Containers",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "7.13.5-25",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:rhosemc:1.0::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "rhpam-7/rhpam-process-migration-rhel8",
              "product": "RHEL-8 based Middleware Containers",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "7.13.5-4.1752065736",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:rhosemc:1.0::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "rhpam-7/rhpam-rhel8-operator",
              "product": "RHEL-8 based Middleware Containers",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "7.13.5-2.1752065733",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:rhosemc:1.0::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "rhpam-7/rhpam-smartrouter-rhel8",
              "product": "RHEL-8 based Middleware Containers",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "7.13.5-4.1752065755",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_serverless:1.36::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-serverless-1/logic-data-index-ephemeral-rhel8",
              "product": "RHOSS-1.36-RHEL-8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1.36.0-11",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_serverless:1.36::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-serverless-1/logic-data-index-postgresql-rhel8",
              "product": "RHOSS-1.36-RHEL-8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1.36.0-11",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_serverless:1.36::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-serverless-1/logic-db-migrator-tool-rhel8",
              "product": "RHOSS-1.36-RHEL-8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1.36.0-11",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_serverless:1.36::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-serverless-1/logic-jobs-service-ephemeral-rhel8",
              "product": "RHOSS-1.36-RHEL-8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1.36.0-10",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_serverless:1.36::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-serverless-1/logic-jobs-service-postgresql-rhel8",
              "product": "RHOSS-1.36-RHEL-8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1.36.0-10",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_serverless:1.36::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8",
              "product": "RHOSS-1.36-RHEL-8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1.36.0-4",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_serverless:1.36::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-serverless-1/logic-management-console-rhel8",
              "product": "RHOSS-1.36-RHEL-8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1.36.0-9",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_serverless:1.36::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-serverless-1/logic-operator-bundle",
              "product": "RHOSS-1.36-RHEL-8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1.36.0-12",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_serverless:1.36::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-serverless-1/logic-rhel8-operator",
              "product": "RHOSS-1.36-RHEL-8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1.36.0-18",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_serverless:1.36::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-serverless-1/logic-swf-builder-rhel8",
              "product": "RHOSS-1.36-RHEL-8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1.36.0-11",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_serverless:1.36::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-serverless-1/logic-swf-devmode-rhel8",
              "product": "RHOSS-1.36-RHEL-8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1.36.0-7",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:cert_manager:1.16::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "cert-manager/jetstack-cert-manager-rhel9",
              "product": "cert-manager operator for Red Hat OpenShift 1.16",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v1.16.5-1760515757",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_compliance_operator:1::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "compliance/openshift-compliance-openscap-rhel8",
              "product": "OpenShift Compliance Operator 1",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1.8.0",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:discovery:2::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "discovery/discovery-server-rhel9",
              "product": "Red Hat Discovery 2",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "2.0.0-1752592913",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:discovery:2::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "discovery/discovery-server-rhel9",
              "product": "Red Hat Discovery 2",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "2.2.1-1758555934",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:insights_proxy:1.5::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "insights-proxy/insights-proxy-container-rhel9",
              "product": "Red Hat Insights proxy 1.5",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1.5.7-1759331989",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_distributed_tracing:3.6::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "rhosdt/opentelemetry-collector-rhel8",
              "product": "Red Hat OpenShift distributed tracing 3.6.0",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "rhosdt-3.6-1752046452",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_distributed_tracing:3.6::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "rhosdt/opentelemetry-rhel8-operator",
              "product": "Red Hat OpenShift distributed tracing 3.6.0",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "rhosdt-3.6-1752046437",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_distributed_tracing:3.6::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "rhosdt/opentelemetry-target-allocator-rhel8",
              "product": "Red Hat OpenShift distributed tracing 3.6.0",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "rhosdt-3.6-1752046439",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_distributed_tracing:3.6::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "rhosdt/tempo-gateway-opa-rhel8",
              "product": "Red Hat OpenShift distributed tracing 3.6.0",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "rhosdt-3.6-1752070865",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_distributed_tracing:3.6::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "rhosdt/tempo-gateway-rhel8",
              "product": "Red Hat OpenShift distributed tracing 3.6.0",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "rhosdt-3.6-1752070873",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_distributed_tracing:3.6::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "rhosdt/tempo-jaeger-query-rhel8",
              "product": "Red Hat OpenShift distributed tracing 3.6.0",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "rhosdt-3.6-1751993590",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_distributed_tracing:3.6::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "rhosdt/tempo-query-rhel8",
              "product": "Red Hat OpenShift distributed tracing 3.6.0",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "rhosdt-3.6-1752070827",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_distributed_tracing:3.6::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "rhosdt/tempo-rhel8",
              "product": "Red Hat OpenShift distributed tracing 3.6.0",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "rhosdt-3.6-1752070833",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_distributed_tracing:3.6::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "rhosdt/tempo-rhel8-operator",
              "product": "Red Hat OpenShift distributed tracing 3.6.0",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "rhosdt-3.6-1752070866",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:confidential_compute_attestation:1.10::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-sandboxed-containers/osc-cloud-api-adaptor-rhel9",
              "product": "Red Hat OpenShift sandboxed containers 1.1",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1.10.2-1757422110",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:confidential_compute_attestation:1.10::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-sandboxed-containers/osc-monitor-rhel9",
              "product": "Red Hat OpenShift sandboxed containers 1.1",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1.10.2-1757421804",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:confidential_compute_attestation:1.10::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-sandboxed-containers/osc-podvm-builder-rhel9",
              "product": "Red Hat OpenShift sandboxed containers 1.1",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1.10.2-1757421879",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:confidential_compute_attestation:1.10::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-sandboxed-containers/osc-podvm-payload-rhel9",
              "product": "Red Hat OpenShift sandboxed containers 1.1",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1.10.2-1757422401",
                  "versionType": "rpm"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Red Hat would like to thank Olivier BAL-PETRE (ANSSI - French Cybersecurity Agency) for reporting this issue."
            }
          ],
          "datePublic": "2025-06-17T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A flaw was found in linux-pam. The module pam_namespace may use access user-controlled paths without proper protection, allowing local users to elevate their privileges to root via multiple symlink attacks and race conditions."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Important"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-22",
                  "description": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-30T10:40:27.436Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "RHSA-2025:10024",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:10024"
            },
            {
              "name": "RHSA-2025:10027",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:10027"
            },
            {
              "name": "RHSA-2025:10180",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:10180"
            },
            {
              "name": "RHSA-2025:10354",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:10354"
            },
            {
              "name": "RHSA-2025:10357",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:10357"
            },
            {
              "name": "RHSA-2025:10358",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:10358"
            },
            {
              "name": "RHSA-2025:10359",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:10359"
            },
            {
              "name": "RHSA-2025:10361",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:10361"
            },
            {
              "name": "RHSA-2025:10362",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:10362"
            },
            {
              "name": "RHSA-2025:10735",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:10735"
            },
            {
              "name": "RHSA-2025:10823",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:10823"
            },
            {
              "name": "RHSA-2025:11386",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:11386"
            },
            {
              "name": "RHSA-2025:11487",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:11487"
            },
            {
              "name": "RHSA-2025:14557",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:14557"
            },
            {
              "name": "RHSA-2025:15099",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:15099"
            },
            {
              "name": "RHSA-2025:15709",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:15709"
            },
            {
              "name": "RHSA-2025:15827",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:15827"
            },
            {
              "name": "RHSA-2025:15828",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:15828"
            },
            {
              "name": "RHSA-2025:16524",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:16524"
            },
            {
              "name": "RHSA-2025:17181",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:17181"
            },
            {
              "name": "RHSA-2025:18219",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:18219"
            },
            {
              "name": "RHSA-2025:20181",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:20181"
            },
            {
              "name": "RHSA-2025:21885",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:21885"
            },
            {
              "name": "RHSA-2025:22019",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:22019"
            },
            {
              "name": "RHSA-2025:9526",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:9526"
            },
            {
              "name": "RHSA-2026:0934",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2026:0934"
            },
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2025-6020"
            },
            {
              "name": "RHBZ#2372512",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2372512"
            },
            {
              "url": "https://github.com/linux-pam/linux-pam/security/advisories/GHSA-f9p8-gjr4-j9gx"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-06-12T16:33:01.214Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2025-06-17T00:00:00.000Z",
              "value": "Made public."
            }
          ],
          "title": "Linux-pam: linux-pam directory traversal",
          "workarounds": [
            {
              "lang": "en",
              "value": "Disable the `pam_namespace` module if it is not essential for your environment, or carefully review and configure it to avoid operating on any directories or paths that can be influenced or controlled by unprivileged users, such as user home directories or world-writable locations like `/tmp`."
            }
          ],
          "x_generator": {
            "engine": "cvelib 1.8.0"
          },
          "x_redhatCweChain": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2025-6020",
        "datePublished": "2025-06-17T12:44:08.646Z",
        "dateReserved": "2025-06-11T22:38:25.643Z",
        "dateUpdated": "2026-06-30T10:40:27.436Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-49796 (GCVE-0-2025-49796)

    Vulnerability from nvd – Published: 2025-06-16 15:14 – Updated: 2026-06-29 20:51
    VLAI
    Title
    Libxml: type confusion leads to denial of service (dos)
    Summary
    A vulnerability was found in libxml2. Processing certain sch:name elements from the input XML file can trigger a memory corruption issue. This flaw allows an attacker to craft a malicious XML input file that can lead libxml to crash, resulting in a denial of service or other possible undefined behavior due to sensitive data being corrupted in memory.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://access.redhat.com/errata/RHSA-2025:10630 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:10698 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:10699 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:11580 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:12098 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:12099 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:12199 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:12237 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:12239 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:12240 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:12241 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:13267 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:13335 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:15397 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:15827 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:15828 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:18217 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:18218 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:18219 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:18240 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:19020 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:19041 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:19046 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:19894 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:21913 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:0934 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:7519 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/security/cve/CVE-2025-49796 vdb-entryx_refsource_REDHAT
    https://bugzilla.redhat.com/show_bug.cgi?id=2372385 issue-trackingx_refsource_REDHAT
    https://gitlab.gnome.org/GNOME/libxml2/-/issues/933
    https://lists.debian.org/debian-lts-announce/2025…
    https://cert-portal.siemens.com/productcert/html/…
    https://cert-portal.siemens.com/productcert/html/…
    Impacted products
    Vendor Product Version
    Affected: 0 , < 2.15.0 (semver)
    Red Hat Red Hat Enterprise Linux 10 Unaffected: 0:2.12.5-7.el10_0 , < * (rpm)
        cpe:/o:redhat:enterprise_linux:10.0
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 7 Extended Lifecycle Support Unaffected: 0:2.9.1-6.el7_9.10 , < * (rpm)
        cpe:/o:redhat:rhel_els:7
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8 Unaffected: 0:2.9.7-21.el8_10.1 , < * (rpm)
        cpe:/a:redhat:enterprise_linux:8::appstream
        cpe:/o:redhat:enterprise_linux:8::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.2 Advanced Update Support Unaffected: 0:2.9.7-9.el8_2.3 , < * (rpm)
        cpe:/a:redhat:rhel_aus:8.2::appstream
        cpe:/o:redhat:rhel_aus:8.2::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support Unaffected: 0:2.9.7-9.el8_4.6 , < * (rpm)
        cpe:/a:redhat:rhel_aus:8.4::appstream
        cpe:/a:redhat:rhel_eus_long_life:8.4::appstream
        cpe:/o:redhat:rhel_aus:8.4::baseos
        cpe:/o:redhat:rhel_eus_long_life:8.4::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On Unaffected: 0:2.9.7-9.el8_4.6 , < * (rpm)
        cpe:/a:redhat:rhel_aus:8.4::appstream
        cpe:/a:redhat:rhel_eus_long_life:8.4::appstream
        cpe:/o:redhat:rhel_aus:8.4::baseos
        cpe:/o:redhat:rhel_eus_long_life:8.4::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support Unaffected: 0:2.9.7-13.el8_6.10 , < * (rpm)
        cpe:/a:redhat:rhel_aus:8.6::appstream
        cpe:/a:redhat:rhel_e4s:8.6::appstream
        cpe:/a:redhat:rhel_tus:8.6::appstream
        cpe:/o:redhat:rhel_aus:8.6::baseos
        cpe:/o:redhat:rhel_e4s:8.6::baseos
        cpe:/o:redhat:rhel_tus:8.6::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.6 Telecommunications Update Service Unaffected: 0:2.9.7-13.el8_6.10 , < * (rpm)
        cpe:/a:redhat:rhel_aus:8.6::appstream
        cpe:/a:redhat:rhel_e4s:8.6::appstream
        cpe:/a:redhat:rhel_tus:8.6::appstream
        cpe:/o:redhat:rhel_aus:8.6::baseos
        cpe:/o:redhat:rhel_e4s:8.6::baseos
        cpe:/o:redhat:rhel_tus:8.6::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions Unaffected: 0:2.9.7-13.el8_6.10 , < * (rpm)
        cpe:/a:redhat:rhel_aus:8.6::appstream
        cpe:/a:redhat:rhel_e4s:8.6::appstream
        cpe:/a:redhat:rhel_tus:8.6::appstream
        cpe:/o:redhat:rhel_aus:8.6::baseos
        cpe:/o:redhat:rhel_e4s:8.6::baseos
        cpe:/o:redhat:rhel_tus:8.6::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.8 Telecommunications Update Service Unaffected: 0:2.9.7-16.el8_8.9 , < * (rpm)
        cpe:/a:redhat:rhel_e4s:8.8::appstream
        cpe:/a:redhat:rhel_tus:8.8::appstream
        cpe:/o:redhat:rhel_e4s:8.8::baseos
        cpe:/o:redhat:rhel_tus:8.8::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions Unaffected: 0:2.9.7-16.el8_8.9 , < * (rpm)
        cpe:/a:redhat:rhel_e4s:8.8::appstream
        cpe:/a:redhat:rhel_tus:8.8::appstream
        cpe:/o:redhat:rhel_e4s:8.8::baseos
        cpe:/o:redhat:rhel_tus:8.8::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9 Unaffected: 0:2.9.13-10.el9_6 , < * (rpm)
        cpe:/a:redhat:enterprise_linux:9::appstream
        cpe:/o:redhat:enterprise_linux:9::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions Unaffected: 0:2.9.13-1.el9_0.5 , < * (rpm)
        cpe:/a:redhat:rhel_e4s:9.0::appstream
        cpe:/o:redhat:rhel_e4s:9.0::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions Unaffected: 0:2.9.13-3.el9_2.7 , < * (rpm)
        cpe:/a:redhat:rhel_e4s:9.2::appstream
        cpe:/o:redhat:rhel_e4s:9.2::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9.4 Extended Update Support Unaffected: 0:2.9.13-10.el9_4 , < * (rpm)
        cpe:/a:redhat:rhel_eus:9.4::appstream
        cpe:/o:redhat:rhel_eus:9.4::baseos
    Create a notification for this product.
    Red Hat Red Hat JBoss Core Services 2.4.62.SP2     cpe:/a:redhat:jboss_core_services:1
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.12 Unaffected: 412.86.202510291903-0 , < * (rpm)
        cpe:/a:redhat:openshift:4.12::el8
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.13 Unaffected: 413.92.202510150118-0 , < * (rpm)
        cpe:/a:redhat:openshift:4.13::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.14 Unaffected: 414.92.202510211419-0 , < * (rpm)
        cpe:/a:redhat:openshift:4.14::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.17 Unaffected: 417.94.202510112152-0 , < * (rpm)
        cpe:/a:redhat:openshift:4.17::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.18 Unaffected: 418.94.202510230424-0 , < * (rpm)
        cpe:/a:redhat:openshift:4.18::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.19 Unaffected: 4.19.9.6.202510140714-0 , < * (rpm)
        cpe:/a:redhat:openshift:4.19::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.20 Unaffected: 4.20.9.6.202509251656-0 , < * (rpm)
        cpe:/a:redhat:openshift:4.20::el9
    Create a notification for this product.
    Red Hat Red Hat Web Terminal 1.11 on RHEL 9 Unaffected: 1.11-19 , < * (rpm)
        cpe:/a:redhat:webterminal:1.11::el9
    Create a notification for this product.
    Red Hat Red Hat Web Terminal 1.11 on RHEL 9 Unaffected: 1.11-8 , < * (rpm)
        cpe:/a:redhat:webterminal:1.11::el9
    Create a notification for this product.
    Red Hat Red Hat Web Terminal 1.12 on RHEL 9 Unaffected: 1.12-4 , < * (rpm)
        cpe:/a:redhat:webterminal:1.12::el9
    Create a notification for this product.
    Red Hat RHOSS-1.36-RHEL-8 Unaffected: 1.36.0-11 , < * (rpm)
        cpe:/a:redhat:openshift_serverless:1.36::el8
    Create a notification for this product.
    Red Hat RHOSS-1.36-RHEL-8 Unaffected: 1.36.0-10 , < * (rpm)
        cpe:/a:redhat:openshift_serverless:1.36::el8
    Create a notification for this product.
    Red Hat RHOSS-1.36-RHEL-8 Unaffected: 1.36.0-4 , < * (rpm)
        cpe:/a:redhat:openshift_serverless:1.36::el8
    Create a notification for this product.
    Red Hat RHOSS-1.36-RHEL-8 Unaffected: 1.36.0-9 , < * (rpm)
        cpe:/a:redhat:openshift_serverless:1.36::el8
    Create a notification for this product.
    Red Hat RHOSS-1.36-RHEL-8 Unaffected: 1.36.0-12 , < * (rpm)
        cpe:/a:redhat:openshift_serverless:1.36::el8
    Create a notification for this product.
    Red Hat RHOSS-1.36-RHEL-8 Unaffected: 1.36.0-18 , < * (rpm)
        cpe:/a:redhat:openshift_serverless:1.36::el8
    Create a notification for this product.
    Red Hat RHOSS-1.36-RHEL-8 Unaffected: 1.36.0-7 , < * (rpm)
        cpe:/a:redhat:openshift_serverless:1.36::el8
    Create a notification for this product.
    Red Hat cert-manager operator for Red Hat OpenShift 1.16 Unaffected: v1.16.5-1760515757 , < * (rpm)
        cpe:/a:redhat:cert_manager:1.16::el9
    Create a notification for this product.
    Red Hat OpenShift File Integrity Operator - FIO 1 Unaffected: v1.3 , < * (rpm)
        cpe:/a:redhat:openshift_file_integrity_operator:1::el9
    Create a notification for this product.
    Red Hat Red Hat Discovery 2 Unaffected: 2.0.1-1754478727 , < * (rpm)
        cpe:/a:redhat:discovery:2::el9
    Create a notification for this product.
    Red Hat Red Hat Hardened Images Unaffected: 2.15.2-0.3.hum1 , < * (rpm)
        cpe:/a:redhat:hummingbird:1
    Create a notification for this product.
    Red Hat Red Hat Insights proxy 1.5 Unaffected: 1.5.5-1754504343 , < * (rpm)
        cpe:/a:redhat:insights_proxy:1.5::el9
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 6     cpe:/o:redhat:enterprise_linux:6
    Create a notification for this product.
    Siemens RUGGEDCOM ROX MX5000 Affected: 0 , < V2.17.1 (custom)
    Create a notification for this product.
    Siemens RUGGEDCOM ROX MX5000RE Affected: 0 , < V2.17.1 (custom)
    Create a notification for this product.
    Siemens RUGGEDCOM ROX RX1400 Affected: 0 , < V2.17.1 (custom)
    Create a notification for this product.
    Siemens RUGGEDCOM ROX RX1500 Affected: 0 , < V2.17.1 (custom)
    Create a notification for this product.
    Siemens RUGGEDCOM ROX RX1501 Affected: 0 , < V2.17.1 (custom)
    Create a notification for this product.
    Siemens RUGGEDCOM ROX RX1510 Affected: 0 , < V2.17.1 (custom)
    Create a notification for this product.
    Siemens RUGGEDCOM ROX RX1511 Affected: 0 , < V2.17.1 (custom)
    Create a notification for this product.
    Siemens RUGGEDCOM ROX RX1512 Affected: 0 , < V2.17.1 (custom)
    Create a notification for this product.
    Siemens RUGGEDCOM ROX RX1524 Affected: 0 , < V2.17.1 (custom)
    Create a notification for this product.
    Siemens RUGGEDCOM ROX RX1536 Affected: 0 , < V2.17.1 (custom)
    Create a notification for this product.
    Siemens RUGGEDCOM ROX RX5000 Affected: 0 , < V2.17.1 (custom)
    Create a notification for this product.
    Siemens RUGGEDCOM RST2428P Affected: 0 , < V4.0 (custom)
    Create a notification for this product.
    Date Public
    2025-06-11 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-49796",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-06-16T15:32:55.790163Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-06-16T15:33:08.296Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2025-11-03T20:05:26.711Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "https://lists.debian.org/debian-lts-announce/2025/07/msg00014.html"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "defaultStatus": "unknown",
                "product": "RUGGEDCOM ROX MX5000",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V2.17.1",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "RUGGEDCOM ROX MX5000RE",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V2.17.1",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "RUGGEDCOM ROX RX1400",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V2.17.1",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "RUGGEDCOM ROX RX1500",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V2.17.1",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "RUGGEDCOM ROX RX1501",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V2.17.1",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "RUGGEDCOM ROX RX1510",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V2.17.1",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "RUGGEDCOM ROX RX1511",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V2.17.1",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "RUGGEDCOM ROX RX1512",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V2.17.1",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "RUGGEDCOM ROX RX1524",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V2.17.1",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "RUGGEDCOM ROX RX1536",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V2.17.1",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "RUGGEDCOM ROX RX5000",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V2.17.1",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "RUGGEDCOM RST2428P",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V4.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-02T13:00:27.145Z",
              "orgId": "0b142b55-0307-4c5a-b3c9-f314f3fb7c5e",
              "shortName": "siemens-SADP"
            },
            "references": [
              {
                "url": "https://cert-portal.siemens.com/productcert/html/ssa-577017.html"
              },
              {
                "url": "https://cert-portal.siemens.com/productcert/html/ssa-253495.html"
              }
            ],
            "x_adpType": "supplier"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://gitlab.gnome.org/GNOME/libxml2/",
              "defaultStatus": "unaffected",
              "packageName": "libxml2",
              "versions": [
                {
                  "lessThan": "2.15.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:10.0"
              ],
              "defaultStatus": "affected",
              "packageName": "libxml2",
              "product": "Red Hat Enterprise Linux 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.12.5-7.el10_0",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:rhel_els:7"
              ],
              "defaultStatus": "affected",
              "packageName": "libxml2",
              "product": "Red Hat Enterprise Linux 7 Extended Lifecycle Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.9.1-6.el7_9.10",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:enterprise_linux:8::appstream",
                "cpe:/o:redhat:enterprise_linux:8::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "libxml2",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.9.7-21.el8_10.1",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:enterprise_linux:8::appstream",
                "cpe:/o:redhat:enterprise_linux:8::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "libxml2",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.9.7-21.el8_10.1",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_aus:8.2::appstream",
                "cpe:/o:redhat:rhel_aus:8.2::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "libxml2",
              "product": "Red Hat Enterprise Linux 8.2 Advanced Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.9.7-9.el8_2.3",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_aus:8.4::appstream",
                "cpe:/a:redhat:rhel_eus_long_life:8.4::appstream",
                "cpe:/o:redhat:rhel_aus:8.4::baseos",
                "cpe:/o:redhat:rhel_eus_long_life:8.4::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "libxml2",
              "product": "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.9.7-9.el8_4.6",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_aus:8.4::appstream",
                "cpe:/a:redhat:rhel_eus_long_life:8.4::appstream",
                "cpe:/o:redhat:rhel_aus:8.4::baseos",
                "cpe:/o:redhat:rhel_eus_long_life:8.4::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "libxml2",
              "product": "Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.9.7-9.el8_4.6",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_aus:8.6::appstream",
                "cpe:/a:redhat:rhel_e4s:8.6::appstream",
                "cpe:/a:redhat:rhel_tus:8.6::appstream",
                "cpe:/o:redhat:rhel_aus:8.6::baseos",
                "cpe:/o:redhat:rhel_e4s:8.6::baseos",
                "cpe:/o:redhat:rhel_tus:8.6::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "libxml2",
              "product": "Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.9.7-13.el8_6.10",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_aus:8.6::appstream",
                "cpe:/a:redhat:rhel_e4s:8.6::appstream",
                "cpe:/a:redhat:rhel_tus:8.6::appstream",
                "cpe:/o:redhat:rhel_aus:8.6::baseos",
                "cpe:/o:redhat:rhel_e4s:8.6::baseos",
                "cpe:/o:redhat:rhel_tus:8.6::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "libxml2",
              "product": "Red Hat Enterprise Linux 8.6 Telecommunications Update Service",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.9.7-13.el8_6.10",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_aus:8.6::appstream",
                "cpe:/a:redhat:rhel_e4s:8.6::appstream",
                "cpe:/a:redhat:rhel_tus:8.6::appstream",
                "cpe:/o:redhat:rhel_aus:8.6::baseos",
                "cpe:/o:redhat:rhel_e4s:8.6::baseos",
                "cpe:/o:redhat:rhel_tus:8.6::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "libxml2",
              "product": "Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.9.7-13.el8_6.10",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_e4s:8.8::appstream",
                "cpe:/a:redhat:rhel_tus:8.8::appstream",
                "cpe:/o:redhat:rhel_e4s:8.8::baseos",
                "cpe:/o:redhat:rhel_tus:8.8::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "libxml2",
              "product": "Red Hat Enterprise Linux 8.8 Telecommunications Update Service",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.9.7-16.el8_8.9",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_e4s:8.8::appstream",
                "cpe:/a:redhat:rhel_tus:8.8::appstream",
                "cpe:/o:redhat:rhel_e4s:8.8::baseos",
                "cpe:/o:redhat:rhel_tus:8.8::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "libxml2",
              "product": "Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.9.7-16.el8_8.9",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:enterprise_linux:9::appstream",
                "cpe:/o:redhat:enterprise_linux:9::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "libxml2",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.9.13-10.el9_6",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:enterprise_linux:9::appstream",
                "cpe:/o:redhat:enterprise_linux:9::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "libxml2",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.9.13-10.el9_6",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_e4s:9.0::appstream",
                "cpe:/o:redhat:rhel_e4s:9.0::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "libxml2",
              "product": "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.9.13-1.el9_0.5",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_e4s:9.2::appstream",
                "cpe:/o:redhat:rhel_e4s:9.2::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "libxml2",
              "product": "Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.9.13-3.el9_2.7",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_eus:9.4::appstream",
                "cpe:/o:redhat:rhel_eus:9.4::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "libxml2",
              "product": "Red Hat Enterprise Linux 9.4 Extended Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.9.13-10.el9_4",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_core_services:1"
              ],
              "defaultStatus": "unaffected",
              "packageName": "libxml2",
              "product": "Red Hat JBoss Core Services 2.4.62.SP2",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift:4.12::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "rhcos",
              "product": "Red Hat OpenShift Container Platform 4.12",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "412.86.202510291903-0",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift:4.13::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "rhcos",
              "product": "Red Hat OpenShift Container Platform 4.13",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "413.92.202510150118-0",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift:4.14::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "rhcos",
              "product": "Red Hat OpenShift Container Platform 4.14",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "414.92.202510211419-0",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift:4.17::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "rhcos",
              "product": "Red Hat OpenShift Container Platform 4.17",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "417.94.202510112152-0",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift:4.18::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "rhcos",
              "product": "Red Hat OpenShift Container Platform 4.18",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "418.94.202510230424-0",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift:4.19::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "rhcos",
              "product": "Red Hat OpenShift Container Platform 4.19",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "4.19.9.6.202510140714-0",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift:4.20::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "rhcos",
              "product": "Red Hat OpenShift Container Platform 4.20",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "4.20.9.6.202509251656-0",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:webterminal:1.11::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "web-terminal/web-terminal-rhel9-operator",
              "product": "Red Hat Web Terminal 1.11 on RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1.11-19",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:webterminal:1.11::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "web-terminal/web-terminal-tooling-rhel9",
              "product": "Red Hat Web Terminal 1.11 on RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1.11-8",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:webterminal:1.12::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "web-terminal/web-terminal-tooling-rhel9",
              "product": "Red Hat Web Terminal 1.12 on RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1.12-4",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_serverless:1.36::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-serverless-1/logic-data-index-ephemeral-rhel8",
              "product": "RHOSS-1.36-RHEL-8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1.36.0-11",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_serverless:1.36::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-serverless-1/logic-data-index-postgresql-rhel8",
              "product": "RHOSS-1.36-RHEL-8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1.36.0-11",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_serverless:1.36::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-serverless-1/logic-db-migrator-tool-rhel8",
              "product": "RHOSS-1.36-RHEL-8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1.36.0-11",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_serverless:1.36::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-serverless-1/logic-jobs-service-ephemeral-rhel8",
              "product": "RHOSS-1.36-RHEL-8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1.36.0-10",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_serverless:1.36::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-serverless-1/logic-jobs-service-postgresql-rhel8",
              "product": "RHOSS-1.36-RHEL-8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1.36.0-10",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_serverless:1.36::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8",
              "product": "RHOSS-1.36-RHEL-8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1.36.0-4",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_serverless:1.36::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-serverless-1/logic-management-console-rhel8",
              "product": "RHOSS-1.36-RHEL-8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1.36.0-9",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_serverless:1.36::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-serverless-1/logic-operator-bundle",
              "product": "RHOSS-1.36-RHEL-8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1.36.0-12",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_serverless:1.36::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-serverless-1/logic-rhel8-operator",
              "product": "RHOSS-1.36-RHEL-8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1.36.0-18",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_serverless:1.36::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-serverless-1/logic-swf-builder-rhel8",
              "product": "RHOSS-1.36-RHEL-8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1.36.0-11",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_serverless:1.36::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-serverless-1/logic-swf-devmode-rhel8",
              "product": "RHOSS-1.36-RHEL-8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1.36.0-7",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:cert_manager:1.16::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "cert-manager/jetstack-cert-manager-rhel9",
              "product": "cert-manager operator for Red Hat OpenShift 1.16",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v1.16.5-1760515757",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_file_integrity_operator:1::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "compliance/openshift-file-integrity-rhel8-operator",
              "product": "OpenShift File Integrity Operator - FIO 1",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v1.3",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:discovery:2::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "discovery/discovery-server-rhel9",
              "product": "Red Hat Discovery 2",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "2.0.1-1754478727",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:hummingbird:1"
              ],
              "defaultStatus": "affected",
              "packageName": "libxml2-main",
              "product": "Red Hat Hardened Images",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "2.15.2-0.3.hum1",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:insights_proxy:1.5::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "insights-proxy/insights-proxy-container-rhel9",
              "product": "Red Hat Insights proxy 1.5",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1.5.5-1754504343",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:6"
              ],
              "defaultStatus": "unknown",
              "packageName": "libxml2",
              "product": "Red Hat Enterprise Linux 6",
              "vendor": "Red Hat"
            }
          ],
          "datePublic": "2025-06-11T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability was found in libxml2. Processing certain sch:name elements from the input XML file can trigger a memory corruption issue. This flaw allows an attacker to craft a malicious XML input file that can lead libxml to crash, resulting in a denial of service or other possible undefined behavior due to sensitive data being corrupted in memory."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Important"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.1,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-125",
                  "description": "Out-of-bounds Read",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-29T20:51:45.115Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "RHSA-2025:10630",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:10630"
            },
            {
              "name": "RHSA-2025:10698",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:10698"
            },
            {
              "name": "RHSA-2025:10699",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:10699"
            },
            {
              "name": "RHSA-2025:11580",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:11580"
            },
            {
              "name": "RHSA-2025:12098",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:12098"
            },
            {
              "name": "RHSA-2025:12099",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:12099"
            },
            {
              "name": "RHSA-2025:12199",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:12199"
            },
            {
              "name": "RHSA-2025:12237",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:12237"
            },
            {
              "name": "RHSA-2025:12239",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:12239"
            },
            {
              "name": "RHSA-2025:12240",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:12240"
            },
            {
              "name": "RHSA-2025:12241",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:12241"
            },
            {
              "name": "RHSA-2025:13267",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:13267"
            },
            {
              "name": "RHSA-2025:13335",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:13335"
            },
            {
              "name": "RHSA-2025:15397",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:15397"
            },
            {
              "name": "RHSA-2025:15827",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:15827"
            },
            {
              "name": "RHSA-2025:15828",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:15828"
            },
            {
              "name": "RHSA-2025:18217",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:18217"
            },
            {
              "name": "RHSA-2025:18218",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:18218"
            },
            {
              "name": "RHSA-2025:18219",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:18219"
            },
            {
              "name": "RHSA-2025:18240",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:18240"
            },
            {
              "name": "RHSA-2025:19020",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:19020"
            },
            {
              "name": "RHSA-2025:19041",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:19041"
            },
            {
              "name": "RHSA-2025:19046",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:19046"
            },
            {
              "name": "RHSA-2025:19894",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:19894"
            },
            {
              "name": "RHSA-2025:21913",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:21913"
            },
            {
              "name": "RHSA-2026:0934",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2026:0934"
            },
            {
              "name": "RHSA-2026:7519",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2026:7519"
            },
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2025-49796"
            },
            {
              "name": "RHBZ#2372385",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2372385"
            },
            {
              "url": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/933"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-06-12T00:35:26.470Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2025-06-11T00:00:00.000Z",
              "value": "Made public."
            }
          ],
          "title": "Libxml: type confusion leads to denial of service (dos)",
          "workarounds": [
            {
              "lang": "en",
              "value": "There\u0027s no available mitigation other than to avoid processing untrusted XML documents if the user is unable/unwilling to update the library."
            }
          ],
          "x_generator": {
            "engine": "cvelib 1.8.0"
          },
          "x_redhatCweChain": "CWE-125: Out-of-bounds Read"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2025-49796",
        "datePublished": "2025-06-16T15:14:28.251Z",
        "dateReserved": "2025-06-10T22:17:05.287Z",
        "dateUpdated": "2026-06-29T20:51:45.115Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-49794 (GCVE-0-2025-49794)

    Vulnerability from nvd – Published: 2025-06-16 15:24 – Updated: 2026-06-29 20:51
    VLAI
    Title
    Libxml: heap use after free (uaf) leads to denial of service (dos)
    Summary
    A use-after-free vulnerability was found in libxml2. This issue occurs when parsing XPath elements under certain circumstances when the XML schematron has the <sch:name path="..."/> schema elements. This flaw allows a malicious actor to craft a malicious XML document used as input for libxml, resulting in the program's crash using libxml or other possible undefined behaviors.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-825 - Expired Pointer Dereference
    Assigner
    References
    URL Tags
    https://access.redhat.com/errata/RHSA-2025:10630 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:10698 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:10699 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:11580 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:12098 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:12099 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:12199 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:12237 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:12239 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:12240 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:12241 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:13335 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:15397 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:15827 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:15828 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:18217 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:18218 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:18219 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:18240 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:19020 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:19041 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:19046 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:19894 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:21913 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:0934 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:7519 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/security/cve/CVE-2025-49794 vdb-entryx_refsource_REDHAT
    https://bugzilla.redhat.com/show_bug.cgi?id=2372373 issue-trackingx_refsource_REDHAT
    https://gitlab.gnome.org/GNOME/libxml2/-/issues/931
    https://lists.debian.org/debian-lts-announce/2025…
    https://cert-portal.siemens.com/productcert/html/…
    https://cert-portal.siemens.com/productcert/html/…
    Impacted products
    Vendor Product Version
    Affected: 0 , < 2.15.0 (semver)
    Red Hat Red Hat Enterprise Linux 10 Unaffected: 0:2.12.5-7.el10_0 , < * (rpm)
        cpe:/o:redhat:enterprise_linux:10.0
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 7 Extended Lifecycle Support Unaffected: 0:2.9.1-6.el7_9.10 , < * (rpm)
        cpe:/o:redhat:rhel_els:7
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8 Unaffected: 0:2.9.7-21.el8_10.1 , < * (rpm)
        cpe:/a:redhat:enterprise_linux:8::appstream
        cpe:/o:redhat:enterprise_linux:8::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.2 Advanced Update Support Unaffected: 0:2.9.7-9.el8_2.3 , < * (rpm)
        cpe:/a:redhat:rhel_aus:8.2::appstream
        cpe:/o:redhat:rhel_aus:8.2::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support Unaffected: 0:2.9.7-9.el8_4.6 , < * (rpm)
        cpe:/a:redhat:rhel_aus:8.4::appstream
        cpe:/a:redhat:rhel_eus_long_life:8.4::appstream
        cpe:/o:redhat:rhel_aus:8.4::baseos
        cpe:/o:redhat:rhel_eus_long_life:8.4::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On Unaffected: 0:2.9.7-9.el8_4.6 , < * (rpm)
        cpe:/a:redhat:rhel_aus:8.4::appstream
        cpe:/a:redhat:rhel_eus_long_life:8.4::appstream
        cpe:/o:redhat:rhel_aus:8.4::baseos
        cpe:/o:redhat:rhel_eus_long_life:8.4::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support Unaffected: 0:2.9.7-13.el8_6.10 , < * (rpm)
        cpe:/a:redhat:rhel_aus:8.6::appstream
        cpe:/a:redhat:rhel_e4s:8.6::appstream
        cpe:/a:redhat:rhel_tus:8.6::appstream
        cpe:/o:redhat:rhel_aus:8.6::baseos
        cpe:/o:redhat:rhel_e4s:8.6::baseos
        cpe:/o:redhat:rhel_tus:8.6::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.6 Telecommunications Update Service Unaffected: 0:2.9.7-13.el8_6.10 , < * (rpm)
        cpe:/a:redhat:rhel_aus:8.6::appstream
        cpe:/a:redhat:rhel_e4s:8.6::appstream
        cpe:/a:redhat:rhel_tus:8.6::appstream
        cpe:/o:redhat:rhel_aus:8.6::baseos
        cpe:/o:redhat:rhel_e4s:8.6::baseos
        cpe:/o:redhat:rhel_tus:8.6::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions Unaffected: 0:2.9.7-13.el8_6.10 , < * (rpm)
        cpe:/a:redhat:rhel_aus:8.6::appstream
        cpe:/a:redhat:rhel_e4s:8.6::appstream
        cpe:/a:redhat:rhel_tus:8.6::appstream
        cpe:/o:redhat:rhel_aus:8.6::baseos
        cpe:/o:redhat:rhel_e4s:8.6::baseos
        cpe:/o:redhat:rhel_tus:8.6::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.8 Telecommunications Update Service Unaffected: 0:2.9.7-16.el8_8.9 , < * (rpm)
        cpe:/a:redhat:rhel_e4s:8.8::appstream
        cpe:/a:redhat:rhel_tus:8.8::appstream
        cpe:/o:redhat:rhel_e4s:8.8::baseos
        cpe:/o:redhat:rhel_tus:8.8::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions Unaffected: 0:2.9.7-16.el8_8.9 , < * (rpm)
        cpe:/a:redhat:rhel_e4s:8.8::appstream
        cpe:/a:redhat:rhel_tus:8.8::appstream
        cpe:/o:redhat:rhel_e4s:8.8::baseos
        cpe:/o:redhat:rhel_tus:8.8::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9 Unaffected: 0:2.9.13-10.el9_6 , < * (rpm)
        cpe:/a:redhat:enterprise_linux:9::appstream
        cpe:/o:redhat:enterprise_linux:9::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions Unaffected: 0:2.9.13-1.el9_0.5 , < * (rpm)
        cpe:/a:redhat:rhel_e4s:9.0::appstream
        cpe:/o:redhat:rhel_e4s:9.0::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions Unaffected: 0:2.9.13-3.el9_2.7 , < * (rpm)
        cpe:/a:redhat:rhel_e4s:9.2::appstream
        cpe:/o:redhat:rhel_e4s:9.2::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9.4 Extended Update Support Unaffected: 0:2.9.13-10.el9_4 , < * (rpm)
        cpe:/a:redhat:rhel_eus:9.4::appstream
        cpe:/o:redhat:rhel_eus:9.4::baseos
    Create a notification for this product.
    Red Hat Red Hat JBoss Core Services 2.4.62.SP2     cpe:/a:redhat:jboss_core_services:1
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.12 Unaffected: 412.86.202510291903-0 , < * (rpm)
        cpe:/a:redhat:openshift:4.12::el8
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.13 Unaffected: 413.92.202510150118-0 , < * (rpm)
        cpe:/a:redhat:openshift:4.13::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.14 Unaffected: 414.92.202510211419-0 , < * (rpm)
        cpe:/a:redhat:openshift:4.14::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.17 Unaffected: 417.94.202510112152-0 , < * (rpm)
        cpe:/a:redhat:openshift:4.17::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.18 Unaffected: 418.94.202510230424-0 , < * (rpm)
        cpe:/a:redhat:openshift:4.18::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.19 Unaffected: 4.19.9.6.202510140714-0 , < * (rpm)
        cpe:/a:redhat:openshift:4.19::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.20 Unaffected: 4.20.9.6.202509251656-0 , < * (rpm)
        cpe:/a:redhat:openshift:4.20::el9
    Create a notification for this product.
    Red Hat Red Hat Web Terminal 1.11 on RHEL 9 Unaffected: 1.11-19 , < * (rpm)
        cpe:/a:redhat:webterminal:1.11::el9
    Create a notification for this product.
    Red Hat Red Hat Web Terminal 1.11 on RHEL 9 Unaffected: 1.11-8 , < * (rpm)
        cpe:/a:redhat:webterminal:1.11::el9
    Create a notification for this product.
    Red Hat Red Hat Web Terminal 1.12 on RHEL 9 Unaffected: 1.12-4 , < * (rpm)
        cpe:/a:redhat:webterminal:1.12::el9
    Create a notification for this product.
    Red Hat RHOSS-1.36-RHEL-8 Unaffected: 1.36.0-11 , < * (rpm)
        cpe:/a:redhat:openshift_serverless:1.36::el8
    Create a notification for this product.
    Red Hat RHOSS-1.36-RHEL-8 Unaffected: 1.36.0-10 , < * (rpm)
        cpe:/a:redhat:openshift_serverless:1.36::el8
    Create a notification for this product.
    Red Hat RHOSS-1.36-RHEL-8 Unaffected: 1.36.0-4 , < * (rpm)
        cpe:/a:redhat:openshift_serverless:1.36::el8
    Create a notification for this product.
    Red Hat RHOSS-1.36-RHEL-8 Unaffected: 1.36.0-9 , < * (rpm)
        cpe:/a:redhat:openshift_serverless:1.36::el8
    Create a notification for this product.
    Red Hat RHOSS-1.36-RHEL-8 Unaffected: 1.36.0-12 , < * (rpm)
        cpe:/a:redhat:openshift_serverless:1.36::el8
    Create a notification for this product.
    Red Hat RHOSS-1.36-RHEL-8 Unaffected: 1.36.0-18 , < * (rpm)
        cpe:/a:redhat:openshift_serverless:1.36::el8
    Create a notification for this product.
    Red Hat RHOSS-1.36-RHEL-8 Unaffected: 1.36.0-7 , < * (rpm)
        cpe:/a:redhat:openshift_serverless:1.36::el8
    Create a notification for this product.
    Red Hat cert-manager operator for Red Hat OpenShift 1.16 Unaffected: v1.16.5-1760515757 , < * (rpm)
        cpe:/a:redhat:cert_manager:1.16::el9
    Create a notification for this product.
    Red Hat OpenShift File Integrity Operator - FIO 1 Unaffected: v1.3 , < * (rpm)
        cpe:/a:redhat:openshift_file_integrity_operator:1::el9
    Create a notification for this product.
    Red Hat Red Hat Hardened Images Unaffected: 2.15.2-0.3.hum1 , < * (rpm)
        cpe:/a:redhat:hummingbird:1
    Create a notification for this product.
    Red Hat Red Hat Insights proxy 1.5 Unaffected: 1.5.5-1754504343 , < * (rpm)
        cpe:/a:redhat:insights_proxy:1.5::el9
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 6     cpe:/o:redhat:enterprise_linux:6
    Create a notification for this product.
    Siemens RUGGEDCOM ROX MX5000 Affected: 0 , < V2.17.1 (custom)
    Create a notification for this product.
    Siemens RUGGEDCOM ROX MX5000RE Affected: 0 , < V2.17.1 (custom)
    Create a notification for this product.
    Siemens RUGGEDCOM ROX RX1400 Affected: 0 , < V2.17.1 (custom)
    Create a notification for this product.
    Siemens RUGGEDCOM ROX RX1500 Affected: 0 , < V2.17.1 (custom)
    Create a notification for this product.
    Siemens RUGGEDCOM ROX RX1501 Affected: 0 , < V2.17.1 (custom)
    Create a notification for this product.
    Siemens RUGGEDCOM ROX RX1510 Affected: 0 , < V2.17.1 (custom)
    Create a notification for this product.
    Siemens RUGGEDCOM ROX RX1511 Affected: 0 , < V2.17.1 (custom)
    Create a notification for this product.
    Siemens RUGGEDCOM ROX RX1512 Affected: 0 , < V2.17.1 (custom)
    Create a notification for this product.
    Siemens RUGGEDCOM ROX RX1524 Affected: 0 , < V2.17.1 (custom)
    Create a notification for this product.
    Siemens RUGGEDCOM ROX RX1536 Affected: 0 , < V2.17.1 (custom)
    Create a notification for this product.
    Siemens RUGGEDCOM ROX RX5000 Affected: 0 , < V2.17.1 (custom)
    Create a notification for this product.
    Siemens RUGGEDCOM RST2428P Affected: 0 , < V4.0 (custom)
    Create a notification for this product.
    Date Public
    2025-06-10 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-49794",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-06-16T15:50:46.041375Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-06-16T15:51:46.475Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2025-11-03T20:05:25.109Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "https://lists.debian.org/debian-lts-announce/2025/07/msg00014.html"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "defaultStatus": "unknown",
                "product": "RUGGEDCOM ROX MX5000",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V2.17.1",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "RUGGEDCOM ROX MX5000RE",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V2.17.1",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "RUGGEDCOM ROX RX1400",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V2.17.1",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "RUGGEDCOM ROX RX1500",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V2.17.1",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "RUGGEDCOM ROX RX1501",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V2.17.1",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "RUGGEDCOM ROX RX1510",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V2.17.1",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "RUGGEDCOM ROX RX1511",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V2.17.1",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "RUGGEDCOM ROX RX1512",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V2.17.1",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "RUGGEDCOM ROX RX1524",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V2.17.1",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "RUGGEDCOM ROX RX1536",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V2.17.1",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "RUGGEDCOM ROX RX5000",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V2.17.1",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "RUGGEDCOM RST2428P",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V4.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-02T13:00:24.547Z",
              "orgId": "0b142b55-0307-4c5a-b3c9-f314f3fb7c5e",
              "shortName": "siemens-SADP"
            },
            "references": [
              {
                "url": "https://cert-portal.siemens.com/productcert/html/ssa-577017.html"
              },
              {
                "url": "https://cert-portal.siemens.com/productcert/html/ssa-253495.html"
              }
            ],
            "x_adpType": "supplier"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://gitlab.gnome.org/GNOME/libxml2/",
              "defaultStatus": "unaffected",
              "packageName": "libxml2",
              "versions": [
                {
                  "lessThan": "2.15.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:10.0"
              ],
              "defaultStatus": "affected",
              "packageName": "libxml2",
              "product": "Red Hat Enterprise Linux 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.12.5-7.el10_0",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:rhel_els:7"
              ],
              "defaultStatus": "affected",
              "packageName": "libxml2",
              "product": "Red Hat Enterprise Linux 7 Extended Lifecycle Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.9.1-6.el7_9.10",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:enterprise_linux:8::appstream",
                "cpe:/o:redhat:enterprise_linux:8::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "libxml2",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.9.7-21.el8_10.1",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:enterprise_linux:8::appstream",
                "cpe:/o:redhat:enterprise_linux:8::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "libxml2",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.9.7-21.el8_10.1",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_aus:8.2::appstream",
                "cpe:/o:redhat:rhel_aus:8.2::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "libxml2",
              "product": "Red Hat Enterprise Linux 8.2 Advanced Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.9.7-9.el8_2.3",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_aus:8.4::appstream",
                "cpe:/a:redhat:rhel_eus_long_life:8.4::appstream",
                "cpe:/o:redhat:rhel_aus:8.4::baseos",
                "cpe:/o:redhat:rhel_eus_long_life:8.4::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "libxml2",
              "product": "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.9.7-9.el8_4.6",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_aus:8.4::appstream",
                "cpe:/a:redhat:rhel_eus_long_life:8.4::appstream",
                "cpe:/o:redhat:rhel_aus:8.4::baseos",
                "cpe:/o:redhat:rhel_eus_long_life:8.4::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "libxml2",
              "product": "Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.9.7-9.el8_4.6",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_aus:8.6::appstream",
                "cpe:/a:redhat:rhel_e4s:8.6::appstream",
                "cpe:/a:redhat:rhel_tus:8.6::appstream",
                "cpe:/o:redhat:rhel_aus:8.6::baseos",
                "cpe:/o:redhat:rhel_e4s:8.6::baseos",
                "cpe:/o:redhat:rhel_tus:8.6::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "libxml2",
              "product": "Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.9.7-13.el8_6.10",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_aus:8.6::appstream",
                "cpe:/a:redhat:rhel_e4s:8.6::appstream",
                "cpe:/a:redhat:rhel_tus:8.6::appstream",
                "cpe:/o:redhat:rhel_aus:8.6::baseos",
                "cpe:/o:redhat:rhel_e4s:8.6::baseos",
                "cpe:/o:redhat:rhel_tus:8.6::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "libxml2",
              "product": "Red Hat Enterprise Linux 8.6 Telecommunications Update Service",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.9.7-13.el8_6.10",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_aus:8.6::appstream",
                "cpe:/a:redhat:rhel_e4s:8.6::appstream",
                "cpe:/a:redhat:rhel_tus:8.6::appstream",
                "cpe:/o:redhat:rhel_aus:8.6::baseos",
                "cpe:/o:redhat:rhel_e4s:8.6::baseos",
                "cpe:/o:redhat:rhel_tus:8.6::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "libxml2",
              "product": "Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.9.7-13.el8_6.10",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_e4s:8.8::appstream",
                "cpe:/a:redhat:rhel_tus:8.8::appstream",
                "cpe:/o:redhat:rhel_e4s:8.8::baseos",
                "cpe:/o:redhat:rhel_tus:8.8::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "libxml2",
              "product": "Red Hat Enterprise Linux 8.8 Telecommunications Update Service",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.9.7-16.el8_8.9",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_e4s:8.8::appstream",
                "cpe:/a:redhat:rhel_tus:8.8::appstream",
                "cpe:/o:redhat:rhel_e4s:8.8::baseos",
                "cpe:/o:redhat:rhel_tus:8.8::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "libxml2",
              "product": "Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.9.7-16.el8_8.9",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:enterprise_linux:9::appstream",
                "cpe:/o:redhat:enterprise_linux:9::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "libxml2",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.9.13-10.el9_6",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:enterprise_linux:9::appstream",
                "cpe:/o:redhat:enterprise_linux:9::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "libxml2",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.9.13-10.el9_6",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_e4s:9.0::appstream",
                "cpe:/o:redhat:rhel_e4s:9.0::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "libxml2",
              "product": "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.9.13-1.el9_0.5",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_e4s:9.2::appstream",
                "cpe:/o:redhat:rhel_e4s:9.2::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "libxml2",
              "product": "Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.9.13-3.el9_2.7",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_eus:9.4::appstream",
                "cpe:/o:redhat:rhel_eus:9.4::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "libxml2",
              "product": "Red Hat Enterprise Linux 9.4 Extended Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.9.13-10.el9_4",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_core_services:1"
              ],
              "defaultStatus": "unaffected",
              "packageName": "libxml2",
              "product": "Red Hat JBoss Core Services 2.4.62.SP2",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift:4.12::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "rhcos",
              "product": "Red Hat OpenShift Container Platform 4.12",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "412.86.202510291903-0",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift:4.13::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "rhcos",
              "product": "Red Hat OpenShift Container Platform 4.13",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "413.92.202510150118-0",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift:4.14::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "rhcos",
              "product": "Red Hat OpenShift Container Platform 4.14",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "414.92.202510211419-0",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift:4.17::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "rhcos",
              "product": "Red Hat OpenShift Container Platform 4.17",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "417.94.202510112152-0",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift:4.18::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "rhcos",
              "product": "Red Hat OpenShift Container Platform 4.18",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "418.94.202510230424-0",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift:4.19::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "rhcos",
              "product": "Red Hat OpenShift Container Platform 4.19",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "4.19.9.6.202510140714-0",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift:4.20::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "rhcos",
              "product": "Red Hat OpenShift Container Platform 4.20",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "4.20.9.6.202509251656-0",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:webterminal:1.11::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "web-terminal/web-terminal-rhel9-operator",
              "product": "Red Hat Web Terminal 1.11 on RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1.11-19",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:webterminal:1.11::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "web-terminal/web-terminal-tooling-rhel9",
              "product": "Red Hat Web Terminal 1.11 on RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1.11-8",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:webterminal:1.12::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "web-terminal/web-terminal-tooling-rhel9",
              "product": "Red Hat Web Terminal 1.12 on RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1.12-4",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_serverless:1.36::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-serverless-1/logic-data-index-ephemeral-rhel8",
              "product": "RHOSS-1.36-RHEL-8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1.36.0-11",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_serverless:1.36::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-serverless-1/logic-data-index-postgresql-rhel8",
              "product": "RHOSS-1.36-RHEL-8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1.36.0-11",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_serverless:1.36::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-serverless-1/logic-db-migrator-tool-rhel8",
              "product": "RHOSS-1.36-RHEL-8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1.36.0-11",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_serverless:1.36::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-serverless-1/logic-jobs-service-ephemeral-rhel8",
              "product": "RHOSS-1.36-RHEL-8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1.36.0-10",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_serverless:1.36::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-serverless-1/logic-jobs-service-postgresql-rhel8",
              "product": "RHOSS-1.36-RHEL-8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1.36.0-10",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_serverless:1.36::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8",
              "product": "RHOSS-1.36-RHEL-8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1.36.0-4",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_serverless:1.36::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-serverless-1/logic-management-console-rhel8",
              "product": "RHOSS-1.36-RHEL-8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1.36.0-9",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_serverless:1.36::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-serverless-1/logic-operator-bundle",
              "product": "RHOSS-1.36-RHEL-8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1.36.0-12",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_serverless:1.36::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-serverless-1/logic-rhel8-operator",
              "product": "RHOSS-1.36-RHEL-8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1.36.0-18",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_serverless:1.36::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-serverless-1/logic-swf-builder-rhel8",
              "product": "RHOSS-1.36-RHEL-8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1.36.0-11",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_serverless:1.36::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-serverless-1/logic-swf-devmode-rhel8",
              "product": "RHOSS-1.36-RHEL-8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1.36.0-7",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:cert_manager:1.16::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "cert-manager/jetstack-cert-manager-rhel9",
              "product": "cert-manager operator for Red Hat OpenShift 1.16",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v1.16.5-1760515757",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_file_integrity_operator:1::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "compliance/openshift-file-integrity-rhel8-operator",
              "product": "OpenShift File Integrity Operator - FIO 1",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v1.3",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:hummingbird:1"
              ],
              "defaultStatus": "affected",
              "packageName": "libxml2-main",
              "product": "Red Hat Hardened Images",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "2.15.2-0.3.hum1",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:insights_proxy:1.5::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "insights-proxy/insights-proxy-container-rhel9",
              "product": "Red Hat Insights proxy 1.5",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1.5.5-1754504343",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:6"
              ],
              "defaultStatus": "unknown",
              "packageName": "libxml2",
              "product": "Red Hat Enterprise Linux 6",
              "vendor": "Red Hat"
            }
          ],
          "datePublic": "2025-06-10T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A use-after-free vulnerability was found in libxml2. This issue occurs when parsing XPath elements under certain circumstances when the XML schematron has the \u003csch:name path=\"...\"/\u003e schema elements. This flaw allows a malicious actor to craft a malicious XML document used as input for libxml, resulting in the program\u0027s crash using libxml or other possible undefined behaviors."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Important"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.1,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-825",
                  "description": "Expired Pointer Dereference",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-29T20:51:37.743Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "RHSA-2025:10630",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:10630"
            },
            {
              "name": "RHSA-2025:10698",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:10698"
            },
            {
              "name": "RHSA-2025:10699",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:10699"
            },
            {
              "name": "RHSA-2025:11580",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:11580"
            },
            {
              "name": "RHSA-2025:12098",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:12098"
            },
            {
              "name": "RHSA-2025:12099",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:12099"
            },
            {
              "name": "RHSA-2025:12199",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:12199"
            },
            {
              "name": "RHSA-2025:12237",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:12237"
            },
            {
              "name": "RHSA-2025:12239",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:12239"
            },
            {
              "name": "RHSA-2025:12240",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:12240"
            },
            {
              "name": "RHSA-2025:12241",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:12241"
            },
            {
              "name": "RHSA-2025:13335",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:13335"
            },
            {
              "name": "RHSA-2025:15397",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:15397"
            },
            {
              "name": "RHSA-2025:15827",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:15827"
            },
            {
              "name": "RHSA-2025:15828",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:15828"
            },
            {
              "name": "RHSA-2025:18217",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:18217"
            },
            {
              "name": "RHSA-2025:18218",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:18218"
            },
            {
              "name": "RHSA-2025:18219",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:18219"
            },
            {
              "name": "RHSA-2025:18240",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:18240"
            },
            {
              "name": "RHSA-2025:19020",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:19020"
            },
            {
              "name": "RHSA-2025:19041",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:19041"
            },
            {
              "name": "RHSA-2025:19046",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:19046"
            },
            {
              "name": "RHSA-2025:19894",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:19894"
            },
            {
              "name": "RHSA-2025:21913",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:21913"
            },
            {
              "name": "RHSA-2026:0934",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2026:0934"
            },
            {
              "name": "RHSA-2026:7519",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2026:7519"
            },
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2025-49794"
            },
            {
              "name": "RHBZ#2372373",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2372373"
            },
            {
              "url": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/931"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-06-11T21:33:43.044Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2025-06-10T00:00:00.000Z",
              "value": "Made public."
            }
          ],
          "title": "Libxml: heap use after free (uaf) leads to denial of service (dos)",
          "workarounds": [
            {
              "lang": "en",
              "value": "There\u0027s no available mitigation other than avoid processing untrusted XML documents before updating to the libxml version containing the fix."
            }
          ],
          "x_generator": {
            "engine": "cvelib 1.8.0"
          },
          "x_redhatCweChain": "CWE-825: Expired Pointer Dereference"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2025-49794",
        "datePublished": "2025-06-16T15:24:31.020Z",
        "dateReserved": "2025-06-10T22:17:05.286Z",
        "dateUpdated": "2026-06-29T20:51:37.743Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-5914 (GCVE-0-2025-5914)

    Vulnerability from nvd – Published: 2025-06-09 19:53 – Updated: 2026-06-30 10:40
    VLAI
    Title
    Libarchive: double free at archive_read_format_rar_seek_data() in archive_read_support_format_rar.c
    Summary
    A vulnerability has been identified in the libarchive library, specifically within the archive_read_format_rar_seek_data() function. This flaw involves an integer overflow that can ultimately lead to a double-free condition. Exploiting a double-free vulnerability can result in memory corruption, enabling an attacker to execute arbitrary code or cause a denial-of-service condition.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-190 - Integer Overflow or Wraparound
    Assigner
    References
    URL Tags
    https://access.redhat.com/errata/RHSA-2025:14130 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:14135 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:14137 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:14141 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:14142 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:14525 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:14528 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:14594 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:14644 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:14808 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:14810 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:14828 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:15024 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:15397 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:15709 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:15827 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:15828 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:16524 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:18217 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:18218 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:18219 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:19041 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:19046 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:21885 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:21913 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:0326 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:0934 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:1541 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/security/cve/CVE-2025-5914 vdb-entryx_refsource_REDHAT
    https://bugzilla.redhat.com/show_bug.cgi?id=2370861 issue-trackingx_refsource_REDHAT
    https://github.com/libarchive/libarchive/pull/2598
    https://github.com/libarchive/libarchive/releases…
    Impacted products
    Vendor Product Version
    Affected: 0 , < 3.8.0 (semver)
    Red Hat Red Hat Enterprise Linux 10 Unaffected: 0:3.7.7-4.el10_0 , < * (rpm)
        cpe:/o:redhat:enterprise_linux:10.0
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 7 Extended Lifecycle Support Unaffected: 0:3.1.2-14.el7_9.1 , < * (rpm)
        cpe:/o:redhat:rhel_els:7
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8 Unaffected: 0:3.3.3-6.el8_10 , < * (rpm)
        cpe:/a:redhat:enterprise_linux:8::crb
        cpe:/o:redhat:enterprise_linux:8::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.2 Advanced Update Support Unaffected: 0:3.3.2-8.el8_2.1 , < * (rpm)
        cpe:/o:redhat:rhel_aus:8.2::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support Unaffected: 0:3.3.3-1.el8_4.1 , < * (rpm)
        cpe:/o:redhat:rhel_aus:8.4::baseos
        cpe:/o:redhat:rhel_eus_long_life:8.4::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On Unaffected: 0:3.3.3-1.el8_4.1 , < * (rpm)
        cpe:/o:redhat:rhel_aus:8.4::baseos
        cpe:/o:redhat:rhel_eus_long_life:8.4::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support Unaffected: 0:3.3.3-6.el8_6 , < * (rpm)
        cpe:/o:redhat:rhel_aus:8.6::baseos
        cpe:/o:redhat:rhel_e4s:8.6::baseos
        cpe:/o:redhat:rhel_tus:8.6::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.6 Telecommunications Update Service Unaffected: 0:3.3.3-6.el8_6 , < * (rpm)
        cpe:/o:redhat:rhel_aus:8.6::baseos
        cpe:/o:redhat:rhel_e4s:8.6::baseos
        cpe:/o:redhat:rhel_tus:8.6::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions Unaffected: 0:3.3.3-6.el8_6 , < * (rpm)
        cpe:/o:redhat:rhel_aus:8.6::baseos
        cpe:/o:redhat:rhel_e4s:8.6::baseos
        cpe:/o:redhat:rhel_tus:8.6::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.8 Telecommunications Update Service Unaffected: 0:3.3.3-5.el8_8.1 , < * (rpm)
        cpe:/o:redhat:rhel_e4s:8.8::baseos
        cpe:/o:redhat:rhel_tus:8.8::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions Unaffected: 0:3.3.3-5.el8_8.1 , < * (rpm)
        cpe:/o:redhat:rhel_e4s:8.8::baseos
        cpe:/o:redhat:rhel_tus:8.8::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9 Unaffected: 0:3.5.3-6.el9_6 , < * (rpm)
        cpe:/a:redhat:enterprise_linux:9::appstream
        cpe:/o:redhat:enterprise_linux:9::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions Unaffected: 0:3.5.3-2.el9_0.1 , < * (rpm)
        cpe:/a:redhat:rhel_e4s:9.0::appstream
        cpe:/o:redhat:rhel_e4s:9.0::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions Unaffected: 0:3.5.3-5.el9_2 , < * (rpm)
        cpe:/a:redhat:rhel_e4s:9.2::appstream
        cpe:/o:redhat:rhel_e4s:9.2::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9.4 Extended Update Support Unaffected: 0:3.5.3-4.el9_4.1 , < * (rpm)
        cpe:/a:redhat:rhel_eus:9.4::appstream
        cpe:/a:redhat:rhel_eus:9.4::crb
        cpe:/o:redhat:rhel_eus:9.4::baseos
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.14 Unaffected: 414.92.202510211419-0 , < * (rpm)
        cpe:/a:redhat:openshift:4.14::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.15 Unaffected: 415.92.202601271320-0 , < * (rpm)
        cpe:/a:redhat:openshift:4.15::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.16 Unaffected: 416.94.202601071926-0 , < * (rpm)
        cpe:/a:redhat:openshift:4.16::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.17 Unaffected: 417.94.202510112152-0 , < * (rpm)
        cpe:/a:redhat:openshift:4.17::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.18 Unaffected: 418.94.202510230424-0 , < * (rpm)
        cpe:/a:redhat:openshift:4.18::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.19 Unaffected: 4.19.9.6.202510140714-0 , < * (rpm)
        cpe:/a:redhat:openshift:4.19::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.20 Unaffected: 4.20.9.6.202509251656-0 , < * (rpm)
        cpe:/a:redhat:openshift:4.20::el9
    Create a notification for this product.
    Red Hat Red Hat Web Terminal 1.11 on RHEL 9 Unaffected: 1.11-19 , < * (rpm)
        cpe:/a:redhat:webterminal:1.11::el9
    Create a notification for this product.
    Red Hat Red Hat Web Terminal 1.11 on RHEL 9 Unaffected: 1.11-8 , < * (rpm)
        cpe:/a:redhat:webterminal:1.11::el9
    Create a notification for this product.
    Red Hat Red Hat Web Terminal 1.12 on RHEL 9 Unaffected: 1.12-4 , < * (rpm)
        cpe:/a:redhat:webterminal:1.12::el9
    Create a notification for this product.
    Red Hat RHOSS-1.36-RHEL-8 Unaffected: 1.36.0-11 , < * (rpm)
        cpe:/a:redhat:openshift_serverless:1.36::el8
    Create a notification for this product.
    Red Hat RHOSS-1.36-RHEL-8 Unaffected: 1.36.0-10 , < * (rpm)
        cpe:/a:redhat:openshift_serverless:1.36::el8
    Create a notification for this product.
    Red Hat RHOSS-1.36-RHEL-8 Unaffected: 1.36.0-4 , < * (rpm)
        cpe:/a:redhat:openshift_serverless:1.36::el8
    Create a notification for this product.
    Red Hat RHOSS-1.36-RHEL-8 Unaffected: 1.36.0-9 , < * (rpm)
        cpe:/a:redhat:openshift_serverless:1.36::el8
    Create a notification for this product.
    Red Hat RHOSS-1.36-RHEL-8 Unaffected: 1.36.0-12 , < * (rpm)
        cpe:/a:redhat:openshift_serverless:1.36::el8
    Create a notification for this product.
    Red Hat RHOSS-1.36-RHEL-8 Unaffected: 1.36.0-18 , < * (rpm)
        cpe:/a:redhat:openshift_serverless:1.36::el8
    Create a notification for this product.
    Red Hat RHOSS-1.36-RHEL-8 Unaffected: 1.36.0-7 , < * (rpm)
        cpe:/a:redhat:openshift_serverless:1.36::el8
    Create a notification for this product.
    Red Hat cert-manager operator for Red Hat OpenShift 1.16 Unaffected: v1.16.5-1760515757 , < * (rpm)
        cpe:/a:redhat:cert_manager:1.16::el9
    Create a notification for this product.
    Red Hat OpenShift Compliance Operator 1 Unaffected: 1.8.0 , < * (rpm)
        cpe:/a:redhat:openshift_compliance_operator:1::el9
    Create a notification for this product.
    Red Hat OpenShift File Integrity Operator - FIO 1 Unaffected: v1.3 , < * (rpm)
        cpe:/a:redhat:openshift_file_integrity_operator:1::el9
    Create a notification for this product.
    Red Hat Red Hat Discovery 2 Unaffected: 2.2.1-1758555934 , < * (rpm)
        cpe:/a:redhat:discovery:2::el9
    Create a notification for this product.
    Red Hat Red Hat Insights proxy 1.5 Unaffected: 1.5.6-1756187445 , < * (rpm)
        cpe:/a:redhat:insights_proxy:1.5::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift distributed tracing 3.5.1 Unaffected: rhosdt-3.5-1756116455 , < * (rpm)
        cpe:/a:redhat:openshift_distributed_tracing:3.5::el8
    Create a notification for this product.
    Red Hat Red Hat OpenShift distributed tracing 3.5.1 Unaffected: rhosdt-3.5-1756116482 , < * (rpm)
        cpe:/a:redhat:openshift_distributed_tracing:3.5::el8
    Create a notification for this product.
    Red Hat Red Hat OpenShift distributed tracing 3.5.1 Unaffected: rhosdt-3.5-1756116441 , < * (rpm)
        cpe:/a:redhat:openshift_distributed_tracing:3.5::el8
    Create a notification for this product.
    Red Hat Red Hat OpenShift distributed tracing 3.5.1 Unaffected: rhosdt-3.5-1756116449 , < * (rpm)
        cpe:/a:redhat:openshift_distributed_tracing:3.5::el8
    Create a notification for this product.
    Red Hat Red Hat OpenShift distributed tracing 3.5.1 Unaffected: rhosdt-3.5-1756116439 , < * (rpm)
        cpe:/a:redhat:openshift_distributed_tracing:3.5::el8
    Create a notification for this product.
    Red Hat Red Hat OpenShift distributed tracing 3.5.1 Unaffected: rhosdt-3.5-1756116447 , < * (rpm)
        cpe:/a:redhat:openshift_distributed_tracing:3.5::el8
    Create a notification for this product.
    Red Hat Red Hat OpenShift distributed tracing 3.5.1 Unaffected: rhosdt-3.5-1756128595 , < * (rpm)
        cpe:/a:redhat:openshift_distributed_tracing:3.5::el8
    Create a notification for this product.
    Red Hat Red Hat OpenShift distributed tracing 3.5.1 Unaffected: rhosdt-3.5-1756125872 , < * (rpm)
        cpe:/a:redhat:openshift_distributed_tracing:3.5::el8
    Create a notification for this product.
    Red Hat Red Hat OpenShift distributed tracing 3.5.1 Unaffected: rhosdt-3.5-1756116445 , < * (rpm)
        cpe:/a:redhat:openshift_distributed_tracing:3.5::el8
    Create a notification for this product.
    Red Hat Red Hat OpenShift sandboxed containers 1.1 Unaffected: 1.10.2-1757422110 , < * (rpm)
        cpe:/a:redhat:confidential_compute_attestation:1.10::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift sandboxed containers 1.1 Unaffected: 1.10.2-1757421846 , < * (rpm)
        cpe:/a:redhat:confidential_compute_attestation:1.10::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift sandboxed containers 1.1 Unaffected: 1.10.2-1757421804 , < * (rpm)
        cpe:/a:redhat:confidential_compute_attestation:1.10::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift sandboxed containers 1.1 Unaffected: 1.10.2-1757422070 , < * (rpm)
        cpe:/a:redhat:confidential_compute_attestation:1.10::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift sandboxed containers 1.1 Unaffected: 1.10.2-1757421879 , < * (rpm)
        cpe:/a:redhat:confidential_compute_attestation:1.10::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift sandboxed containers 1.1 Unaffected: 1.10.2-1757422401 , < * (rpm)
        cpe:/a:redhat:confidential_compute_attestation:1.10::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift sandboxed containers 1.1 Unaffected: 1.10.2-1757421890 , < * (rpm)
        cpe:/a:redhat:confidential_compute_attestation:1.10::el9
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 6     cpe:/o:redhat:enterprise_linux:6
    Create a notification for this product.
    Date Public
    2025-05-20 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-5914",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-06-10T15:14:35.773233Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-06-10T15:30:42.589Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://github.com/libarchive/libarchive/pull/2598"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://github.com/libarchive/libarchive/",
              "defaultStatus": "unaffected",
              "packageName": "libarchive",
              "versions": [
                {
                  "lessThan": "3.8.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:10.0"
              ],
              "defaultStatus": "affected",
              "packageName": "libarchive",
              "product": "Red Hat Enterprise Linux 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:3.7.7-4.el10_0",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:rhel_els:7"
              ],
              "defaultStatus": "affected",
              "packageName": "libarchive",
              "product": "Red Hat Enterprise Linux 7 Extended Lifecycle Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:3.1.2-14.el7_9.1",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:enterprise_linux:8::crb",
                "cpe:/o:redhat:enterprise_linux:8::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "libarchive",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:3.3.3-6.el8_10",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:rhel_aus:8.2::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "libarchive",
              "product": "Red Hat Enterprise Linux 8.2 Advanced Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:3.3.2-8.el8_2.1",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:rhel_aus:8.4::baseos",
                "cpe:/o:redhat:rhel_eus_long_life:8.4::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "libarchive",
              "product": "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:3.3.3-1.el8_4.1",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:rhel_aus:8.4::baseos",
                "cpe:/o:redhat:rhel_eus_long_life:8.4::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "libarchive",
              "product": "Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:3.3.3-1.el8_4.1",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:rhel_aus:8.6::baseos",
                "cpe:/o:redhat:rhel_e4s:8.6::baseos",
                "cpe:/o:redhat:rhel_tus:8.6::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "libarchive",
              "product": "Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:3.3.3-6.el8_6",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:rhel_aus:8.6::baseos",
                "cpe:/o:redhat:rhel_e4s:8.6::baseos",
                "cpe:/o:redhat:rhel_tus:8.6::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "libarchive",
              "product": "Red Hat Enterprise Linux 8.6 Telecommunications Update Service",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:3.3.3-6.el8_6",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:rhel_aus:8.6::baseos",
                "cpe:/o:redhat:rhel_e4s:8.6::baseos",
                "cpe:/o:redhat:rhel_tus:8.6::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "libarchive",
              "product": "Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:3.3.3-6.el8_6",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:rhel_e4s:8.8::baseos",
                "cpe:/o:redhat:rhel_tus:8.8::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "libarchive",
              "product": "Red Hat Enterprise Linux 8.8 Telecommunications Update Service",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:3.3.3-5.el8_8.1",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:rhel_e4s:8.8::baseos",
                "cpe:/o:redhat:rhel_tus:8.8::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "libarchive",
              "product": "Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:3.3.3-5.el8_8.1",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:enterprise_linux:9::appstream",
                "cpe:/o:redhat:enterprise_linux:9::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "libarchive",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:3.5.3-6.el9_6",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:enterprise_linux:9::appstream",
                "cpe:/o:redhat:enterprise_linux:9::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "libarchive",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:3.5.3-6.el9_6",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_e4s:9.0::appstream",
                "cpe:/o:redhat:rhel_e4s:9.0::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "libarchive",
              "product": "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:3.5.3-2.el9_0.1",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_e4s:9.2::appstream",
                "cpe:/o:redhat:rhel_e4s:9.2::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "libarchive",
              "product": "Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:3.5.3-5.el9_2",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_eus:9.4::appstream",
                "cpe:/a:redhat:rhel_eus:9.4::crb",
                "cpe:/o:redhat:rhel_eus:9.4::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "libarchive",
              "product": "Red Hat Enterprise Linux 9.4 Extended Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:3.5.3-4.el9_4.1",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift:4.14::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "rhcos",
              "product": "Red Hat OpenShift Container Platform 4.14",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "414.92.202510211419-0",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift:4.15::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "rhcos",
              "product": "Red Hat OpenShift Container Platform 4.15",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "415.92.202601271320-0",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift:4.16::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "rhcos",
              "product": "Red Hat OpenShift Container Platform 4.16",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "416.94.202601071926-0",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift:4.17::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "rhcos",
              "product": "Red Hat OpenShift Container Platform 4.17",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "417.94.202510112152-0",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift:4.18::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "rhcos",
              "product": "Red Hat OpenShift Container Platform 4.18",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "418.94.202510230424-0",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift:4.19::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "rhcos",
              "product": "Red Hat OpenShift Container Platform 4.19",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "4.19.9.6.202510140714-0",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift:4.20::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "rhcos",
              "product": "Red Hat OpenShift Container Platform 4.20",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "4.20.9.6.202509251656-0",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:webterminal:1.11::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "web-terminal/web-terminal-rhel9-operator",
              "product": "Red Hat Web Terminal 1.11 on RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1.11-19",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:webterminal:1.11::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "web-terminal/web-terminal-tooling-rhel9",
              "product": "Red Hat Web Terminal 1.11 on RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1.11-8",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:webterminal:1.12::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "web-terminal/web-terminal-tooling-rhel9",
              "product": "Red Hat Web Terminal 1.12 on RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1.12-4",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_serverless:1.36::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-serverless-1/logic-data-index-ephemeral-rhel8",
              "product": "RHOSS-1.36-RHEL-8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1.36.0-11",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_serverless:1.36::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-serverless-1/logic-data-index-postgresql-rhel8",
              "product": "RHOSS-1.36-RHEL-8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1.36.0-11",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_serverless:1.36::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-serverless-1/logic-db-migrator-tool-rhel8",
              "product": "RHOSS-1.36-RHEL-8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1.36.0-11",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_serverless:1.36::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-serverless-1/logic-jobs-service-ephemeral-rhel8",
              "product": "RHOSS-1.36-RHEL-8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1.36.0-10",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_serverless:1.36::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-serverless-1/logic-jobs-service-postgresql-rhel8",
              "product": "RHOSS-1.36-RHEL-8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1.36.0-10",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_serverless:1.36::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8",
              "product": "RHOSS-1.36-RHEL-8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1.36.0-4",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_serverless:1.36::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-serverless-1/logic-management-console-rhel8",
              "product": "RHOSS-1.36-RHEL-8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1.36.0-9",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_serverless:1.36::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-serverless-1/logic-operator-bundle",
              "product": "RHOSS-1.36-RHEL-8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1.36.0-12",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_serverless:1.36::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-serverless-1/logic-rhel8-operator",
              "product": "RHOSS-1.36-RHEL-8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1.36.0-18",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_serverless:1.36::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-serverless-1/logic-swf-builder-rhel8",
              "product": "RHOSS-1.36-RHEL-8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1.36.0-11",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_serverless:1.36::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-serverless-1/logic-swf-devmode-rhel8",
              "product": "RHOSS-1.36-RHEL-8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1.36.0-7",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:cert_manager:1.16::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "cert-manager/jetstack-cert-manager-rhel9",
              "product": "cert-manager operator for Red Hat OpenShift 1.16",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v1.16.5-1760515757",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_compliance_operator:1::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "compliance/openshift-compliance-must-gather-rhel8",
              "product": "OpenShift Compliance Operator 1",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1.8.0",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_compliance_operator:1::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "compliance/openshift-compliance-openscap-rhel8",
              "product": "OpenShift Compliance Operator 1",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1.8.0",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_compliance_operator:1::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "compliance/openshift-compliance-rhel8-operator",
              "product": "OpenShift Compliance Operator 1",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1.8.0",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_file_integrity_operator:1::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "compliance/openshift-file-integrity-rhel8-operator",
              "product": "OpenShift File Integrity Operator - FIO 1",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v1.3",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:discovery:2::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "discovery/discovery-server-rhel9",
              "product": "Red Hat Discovery 2",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "2.2.1-1758555934",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:insights_proxy:1.5::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "insights-proxy/insights-proxy-container-rhel9",
              "product": "Red Hat Insights proxy 1.5",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1.5.6-1756187445",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_distributed_tracing:3.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "rhosdt/jaeger-agent-rhel8",
              "product": "Red Hat OpenShift distributed tracing 3.5.1",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "rhosdt-3.5-1756116455",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_distributed_tracing:3.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "rhosdt/jaeger-all-in-one-rhel8",
              "product": "Red Hat OpenShift distributed tracing 3.5.1",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "rhosdt-3.5-1756116482",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_distributed_tracing:3.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "rhosdt/jaeger-collector-rhel8",
              "product": "Red Hat OpenShift distributed tracing 3.5.1",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "rhosdt-3.5-1756116441",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_distributed_tracing:3.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "rhosdt/jaeger-es-index-cleaner-rhel8",
              "product": "Red Hat OpenShift distributed tracing 3.5.1",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "rhosdt-3.5-1756116449",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_distributed_tracing:3.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "rhosdt/jaeger-es-rollover-rhel8",
              "product": "Red Hat OpenShift distributed tracing 3.5.1",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "rhosdt-3.5-1756116439",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_distributed_tracing:3.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "rhosdt/jaeger-ingester-rhel8",
              "product": "Red Hat OpenShift distributed tracing 3.5.1",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "rhosdt-3.5-1756116447",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_distributed_tracing:3.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "rhosdt/jaeger-operator-bundle",
              "product": "Red Hat OpenShift distributed tracing 3.5.1",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "rhosdt-3.5-1756128595",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_distributed_tracing:3.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "rhosdt/jaeger-query-rhel8",
              "product": "Red Hat OpenShift distributed tracing 3.5.1",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "rhosdt-3.5-1756125872",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_distributed_tracing:3.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "rhosdt/jaeger-rhel8-operator",
              "product": "Red Hat OpenShift distributed tracing 3.5.1",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "rhosdt-3.5-1756116445",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:confidential_compute_attestation:1.10::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-sandboxed-containers/osc-cloud-api-adaptor-rhel9",
              "product": "Red Hat OpenShift sandboxed containers 1.1",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1.10.2-1757422110",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:confidential_compute_attestation:1.10::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-sandboxed-containers/osc-cloud-api-adaptor-webhook-rhel9",
              "product": "Red Hat OpenShift sandboxed containers 1.1",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1.10.2-1757421846",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:confidential_compute_attestation:1.10::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-sandboxed-containers/osc-monitor-rhel9",
              "product": "Red Hat OpenShift sandboxed containers 1.1",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1.10.2-1757421804",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:confidential_compute_attestation:1.10::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-sandboxed-containers/osc-must-gather-rhel9",
              "product": "Red Hat OpenShift sandboxed containers 1.1",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1.10.2-1757422070",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:confidential_compute_attestation:1.10::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-sandboxed-containers/osc-podvm-builder-rhel9",
              "product": "Red Hat OpenShift sandboxed containers 1.1",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1.10.2-1757421879",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:confidential_compute_attestation:1.10::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-sandboxed-containers/osc-podvm-payload-rhel9",
              "product": "Red Hat OpenShift sandboxed containers 1.1",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1.10.2-1757422401",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:confidential_compute_attestation:1.10::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-sandboxed-containers/osc-rhel9-operator",
              "product": "Red Hat OpenShift sandboxed containers 1.1",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1.10.2-1757421890",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:6"
              ],
              "defaultStatus": "unknown",
              "packageName": "libarchive",
              "product": "Red Hat Enterprise Linux 6",
              "vendor": "Red Hat"
            }
          ],
          "datePublic": "2025-05-20T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability has been identified in the libarchive library, specifically within the archive_read_format_rar_seek_data() function. This flaw involves an integer overflow that can ultimately lead to a double-free condition. Exploiting a double-free vulnerability can result in memory corruption, enabling an attacker to execute arbitrary code or cause a denial-of-service condition."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Important"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-190",
                  "description": "Integer Overflow or Wraparound",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-30T10:40:27.148Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "RHSA-2025:14130",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:14130"
            },
            {
              "name": "RHSA-2025:14135",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:14135"
            },
            {
              "name": "RHSA-2025:14137",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:14137"
            },
            {
              "name": "RHSA-2025:14141",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:14141"
            },
            {
              "name": "RHSA-2025:14142",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:14142"
            },
            {
              "name": "RHSA-2025:14525",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:14525"
            },
            {
              "name": "RHSA-2025:14528",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:14528"
            },
            {
              "name": "RHSA-2025:14594",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:14594"
            },
            {
              "name": "RHSA-2025:14644",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:14644"
            },
            {
              "name": "RHSA-2025:14808",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:14808"
            },
            {
              "name": "RHSA-2025:14810",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:14810"
            },
            {
              "name": "RHSA-2025:14828",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:14828"
            },
            {
              "name": "RHSA-2025:15024",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:15024"
            },
            {
              "name": "RHSA-2025:15397",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:15397"
            },
            {
              "name": "RHSA-2025:15709",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:15709"
            },
            {
              "name": "RHSA-2025:15827",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:15827"
            },
            {
              "name": "RHSA-2025:15828",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:15828"
            },
            {
              "name": "RHSA-2025:16524",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:16524"
            },
            {
              "name": "RHSA-2025:18217",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:18217"
            },
            {
              "name": "RHSA-2025:18218",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:18218"
            },
            {
              "name": "RHSA-2025:18219",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:18219"
            },
            {
              "name": "RHSA-2025:19041",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:19041"
            },
            {
              "name": "RHSA-2025:19046",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:19046"
            },
            {
              "name": "RHSA-2025:21885",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:21885"
            },
            {
              "name": "RHSA-2025:21913",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:21913"
            },
            {
              "name": "RHSA-2026:0326",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2026:0326"
            },
            {
              "name": "RHSA-2026:0934",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2026:0934"
            },
            {
              "name": "RHSA-2026:1541",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2026:1541"
            },
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2025-5914"
            },
            {
              "name": "RHBZ#2370861",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2370861"
            },
            {
              "url": "https://github.com/libarchive/libarchive/pull/2598"
            },
            {
              "url": "https://github.com/libarchive/libarchive/releases/tag/v3.8.0"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-06-06T17:58:25.491Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2025-05-20T00:00:00.000Z",
              "value": "Made public."
            }
          ],
          "title": "Libarchive: double free at archive_read_format_rar_seek_data() in archive_read_support_format_rar.c",
          "x_generator": {
            "engine": "cvelib 1.8.0"
          },
          "x_redhatCweChain": "CWE-190: Integer Overflow or Wraparound"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2025-5914",
        "datePublished": "2025-06-09T19:53:48.923Z",
        "dateReserved": "2025-06-09T08:10:18.779Z",
        "dateUpdated": "2026-06-30T10:40:27.148Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-8941 (GCVE-0-2025-8941)

    Vulnerability from cvelistv5 – Published: 2025-08-13 14:42 – Updated: 2026-02-26 17:48
    VLAI
    Title
    Linux-pam: incomplete fix for cve-2025-6020
    Summary
    A flaw was found in linux-pam. The pam_namespace module may improperly handle user-controlled paths, allowing local users to exploit symlink attacks and race conditions to elevate their privileges to root. This CVE provides a "complete" fix for CVE-2025-6020.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
    Assigner
    References
    URL Tags
    https://access.redhat.com/errata/RHSA-2025:14557 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:15099 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:15100 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:15101 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:15102 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:15103 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:15104 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:15105 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:15106 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:15107 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:15709 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:15827 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:15828 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:16524 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:17181 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:18219 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:21885 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/security/cve/CVE-2025-8941 vdb-entryx_refsource_REDHAT
    https://bugzilla.redhat.com/show_bug.cgi?id=2388220 issue-trackingx_refsource_REDHAT
    Impacted products
    Vendor Product Version
    Red Hat Red Hat Enterprise Linux 7 Extended Lifecycle Support Unaffected: 0:1.1.8-23.el7_9.2 , < * (rpm)
        cpe:/o:redhat:rhel_els:7
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8 Unaffected: 0:1.3.1-38.el8_10 , < * (rpm)
        cpe:/o:redhat:enterprise_linux:8::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.2 Advanced Update Support Unaffected: 0:1.3.1-8.el8_2.2 , < * (rpm)
        cpe:/o:redhat:rhel_aus:8.2::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support Unaffected: 0:1.3.1-14.el8_4.2 , < * (rpm)
        cpe:/o:redhat:rhel_eus_long_life:8.4::baseos
        cpe:/o:redhat:rhel_aus:8.4::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On Unaffected: 0:1.3.1-14.el8_4.2 , < * (rpm)
        cpe:/o:redhat:rhel_eus_long_life:8.4::baseos
        cpe:/o:redhat:rhel_aus:8.4::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support Unaffected: 0:1.3.1-16.el8_6.3 , < * (rpm)
        cpe:/o:redhat:rhel_e4s:8.6::baseos
        cpe:/o:redhat:rhel_tus:8.6::baseos
        cpe:/o:redhat:rhel_aus:8.6::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.6 Telecommunications Update Service Unaffected: 0:1.3.1-16.el8_6.3 , < * (rpm)
        cpe:/o:redhat:rhel_e4s:8.6::baseos
        cpe:/o:redhat:rhel_tus:8.6::baseos
        cpe:/o:redhat:rhel_aus:8.6::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions Unaffected: 0:1.3.1-16.el8_6.3 , < * (rpm)
        cpe:/o:redhat:rhel_e4s:8.6::baseos
        cpe:/o:redhat:rhel_tus:8.6::baseos
        cpe:/o:redhat:rhel_aus:8.6::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.8 Telecommunications Update Service Unaffected: 0:1.3.1-26.el8_8.2 , < * (rpm)
        cpe:/o:redhat:rhel_e4s:8.8::baseos
        cpe:/o:redhat:rhel_tus:8.8::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions Unaffected: 0:1.3.1-26.el8_8.2 , < * (rpm)
        cpe:/o:redhat:rhel_e4s:8.8::baseos
        cpe:/o:redhat:rhel_tus:8.8::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9 Unaffected: 0:1.5.1-26.el9_6 , < * (rpm)
        cpe:/a:redhat:enterprise_linux:9::appstream
        cpe:/o:redhat:enterprise_linux:9::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions Unaffected: 0:1.5.1-9.el9_0.3 , < * (rpm)
        cpe:/a:redhat:rhel_e4s:9.0::appstream
        cpe:/o:redhat:rhel_e4s:9.0::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions Unaffected: 0:1.5.1-15.el9_2.2 , < * (rpm)
        cpe:/a:redhat:rhel_e4s:9.2::appstream
        cpe:/o:redhat:rhel_e4s:9.2::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9.4 Extended Update Support Unaffected: 0:1.5.1-24.el9_4.1 , < * (rpm)
        cpe:/o:redhat:rhel_eus:9.4::baseos
        cpe:/a:redhat:rhel_eus:9.4::appstream
    Create a notification for this product.
    Red Hat Red Hat Web Terminal 1.11 on RHEL 9 Unaffected: 1.11-19 , < * (rpm)
        cpe:/a:redhat:webterminal:1.11::el9
    Create a notification for this product.
    Red Hat Red Hat Web Terminal 1.11 on RHEL 9 Unaffected: 1.11-8 , < * (rpm)
        cpe:/a:redhat:webterminal:1.11::el9
    Create a notification for this product.
    Red Hat Red Hat Web Terminal 1.12 on RHEL 9 Unaffected: 1.12-4 , < * (rpm)
        cpe:/a:redhat:webterminal:1.12::el9
    Create a notification for this product.
    Red Hat cert-manager operator for Red Hat OpenShift 1.16 Unaffected: sha256:330e8b5ab4841a21f8f5f23cc7fb192197872f11639b12bf4b1e70831f636323 , < * (rpm)
        cpe:/a:redhat:cert_manager:1.16::el9
    Create a notification for this product.
    Red Hat Compliance Operator 1 Unaffected: sha256:c953e9f9abf9cf25bf65bb3ffdc86ccf49b3e69a1cf3fbb47b6972e421fd6628 , < * (rpm)
        cpe:/a:redhat:openshift_compliance_operator:1::el9
    Create a notification for this product.
    Red Hat Red Hat Discovery 2 Unaffected: sha256:c85cfbcaf7888885e57596b7b8bde3894718cfc33326499b24961a66a62cf083 , < * (rpm)
        cpe:/a:redhat:discovery:2::el9
    Create a notification for this product.
    Red Hat Red Hat Insights proxy 1.5 Unaffected: sha256:4ca38b33efec0d2dd17a8fd822a7c18281810676ceabb0c1db90953cb91cd5ea , < * (rpm)
        cpe:/a:redhat:insights_proxy:1.5::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift sandboxed containers 1.1 Unaffected: sha256:24722900db1425bf0c27f6ad6f3fb7d79ff9ebc433bdab58423fa71bab76122b , < * (rpm)
        cpe:/a:redhat:confidential_compute_attestation:1.10::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift sandboxed containers 1.1 Unaffected: sha256:f5e1602d72177d77f1b879c76e6f6cfbc2979c136c06ca9f03ea97ffb369b7a6 , < * (rpm)
        cpe:/a:redhat:confidential_compute_attestation:1.10::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift sandboxed containers 1.1 Unaffected: sha256:cead623ceda4048cabaa81c371ed2a8143f5c5514276fca1d71685bd9e6d1e65 , < * (rpm)
        cpe:/a:redhat:confidential_compute_attestation:1.10::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift sandboxed containers 1.1 Unaffected: sha256:59fb1f7f1653361d94f7d48b42d8fe19ed3263c1c78654837c11f2135544c1ac , < * (rpm)
        cpe:/a:redhat:confidential_compute_attestation:1.10::el9
    Create a notification for this product.
    Date Public
    2025-08-13 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-8941",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-08-14T03:56:02.437686Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-26T17:48:41.074Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://github.com/linux-pam/linux-pam",
              "defaultStatus": "unaffected",
              "packageName": "linux-pam"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:rhel_els:7"
              ],
              "defaultStatus": "affected",
              "packageName": "pam",
              "product": "Red Hat Enterprise Linux 7 Extended Lifecycle Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.1.8-23.el7_9.2",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:8::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "pam",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.3.1-38.el8_10",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:rhel_aus:8.2::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "pam",
              "product": "Red Hat Enterprise Linux 8.2 Advanced Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.3.1-8.el8_2.2",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:rhel_eus_long_life:8.4::baseos",
                "cpe:/o:redhat:rhel_aus:8.4::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "pam",
              "product": "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.3.1-14.el8_4.2",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:rhel_eus_long_life:8.4::baseos",
                "cpe:/o:redhat:rhel_aus:8.4::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "pam",
              "product": "Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.3.1-14.el8_4.2",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:rhel_e4s:8.6::baseos",
                "cpe:/o:redhat:rhel_tus:8.6::baseos",
                "cpe:/o:redhat:rhel_aus:8.6::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "pam",
              "product": "Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.3.1-16.el8_6.3",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:rhel_e4s:8.6::baseos",
                "cpe:/o:redhat:rhel_tus:8.6::baseos",
                "cpe:/o:redhat:rhel_aus:8.6::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "pam",
              "product": "Red Hat Enterprise Linux 8.6 Telecommunications Update Service",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.3.1-16.el8_6.3",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:rhel_e4s:8.6::baseos",
                "cpe:/o:redhat:rhel_tus:8.6::baseos",
                "cpe:/o:redhat:rhel_aus:8.6::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "pam",
              "product": "Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.3.1-16.el8_6.3",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:rhel_e4s:8.8::baseos",
                "cpe:/o:redhat:rhel_tus:8.8::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "pam",
              "product": "Red Hat Enterprise Linux 8.8 Telecommunications Update Service",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.3.1-26.el8_8.2",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:rhel_e4s:8.8::baseos",
                "cpe:/o:redhat:rhel_tus:8.8::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "pam",
              "product": "Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.3.1-26.el8_8.2",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:enterprise_linux:9::appstream",
                "cpe:/o:redhat:enterprise_linux:9::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "pam",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.5.1-26.el9_6",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:enterprise_linux:9::appstream",
                "cpe:/o:redhat:enterprise_linux:9::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "pam",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.5.1-26.el9_6",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_e4s:9.0::appstream",
                "cpe:/o:redhat:rhel_e4s:9.0::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "pam",
              "product": "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.5.1-9.el9_0.3",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_e4s:9.2::appstream",
                "cpe:/o:redhat:rhel_e4s:9.2::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "pam",
              "product": "Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.5.1-15.el9_2.2",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:rhel_eus:9.4::baseos",
                "cpe:/a:redhat:rhel_eus:9.4::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "pam",
              "product": "Red Hat Enterprise Linux 9.4 Extended Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.5.1-24.el9_4.1",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:webterminal:1.11::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "web-terminal/web-terminal-rhel9-operator",
              "product": "Red Hat Web Terminal 1.11 on RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1.11-19",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:webterminal:1.11::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "web-terminal/web-terminal-tooling-rhel9",
              "product": "Red Hat Web Terminal 1.11 on RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1.11-8",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:webterminal:1.12::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "web-terminal/web-terminal-tooling-rhel9",
              "product": "Red Hat Web Terminal 1.12 on RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1.12-4",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:cert_manager:1.16::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "cert-manager/jetstack-cert-manager-rhel9",
              "product": "cert-manager operator for Red Hat OpenShift 1.16",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "sha256:330e8b5ab4841a21f8f5f23cc7fb192197872f11639b12bf4b1e70831f636323",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_compliance_operator:1::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "compliance/openshift-compliance-openscap-rhel8",
              "product": "Compliance Operator 1",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "sha256:c953e9f9abf9cf25bf65bb3ffdc86ccf49b3e69a1cf3fbb47b6972e421fd6628",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:discovery:2::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "discovery/discovery-server-rhel9",
              "product": "Red Hat Discovery 2",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "sha256:c85cfbcaf7888885e57596b7b8bde3894718cfc33326499b24961a66a62cf083",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:insights_proxy:1.5::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "insights-proxy/insights-proxy-container-rhel9",
              "product": "Red Hat Insights proxy 1.5",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "sha256:4ca38b33efec0d2dd17a8fd822a7c18281810676ceabb0c1db90953cb91cd5ea",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:confidential_compute_attestation:1.10::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-sandboxed-containers/osc-cloud-api-adaptor-rhel9",
              "product": "Red Hat OpenShift sandboxed containers 1.1",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "sha256:24722900db1425bf0c27f6ad6f3fb7d79ff9ebc433bdab58423fa71bab76122b",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:confidential_compute_attestation:1.10::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-sandboxed-containers/osc-monitor-rhel9",
              "product": "Red Hat OpenShift sandboxed containers 1.1",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "sha256:f5e1602d72177d77f1b879c76e6f6cfbc2979c136c06ca9f03ea97ffb369b7a6",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:confidential_compute_attestation:1.10::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-sandboxed-containers/osc-podvm-builder-rhel9",
              "product": "Red Hat OpenShift sandboxed containers 1.1",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "sha256:cead623ceda4048cabaa81c371ed2a8143f5c5514276fca1d71685bd9e6d1e65",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:confidential_compute_attestation:1.10::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-sandboxed-containers/osc-podvm-payload-rhel9",
              "product": "Red Hat OpenShift sandboxed containers 1.1",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "sha256:59fb1f7f1653361d94f7d48b42d8fe19ed3263c1c78654837c11f2135544c1ac",
                  "versionType": "rpm"
                }
              ]
            }
          ],
          "datePublic": "2025-08-13T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A flaw was found in linux-pam. The pam_namespace module may improperly handle user-controlled paths, allowing local users to exploit symlink attacks and race conditions to elevate their privileges to root. This CVE provides a \"complete\" fix for CVE-2025-6020."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Important"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-22",
                  "description": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-12-10T20:56:35.028Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "RHSA-2025:14557",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:14557"
            },
            {
              "name": "RHSA-2025:15099",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:15099"
            },
            {
              "name": "RHSA-2025:15100",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:15100"
            },
            {
              "name": "RHSA-2025:15101",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:15101"
            },
            {
              "name": "RHSA-2025:15102",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:15102"
            },
            {
              "name": "RHSA-2025:15103",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:15103"
            },
            {
              "name": "RHSA-2025:15104",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:15104"
            },
            {
              "name": "RHSA-2025:15105",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:15105"
            },
            {
              "name": "RHSA-2025:15106",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:15106"
            },
            {
              "name": "RHSA-2025:15107",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:15107"
            },
            {
              "name": "RHSA-2025:15709",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:15709"
            },
            {
              "name": "RHSA-2025:15827",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:15827"
            },
            {
              "name": "RHSA-2025:15828",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:15828"
            },
            {
              "name": "RHSA-2025:16524",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:16524"
            },
            {
              "name": "RHSA-2025:17181",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:17181"
            },
            {
              "name": "RHSA-2025:18219",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:18219"
            },
            {
              "name": "RHSA-2025:21885",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:21885"
            },
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2025-8941"
            },
            {
              "name": "RHBZ#2388220",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2388220"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-08-13T12:11:55.270Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2025-08-13T00:00:00.000Z",
              "value": "Made public."
            }
          ],
          "title": "Linux-pam: incomplete fix for cve-2025-6020",
          "workarounds": [
            {
              "lang": "en",
              "value": "Disable the `pam_namespace` module if it is not essential for your environment, or carefully review and configure it to avoid operating on any directories or paths that can be influenced or controlled by unprivileged users, such as user home directories or world-writable locations like `/tmp`."
            }
          ],
          "x_generator": {
            "engine": "cvelib 1.8.0"
          },
          "x_redhatCweChain": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2025-8941",
        "datePublished": "2025-08-13T14:42:37.570Z",
        "dateReserved": "2025-08-13T12:24:47.522Z",
        "dateUpdated": "2026-02-26T17:48:41.074Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-7425 (GCVE-0-2025-7425)

    Vulnerability from cvelistv5 – Published: 2025-07-10 13:53 – Updated: 2026-06-29 20:46
    VLAI
    Title
    Libxslt: libxml2: heap use-after-free in libxslt caused by atype corruption in xmlattrptr
    Summary
    A flaw was found in libxslt where the attribute type, atype, flags are modified in a way that corrupts internal memory management. When XSLT functions, such as the key() process, result in tree fragments, this corruption prevents the proper cleanup of ID attributes. As a result, the system may access freed memory, causing crashes or enabling attackers to trigger heap corruption.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://access.redhat.com/errata/RHBA-2025:12345 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:12447 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:12450 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:13267 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:13308 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:13309 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:13310 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:13311 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:13312 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:13313 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:13314 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:13335 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:13464 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:13622 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:14059 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:14396 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:14818 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:14819 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:14853 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:14858 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:15308 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:15672 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:15827 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:15828 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:18219 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:21885 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:21913 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:0934 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:11503 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/security/cve/CVE-2025-7425 vdb-entryx_refsource_REDHAT
    https://bugzilla.redhat.com/show_bug.cgi?id=2379274 issue-trackingx_refsource_REDHAT
    https://gitlab.gnome.org/GNOME/libxslt/-/issues/140
    https://lists.debian.org/debian-lts-announce/2025…
    http://seclists.org/fulldisclosure/2025/Aug/0
    http://seclists.org/fulldisclosure/2025/Jul/37
    http://seclists.org/fulldisclosure/2025/Jul/35
    http://seclists.org/fulldisclosure/2025/Jul/32
    http://seclists.org/fulldisclosure/2025/Jul/30
    http://www.openwall.com/lists/oss-security/2025/07/11/2
    https://cert-portal.siemens.com/productcert/html/…
    https://cert-portal.siemens.com/productcert/html/…
    https://cert-portal.siemens.com/productcert/html/…
    https://cert-portal.siemens.com/productcert/html/…
    Impacted products
    Vendor Product Version
    GNOME libxml2 Affected: 0 , < 2.15.2 (semver)
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 10 Unaffected: 0:2.12.5-8.el10_0 , < * (rpm)
        cpe:/o:redhat:enterprise_linux:10.0
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 10 Unaffected: 0:1.1.39-8.el10_0 , < * (rpm)
        cpe:/o:redhat:enterprise_linux:10.0
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 7 Extended Lifecycle Support Unaffected: 0:2.9.1-6.el7_9.12 , < * (rpm)
        cpe:/o:redhat:rhel_els:7
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8 Unaffected: 0:2.9.7-21.el8_10.2 , < * (rpm)
        cpe:/a:redhat:enterprise_linux:8::appstream
        cpe:/o:redhat:enterprise_linux:8::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.2 Advanced Update Support Unaffected: 0:2.9.7-9.el8_2.4 , < * (rpm)
        cpe:/a:redhat:rhel_aus:8.2::appstream
        cpe:/o:redhat:rhel_aus:8.2::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support Unaffected: 0:2.9.7-9.el8_4.7 , < * (rpm)
        cpe:/a:redhat:rhel_aus:8.4::appstream
        cpe:/a:redhat:rhel_eus_long_life:8.4::appstream
        cpe:/o:redhat:rhel_aus:8.4::baseos
        cpe:/o:redhat:rhel_eus_long_life:8.4::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On Unaffected: 0:2.9.7-9.el8_4.7 , < * (rpm)
        cpe:/a:redhat:rhel_aus:8.4::appstream
        cpe:/a:redhat:rhel_eus_long_life:8.4::appstream
        cpe:/o:redhat:rhel_aus:8.4::baseos
        cpe:/o:redhat:rhel_eus_long_life:8.4::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support Unaffected: 0:2.9.7-13.el8_6.11 , < * (rpm)
        cpe:/a:redhat:rhel_aus:8.6::appstream
        cpe:/a:redhat:rhel_e4s:8.6::appstream
        cpe:/a:redhat:rhel_tus:8.6::appstream
        cpe:/o:redhat:rhel_aus:8.6::baseos
        cpe:/o:redhat:rhel_e4s:8.6::baseos
        cpe:/o:redhat:rhel_tus:8.6::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.6 Telecommunications Update Service Unaffected: 0:2.9.7-13.el8_6.11 , < * (rpm)
        cpe:/a:redhat:rhel_aus:8.6::appstream
        cpe:/a:redhat:rhel_e4s:8.6::appstream
        cpe:/a:redhat:rhel_tus:8.6::appstream
        cpe:/o:redhat:rhel_aus:8.6::baseos
        cpe:/o:redhat:rhel_e4s:8.6::baseos
        cpe:/o:redhat:rhel_tus:8.6::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions Unaffected: 0:2.9.7-13.el8_6.11 , < * (rpm)
        cpe:/a:redhat:rhel_aus:8.6::appstream
        cpe:/a:redhat:rhel_e4s:8.6::appstream
        cpe:/a:redhat:rhel_tus:8.6::appstream
        cpe:/o:redhat:rhel_aus:8.6::baseos
        cpe:/o:redhat:rhel_e4s:8.6::baseos
        cpe:/o:redhat:rhel_tus:8.6::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.8 Telecommunications Update Service Unaffected: 0:2.9.7-16.el8_8.10 , < * (rpm)
        cpe:/a:redhat:rhel_e4s:8.8::appstream
        cpe:/a:redhat:rhel_tus:8.8::appstream
        cpe:/o:redhat:rhel_e4s:8.8::baseos
        cpe:/o:redhat:rhel_tus:8.8::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions Unaffected: 0:2.9.7-16.el8_8.10 , < * (rpm)
        cpe:/a:redhat:rhel_e4s:8.8::appstream
        cpe:/a:redhat:rhel_tus:8.8::appstream
        cpe:/o:redhat:rhel_e4s:8.8::baseos
        cpe:/o:redhat:rhel_tus:8.8::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9 Unaffected: 0:2.9.13-11.el9_6 , < * (rpm)
        cpe:/a:redhat:enterprise_linux:9::appstream
        cpe:/o:redhat:enterprise_linux:9::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions Unaffected: 0:2.9.13-1.el9_0.6 , < * (rpm)
        cpe:/a:redhat:rhel_e4s:9.0::appstream
        cpe:/o:redhat:rhel_e4s:9.0::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions Unaffected: 0:2.9.13-3.el9_2.8 , < * (rpm)
        cpe:/a:redhat:rhel_e4s:9.2::appstream
        cpe:/o:redhat:rhel_e4s:9.2::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9.4 Extended Update Support Unaffected: 0:2.9.13-11.el9_4 , < * (rpm)
        cpe:/a:redhat:rhel_eus:9.4::appstream
        cpe:/o:redhat:rhel_eus:9.4::baseos
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.12 Unaffected: 412.86.202509030110-0 , < * (rpm)
        cpe:/a:redhat:openshift:4.12::el8
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.13 Unaffected: 413.92.202509030117-0 , < * (rpm)
        cpe:/a:redhat:openshift:4.13::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.14 Unaffected: 414.92.202508270040-0 , < * (rpm)
        cpe:/a:redhat:openshift:4.14::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.15 Unaffected: 415.92.202508192014-0 , < * (rpm)
        cpe:/a:redhat:openshift:4.15::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.16 Unaffected: 416.94.202508261955-0 , < * (rpm)
        cpe:/a:redhat:openshift:4.16::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.17 Unaffected: 417.94.202508141510-0 , < * (rpm)
        cpe:/a:redhat:openshift:4.17::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.18 Unaffected: 418.94.202508261658-0 , < * (rpm)
        cpe:/a:redhat:openshift:4.18::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.19 Unaffected: 4.19.9.6.202508271124-0 , < * (rpm)
        cpe:/a:redhat:openshift:4.19::el9
    Create a notification for this product.
    Red Hat Red Hat Web Terminal 1.11 on RHEL 9 Unaffected: 1.11-19 , < * (rpm)
        cpe:/a:redhat:webterminal:1.11::el9
    Create a notification for this product.
    Red Hat Red Hat Web Terminal 1.11 on RHEL 9 Unaffected: 1.11-8 , < * (rpm)
        cpe:/a:redhat:webterminal:1.11::el9
    Create a notification for this product.
    Red Hat Red Hat Web Terminal 1.12 on RHEL 9 Unaffected: 1.12-4 , < * (rpm)
        cpe:/a:redhat:webterminal:1.12::el9
    Create a notification for this product.
    Red Hat RHOSS-1.36-RHEL-8 Unaffected: 1.36.0-11 , < * (rpm)
        cpe:/a:redhat:openshift_serverless:1.36::el8
    Create a notification for this product.
    Red Hat RHOSS-1.36-RHEL-8 Unaffected: 1.36.0-10 , < * (rpm)
        cpe:/a:redhat:openshift_serverless:1.36::el8
    Create a notification for this product.
    Red Hat RHOSS-1.36-RHEL-8 Unaffected: 1.36.0-4 , < * (rpm)
        cpe:/a:redhat:openshift_serverless:1.36::el8
    Create a notification for this product.
    Red Hat RHOSS-1.36-RHEL-8 Unaffected: 1.36.0-9 , < * (rpm)
        cpe:/a:redhat:openshift_serverless:1.36::el8
    Create a notification for this product.
    Red Hat RHOSS-1.36-RHEL-8 Unaffected: 1.36.0-12 , < * (rpm)
        cpe:/a:redhat:openshift_serverless:1.36::el8
    Create a notification for this product.
    Red Hat RHOSS-1.36-RHEL-8 Unaffected: 1.36.0-18 , < * (rpm)
        cpe:/a:redhat:openshift_serverless:1.36::el8
    Create a notification for this product.
    Red Hat RHOSS-1.36-RHEL-8 Unaffected: 1.36.0-7 , < * (rpm)
        cpe:/a:redhat:openshift_serverless:1.36::el8
    Create a notification for this product.
    Red Hat cert-manager operator for Red Hat OpenShift 1.16 Unaffected: v1.16.5-1760515757 , < * (rpm)
        cpe:/a:redhat:cert_manager:1.16::el9
    Create a notification for this product.
    Red Hat OpenShift Compliance Operator 1 Unaffected: 1.8.0 , < * (rpm)
        cpe:/a:redhat:openshift_compliance_operator:1::el9
    Create a notification for this product.
    Red Hat OpenShift File Integrity Operator - FIO 1 Unaffected: v1.3 , < * (rpm)
        cpe:/a:redhat:openshift_file_integrity_operator:1::el9
    Create a notification for this product.
    Red Hat Red Hat Discovery 2 Unaffected: 2.0.1-1754478727 , < * (rpm)
        cpe:/a:redhat:discovery:2::el9
    Create a notification for this product.
    Red Hat Red Hat Hardened Images Unaffected: 2.15.3-0.1.hum1 , < * (rpm)
        cpe:/a:redhat:hummingbird:1
    Create a notification for this product.
    Red Hat Red Hat Insights proxy 1.5 Unaffected: 1.5.5-1754504343 , < * (rpm)
        cpe:/a:redhat:insights_proxy:1.5::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift distributed tracing 3.5.1 Unaffected: rhosdt-3.5-1754559657 , < * (rpm)
        cpe:/a:redhat:openshift_distributed_tracing:3.5::el8
    Create a notification for this product.
    Red Hat Red Hat OpenShift distributed tracing 3.5.1 Unaffected: rhosdt-3.5-1754559845 , < * (rpm)
        cpe:/a:redhat:openshift_distributed_tracing:3.5::el8
    Create a notification for this product.
    Red Hat Red Hat OpenShift distributed tracing 3.5.1 Unaffected: rhosdt-3.5-1754559691 , < * (rpm)
        cpe:/a:redhat:openshift_distributed_tracing:3.5::el8
    Create a notification for this product.
    Red Hat Red Hat OpenShift distributed tracing 3.5.1 Unaffected: rhosdt-3.5-1754559660 , < * (rpm)
        cpe:/a:redhat:openshift_distributed_tracing:3.5::el8
    Create a notification for this product.
    Red Hat Red Hat OpenShift distributed tracing 3.5.1 Unaffected: rhosdt-3.5-1754559663 , < * (rpm)
        cpe:/a:redhat:openshift_distributed_tracing:3.5::el8
    Create a notification for this product.
    Red Hat Red Hat OpenShift distributed tracing 3.5.1 Unaffected: rhosdt-3.5-1754569861 , < * (rpm)
        cpe:/a:redhat:openshift_distributed_tracing:3.5::el8
    Create a notification for this product.
    Red Hat Red Hat OpenShift distributed tracing 3.5.1 Unaffected: rhosdt-3.5-1754559846 , < * (rpm)
        cpe:/a:redhat:openshift_distributed_tracing:3.5::el8
    Create a notification for this product.
    Red Hat Red Hat OpenShift distributed tracing 3.5.1 Unaffected: rhosdt-3.5-1754559651 , < * (rpm)
        cpe:/a:redhat:openshift_distributed_tracing:3.5::el8
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 6     cpe:/o:redhat:enterprise_linux:6
    Create a notification for this product.
    Siemens RUGGEDCOM ROX MX5000 Affected: 0 , < V2.17.1 (custom)
    Create a notification for this product.
    Siemens RUGGEDCOM ROX MX5000RE Affected: 0 , < V2.17.1 (custom)
    Create a notification for this product.
    Siemens RUGGEDCOM ROX RX1400 Affected: 0 , < V2.17.1 (custom)
    Create a notification for this product.
    Siemens RUGGEDCOM ROX RX1500 Affected: 0 , < V2.17.1 (custom)
    Create a notification for this product.
    Siemens RUGGEDCOM ROX RX1501 Affected: 0 , < V2.17.1 (custom)
    Create a notification for this product.
    Siemens RUGGEDCOM ROX RX1510 Affected: 0 , < V2.17.1 (custom)
    Create a notification for this product.
    Siemens RUGGEDCOM ROX RX1511 Affected: 0 , < V2.17.1 (custom)
    Create a notification for this product.
    Siemens RUGGEDCOM ROX RX1512 Affected: 0 , < V2.17.1 (custom)
    Create a notification for this product.
    Siemens RUGGEDCOM ROX RX1524 Affected: 0 , < V2.17.1 (custom)
    Create a notification for this product.
    Siemens RUGGEDCOM ROX RX1536 Affected: 0 , < V2.17.1 (custom)
    Create a notification for this product.
    Siemens RUGGEDCOM ROX RX5000 Affected: 0 , < V2.17.1 (custom)
    Create a notification for this product.
    Siemens SIMATIC CN 4100 Affected: 0 , < V5.0 (custom)
    Create a notification for this product.
    Siemens SIMATIC S7-1500 CPU 1518-4 PN/DP MFP Affected: V3.1.5 , < * (custom)
    Create a notification for this product.
    Siemens SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP Affected: V3.1.5 , < * (custom)
    Create a notification for this product.
    Siemens SIMATIC S7-1500 TM MFP - GNU/Linux subsystem Affected: 0 , < * (custom)
    Create a notification for this product.
    Siemens SIPLUS S7-1500 CPU 1518-4 PN/DP MFP Affected: V3.1.5 , < * (custom)
    Create a notification for this product.
    Date Public
    2025-07-10 00:00
    Credits
    Red Hat would like to thank Sergei Glazunov (Google Project Zero) for reporting this issue.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-7425",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-07-10T15:21:27.766014Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-07-10T15:21:30.858Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://gitlab.gnome.org/GNOME/libxslt/-/issues/140"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2025-11-04T21:14:55.508Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "https://lists.debian.org/debian-lts-announce/2025/09/msg00035.html"
              },
              {
                "url": "http://seclists.org/fulldisclosure/2025/Aug/0"
              },
              {
                "url": "http://seclists.org/fulldisclosure/2025/Jul/37"
              },
              {
                "url": "http://seclists.org/fulldisclosure/2025/Jul/35"
              },
              {
                "url": "http://seclists.org/fulldisclosure/2025/Jul/32"
              },
              {
                "url": "http://seclists.org/fulldisclosure/2025/Jul/30"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2025/07/11/2"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "defaultStatus": "unknown",
                "product": "RUGGEDCOM ROX MX5000",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V2.17.1",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "RUGGEDCOM ROX MX5000RE",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V2.17.1",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "RUGGEDCOM ROX RX1400",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V2.17.1",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "RUGGEDCOM ROX RX1500",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V2.17.1",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "RUGGEDCOM ROX RX1501",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V2.17.1",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "RUGGEDCOM ROX RX1510",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V2.17.1",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "RUGGEDCOM ROX RX1511",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V2.17.1",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "RUGGEDCOM ROX RX1512",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V2.17.1",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "RUGGEDCOM ROX RX1524",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V2.17.1",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "RUGGEDCOM ROX RX1536",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V2.17.1",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "RUGGEDCOM ROX RX5000",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V2.17.1",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SIMATIC CN 4100",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V5.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SIMATIC S7-1500 CPU 1518-4 PN/DP MFP",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "V3.1.5",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SIMATIC S7-1500 CPU 1518-4 PN/DP MFP",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "V3.1.5",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "V3.1.5",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "V3.1.5",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SIMATIC S7-1500 TM MFP - GNU/Linux subsystem",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SIPLUS S7-1500 CPU 1518-4 PN/DP MFP",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "V3.1.5",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-12T12:02:33.327Z",
              "orgId": "0b142b55-0307-4c5a-b3c9-f314f3fb7c5e",
              "shortName": "siemens-SADP"
            },
            "references": [
              {
                "url": "https://cert-portal.siemens.com/productcert/html/ssa-265688.html"
              },
              {
                "url": "https://cert-portal.siemens.com/productcert/html/ssa-082556.html"
              },
              {
                "url": "https://cert-portal.siemens.com/productcert/html/ssa-577017.html"
              },
              {
                "url": "https://cert-portal.siemens.com/productcert/html/ssa-032379.html"
              }
            ],
            "x_adpType": "supplier"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://gitlab.gnome.org/GNOME/libxml2/",
              "defaultStatus": "unaffected",
              "packageName": "libxml2",
              "product": "libxml2",
              "vendor": "GNOME",
              "versions": [
                {
                  "lessThan": "2.15.2",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:10.0"
              ],
              "defaultStatus": "affected",
              "packageName": "libxml2",
              "product": "Red Hat Enterprise Linux 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.12.5-8.el10_0",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:10.0"
              ],
              "defaultStatus": "affected",
              "packageName": "libxslt",
              "product": "Red Hat Enterprise Linux 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.1.39-8.el10_0",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:rhel_els:7"
              ],
              "defaultStatus": "affected",
              "packageName": "libxml2",
              "product": "Red Hat Enterprise Linux 7 Extended Lifecycle Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.9.1-6.el7_9.12",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:enterprise_linux:8::appstream",
                "cpe:/o:redhat:enterprise_linux:8::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "libxml2",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.9.7-21.el8_10.2",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:enterprise_linux:8::appstream",
                "cpe:/o:redhat:enterprise_linux:8::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "libxml2",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.9.7-21.el8_10.2",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_aus:8.2::appstream",
                "cpe:/o:redhat:rhel_aus:8.2::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "libxml2",
              "product": "Red Hat Enterprise Linux 8.2 Advanced Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.9.7-9.el8_2.4",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_aus:8.4::appstream",
                "cpe:/a:redhat:rhel_eus_long_life:8.4::appstream",
                "cpe:/o:redhat:rhel_aus:8.4::baseos",
                "cpe:/o:redhat:rhel_eus_long_life:8.4::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "libxml2",
              "product": "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.9.7-9.el8_4.7",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_aus:8.4::appstream",
                "cpe:/a:redhat:rhel_eus_long_life:8.4::appstream",
                "cpe:/o:redhat:rhel_aus:8.4::baseos",
                "cpe:/o:redhat:rhel_eus_long_life:8.4::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "libxml2",
              "product": "Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.9.7-9.el8_4.7",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_aus:8.6::appstream",
                "cpe:/a:redhat:rhel_e4s:8.6::appstream",
                "cpe:/a:redhat:rhel_tus:8.6::appstream",
                "cpe:/o:redhat:rhel_aus:8.6::baseos",
                "cpe:/o:redhat:rhel_e4s:8.6::baseos",
                "cpe:/o:redhat:rhel_tus:8.6::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "libxml2",
              "product": "Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.9.7-13.el8_6.11",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_aus:8.6::appstream",
                "cpe:/a:redhat:rhel_e4s:8.6::appstream",
                "cpe:/a:redhat:rhel_tus:8.6::appstream",
                "cpe:/o:redhat:rhel_aus:8.6::baseos",
                "cpe:/o:redhat:rhel_e4s:8.6::baseos",
                "cpe:/o:redhat:rhel_tus:8.6::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "libxml2",
              "product": "Red Hat Enterprise Linux 8.6 Telecommunications Update Service",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.9.7-13.el8_6.11",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_aus:8.6::appstream",
                "cpe:/a:redhat:rhel_e4s:8.6::appstream",
                "cpe:/a:redhat:rhel_tus:8.6::appstream",
                "cpe:/o:redhat:rhel_aus:8.6::baseos",
                "cpe:/o:redhat:rhel_e4s:8.6::baseos",
                "cpe:/o:redhat:rhel_tus:8.6::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "libxml2",
              "product": "Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.9.7-13.el8_6.11",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_e4s:8.8::appstream",
                "cpe:/a:redhat:rhel_tus:8.8::appstream",
                "cpe:/o:redhat:rhel_e4s:8.8::baseos",
                "cpe:/o:redhat:rhel_tus:8.8::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "libxml2",
              "product": "Red Hat Enterprise Linux 8.8 Telecommunications Update Service",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.9.7-16.el8_8.10",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_e4s:8.8::appstream",
                "cpe:/a:redhat:rhel_tus:8.8::appstream",
                "cpe:/o:redhat:rhel_e4s:8.8::baseos",
                "cpe:/o:redhat:rhel_tus:8.8::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "libxml2",
              "product": "Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.9.7-16.el8_8.10",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:enterprise_linux:9::appstream",
                "cpe:/o:redhat:enterprise_linux:9::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "libxml2",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.9.13-11.el9_6",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:enterprise_linux:9::appstream",
                "cpe:/o:redhat:enterprise_linux:9::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "libxml2",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.9.13-11.el9_6",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_e4s:9.0::appstream",
                "cpe:/o:redhat:rhel_e4s:9.0::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "libxml2",
              "product": "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.9.13-1.el9_0.6",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_e4s:9.2::appstream",
                "cpe:/o:redhat:rhel_e4s:9.2::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "libxml2",
              "product": "Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.9.13-3.el9_2.8",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_eus:9.4::appstream",
                "cpe:/o:redhat:rhel_eus:9.4::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "libxml2",
              "product": "Red Hat Enterprise Linux 9.4 Extended Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.9.13-11.el9_4",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift:4.12::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "rhcos",
              "product": "Red Hat OpenShift Container Platform 4.12",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "412.86.202509030110-0",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift:4.13::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "rhcos",
              "product": "Red Hat OpenShift Container Platform 4.13",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "413.92.202509030117-0",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift:4.14::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "rhcos",
              "product": "Red Hat OpenShift Container Platform 4.14",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "414.92.202508270040-0",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift:4.15::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "rhcos",
              "product": "Red Hat OpenShift Container Platform 4.15",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "415.92.202508192014-0",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift:4.16::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "rhcos",
              "product": "Red Hat OpenShift Container Platform 4.16",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "416.94.202508261955-0",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift:4.17::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "rhcos",
              "product": "Red Hat OpenShift Container Platform 4.17",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "417.94.202508141510-0",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift:4.18::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "rhcos",
              "product": "Red Hat OpenShift Container Platform 4.18",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "418.94.202508261658-0",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift:4.19::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "rhcos",
              "product": "Red Hat OpenShift Container Platform 4.19",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "4.19.9.6.202508271124-0",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:webterminal:1.11::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "web-terminal/web-terminal-rhel9-operator",
              "product": "Red Hat Web Terminal 1.11 on RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1.11-19",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:webterminal:1.11::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "web-terminal/web-terminal-tooling-rhel9",
              "product": "Red Hat Web Terminal 1.11 on RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1.11-8",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:webterminal:1.12::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "web-terminal/web-terminal-tooling-rhel9",
              "product": "Red Hat Web Terminal 1.12 on RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1.12-4",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_serverless:1.36::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-serverless-1/logic-data-index-ephemeral-rhel8",
              "product": "RHOSS-1.36-RHEL-8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1.36.0-11",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_serverless:1.36::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-serverless-1/logic-data-index-postgresql-rhel8",
              "product": "RHOSS-1.36-RHEL-8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1.36.0-11",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_serverless:1.36::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-serverless-1/logic-db-migrator-tool-rhel8",
              "product": "RHOSS-1.36-RHEL-8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1.36.0-11",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_serverless:1.36::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-serverless-1/logic-jobs-service-ephemeral-rhel8",
              "product": "RHOSS-1.36-RHEL-8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1.36.0-10",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_serverless:1.36::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-serverless-1/logic-jobs-service-postgresql-rhel8",
              "product": "RHOSS-1.36-RHEL-8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1.36.0-10",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_serverless:1.36::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8",
              "product": "RHOSS-1.36-RHEL-8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1.36.0-4",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_serverless:1.36::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-serverless-1/logic-management-console-rhel8",
              "product": "RHOSS-1.36-RHEL-8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1.36.0-9",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_serverless:1.36::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-serverless-1/logic-operator-bundle",
              "product": "RHOSS-1.36-RHEL-8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1.36.0-12",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_serverless:1.36::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-serverless-1/logic-rhel8-operator",
              "product": "RHOSS-1.36-RHEL-8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1.36.0-18",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_serverless:1.36::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-serverless-1/logic-swf-builder-rhel8",
              "product": "RHOSS-1.36-RHEL-8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1.36.0-11",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_serverless:1.36::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-serverless-1/logic-swf-devmode-rhel8",
              "product": "RHOSS-1.36-RHEL-8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1.36.0-7",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:cert_manager:1.16::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "cert-manager/jetstack-cert-manager-rhel9",
              "product": "cert-manager operator for Red Hat OpenShift 1.16",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v1.16.5-1760515757",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_compliance_operator:1::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "compliance/openshift-compliance-must-gather-rhel8",
              "product": "OpenShift Compliance Operator 1",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1.8.0",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_compliance_operator:1::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "compliance/openshift-compliance-openscap-rhel8",
              "product": "OpenShift Compliance Operator 1",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1.8.0",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_compliance_operator:1::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "compliance/openshift-compliance-rhel8-operator",
              "product": "OpenShift Compliance Operator 1",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1.8.0",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_file_integrity_operator:1::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "compliance/openshift-file-integrity-rhel8-operator",
              "product": "OpenShift File Integrity Operator - FIO 1",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v1.3",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:discovery:2::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "discovery/discovery-server-rhel9",
              "product": "Red Hat Discovery 2",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "2.0.1-1754478727",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:hummingbird:1"
              ],
              "defaultStatus": "affected",
              "packageName": "libxml2-main",
              "product": "Red Hat Hardened Images",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "2.15.3-0.1.hum1",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:insights_proxy:1.5::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "insights-proxy/insights-proxy-container-rhel9",
              "product": "Red Hat Insights proxy 1.5",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1.5.5-1754504343",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_distributed_tracing:3.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "rhosdt/jaeger-agent-rhel8",
              "product": "Red Hat OpenShift distributed tracing 3.5.1",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "rhosdt-3.5-1754559657",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_distributed_tracing:3.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "rhosdt/jaeger-all-in-one-rhel8",
              "product": "Red Hat OpenShift distributed tracing 3.5.1",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "rhosdt-3.5-1754559845",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_distributed_tracing:3.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "rhosdt/jaeger-collector-rhel8",
              "product": "Red Hat OpenShift distributed tracing 3.5.1",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "rhosdt-3.5-1754559691",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_distributed_tracing:3.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "rhosdt/jaeger-es-index-cleaner-rhel8",
              "product": "Red Hat OpenShift distributed tracing 3.5.1",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "rhosdt-3.5-1754559660",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_distributed_tracing:3.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "rhosdt/jaeger-es-rollover-rhel8",
              "product": "Red Hat OpenShift distributed tracing 3.5.1",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "rhosdt-3.5-1754559663",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_distributed_tracing:3.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "rhosdt/jaeger-ingester-rhel8",
              "product": "Red Hat OpenShift distributed tracing 3.5.1",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "rhosdt-3.5-1754559657",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_distributed_tracing:3.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "rhosdt/jaeger-operator-bundle",
              "product": "Red Hat OpenShift distributed tracing 3.5.1",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "rhosdt-3.5-1754569861",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_distributed_tracing:3.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "rhosdt/jaeger-query-rhel8",
              "product": "Red Hat OpenShift distributed tracing 3.5.1",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "rhosdt-3.5-1754559846",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_distributed_tracing:3.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "rhosdt/jaeger-rhel8-operator",
              "product": "Red Hat OpenShift distributed tracing 3.5.1",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "rhosdt-3.5-1754559651",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:6"
              ],
              "defaultStatus": "unknown",
              "packageName": "libxslt",
              "product": "Red Hat Enterprise Linux 6",
              "vendor": "Red Hat"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Red Hat would like to thank Sergei Glazunov (Google Project Zero) for reporting this issue."
            }
          ],
          "datePublic": "2025-07-10T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A flaw was found in libxslt where the attribute type, atype, flags are modified in a way that corrupts internal memory management. When XSLT functions, such as the key() process, result in tree fragments, this corruption prevents the proper cleanup of ID attributes. As a result, the system may access freed memory, causing crashes or enabling attackers to trigger heap corruption."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Important"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-416",
                  "description": "Use After Free",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-29T20:46:23.255Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "RHBA-2025:12345",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHBA-2025:12345"
            },
            {
              "name": "RHSA-2025:12447",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:12447"
            },
            {
              "name": "RHSA-2025:12450",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:12450"
            },
            {
              "name": "RHSA-2025:13267",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:13267"
            },
            {
              "name": "RHSA-2025:13308",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:13308"
            },
            {
              "name": "RHSA-2025:13309",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:13309"
            },
            {
              "name": "RHSA-2025:13310",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:13310"
            },
            {
              "name": "RHSA-2025:13311",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:13311"
            },
            {
              "name": "RHSA-2025:13312",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:13312"
            },
            {
              "name": "RHSA-2025:13313",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:13313"
            },
            {
              "name": "RHSA-2025:13314",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:13314"
            },
            {
              "name": "RHSA-2025:13335",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:13335"
            },
            {
              "name": "RHSA-2025:13464",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:13464"
            },
            {
              "name": "RHSA-2025:13622",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:13622"
            },
            {
              "name": "RHSA-2025:14059",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:14059"
            },
            {
              "name": "RHSA-2025:14396",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:14396"
            },
            {
              "name": "RHSA-2025:14818",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:14818"
            },
            {
              "name": "RHSA-2025:14819",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:14819"
            },
            {
              "name": "RHSA-2025:14853",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:14853"
            },
            {
              "name": "RHSA-2025:14858",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:14858"
            },
            {
              "name": "RHSA-2025:15308",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:15308"
            },
            {
              "name": "RHSA-2025:15672",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:15672"
            },
            {
              "name": "RHSA-2025:15827",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:15827"
            },
            {
              "name": "RHSA-2025:15828",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:15828"
            },
            {
              "name": "RHSA-2025:18219",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:18219"
            },
            {
              "name": "RHSA-2025:21885",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:21885"
            },
            {
              "name": "RHSA-2025:21913",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:21913"
            },
            {
              "name": "RHSA-2026:0934",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2026:0934"
            },
            {
              "name": "RHSA-2026:11503",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2026:11503"
            },
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2025-7425"
            },
            {
              "name": "RHBZ#2379274",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2379274"
            },
            {
              "url": "https://gitlab.gnome.org/GNOME/libxslt/-/issues/140"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-07-10T09:37:28.172Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2025-07-10T00:00:00.000Z",
              "value": "Made public."
            }
          ],
          "title": "Libxslt: libxml2: heap use-after-free in libxslt caused by atype corruption in xmlattrptr",
          "workarounds": [
            {
              "lang": "en",
              "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
            }
          ],
          "x_generator": {
            "engine": "cvelib 1.8.0"
          },
          "x_redhatCweChain": "CWE-416: Use After Free"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2025-7425",
        "datePublished": "2025-07-10T13:53:37.295Z",
        "dateReserved": "2025-07-10T08:44:06.287Z",
        "dateUpdated": "2026-06-29T20:46:23.255Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-6020 (GCVE-0-2025-6020)

    Vulnerability from cvelistv5 – Published: 2025-06-17 12:44 – Updated: 2026-06-30 10:40
    VLAI
    Title
    Linux-pam: linux-pam directory traversal
    Summary
    A flaw was found in linux-pam. The module pam_namespace may use access user-controlled paths without proper protection, allowing local users to elevate their privileges to root via multiple symlink attacks and race conditions.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
    Assigner
    References
    URL Tags
    https://access.redhat.com/errata/RHSA-2025:10024 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:10027 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:10180 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:10354 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:10357 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:10358 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:10359 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:10361 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:10362 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:10735 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:10823 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:11386 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:11487 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:14557 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:15099 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:15709 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:15827 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:15828 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:16524 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:17181 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:18219 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:20181 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:21885 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:22019 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:9526 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:0934 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/security/cve/CVE-2025-6020 vdb-entryx_refsource_REDHAT
    https://bugzilla.redhat.com/show_bug.cgi?id=2372512 issue-trackingx_refsource_REDHAT
    https://github.com/linux-pam/linux-pam/security/a…
    http://www.openwall.com/lists/oss-security/2025/06/17/1
    https://lists.debian.org/debian-lts-announce/2025…
    https://cert-portal.siemens.com/productcert/html/…
    Impacted products
    Vendor Product Version
    Affected: 0 , < 1.7.1 (semver)
    Red Hat Red Hat Enterprise Linux 10 Unaffected: 0:1.6.1-8.el10 , < * (rpm)
        cpe:/o:redhat:enterprise_linux:10.1
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 10.0 Extended Update Support Unaffected: 0:1.6.1-8.el10_0 , < * (rpm)
        cpe:/o:redhat:enterprise_linux_eus:10.0
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 7 Extended Lifecycle Support Unaffected: 0:1.1.8-23.el7_9.1 , < * (rpm)
        cpe:/o:redhat:rhel_els:7
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8 Unaffected: 0:1.3.1-37.el8_10 , < * (rpm)
        cpe:/o:redhat:enterprise_linux:8::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8 Unaffected: 0:1.3.1-38.el8_10 , < * (rpm)
        cpe:/o:redhat:enterprise_linux:8::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.2 Advanced Update Support Unaffected: 0:1.3.1-8.el8_2.1 , < * (rpm)
        cpe:/o:redhat:rhel_aus:8.2::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support Unaffected: 0:1.3.1-14.el8_4.1 , < * (rpm)
        cpe:/o:redhat:rhel_aus:8.4::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support Unaffected: 0:1.3.1-16.el8_6.2 , < * (rpm)
        cpe:/o:redhat:rhel_aus:8.6::baseos
        cpe:/o:redhat:rhel_e4s:8.6::baseos
        cpe:/o:redhat:rhel_tus:8.6::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.6 Telecommunications Update Service Unaffected: 0:1.3.1-16.el8_6.2 , < * (rpm)
        cpe:/o:redhat:rhel_aus:8.6::baseos
        cpe:/o:redhat:rhel_e4s:8.6::baseos
        cpe:/o:redhat:rhel_tus:8.6::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions Unaffected: 0:1.3.1-16.el8_6.2 , < * (rpm)
        cpe:/o:redhat:rhel_aus:8.6::baseos
        cpe:/o:redhat:rhel_e4s:8.6::baseos
        cpe:/o:redhat:rhel_tus:8.6::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.8 Telecommunications Update Service Unaffected: 0:1.3.1-26.el8_8.1 , < * (rpm)
        cpe:/o:redhat:rhel_e4s:8.8::baseos
        cpe:/o:redhat:rhel_tus:8.8::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions Unaffected: 0:1.3.1-26.el8_8.1 , < * (rpm)
        cpe:/o:redhat:rhel_e4s:8.8::baseos
        cpe:/o:redhat:rhel_tus:8.8::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9 Unaffected: 0:1.5.1-26.el9_6 , < * (rpm)
        cpe:/a:redhat:enterprise_linux:9::appstream
        cpe:/o:redhat:enterprise_linux:9::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9 Unaffected: 0:1.5.1-25.el9_6 , < * (rpm)
        cpe:/a:redhat:enterprise_linux:9::appstream
        cpe:/o:redhat:enterprise_linux:9::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions Unaffected: 0:1.5.1-9.el9_0.2 , < * (rpm)
        cpe:/a:redhat:rhel_e4s:9.0::appstream
        cpe:/o:redhat:rhel_e4s:9.0::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions Unaffected: 0:1.5.1-15.el9_2.1 , < * (rpm)
        cpe:/a:redhat:rhel_e4s:9.2::appstream
        cpe:/o:redhat:rhel_e4s:9.2::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9.4 Extended Update Support Unaffected: 0:1.5.1-24.el9_4 , < * (rpm)
        cpe:/a:redhat:rhel_eus:9.4::appstream
        cpe:/o:redhat:rhel_eus:9.4::baseos
    Create a notification for this product.
    Red Hat Red Hat Web Terminal 1.11 on RHEL 9 Unaffected: 1.11-19 , < * (rpm)
        cpe:/a:redhat:webterminal:1.11::el9
    Create a notification for this product.
    Red Hat Red Hat Web Terminal 1.11 on RHEL 9 Unaffected: 1.11-8 , < * (rpm)
        cpe:/a:redhat:webterminal:1.11::el9
    Create a notification for this product.
    Red Hat Red Hat Web Terminal 1.12 on RHEL 9 Unaffected: 1.12-4 , < * (rpm)
        cpe:/a:redhat:webterminal:1.12::el9
    Create a notification for this product.
    Red Hat RHEL-8 based Middleware Containers Unaffected: 7.13.5-4.1752066672 , < * (rpm)
        cpe:/a:redhat:rhosemc:1.0::el8
    Create a notification for this product.
    Red Hat RHEL-8 based Middleware Containers Unaffected: 7.13.5-4.1752065732 , < * (rpm)
        cpe:/a:redhat:rhosemc:1.0::el8
    Create a notification for this product.
    Red Hat RHEL-8 based Middleware Containers Unaffected: 7.13.5-3.1752065737 , < * (rpm)
        cpe:/a:redhat:rhosemc:1.0::el8
    Create a notification for this product.
    Red Hat RHEL-8 based Middleware Containers Unaffected: 7.13.5-4.1752065731 , < * (rpm)
        cpe:/a:redhat:rhosemc:1.0::el8
    Create a notification for this product.
    Red Hat RHEL-8 based Middleware Containers Unaffected: 7.13.5-25 , < * (rpm)
        cpe:/a:redhat:rhosemc:1.0::el8
    Create a notification for this product.
    Red Hat RHEL-8 based Middleware Containers Unaffected: 7.13.5-4.1752065736 , < * (rpm)
        cpe:/a:redhat:rhosemc:1.0::el8
    Create a notification for this product.
    Red Hat RHEL-8 based Middleware Containers Unaffected: 7.13.5-2.1752065733 , < * (rpm)
        cpe:/a:redhat:rhosemc:1.0::el8
    Create a notification for this product.
    Red Hat RHEL-8 based Middleware Containers Unaffected: 7.13.5-4.1752065755 , < * (rpm)
        cpe:/a:redhat:rhosemc:1.0::el8
    Create a notification for this product.
    Red Hat RHOSS-1.36-RHEL-8 Unaffected: 1.36.0-11 , < * (rpm)
        cpe:/a:redhat:openshift_serverless:1.36::el8
    Create a notification for this product.
    Red Hat RHOSS-1.36-RHEL-8 Unaffected: 1.36.0-10 , < * (rpm)
        cpe:/a:redhat:openshift_serverless:1.36::el8
    Create a notification for this product.
    Red Hat RHOSS-1.36-RHEL-8 Unaffected: 1.36.0-4 , < * (rpm)
        cpe:/a:redhat:openshift_serverless:1.36::el8
    Create a notification for this product.
    Red Hat RHOSS-1.36-RHEL-8 Unaffected: 1.36.0-9 , < * (rpm)
        cpe:/a:redhat:openshift_serverless:1.36::el8
    Create a notification for this product.
    Red Hat RHOSS-1.36-RHEL-8 Unaffected: 1.36.0-12 , < * (rpm)
        cpe:/a:redhat:openshift_serverless:1.36::el8
    Create a notification for this product.
    Red Hat RHOSS-1.36-RHEL-8 Unaffected: 1.36.0-18 , < * (rpm)
        cpe:/a:redhat:openshift_serverless:1.36::el8
    Create a notification for this product.
    Red Hat RHOSS-1.36-RHEL-8 Unaffected: 1.36.0-7 , < * (rpm)
        cpe:/a:redhat:openshift_serverless:1.36::el8
    Create a notification for this product.
    Red Hat cert-manager operator for Red Hat OpenShift 1.16 Unaffected: v1.16.5-1760515757 , < * (rpm)
        cpe:/a:redhat:cert_manager:1.16::el9
    Create a notification for this product.
    Red Hat OpenShift Compliance Operator 1 Unaffected: 1.8.0 , < * (rpm)
        cpe:/a:redhat:openshift_compliance_operator:1::el9
    Create a notification for this product.
    Red Hat Red Hat Discovery 2 Unaffected: 2.0.0-1752592913 , < * (rpm)
        cpe:/a:redhat:discovery:2::el9
    Create a notification for this product.
    Red Hat Red Hat Discovery 2 Unaffected: 2.2.1-1758555934 , < * (rpm)
        cpe:/a:redhat:discovery:2::el9
    Create a notification for this product.
    Red Hat Red Hat Insights proxy 1.5 Unaffected: 1.5.7-1759331989 , < * (rpm)
        cpe:/a:redhat:insights_proxy:1.5::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift distributed tracing 3.6.0 Unaffected: rhosdt-3.6-1752046452 , < * (rpm)
        cpe:/a:redhat:openshift_distributed_tracing:3.6::el8
    Create a notification for this product.
    Red Hat Red Hat OpenShift distributed tracing 3.6.0 Unaffected: rhosdt-3.6-1752046437 , < * (rpm)
        cpe:/a:redhat:openshift_distributed_tracing:3.6::el8
    Create a notification for this product.
    Red Hat Red Hat OpenShift distributed tracing 3.6.0 Unaffected: rhosdt-3.6-1752046439 , < * (rpm)
        cpe:/a:redhat:openshift_distributed_tracing:3.6::el8
    Create a notification for this product.
    Red Hat Red Hat OpenShift distributed tracing 3.6.0 Unaffected: rhosdt-3.6-1752070865 , < * (rpm)
        cpe:/a:redhat:openshift_distributed_tracing:3.6::el8
    Create a notification for this product.
    Red Hat Red Hat OpenShift distributed tracing 3.6.0 Unaffected: rhosdt-3.6-1752070873 , < * (rpm)
        cpe:/a:redhat:openshift_distributed_tracing:3.6::el8
    Create a notification for this product.
    Red Hat Red Hat OpenShift distributed tracing 3.6.0 Unaffected: rhosdt-3.6-1751993590 , < * (rpm)
        cpe:/a:redhat:openshift_distributed_tracing:3.6::el8
    Create a notification for this product.
    Red Hat Red Hat OpenShift distributed tracing 3.6.0 Unaffected: rhosdt-3.6-1752070827 , < * (rpm)
        cpe:/a:redhat:openshift_distributed_tracing:3.6::el8
    Create a notification for this product.
    Red Hat Red Hat OpenShift distributed tracing 3.6.0 Unaffected: rhosdt-3.6-1752070833 , < * (rpm)
        cpe:/a:redhat:openshift_distributed_tracing:3.6::el8
    Create a notification for this product.
    Red Hat Red Hat OpenShift distributed tracing 3.6.0 Unaffected: rhosdt-3.6-1752070866 , < * (rpm)
        cpe:/a:redhat:openshift_distributed_tracing:3.6::el8
    Create a notification for this product.
    Red Hat Red Hat OpenShift sandboxed containers 1.1 Unaffected: 1.10.2-1757422110 , < * (rpm)
        cpe:/a:redhat:confidential_compute_attestation:1.10::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift sandboxed containers 1.1 Unaffected: 1.10.2-1757421804 , < * (rpm)
        cpe:/a:redhat:confidential_compute_attestation:1.10::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift sandboxed containers 1.1 Unaffected: 1.10.2-1757421879 , < * (rpm)
        cpe:/a:redhat:confidential_compute_attestation:1.10::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift sandboxed containers 1.1 Unaffected: 1.10.2-1757422401 , < * (rpm)
        cpe:/a:redhat:confidential_compute_attestation:1.10::el9
    Create a notification for this product.
    Siemens RUGGEDCOM ROX MX5000 Affected: 0 , < V2.17.1 (custom)
    Create a notification for this product.
    Siemens RUGGEDCOM ROX MX5000RE Affected: 0 , < V2.17.1 (custom)
    Create a notification for this product.
    Siemens RUGGEDCOM ROX RX1400 Affected: 0 , < V2.17.1 (custom)
    Create a notification for this product.
    Siemens RUGGEDCOM ROX RX1500 Affected: 0 , < V2.17.1 (custom)
    Create a notification for this product.
    Siemens RUGGEDCOM ROX RX1501 Affected: 0 , < V2.17.1 (custom)
    Create a notification for this product.
    Siemens RUGGEDCOM ROX RX1510 Affected: 0 , < V2.17.1 (custom)
    Create a notification for this product.
    Siemens RUGGEDCOM ROX RX1511 Affected: 0 , < V2.17.1 (custom)
    Create a notification for this product.
    Siemens RUGGEDCOM ROX RX1512 Affected: 0 , < V2.17.1 (custom)
    Create a notification for this product.
    Siemens RUGGEDCOM ROX RX1524 Affected: 0 , < V2.17.1 (custom)
    Create a notification for this product.
    Siemens RUGGEDCOM ROX RX1536 Affected: 0 , < V2.17.1 (custom)
    Create a notification for this product.
    Siemens RUGGEDCOM ROX RX5000 Affected: 0 , < V2.17.1 (custom)
    Create a notification for this product.
    Date Public
    2025-06-17 00:00
    Credits
    Red Hat would like to thank Olivier BAL-PETRE (ANSSI - French Cybersecurity Agency) for reporting this issue.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-6020",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-06-17T13:30:00.379966Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-03-18T14:14:28.136Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2025-11-03T18:13:57.307Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "http://www.openwall.com/lists/oss-security/2025/06/17/1"
              },
              {
                "url": "https://lists.debian.org/debian-lts-announce/2025/09/msg00021.html"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "defaultStatus": "unknown",
                "product": "RUGGEDCOM ROX MX5000",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V2.17.1",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "RUGGEDCOM ROX MX5000RE",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V2.17.1",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "RUGGEDCOM ROX RX1400",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V2.17.1",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "RUGGEDCOM ROX RX1500",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V2.17.1",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "RUGGEDCOM ROX RX1501",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V2.17.1",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "RUGGEDCOM ROX RX1510",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V2.17.1",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "RUGGEDCOM ROX RX1511",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V2.17.1",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "RUGGEDCOM ROX RX1512",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V2.17.1",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "RUGGEDCOM ROX RX1524",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V2.17.1",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "RUGGEDCOM ROX RX1536",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V2.17.1",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "RUGGEDCOM ROX RX5000",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V2.17.1",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-12T12:02:28.144Z",
              "orgId": "0b142b55-0307-4c5a-b3c9-f314f3fb7c5e",
              "shortName": "siemens-SADP"
            },
            "references": [
              {
                "url": "https://cert-portal.siemens.com/productcert/html/ssa-577017.html"
              }
            ],
            "x_adpType": "supplier"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://github.com/linux-pam/linux-pam",
              "defaultStatus": "unaffected",
              "packageName": "linux-pam",
              "versions": [
                {
                  "lessThan": "1.7.1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:10.1"
              ],
              "defaultStatus": "affected",
              "packageName": "pam",
              "product": "Red Hat Enterprise Linux 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.6.1-8.el10",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux_eus:10.0"
              ],
              "defaultStatus": "affected",
              "packageName": "pam",
              "product": "Red Hat Enterprise Linux 10.0 Extended Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.6.1-8.el10_0",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:rhel_els:7"
              ],
              "defaultStatus": "affected",
              "packageName": "pam",
              "product": "Red Hat Enterprise Linux 7 Extended Lifecycle Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.1.8-23.el7_9.1",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:8::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "pam",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.3.1-37.el8_10",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:8::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "pam",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.3.1-38.el8_10",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:rhel_aus:8.2::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "pam",
              "product": "Red Hat Enterprise Linux 8.2 Advanced Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.3.1-8.el8_2.1",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:rhel_aus:8.4::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "pam",
              "product": "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.3.1-14.el8_4.1",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:rhel_aus:8.6::baseos",
                "cpe:/o:redhat:rhel_e4s:8.6::baseos",
                "cpe:/o:redhat:rhel_tus:8.6::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "pam",
              "product": "Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.3.1-16.el8_6.2",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:rhel_aus:8.6::baseos",
                "cpe:/o:redhat:rhel_e4s:8.6::baseos",
                "cpe:/o:redhat:rhel_tus:8.6::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "pam",
              "product": "Red Hat Enterprise Linux 8.6 Telecommunications Update Service",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.3.1-16.el8_6.2",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:rhel_aus:8.6::baseos",
                "cpe:/o:redhat:rhel_e4s:8.6::baseos",
                "cpe:/o:redhat:rhel_tus:8.6::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "pam",
              "product": "Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.3.1-16.el8_6.2",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:rhel_e4s:8.8::baseos",
                "cpe:/o:redhat:rhel_tus:8.8::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "pam",
              "product": "Red Hat Enterprise Linux 8.8 Telecommunications Update Service",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.3.1-26.el8_8.1",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:rhel_e4s:8.8::baseos",
                "cpe:/o:redhat:rhel_tus:8.8::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "pam",
              "product": "Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.3.1-26.el8_8.1",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:enterprise_linux:9::appstream",
                "cpe:/o:redhat:enterprise_linux:9::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "pam",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.5.1-26.el9_6",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:enterprise_linux:9::appstream",
                "cpe:/o:redhat:enterprise_linux:9::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "pam",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.5.1-25.el9_6",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:enterprise_linux:9::appstream",
                "cpe:/o:redhat:enterprise_linux:9::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "pam",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.5.1-26.el9_6",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:enterprise_linux:9::appstream",
                "cpe:/o:redhat:enterprise_linux:9::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "pam",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.5.1-25.el9_6",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_e4s:9.0::appstream",
                "cpe:/o:redhat:rhel_e4s:9.0::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "pam",
              "product": "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.5.1-9.el9_0.2",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_e4s:9.2::appstream",
                "cpe:/o:redhat:rhel_e4s:9.2::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "pam",
              "product": "Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.5.1-15.el9_2.1",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_eus:9.4::appstream",
                "cpe:/o:redhat:rhel_eus:9.4::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "pam",
              "product": "Red Hat Enterprise Linux 9.4 Extended Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.5.1-24.el9_4",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:webterminal:1.11::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "web-terminal/web-terminal-rhel9-operator",
              "product": "Red Hat Web Terminal 1.11 on RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1.11-19",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:webterminal:1.11::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "web-terminal/web-terminal-tooling-rhel9",
              "product": "Red Hat Web Terminal 1.11 on RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1.11-8",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:webterminal:1.12::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "web-terminal/web-terminal-tooling-rhel9",
              "product": "Red Hat Web Terminal 1.12 on RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1.12-4",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:rhosemc:1.0::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "rhpam-7/rhpam-businesscentral-monitoring-rhel8",
              "product": "RHEL-8 based Middleware Containers",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "7.13.5-4.1752066672",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:rhosemc:1.0::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "rhpam-7/rhpam-businesscentral-rhel8",
              "product": "RHEL-8 based Middleware Containers",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "7.13.5-4.1752065732",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:rhosemc:1.0::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "rhpam-7/rhpam-controller-rhel8",
              "product": "RHEL-8 based Middleware Containers",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "7.13.5-4.1752065732",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:rhosemc:1.0::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "rhpam-7/rhpam-dashbuilder-rhel8",
              "product": "RHEL-8 based Middleware Containers",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "7.13.5-3.1752065737",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:rhosemc:1.0::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "rhpam-7/rhpam-kieserver-rhel8",
              "product": "RHEL-8 based Middleware Containers",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "7.13.5-4.1752065731",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:rhosemc:1.0::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "rhpam-7/rhpam-operator-bundle",
              "product": "RHEL-8 based Middleware Containers",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "7.13.5-25",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:rhosemc:1.0::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "rhpam-7/rhpam-process-migration-rhel8",
              "product": "RHEL-8 based Middleware Containers",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "7.13.5-4.1752065736",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:rhosemc:1.0::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "rhpam-7/rhpam-rhel8-operator",
              "product": "RHEL-8 based Middleware Containers",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "7.13.5-2.1752065733",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:rhosemc:1.0::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "rhpam-7/rhpam-smartrouter-rhel8",
              "product": "RHEL-8 based Middleware Containers",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "7.13.5-4.1752065755",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_serverless:1.36::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-serverless-1/logic-data-index-ephemeral-rhel8",
              "product": "RHOSS-1.36-RHEL-8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1.36.0-11",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_serverless:1.36::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-serverless-1/logic-data-index-postgresql-rhel8",
              "product": "RHOSS-1.36-RHEL-8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1.36.0-11",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_serverless:1.36::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-serverless-1/logic-db-migrator-tool-rhel8",
              "product": "RHOSS-1.36-RHEL-8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1.36.0-11",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_serverless:1.36::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-serverless-1/logic-jobs-service-ephemeral-rhel8",
              "product": "RHOSS-1.36-RHEL-8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1.36.0-10",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_serverless:1.36::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-serverless-1/logic-jobs-service-postgresql-rhel8",
              "product": "RHOSS-1.36-RHEL-8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1.36.0-10",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_serverless:1.36::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8",
              "product": "RHOSS-1.36-RHEL-8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1.36.0-4",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_serverless:1.36::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-serverless-1/logic-management-console-rhel8",
              "product": "RHOSS-1.36-RHEL-8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1.36.0-9",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_serverless:1.36::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-serverless-1/logic-operator-bundle",
              "product": "RHOSS-1.36-RHEL-8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1.36.0-12",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_serverless:1.36::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-serverless-1/logic-rhel8-operator",
              "product": "RHOSS-1.36-RHEL-8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1.36.0-18",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_serverless:1.36::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-serverless-1/logic-swf-builder-rhel8",
              "product": "RHOSS-1.36-RHEL-8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1.36.0-11",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_serverless:1.36::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-serverless-1/logic-swf-devmode-rhel8",
              "product": "RHOSS-1.36-RHEL-8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1.36.0-7",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:cert_manager:1.16::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "cert-manager/jetstack-cert-manager-rhel9",
              "product": "cert-manager operator for Red Hat OpenShift 1.16",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v1.16.5-1760515757",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_compliance_operator:1::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "compliance/openshift-compliance-openscap-rhel8",
              "product": "OpenShift Compliance Operator 1",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1.8.0",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:discovery:2::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "discovery/discovery-server-rhel9",
              "product": "Red Hat Discovery 2",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "2.0.0-1752592913",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:discovery:2::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "discovery/discovery-server-rhel9",
              "product": "Red Hat Discovery 2",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "2.2.1-1758555934",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:insights_proxy:1.5::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "insights-proxy/insights-proxy-container-rhel9",
              "product": "Red Hat Insights proxy 1.5",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1.5.7-1759331989",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_distributed_tracing:3.6::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "rhosdt/opentelemetry-collector-rhel8",
              "product": "Red Hat OpenShift distributed tracing 3.6.0",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "rhosdt-3.6-1752046452",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_distributed_tracing:3.6::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "rhosdt/opentelemetry-rhel8-operator",
              "product": "Red Hat OpenShift distributed tracing 3.6.0",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "rhosdt-3.6-1752046437",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_distributed_tracing:3.6::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "rhosdt/opentelemetry-target-allocator-rhel8",
              "product": "Red Hat OpenShift distributed tracing 3.6.0",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "rhosdt-3.6-1752046439",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_distributed_tracing:3.6::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "rhosdt/tempo-gateway-opa-rhel8",
              "product": "Red Hat OpenShift distributed tracing 3.6.0",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "rhosdt-3.6-1752070865",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_distributed_tracing:3.6::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "rhosdt/tempo-gateway-rhel8",
              "product": "Red Hat OpenShift distributed tracing 3.6.0",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "rhosdt-3.6-1752070873",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_distributed_tracing:3.6::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "rhosdt/tempo-jaeger-query-rhel8",
              "product": "Red Hat OpenShift distributed tracing 3.6.0",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "rhosdt-3.6-1751993590",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_distributed_tracing:3.6::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "rhosdt/tempo-query-rhel8",
              "product": "Red Hat OpenShift distributed tracing 3.6.0",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "rhosdt-3.6-1752070827",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_distributed_tracing:3.6::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "rhosdt/tempo-rhel8",
              "product": "Red Hat OpenShift distributed tracing 3.6.0",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "rhosdt-3.6-1752070833",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_distributed_tracing:3.6::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "rhosdt/tempo-rhel8-operator",
              "product": "Red Hat OpenShift distributed tracing 3.6.0",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "rhosdt-3.6-1752070866",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:confidential_compute_attestation:1.10::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-sandboxed-containers/osc-cloud-api-adaptor-rhel9",
              "product": "Red Hat OpenShift sandboxed containers 1.1",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1.10.2-1757422110",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:confidential_compute_attestation:1.10::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-sandboxed-containers/osc-monitor-rhel9",
              "product": "Red Hat OpenShift sandboxed containers 1.1",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1.10.2-1757421804",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:confidential_compute_attestation:1.10::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-sandboxed-containers/osc-podvm-builder-rhel9",
              "product": "Red Hat OpenShift sandboxed containers 1.1",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1.10.2-1757421879",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:confidential_compute_attestation:1.10::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-sandboxed-containers/osc-podvm-payload-rhel9",
              "product": "Red Hat OpenShift sandboxed containers 1.1",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1.10.2-1757422401",
                  "versionType": "rpm"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Red Hat would like to thank Olivier BAL-PETRE (ANSSI - French Cybersecurity Agency) for reporting this issue."
            }
          ],
          "datePublic": "2025-06-17T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A flaw was found in linux-pam. The module pam_namespace may use access user-controlled paths without proper protection, allowing local users to elevate their privileges to root via multiple symlink attacks and race conditions."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Important"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-22",
                  "description": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-30T10:40:27.436Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "RHSA-2025:10024",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:10024"
            },
            {
              "name": "RHSA-2025:10027",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:10027"
            },
            {
              "name": "RHSA-2025:10180",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:10180"
            },
            {
              "name": "RHSA-2025:10354",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:10354"
            },
            {
              "name": "RHSA-2025:10357",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:10357"
            },
            {
              "name": "RHSA-2025:10358",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:10358"
            },
            {
              "name": "RHSA-2025:10359",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:10359"
            },
            {
              "name": "RHSA-2025:10361",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:10361"
            },
            {
              "name": "RHSA-2025:10362",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:10362"
            },
            {
              "name": "RHSA-2025:10735",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:10735"
            },
            {
              "name": "RHSA-2025:10823",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:10823"
            },
            {
              "name": "RHSA-2025:11386",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:11386"
            },
            {
              "name": "RHSA-2025:11487",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:11487"
            },
            {
              "name": "RHSA-2025:14557",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:14557"
            },
            {
              "name": "RHSA-2025:15099",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:15099"
            },
            {
              "name": "RHSA-2025:15709",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:15709"
            },
            {
              "name": "RHSA-2025:15827",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:15827"
            },
            {
              "name": "RHSA-2025:15828",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:15828"
            },
            {
              "name": "RHSA-2025:16524",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:16524"
            },
            {
              "name": "RHSA-2025:17181",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:17181"
            },
            {
              "name": "RHSA-2025:18219",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:18219"
            },
            {
              "name": "RHSA-2025:20181",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:20181"
            },
            {
              "name": "RHSA-2025:21885",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:21885"
            },
            {
              "name": "RHSA-2025:22019",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:22019"
            },
            {
              "name": "RHSA-2025:9526",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:9526"
            },
            {
              "name": "RHSA-2026:0934",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2026:0934"
            },
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2025-6020"
            },
            {
              "name": "RHBZ#2372512",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2372512"
            },
            {
              "url": "https://github.com/linux-pam/linux-pam/security/advisories/GHSA-f9p8-gjr4-j9gx"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-06-12T16:33:01.214Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2025-06-17T00:00:00.000Z",
              "value": "Made public."
            }
          ],
          "title": "Linux-pam: linux-pam directory traversal",
          "workarounds": [
            {
              "lang": "en",
              "value": "Disable the `pam_namespace` module if it is not essential for your environment, or carefully review and configure it to avoid operating on any directories or paths that can be influenced or controlled by unprivileged users, such as user home directories or world-writable locations like `/tmp`."
            }
          ],
          "x_generator": {
            "engine": "cvelib 1.8.0"
          },
          "x_redhatCweChain": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2025-6020",
        "datePublished": "2025-06-17T12:44:08.646Z",
        "dateReserved": "2025-06-11T22:38:25.643Z",
        "dateUpdated": "2026-06-30T10:40:27.436Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-49794 (GCVE-0-2025-49794)

    Vulnerability from cvelistv5 – Published: 2025-06-16 15:24 – Updated: 2026-06-29 20:51
    VLAI
    Title
    Libxml: heap use after free (uaf) leads to denial of service (dos)
    Summary
    A use-after-free vulnerability was found in libxml2. This issue occurs when parsing XPath elements under certain circumstances when the XML schematron has the <sch:name path="..."/> schema elements. This flaw allows a malicious actor to craft a malicious XML document used as input for libxml, resulting in the program's crash using libxml or other possible undefined behaviors.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-825 - Expired Pointer Dereference
    Assigner
    References
    URL Tags
    https://access.redhat.com/errata/RHSA-2025:10630 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:10698 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:10699 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:11580 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:12098 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:12099 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:12199 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:12237 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:12239 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:12240 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:12241 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:13335 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:15397 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:15827 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:15828 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:18217 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:18218 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:18219 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:18240 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:19020 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:19041 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:19046 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:19894 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:21913 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:0934 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:7519 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/security/cve/CVE-2025-49794 vdb-entryx_refsource_REDHAT
    https://bugzilla.redhat.com/show_bug.cgi?id=2372373 issue-trackingx_refsource_REDHAT
    https://gitlab.gnome.org/GNOME/libxml2/-/issues/931
    https://lists.debian.org/debian-lts-announce/2025…
    https://cert-portal.siemens.com/productcert/html/…
    https://cert-portal.siemens.com/productcert/html/…
    Impacted products
    Vendor Product Version
    Affected: 0 , < 2.15.0 (semver)
    Red Hat Red Hat Enterprise Linux 10 Unaffected: 0:2.12.5-7.el10_0 , < * (rpm)
        cpe:/o:redhat:enterprise_linux:10.0
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 7 Extended Lifecycle Support Unaffected: 0:2.9.1-6.el7_9.10 , < * (rpm)
        cpe:/o:redhat:rhel_els:7
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8 Unaffected: 0:2.9.7-21.el8_10.1 , < * (rpm)
        cpe:/a:redhat:enterprise_linux:8::appstream
        cpe:/o:redhat:enterprise_linux:8::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.2 Advanced Update Support Unaffected: 0:2.9.7-9.el8_2.3 , < * (rpm)
        cpe:/a:redhat:rhel_aus:8.2::appstream
        cpe:/o:redhat:rhel_aus:8.2::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support Unaffected: 0:2.9.7-9.el8_4.6 , < * (rpm)
        cpe:/a:redhat:rhel_aus:8.4::appstream
        cpe:/a:redhat:rhel_eus_long_life:8.4::appstream
        cpe:/o:redhat:rhel_aus:8.4::baseos
        cpe:/o:redhat:rhel_eus_long_life:8.4::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On Unaffected: 0:2.9.7-9.el8_4.6 , < * (rpm)
        cpe:/a:redhat:rhel_aus:8.4::appstream
        cpe:/a:redhat:rhel_eus_long_life:8.4::appstream
        cpe:/o:redhat:rhel_aus:8.4::baseos
        cpe:/o:redhat:rhel_eus_long_life:8.4::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support Unaffected: 0:2.9.7-13.el8_6.10 , < * (rpm)
        cpe:/a:redhat:rhel_aus:8.6::appstream
        cpe:/a:redhat:rhel_e4s:8.6::appstream
        cpe:/a:redhat:rhel_tus:8.6::appstream
        cpe:/o:redhat:rhel_aus:8.6::baseos
        cpe:/o:redhat:rhel_e4s:8.6::baseos
        cpe:/o:redhat:rhel_tus:8.6::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.6 Telecommunications Update Service Unaffected: 0:2.9.7-13.el8_6.10 , < * (rpm)
        cpe:/a:redhat:rhel_aus:8.6::appstream
        cpe:/a:redhat:rhel_e4s:8.6::appstream
        cpe:/a:redhat:rhel_tus:8.6::appstream
        cpe:/o:redhat:rhel_aus:8.6::baseos
        cpe:/o:redhat:rhel_e4s:8.6::baseos
        cpe:/o:redhat:rhel_tus:8.6::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions Unaffected: 0:2.9.7-13.el8_6.10 , < * (rpm)
        cpe:/a:redhat:rhel_aus:8.6::appstream
        cpe:/a:redhat:rhel_e4s:8.6::appstream
        cpe:/a:redhat:rhel_tus:8.6::appstream
        cpe:/o:redhat:rhel_aus:8.6::baseos
        cpe:/o:redhat:rhel_e4s:8.6::baseos
        cpe:/o:redhat:rhel_tus:8.6::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.8 Telecommunications Update Service Unaffected: 0:2.9.7-16.el8_8.9 , < * (rpm)
        cpe:/a:redhat:rhel_e4s:8.8::appstream
        cpe:/a:redhat:rhel_tus:8.8::appstream
        cpe:/o:redhat:rhel_e4s:8.8::baseos
        cpe:/o:redhat:rhel_tus:8.8::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions Unaffected: 0:2.9.7-16.el8_8.9 , < * (rpm)
        cpe:/a:redhat:rhel_e4s:8.8::appstream
        cpe:/a:redhat:rhel_tus:8.8::appstream
        cpe:/o:redhat:rhel_e4s:8.8::baseos
        cpe:/o:redhat:rhel_tus:8.8::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9 Unaffected: 0:2.9.13-10.el9_6 , < * (rpm)
        cpe:/a:redhat:enterprise_linux:9::appstream
        cpe:/o:redhat:enterprise_linux:9::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions Unaffected: 0:2.9.13-1.el9_0.5 , < * (rpm)
        cpe:/a:redhat:rhel_e4s:9.0::appstream
        cpe:/o:redhat:rhel_e4s:9.0::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions Unaffected: 0:2.9.13-3.el9_2.7 , < * (rpm)
        cpe:/a:redhat:rhel_e4s:9.2::appstream
        cpe:/o:redhat:rhel_e4s:9.2::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9.4 Extended Update Support Unaffected: 0:2.9.13-10.el9_4 , < * (rpm)
        cpe:/a:redhat:rhel_eus:9.4::appstream
        cpe:/o:redhat:rhel_eus:9.4::baseos
    Create a notification for this product.
    Red Hat Red Hat JBoss Core Services 2.4.62.SP2     cpe:/a:redhat:jboss_core_services:1
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.12 Unaffected: 412.86.202510291903-0 , < * (rpm)
        cpe:/a:redhat:openshift:4.12::el8
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.13 Unaffected: 413.92.202510150118-0 , < * (rpm)
        cpe:/a:redhat:openshift:4.13::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.14 Unaffected: 414.92.202510211419-0 , < * (rpm)
        cpe:/a:redhat:openshift:4.14::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.17 Unaffected: 417.94.202510112152-0 , < * (rpm)
        cpe:/a:redhat:openshift:4.17::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.18 Unaffected: 418.94.202510230424-0 , < * (rpm)
        cpe:/a:redhat:openshift:4.18::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.19 Unaffected: 4.19.9.6.202510140714-0 , < * (rpm)
        cpe:/a:redhat:openshift:4.19::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.20 Unaffected: 4.20.9.6.202509251656-0 , < * (rpm)
        cpe:/a:redhat:openshift:4.20::el9
    Create a notification for this product.
    Red Hat Red Hat Web Terminal 1.11 on RHEL 9 Unaffected: 1.11-19 , < * (rpm)
        cpe:/a:redhat:webterminal:1.11::el9
    Create a notification for this product.
    Red Hat Red Hat Web Terminal 1.11 on RHEL 9 Unaffected: 1.11-8 , < * (rpm)
        cpe:/a:redhat:webterminal:1.11::el9
    Create a notification for this product.
    Red Hat Red Hat Web Terminal 1.12 on RHEL 9 Unaffected: 1.12-4 , < * (rpm)
        cpe:/a:redhat:webterminal:1.12::el9
    Create a notification for this product.
    Red Hat RHOSS-1.36-RHEL-8 Unaffected: 1.36.0-11 , < * (rpm)
        cpe:/a:redhat:openshift_serverless:1.36::el8
    Create a notification for this product.
    Red Hat RHOSS-1.36-RHEL-8 Unaffected: 1.36.0-10 , < * (rpm)
        cpe:/a:redhat:openshift_serverless:1.36::el8
    Create a notification for this product.
    Red Hat RHOSS-1.36-RHEL-8 Unaffected: 1.36.0-4 , < * (rpm)
        cpe:/a:redhat:openshift_serverless:1.36::el8
    Create a notification for this product.
    Red Hat RHOSS-1.36-RHEL-8 Unaffected: 1.36.0-9 , < * (rpm)
        cpe:/a:redhat:openshift_serverless:1.36::el8
    Create a notification for this product.
    Red Hat RHOSS-1.36-RHEL-8 Unaffected: 1.36.0-12 , < * (rpm)
        cpe:/a:redhat:openshift_serverless:1.36::el8
    Create a notification for this product.
    Red Hat RHOSS-1.36-RHEL-8 Unaffected: 1.36.0-18 , < * (rpm)
        cpe:/a:redhat:openshift_serverless:1.36::el8
    Create a notification for this product.
    Red Hat RHOSS-1.36-RHEL-8 Unaffected: 1.36.0-7 , < * (rpm)
        cpe:/a:redhat:openshift_serverless:1.36::el8
    Create a notification for this product.
    Red Hat cert-manager operator for Red Hat OpenShift 1.16 Unaffected: v1.16.5-1760515757 , < * (rpm)
        cpe:/a:redhat:cert_manager:1.16::el9
    Create a notification for this product.
    Red Hat OpenShift File Integrity Operator - FIO 1 Unaffected: v1.3 , < * (rpm)
        cpe:/a:redhat:openshift_file_integrity_operator:1::el9
    Create a notification for this product.
    Red Hat Red Hat Hardened Images Unaffected: 2.15.2-0.3.hum1 , < * (rpm)
        cpe:/a:redhat:hummingbird:1
    Create a notification for this product.
    Red Hat Red Hat Insights proxy 1.5 Unaffected: 1.5.5-1754504343 , < * (rpm)
        cpe:/a:redhat:insights_proxy:1.5::el9
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 6     cpe:/o:redhat:enterprise_linux:6
    Create a notification for this product.
    Siemens RUGGEDCOM ROX MX5000 Affected: 0 , < V2.17.1 (custom)
    Create a notification for this product.
    Siemens RUGGEDCOM ROX MX5000RE Affected: 0 , < V2.17.1 (custom)
    Create a notification for this product.
    Siemens RUGGEDCOM ROX RX1400 Affected: 0 , < V2.17.1 (custom)
    Create a notification for this product.
    Siemens RUGGEDCOM ROX RX1500 Affected: 0 , < V2.17.1 (custom)
    Create a notification for this product.
    Siemens RUGGEDCOM ROX RX1501 Affected: 0 , < V2.17.1 (custom)
    Create a notification for this product.
    Siemens RUGGEDCOM ROX RX1510 Affected: 0 , < V2.17.1 (custom)
    Create a notification for this product.
    Siemens RUGGEDCOM ROX RX1511 Affected: 0 , < V2.17.1 (custom)
    Create a notification for this product.
    Siemens RUGGEDCOM ROX RX1512 Affected: 0 , < V2.17.1 (custom)
    Create a notification for this product.
    Siemens RUGGEDCOM ROX RX1524 Affected: 0 , < V2.17.1 (custom)
    Create a notification for this product.
    Siemens RUGGEDCOM ROX RX1536 Affected: 0 , < V2.17.1 (custom)
    Create a notification for this product.
    Siemens RUGGEDCOM ROX RX5000 Affected: 0 , < V2.17.1 (custom)
    Create a notification for this product.
    Siemens RUGGEDCOM RST2428P Affected: 0 , < V4.0 (custom)
    Create a notification for this product.
    Date Public
    2025-06-10 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-49794",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-06-16T15:50:46.041375Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-06-16T15:51:46.475Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2025-11-03T20:05:25.109Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "https://lists.debian.org/debian-lts-announce/2025/07/msg00014.html"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "defaultStatus": "unknown",
                "product": "RUGGEDCOM ROX MX5000",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V2.17.1",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "RUGGEDCOM ROX MX5000RE",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V2.17.1",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "RUGGEDCOM ROX RX1400",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V2.17.1",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "RUGGEDCOM ROX RX1500",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V2.17.1",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "RUGGEDCOM ROX RX1501",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V2.17.1",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "RUGGEDCOM ROX RX1510",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V2.17.1",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "RUGGEDCOM ROX RX1511",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V2.17.1",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "RUGGEDCOM ROX RX1512",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V2.17.1",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "RUGGEDCOM ROX RX1524",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V2.17.1",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "RUGGEDCOM ROX RX1536",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V2.17.1",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "RUGGEDCOM ROX RX5000",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V2.17.1",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "RUGGEDCOM RST2428P",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V4.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-02T13:00:24.547Z",
              "orgId": "0b142b55-0307-4c5a-b3c9-f314f3fb7c5e",
              "shortName": "siemens-SADP"
            },
            "references": [
              {
                "url": "https://cert-portal.siemens.com/productcert/html/ssa-577017.html"
              },
              {
                "url": "https://cert-portal.siemens.com/productcert/html/ssa-253495.html"
              }
            ],
            "x_adpType": "supplier"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://gitlab.gnome.org/GNOME/libxml2/",
              "defaultStatus": "unaffected",
              "packageName": "libxml2",
              "versions": [
                {
                  "lessThan": "2.15.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:10.0"
              ],
              "defaultStatus": "affected",
              "packageName": "libxml2",
              "product": "Red Hat Enterprise Linux 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.12.5-7.el10_0",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:rhel_els:7"
              ],
              "defaultStatus": "affected",
              "packageName": "libxml2",
              "product": "Red Hat Enterprise Linux 7 Extended Lifecycle Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.9.1-6.el7_9.10",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:enterprise_linux:8::appstream",
                "cpe:/o:redhat:enterprise_linux:8::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "libxml2",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.9.7-21.el8_10.1",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:enterprise_linux:8::appstream",
                "cpe:/o:redhat:enterprise_linux:8::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "libxml2",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.9.7-21.el8_10.1",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_aus:8.2::appstream",
                "cpe:/o:redhat:rhel_aus:8.2::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "libxml2",
              "product": "Red Hat Enterprise Linux 8.2 Advanced Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.9.7-9.el8_2.3",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_aus:8.4::appstream",
                "cpe:/a:redhat:rhel_eus_long_life:8.4::appstream",
                "cpe:/o:redhat:rhel_aus:8.4::baseos",
                "cpe:/o:redhat:rhel_eus_long_life:8.4::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "libxml2",
              "product": "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.9.7-9.el8_4.6",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_aus:8.4::appstream",
                "cpe:/a:redhat:rhel_eus_long_life:8.4::appstream",
                "cpe:/o:redhat:rhel_aus:8.4::baseos",
                "cpe:/o:redhat:rhel_eus_long_life:8.4::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "libxml2",
              "product": "Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.9.7-9.el8_4.6",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_aus:8.6::appstream",
                "cpe:/a:redhat:rhel_e4s:8.6::appstream",
                "cpe:/a:redhat:rhel_tus:8.6::appstream",
                "cpe:/o:redhat:rhel_aus:8.6::baseos",
                "cpe:/o:redhat:rhel_e4s:8.6::baseos",
                "cpe:/o:redhat:rhel_tus:8.6::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "libxml2",
              "product": "Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.9.7-13.el8_6.10",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_aus:8.6::appstream",
                "cpe:/a:redhat:rhel_e4s:8.6::appstream",
                "cpe:/a:redhat:rhel_tus:8.6::appstream",
                "cpe:/o:redhat:rhel_aus:8.6::baseos",
                "cpe:/o:redhat:rhel_e4s:8.6::baseos",
                "cpe:/o:redhat:rhel_tus:8.6::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "libxml2",
              "product": "Red Hat Enterprise Linux 8.6 Telecommunications Update Service",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.9.7-13.el8_6.10",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_aus:8.6::appstream",
                "cpe:/a:redhat:rhel_e4s:8.6::appstream",
                "cpe:/a:redhat:rhel_tus:8.6::appstream",
                "cpe:/o:redhat:rhel_aus:8.6::baseos",
                "cpe:/o:redhat:rhel_e4s:8.6::baseos",
                "cpe:/o:redhat:rhel_tus:8.6::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "libxml2",
              "product": "Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.9.7-13.el8_6.10",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_e4s:8.8::appstream",
                "cpe:/a:redhat:rhel_tus:8.8::appstream",
                "cpe:/o:redhat:rhel_e4s:8.8::baseos",
                "cpe:/o:redhat:rhel_tus:8.8::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "libxml2",
              "product": "Red Hat Enterprise Linux 8.8 Telecommunications Update Service",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.9.7-16.el8_8.9",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_e4s:8.8::appstream",
                "cpe:/a:redhat:rhel_tus:8.8::appstream",
                "cpe:/o:redhat:rhel_e4s:8.8::baseos",
                "cpe:/o:redhat:rhel_tus:8.8::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "libxml2",
              "product": "Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.9.7-16.el8_8.9",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:enterprise_linux:9::appstream",
                "cpe:/o:redhat:enterprise_linux:9::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "libxml2",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.9.13-10.el9_6",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:enterprise_linux:9::appstream",
                "cpe:/o:redhat:enterprise_linux:9::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "libxml2",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.9.13-10.el9_6",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_e4s:9.0::appstream",
                "cpe:/o:redhat:rhel_e4s:9.0::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "libxml2",
              "product": "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.9.13-1.el9_0.5",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_e4s:9.2::appstream",
                "cpe:/o:redhat:rhel_e4s:9.2::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "libxml2",
              "product": "Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.9.13-3.el9_2.7",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_eus:9.4::appstream",
                "cpe:/o:redhat:rhel_eus:9.4::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "libxml2",
              "product": "Red Hat Enterprise Linux 9.4 Extended Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.9.13-10.el9_4",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_core_services:1"
              ],
              "defaultStatus": "unaffected",
              "packageName": "libxml2",
              "product": "Red Hat JBoss Core Services 2.4.62.SP2",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift:4.12::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "rhcos",
              "product": "Red Hat OpenShift Container Platform 4.12",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "412.86.202510291903-0",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift:4.13::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "rhcos",
              "product": "Red Hat OpenShift Container Platform 4.13",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "413.92.202510150118-0",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift:4.14::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "rhcos",
              "product": "Red Hat OpenShift Container Platform 4.14",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "414.92.202510211419-0",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift:4.17::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "rhcos",
              "product": "Red Hat OpenShift Container Platform 4.17",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "417.94.202510112152-0",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift:4.18::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "rhcos",
              "product": "Red Hat OpenShift Container Platform 4.18",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "418.94.202510230424-0",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift:4.19::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "rhcos",
              "product": "Red Hat OpenShift Container Platform 4.19",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "4.19.9.6.202510140714-0",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift:4.20::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "rhcos",
              "product": "Red Hat OpenShift Container Platform 4.20",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "4.20.9.6.202509251656-0",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:webterminal:1.11::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "web-terminal/web-terminal-rhel9-operator",
              "product": "Red Hat Web Terminal 1.11 on RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1.11-19",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:webterminal:1.11::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "web-terminal/web-terminal-tooling-rhel9",
              "product": "Red Hat Web Terminal 1.11 on RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1.11-8",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:webterminal:1.12::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "web-terminal/web-terminal-tooling-rhel9",
              "product": "Red Hat Web Terminal 1.12 on RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1.12-4",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_serverless:1.36::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-serverless-1/logic-data-index-ephemeral-rhel8",
              "product": "RHOSS-1.36-RHEL-8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1.36.0-11",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_serverless:1.36::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-serverless-1/logic-data-index-postgresql-rhel8",
              "product": "RHOSS-1.36-RHEL-8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1.36.0-11",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_serverless:1.36::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-serverless-1/logic-db-migrator-tool-rhel8",
              "product": "RHOSS-1.36-RHEL-8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1.36.0-11",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_serverless:1.36::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-serverless-1/logic-jobs-service-ephemeral-rhel8",
              "product": "RHOSS-1.36-RHEL-8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1.36.0-10",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_serverless:1.36::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-serverless-1/logic-jobs-service-postgresql-rhel8",
              "product": "RHOSS-1.36-RHEL-8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1.36.0-10",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_serverless:1.36::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8",
              "product": "RHOSS-1.36-RHEL-8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1.36.0-4",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_serverless:1.36::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-serverless-1/logic-management-console-rhel8",
              "product": "RHOSS-1.36-RHEL-8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1.36.0-9",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_serverless:1.36::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-serverless-1/logic-operator-bundle",
              "product": "RHOSS-1.36-RHEL-8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1.36.0-12",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_serverless:1.36::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-serverless-1/logic-rhel8-operator",
              "product": "RHOSS-1.36-RHEL-8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1.36.0-18",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_serverless:1.36::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-serverless-1/logic-swf-builder-rhel8",
              "product": "RHOSS-1.36-RHEL-8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1.36.0-11",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_serverless:1.36::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-serverless-1/logic-swf-devmode-rhel8",
              "product": "RHOSS-1.36-RHEL-8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1.36.0-7",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:cert_manager:1.16::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "cert-manager/jetstack-cert-manager-rhel9",
              "product": "cert-manager operator for Red Hat OpenShift 1.16",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v1.16.5-1760515757",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_file_integrity_operator:1::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "compliance/openshift-file-integrity-rhel8-operator",
              "product": "OpenShift File Integrity Operator - FIO 1",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v1.3",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:hummingbird:1"
              ],
              "defaultStatus": "affected",
              "packageName": "libxml2-main",
              "product": "Red Hat Hardened Images",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "2.15.2-0.3.hum1",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:insights_proxy:1.5::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "insights-proxy/insights-proxy-container-rhel9",
              "product": "Red Hat Insights proxy 1.5",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1.5.5-1754504343",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:6"
              ],
              "defaultStatus": "unknown",
              "packageName": "libxml2",
              "product": "Red Hat Enterprise Linux 6",
              "vendor": "Red Hat"
            }
          ],
          "datePublic": "2025-06-10T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A use-after-free vulnerability was found in libxml2. This issue occurs when parsing XPath elements under certain circumstances when the XML schematron has the \u003csch:name path=\"...\"/\u003e schema elements. This flaw allows a malicious actor to craft a malicious XML document used as input for libxml, resulting in the program\u0027s crash using libxml or other possible undefined behaviors."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Important"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.1,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-825",
                  "description": "Expired Pointer Dereference",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-29T20:51:37.743Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "RHSA-2025:10630",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:10630"
            },
            {
              "name": "RHSA-2025:10698",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:10698"
            },
            {
              "name": "RHSA-2025:10699",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:10699"
            },
            {
              "name": "RHSA-2025:11580",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:11580"
            },
            {
              "name": "RHSA-2025:12098",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:12098"
            },
            {
              "name": "RHSA-2025:12099",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:12099"
            },
            {
              "name": "RHSA-2025:12199",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:12199"
            },
            {
              "name": "RHSA-2025:12237",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:12237"
            },
            {
              "name": "RHSA-2025:12239",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:12239"
            },
            {
              "name": "RHSA-2025:12240",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:12240"
            },
            {
              "name": "RHSA-2025:12241",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:12241"
            },
            {
              "name": "RHSA-2025:13335",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:13335"
            },
            {
              "name": "RHSA-2025:15397",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:15397"
            },
            {
              "name": "RHSA-2025:15827",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:15827"
            },
            {
              "name": "RHSA-2025:15828",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:15828"
            },
            {
              "name": "RHSA-2025:18217",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:18217"
            },
            {
              "name": "RHSA-2025:18218",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:18218"
            },
            {
              "name": "RHSA-2025:18219",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:18219"
            },
            {
              "name": "RHSA-2025:18240",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:18240"
            },
            {
              "name": "RHSA-2025:19020",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:19020"
            },
            {
              "name": "RHSA-2025:19041",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:19041"
            },
            {
              "name": "RHSA-2025:19046",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:19046"
            },
            {
              "name": "RHSA-2025:19894",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:19894"
            },
            {
              "name": "RHSA-2025:21913",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:21913"
            },
            {
              "name": "RHSA-2026:0934",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2026:0934"
            },
            {
              "name": "RHSA-2026:7519",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2026:7519"
            },
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2025-49794"
            },
            {
              "name": "RHBZ#2372373",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2372373"
            },
            {
              "url": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/931"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-06-11T21:33:43.044Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2025-06-10T00:00:00.000Z",
              "value": "Made public."
            }
          ],
          "title": "Libxml: heap use after free (uaf) leads to denial of service (dos)",
          "workarounds": [
            {
              "lang": "en",
              "value": "There\u0027s no available mitigation other than avoid processing untrusted XML documents before updating to the libxml version containing the fix."
            }
          ],
          "x_generator": {
            "engine": "cvelib 1.8.0"
          },
          "x_redhatCweChain": "CWE-825: Expired Pointer Dereference"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2025-49794",
        "datePublished": "2025-06-16T15:24:31.020Z",
        "dateReserved": "2025-06-10T22:17:05.286Z",
        "dateUpdated": "2026-06-29T20:51:37.743Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-49796 (GCVE-0-2025-49796)

    Vulnerability from cvelistv5 – Published: 2025-06-16 15:14 – Updated: 2026-06-29 20:51
    VLAI
    Title
    Libxml: type confusion leads to denial of service (dos)
    Summary
    A vulnerability was found in libxml2. Processing certain sch:name elements from the input XML file can trigger a memory corruption issue. This flaw allows an attacker to craft a malicious XML input file that can lead libxml to crash, resulting in a denial of service or other possible undefined behavior due to sensitive data being corrupted in memory.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://access.redhat.com/errata/RHSA-2025:10630 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:10698 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:10699 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:11580 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:12098 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:12099 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:12199 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:12237 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:12239 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:12240 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:12241 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:13267 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:13335 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:15397 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:15827 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:15828 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:18217 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:18218 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:18219 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:18240 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:19020 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:19041 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:19046 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:19894 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:21913 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:0934 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:7519 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/security/cve/CVE-2025-49796 vdb-entryx_refsource_REDHAT
    https://bugzilla.redhat.com/show_bug.cgi?id=2372385 issue-trackingx_refsource_REDHAT
    https://gitlab.gnome.org/GNOME/libxml2/-/issues/933
    https://lists.debian.org/debian-lts-announce/2025…
    https://cert-portal.siemens.com/productcert/html/…
    https://cert-portal.siemens.com/productcert/html/…
    Impacted products
    Vendor Product Version
    Affected: 0 , < 2.15.0 (semver)
    Red Hat Red Hat Enterprise Linux 10 Unaffected: 0:2.12.5-7.el10_0 , < * (rpm)
        cpe:/o:redhat:enterprise_linux:10.0
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 7 Extended Lifecycle Support Unaffected: 0:2.9.1-6.el7_9.10 , < * (rpm)
        cpe:/o:redhat:rhel_els:7
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8 Unaffected: 0:2.9.7-21.el8_10.1 , < * (rpm)
        cpe:/a:redhat:enterprise_linux:8::appstream
        cpe:/o:redhat:enterprise_linux:8::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.2 Advanced Update Support Unaffected: 0:2.9.7-9.el8_2.3 , < * (rpm)
        cpe:/a:redhat:rhel_aus:8.2::appstream
        cpe:/o:redhat:rhel_aus:8.2::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support Unaffected: 0:2.9.7-9.el8_4.6 , < * (rpm)
        cpe:/a:redhat:rhel_aus:8.4::appstream
        cpe:/a:redhat:rhel_eus_long_life:8.4::appstream
        cpe:/o:redhat:rhel_aus:8.4::baseos
        cpe:/o:redhat:rhel_eus_long_life:8.4::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On Unaffected: 0:2.9.7-9.el8_4.6 , < * (rpm)
        cpe:/a:redhat:rhel_aus:8.4::appstream
        cpe:/a:redhat:rhel_eus_long_life:8.4::appstream
        cpe:/o:redhat:rhel_aus:8.4::baseos
        cpe:/o:redhat:rhel_eus_long_life:8.4::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support Unaffected: 0:2.9.7-13.el8_6.10 , < * (rpm)
        cpe:/a:redhat:rhel_aus:8.6::appstream
        cpe:/a:redhat:rhel_e4s:8.6::appstream
        cpe:/a:redhat:rhel_tus:8.6::appstream
        cpe:/o:redhat:rhel_aus:8.6::baseos
        cpe:/o:redhat:rhel_e4s:8.6::baseos
        cpe:/o:redhat:rhel_tus:8.6::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.6 Telecommunications Update Service Unaffected: 0:2.9.7-13.el8_6.10 , < * (rpm)
        cpe:/a:redhat:rhel_aus:8.6::appstream
        cpe:/a:redhat:rhel_e4s:8.6::appstream
        cpe:/a:redhat:rhel_tus:8.6::appstream
        cpe:/o:redhat:rhel_aus:8.6::baseos
        cpe:/o:redhat:rhel_e4s:8.6::baseos
        cpe:/o:redhat:rhel_tus:8.6::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions Unaffected: 0:2.9.7-13.el8_6.10 , < * (rpm)
        cpe:/a:redhat:rhel_aus:8.6::appstream
        cpe:/a:redhat:rhel_e4s:8.6::appstream
        cpe:/a:redhat:rhel_tus:8.6::appstream
        cpe:/o:redhat:rhel_aus:8.6::baseos
        cpe:/o:redhat:rhel_e4s:8.6::baseos
        cpe:/o:redhat:rhel_tus:8.6::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.8 Telecommunications Update Service Unaffected: 0:2.9.7-16.el8_8.9 , < * (rpm)
        cpe:/a:redhat:rhel_e4s:8.8::appstream
        cpe:/a:redhat:rhel_tus:8.8::appstream
        cpe:/o:redhat:rhel_e4s:8.8::baseos
        cpe:/o:redhat:rhel_tus:8.8::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions Unaffected: 0:2.9.7-16.el8_8.9 , < * (rpm)
        cpe:/a:redhat:rhel_e4s:8.8::appstream
        cpe:/a:redhat:rhel_tus:8.8::appstream
        cpe:/o:redhat:rhel_e4s:8.8::baseos
        cpe:/o:redhat:rhel_tus:8.8::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9 Unaffected: 0:2.9.13-10.el9_6 , < * (rpm)
        cpe:/a:redhat:enterprise_linux:9::appstream
        cpe:/o:redhat:enterprise_linux:9::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions Unaffected: 0:2.9.13-1.el9_0.5 , < * (rpm)
        cpe:/a:redhat:rhel_e4s:9.0::appstream
        cpe:/o:redhat:rhel_e4s:9.0::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions Unaffected: 0:2.9.13-3.el9_2.7 , < * (rpm)
        cpe:/a:redhat:rhel_e4s:9.2::appstream
        cpe:/o:redhat:rhel_e4s:9.2::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9.4 Extended Update Support Unaffected: 0:2.9.13-10.el9_4 , < * (rpm)
        cpe:/a:redhat:rhel_eus:9.4::appstream
        cpe:/o:redhat:rhel_eus:9.4::baseos
    Create a notification for this product.
    Red Hat Red Hat JBoss Core Services 2.4.62.SP2     cpe:/a:redhat:jboss_core_services:1
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.12 Unaffected: 412.86.202510291903-0 , < * (rpm)
        cpe:/a:redhat:openshift:4.12::el8
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.13 Unaffected: 413.92.202510150118-0 , < * (rpm)
        cpe:/a:redhat:openshift:4.13::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.14 Unaffected: 414.92.202510211419-0 , < * (rpm)
        cpe:/a:redhat:openshift:4.14::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.17 Unaffected: 417.94.202510112152-0 , < * (rpm)
        cpe:/a:redhat:openshift:4.17::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.18 Unaffected: 418.94.202510230424-0 , < * (rpm)
        cpe:/a:redhat:openshift:4.18::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.19 Unaffected: 4.19.9.6.202510140714-0 , < * (rpm)
        cpe:/a:redhat:openshift:4.19::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.20 Unaffected: 4.20.9.6.202509251656-0 , < * (rpm)
        cpe:/a:redhat:openshift:4.20::el9
    Create a notification for this product.
    Red Hat Red Hat Web Terminal 1.11 on RHEL 9 Unaffected: 1.11-19 , < * (rpm)
        cpe:/a:redhat:webterminal:1.11::el9
    Create a notification for this product.
    Red Hat Red Hat Web Terminal 1.11 on RHEL 9 Unaffected: 1.11-8 , < * (rpm)
        cpe:/a:redhat:webterminal:1.11::el9
    Create a notification for this product.
    Red Hat Red Hat Web Terminal 1.12 on RHEL 9 Unaffected: 1.12-4 , < * (rpm)
        cpe:/a:redhat:webterminal:1.12::el9
    Create a notification for this product.
    Red Hat RHOSS-1.36-RHEL-8 Unaffected: 1.36.0-11 , < * (rpm)
        cpe:/a:redhat:openshift_serverless:1.36::el8
    Create a notification for this product.
    Red Hat RHOSS-1.36-RHEL-8 Unaffected: 1.36.0-10 , < * (rpm)
        cpe:/a:redhat:openshift_serverless:1.36::el8
    Create a notification for this product.
    Red Hat RHOSS-1.36-RHEL-8 Unaffected: 1.36.0-4 , < * (rpm)
        cpe:/a:redhat:openshift_serverless:1.36::el8
    Create a notification for this product.
    Red Hat RHOSS-1.36-RHEL-8 Unaffected: 1.36.0-9 , < * (rpm)
        cpe:/a:redhat:openshift_serverless:1.36::el8
    Create a notification for this product.
    Red Hat RHOSS-1.36-RHEL-8 Unaffected: 1.36.0-12 , < * (rpm)
        cpe:/a:redhat:openshift_serverless:1.36::el8
    Create a notification for this product.
    Red Hat RHOSS-1.36-RHEL-8 Unaffected: 1.36.0-18 , < * (rpm)
        cpe:/a:redhat:openshift_serverless:1.36::el8
    Create a notification for this product.
    Red Hat RHOSS-1.36-RHEL-8 Unaffected: 1.36.0-7 , < * (rpm)
        cpe:/a:redhat:openshift_serverless:1.36::el8
    Create a notification for this product.
    Red Hat cert-manager operator for Red Hat OpenShift 1.16 Unaffected: v1.16.5-1760515757 , < * (rpm)
        cpe:/a:redhat:cert_manager:1.16::el9
    Create a notification for this product.
    Red Hat OpenShift File Integrity Operator - FIO 1 Unaffected: v1.3 , < * (rpm)
        cpe:/a:redhat:openshift_file_integrity_operator:1::el9
    Create a notification for this product.
    Red Hat Red Hat Discovery 2 Unaffected: 2.0.1-1754478727 , < * (rpm)
        cpe:/a:redhat:discovery:2::el9
    Create a notification for this product.
    Red Hat Red Hat Hardened Images Unaffected: 2.15.2-0.3.hum1 , < * (rpm)
        cpe:/a:redhat:hummingbird:1
    Create a notification for this product.
    Red Hat Red Hat Insights proxy 1.5 Unaffected: 1.5.5-1754504343 , < * (rpm)
        cpe:/a:redhat:insights_proxy:1.5::el9
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 6     cpe:/o:redhat:enterprise_linux:6
    Create a notification for this product.
    Siemens RUGGEDCOM ROX MX5000 Affected: 0 , < V2.17.1 (custom)
    Create a notification for this product.
    Siemens RUGGEDCOM ROX MX5000RE Affected: 0 , < V2.17.1 (custom)
    Create a notification for this product.
    Siemens RUGGEDCOM ROX RX1400 Affected: 0 , < V2.17.1 (custom)
    Create a notification for this product.
    Siemens RUGGEDCOM ROX RX1500 Affected: 0 , < V2.17.1 (custom)
    Create a notification for this product.
    Siemens RUGGEDCOM ROX RX1501 Affected: 0 , < V2.17.1 (custom)
    Create a notification for this product.
    Siemens RUGGEDCOM ROX RX1510 Affected: 0 , < V2.17.1 (custom)
    Create a notification for this product.
    Siemens RUGGEDCOM ROX RX1511 Affected: 0 , < V2.17.1 (custom)
    Create a notification for this product.
    Siemens RUGGEDCOM ROX RX1512 Affected: 0 , < V2.17.1 (custom)
    Create a notification for this product.
    Siemens RUGGEDCOM ROX RX1524 Affected: 0 , < V2.17.1 (custom)
    Create a notification for this product.
    Siemens RUGGEDCOM ROX RX1536 Affected: 0 , < V2.17.1 (custom)
    Create a notification for this product.
    Siemens RUGGEDCOM ROX RX5000 Affected: 0 , < V2.17.1 (custom)
    Create a notification for this product.
    Siemens RUGGEDCOM RST2428P Affected: 0 , < V4.0 (custom)
    Create a notification for this product.
    Date Public
    2025-06-11 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-49796",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-06-16T15:32:55.790163Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-06-16T15:33:08.296Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2025-11-03T20:05:26.711Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "https://lists.debian.org/debian-lts-announce/2025/07/msg00014.html"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "defaultStatus": "unknown",
                "product": "RUGGEDCOM ROX MX5000",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V2.17.1",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "RUGGEDCOM ROX MX5000RE",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V2.17.1",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "RUGGEDCOM ROX RX1400",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V2.17.1",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "RUGGEDCOM ROX RX1500",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V2.17.1",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "RUGGEDCOM ROX RX1501",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V2.17.1",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "RUGGEDCOM ROX RX1510",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V2.17.1",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "RUGGEDCOM ROX RX1511",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V2.17.1",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "RUGGEDCOM ROX RX1512",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V2.17.1",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "RUGGEDCOM ROX RX1524",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V2.17.1",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "RUGGEDCOM ROX RX1536",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V2.17.1",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "RUGGEDCOM ROX RX5000",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V2.17.1",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "RUGGEDCOM RST2428P",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V4.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-02T13:00:27.145Z",
              "orgId": "0b142b55-0307-4c5a-b3c9-f314f3fb7c5e",
              "shortName": "siemens-SADP"
            },
            "references": [
              {
                "url": "https://cert-portal.siemens.com/productcert/html/ssa-577017.html"
              },
              {
                "url": "https://cert-portal.siemens.com/productcert/html/ssa-253495.html"
              }
            ],
            "x_adpType": "supplier"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://gitlab.gnome.org/GNOME/libxml2/",
              "defaultStatus": "unaffected",
              "packageName": "libxml2",
              "versions": [
                {
                  "lessThan": "2.15.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:10.0"
              ],
              "defaultStatus": "affected",
              "packageName": "libxml2",
              "product": "Red Hat Enterprise Linux 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.12.5-7.el10_0",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:rhel_els:7"
              ],
              "defaultStatus": "affected",
              "packageName": "libxml2",
              "product": "Red Hat Enterprise Linux 7 Extended Lifecycle Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.9.1-6.el7_9.10",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:enterprise_linux:8::appstream",
                "cpe:/o:redhat:enterprise_linux:8::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "libxml2",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.9.7-21.el8_10.1",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:enterprise_linux:8::appstream",
                "cpe:/o:redhat:enterprise_linux:8::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "libxml2",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.9.7-21.el8_10.1",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_aus:8.2::appstream",
                "cpe:/o:redhat:rhel_aus:8.2::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "libxml2",
              "product": "Red Hat Enterprise Linux 8.2 Advanced Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.9.7-9.el8_2.3",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_aus:8.4::appstream",
                "cpe:/a:redhat:rhel_eus_long_life:8.4::appstream",
                "cpe:/o:redhat:rhel_aus:8.4::baseos",
                "cpe:/o:redhat:rhel_eus_long_life:8.4::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "libxml2",
              "product": "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.9.7-9.el8_4.6",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_aus:8.4::appstream",
                "cpe:/a:redhat:rhel_eus_long_life:8.4::appstream",
                "cpe:/o:redhat:rhel_aus:8.4::baseos",
                "cpe:/o:redhat:rhel_eus_long_life:8.4::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "libxml2",
              "product": "Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.9.7-9.el8_4.6",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_aus:8.6::appstream",
                "cpe:/a:redhat:rhel_e4s:8.6::appstream",
                "cpe:/a:redhat:rhel_tus:8.6::appstream",
                "cpe:/o:redhat:rhel_aus:8.6::baseos",
                "cpe:/o:redhat:rhel_e4s:8.6::baseos",
                "cpe:/o:redhat:rhel_tus:8.6::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "libxml2",
              "product": "Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.9.7-13.el8_6.10",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_aus:8.6::appstream",
                "cpe:/a:redhat:rhel_e4s:8.6::appstream",
                "cpe:/a:redhat:rhel_tus:8.6::appstream",
                "cpe:/o:redhat:rhel_aus:8.6::baseos",
                "cpe:/o:redhat:rhel_e4s:8.6::baseos",
                "cpe:/o:redhat:rhel_tus:8.6::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "libxml2",
              "product": "Red Hat Enterprise Linux 8.6 Telecommunications Update Service",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.9.7-13.el8_6.10",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_aus:8.6::appstream",
                "cpe:/a:redhat:rhel_e4s:8.6::appstream",
                "cpe:/a:redhat:rhel_tus:8.6::appstream",
                "cpe:/o:redhat:rhel_aus:8.6::baseos",
                "cpe:/o:redhat:rhel_e4s:8.6::baseos",
                "cpe:/o:redhat:rhel_tus:8.6::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "libxml2",
              "product": "Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.9.7-13.el8_6.10",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_e4s:8.8::appstream",
                "cpe:/a:redhat:rhel_tus:8.8::appstream",
                "cpe:/o:redhat:rhel_e4s:8.8::baseos",
                "cpe:/o:redhat:rhel_tus:8.8::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "libxml2",
              "product": "Red Hat Enterprise Linux 8.8 Telecommunications Update Service",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.9.7-16.el8_8.9",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_e4s:8.8::appstream",
                "cpe:/a:redhat:rhel_tus:8.8::appstream",
                "cpe:/o:redhat:rhel_e4s:8.8::baseos",
                "cpe:/o:redhat:rhel_tus:8.8::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "libxml2",
              "product": "Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.9.7-16.el8_8.9",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:enterprise_linux:9::appstream",
                "cpe:/o:redhat:enterprise_linux:9::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "libxml2",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.9.13-10.el9_6",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:enterprise_linux:9::appstream",
                "cpe:/o:redhat:enterprise_linux:9::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "libxml2",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.9.13-10.el9_6",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_e4s:9.0::appstream",
                "cpe:/o:redhat:rhel_e4s:9.0::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "libxml2",
              "product": "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.9.13-1.el9_0.5",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_e4s:9.2::appstream",
                "cpe:/o:redhat:rhel_e4s:9.2::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "libxml2",
              "product": "Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.9.13-3.el9_2.7",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_eus:9.4::appstream",
                "cpe:/o:redhat:rhel_eus:9.4::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "libxml2",
              "product": "Red Hat Enterprise Linux 9.4 Extended Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.9.13-10.el9_4",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_core_services:1"
              ],
              "defaultStatus": "unaffected",
              "packageName": "libxml2",
              "product": "Red Hat JBoss Core Services 2.4.62.SP2",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift:4.12::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "rhcos",
              "product": "Red Hat OpenShift Container Platform 4.12",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "412.86.202510291903-0",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift:4.13::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "rhcos",
              "product": "Red Hat OpenShift Container Platform 4.13",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "413.92.202510150118-0",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift:4.14::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "rhcos",
              "product": "Red Hat OpenShift Container Platform 4.14",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "414.92.202510211419-0",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift:4.17::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "rhcos",
              "product": "Red Hat OpenShift Container Platform 4.17",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "417.94.202510112152-0",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift:4.18::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "rhcos",
              "product": "Red Hat OpenShift Container Platform 4.18",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "418.94.202510230424-0",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift:4.19::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "rhcos",
              "product": "Red Hat OpenShift Container Platform 4.19",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "4.19.9.6.202510140714-0",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift:4.20::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "rhcos",
              "product": "Red Hat OpenShift Container Platform 4.20",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "4.20.9.6.202509251656-0",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:webterminal:1.11::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "web-terminal/web-terminal-rhel9-operator",
              "product": "Red Hat Web Terminal 1.11 on RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1.11-19",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:webterminal:1.11::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "web-terminal/web-terminal-tooling-rhel9",
              "product": "Red Hat Web Terminal 1.11 on RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1.11-8",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:webterminal:1.12::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "web-terminal/web-terminal-tooling-rhel9",
              "product": "Red Hat Web Terminal 1.12 on RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1.12-4",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_serverless:1.36::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-serverless-1/logic-data-index-ephemeral-rhel8",
              "product": "RHOSS-1.36-RHEL-8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1.36.0-11",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_serverless:1.36::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-serverless-1/logic-data-index-postgresql-rhel8",
              "product": "RHOSS-1.36-RHEL-8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1.36.0-11",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_serverless:1.36::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-serverless-1/logic-db-migrator-tool-rhel8",
              "product": "RHOSS-1.36-RHEL-8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1.36.0-11",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_serverless:1.36::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-serverless-1/logic-jobs-service-ephemeral-rhel8",
              "product": "RHOSS-1.36-RHEL-8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1.36.0-10",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_serverless:1.36::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-serverless-1/logic-jobs-service-postgresql-rhel8",
              "product": "RHOSS-1.36-RHEL-8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1.36.0-10",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_serverless:1.36::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8",
              "product": "RHOSS-1.36-RHEL-8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1.36.0-4",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_serverless:1.36::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-serverless-1/logic-management-console-rhel8",
              "product": "RHOSS-1.36-RHEL-8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1.36.0-9",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_serverless:1.36::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-serverless-1/logic-operator-bundle",
              "product": "RHOSS-1.36-RHEL-8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1.36.0-12",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_serverless:1.36::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-serverless-1/logic-rhel8-operator",
              "product": "RHOSS-1.36-RHEL-8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1.36.0-18",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_serverless:1.36::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-serverless-1/logic-swf-builder-rhel8",
              "product": "RHOSS-1.36-RHEL-8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1.36.0-11",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_serverless:1.36::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-serverless-1/logic-swf-devmode-rhel8",
              "product": "RHOSS-1.36-RHEL-8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1.36.0-7",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:cert_manager:1.16::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "cert-manager/jetstack-cert-manager-rhel9",
              "product": "cert-manager operator for Red Hat OpenShift 1.16",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v1.16.5-1760515757",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_file_integrity_operator:1::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "compliance/openshift-file-integrity-rhel8-operator",
              "product": "OpenShift File Integrity Operator - FIO 1",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v1.3",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:discovery:2::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "discovery/discovery-server-rhel9",
              "product": "Red Hat Discovery 2",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "2.0.1-1754478727",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:hummingbird:1"
              ],
              "defaultStatus": "affected",
              "packageName": "libxml2-main",
              "product": "Red Hat Hardened Images",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "2.15.2-0.3.hum1",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:insights_proxy:1.5::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "insights-proxy/insights-proxy-container-rhel9",
              "product": "Red Hat Insights proxy 1.5",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1.5.5-1754504343",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:6"
              ],
              "defaultStatus": "unknown",
              "packageName": "libxml2",
              "product": "Red Hat Enterprise Linux 6",
              "vendor": "Red Hat"
            }
          ],
          "datePublic": "2025-06-11T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability was found in libxml2. Processing certain sch:name elements from the input XML file can trigger a memory corruption issue. This flaw allows an attacker to craft a malicious XML input file that can lead libxml to crash, resulting in a denial of service or other possible undefined behavior due to sensitive data being corrupted in memory."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Important"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.1,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-125",
                  "description": "Out-of-bounds Read",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-29T20:51:45.115Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "RHSA-2025:10630",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:10630"
            },
            {
              "name": "RHSA-2025:10698",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:10698"
            },
            {
              "name": "RHSA-2025:10699",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:10699"
            },
            {
              "name": "RHSA-2025:11580",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:11580"
            },
            {
              "name": "RHSA-2025:12098",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:12098"
            },
            {
              "name": "RHSA-2025:12099",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:12099"
            },
            {
              "name": "RHSA-2025:12199",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:12199"
            },
            {
              "name": "RHSA-2025:12237",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:12237"
            },
            {
              "name": "RHSA-2025:12239",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:12239"
            },
            {
              "name": "RHSA-2025:12240",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:12240"
            },
            {
              "name": "RHSA-2025:12241",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:12241"
            },
            {
              "name": "RHSA-2025:13267",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:13267"
            },
            {
              "name": "RHSA-2025:13335",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:13335"
            },
            {
              "name": "RHSA-2025:15397",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:15397"
            },
            {
              "name": "RHSA-2025:15827",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:15827"
            },
            {
              "name": "RHSA-2025:15828",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:15828"
            },
            {
              "name": "RHSA-2025:18217",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:18217"
            },
            {
              "name": "RHSA-2025:18218",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:18218"
            },
            {
              "name": "RHSA-2025:18219",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:18219"
            },
            {
              "name": "RHSA-2025:18240",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:18240"
            },
            {
              "name": "RHSA-2025:19020",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:19020"
            },
            {
              "name": "RHSA-2025:19041",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:19041"
            },
            {
              "name": "RHSA-2025:19046",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:19046"
            },
            {
              "name": "RHSA-2025:19894",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:19894"
            },
            {
              "name": "RHSA-2025:21913",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:21913"
            },
            {
              "name": "RHSA-2026:0934",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2026:0934"
            },
            {
              "name": "RHSA-2026:7519",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2026:7519"
            },
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2025-49796"
            },
            {
              "name": "RHBZ#2372385",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2372385"
            },
            {
              "url": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/933"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-06-12T00:35:26.470Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2025-06-11T00:00:00.000Z",
              "value": "Made public."
            }
          ],
          "title": "Libxml: type confusion leads to denial of service (dos)",
          "workarounds": [
            {
              "lang": "en",
              "value": "There\u0027s no available mitigation other than to avoid processing untrusted XML documents if the user is unable/unwilling to update the library."
            }
          ],
          "x_generator": {
            "engine": "cvelib 1.8.0"
          },
          "x_redhatCweChain": "CWE-125: Out-of-bounds Read"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2025-49796",
        "datePublished": "2025-06-16T15:14:28.251Z",
        "dateReserved": "2025-06-10T22:17:05.287Z",
        "dateUpdated": "2026-06-29T20:51:45.115Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-5914 (GCVE-0-2025-5914)

    Vulnerability from cvelistv5 – Published: 2025-06-09 19:53 – Updated: 2026-06-30 10:40
    VLAI
    Title
    Libarchive: double free at archive_read_format_rar_seek_data() in archive_read_support_format_rar.c
    Summary
    A vulnerability has been identified in the libarchive library, specifically within the archive_read_format_rar_seek_data() function. This flaw involves an integer overflow that can ultimately lead to a double-free condition. Exploiting a double-free vulnerability can result in memory corruption, enabling an attacker to execute arbitrary code or cause a denial-of-service condition.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-190 - Integer Overflow or Wraparound
    Assigner
    References
    URL Tags
    https://access.redhat.com/errata/RHSA-2025:14130 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:14135 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:14137 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:14141 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:14142 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:14525 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:14528 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:14594 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:14644 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:14808 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:14810 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:14828 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:15024 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:15397 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:15709 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:15827 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:15828 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:16524 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:18217 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:18218 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:18219 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:19041 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:19046 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:21885 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:21913 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:0326 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:0934 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:1541 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/security/cve/CVE-2025-5914 vdb-entryx_refsource_REDHAT
    https://bugzilla.redhat.com/show_bug.cgi?id=2370861 issue-trackingx_refsource_REDHAT
    https://github.com/libarchive/libarchive/pull/2598
    https://github.com/libarchive/libarchive/releases…
    Impacted products
    Vendor Product Version
    Affected: 0 , < 3.8.0 (semver)
    Red Hat Red Hat Enterprise Linux 10 Unaffected: 0:3.7.7-4.el10_0 , < * (rpm)
        cpe:/o:redhat:enterprise_linux:10.0
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 7 Extended Lifecycle Support Unaffected: 0:3.1.2-14.el7_9.1 , < * (rpm)
        cpe:/o:redhat:rhel_els:7
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8 Unaffected: 0:3.3.3-6.el8_10 , < * (rpm)
        cpe:/a:redhat:enterprise_linux:8::crb
        cpe:/o:redhat:enterprise_linux:8::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.2 Advanced Update Support Unaffected: 0:3.3.2-8.el8_2.1 , < * (rpm)
        cpe:/o:redhat:rhel_aus:8.2::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support Unaffected: 0:3.3.3-1.el8_4.1 , < * (rpm)
        cpe:/o:redhat:rhel_aus:8.4::baseos
        cpe:/o:redhat:rhel_eus_long_life:8.4::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On Unaffected: 0:3.3.3-1.el8_4.1 , < * (rpm)
        cpe:/o:redhat:rhel_aus:8.4::baseos
        cpe:/o:redhat:rhel_eus_long_life:8.4::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support Unaffected: 0:3.3.3-6.el8_6 , < * (rpm)
        cpe:/o:redhat:rhel_aus:8.6::baseos
        cpe:/o:redhat:rhel_e4s:8.6::baseos
        cpe:/o:redhat:rhel_tus:8.6::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.6 Telecommunications Update Service Unaffected: 0:3.3.3-6.el8_6 , < * (rpm)
        cpe:/o:redhat:rhel_aus:8.6::baseos
        cpe:/o:redhat:rhel_e4s:8.6::baseos
        cpe:/o:redhat:rhel_tus:8.6::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions Unaffected: 0:3.3.3-6.el8_6 , < * (rpm)
        cpe:/o:redhat:rhel_aus:8.6::baseos
        cpe:/o:redhat:rhel_e4s:8.6::baseos
        cpe:/o:redhat:rhel_tus:8.6::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.8 Telecommunications Update Service Unaffected: 0:3.3.3-5.el8_8.1 , < * (rpm)
        cpe:/o:redhat:rhel_e4s:8.8::baseos
        cpe:/o:redhat:rhel_tus:8.8::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions Unaffected: 0:3.3.3-5.el8_8.1 , < * (rpm)
        cpe:/o:redhat:rhel_e4s:8.8::baseos
        cpe:/o:redhat:rhel_tus:8.8::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9 Unaffected: 0:3.5.3-6.el9_6 , < * (rpm)
        cpe:/a:redhat:enterprise_linux:9::appstream
        cpe:/o:redhat:enterprise_linux:9::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions Unaffected: 0:3.5.3-2.el9_0.1 , < * (rpm)
        cpe:/a:redhat:rhel_e4s:9.0::appstream
        cpe:/o:redhat:rhel_e4s:9.0::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions Unaffected: 0:3.5.3-5.el9_2 , < * (rpm)
        cpe:/a:redhat:rhel_e4s:9.2::appstream
        cpe:/o:redhat:rhel_e4s:9.2::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9.4 Extended Update Support Unaffected: 0:3.5.3-4.el9_4.1 , < * (rpm)
        cpe:/a:redhat:rhel_eus:9.4::appstream
        cpe:/a:redhat:rhel_eus:9.4::crb
        cpe:/o:redhat:rhel_eus:9.4::baseos
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.14 Unaffected: 414.92.202510211419-0 , < * (rpm)
        cpe:/a:redhat:openshift:4.14::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.15 Unaffected: 415.92.202601271320-0 , < * (rpm)
        cpe:/a:redhat:openshift:4.15::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.16 Unaffected: 416.94.202601071926-0 , < * (rpm)
        cpe:/a:redhat:openshift:4.16::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.17 Unaffected: 417.94.202510112152-0 , < * (rpm)
        cpe:/a:redhat:openshift:4.17::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.18 Unaffected: 418.94.202510230424-0 , < * (rpm)
        cpe:/a:redhat:openshift:4.18::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.19 Unaffected: 4.19.9.6.202510140714-0 , < * (rpm)
        cpe:/a:redhat:openshift:4.19::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.20 Unaffected: 4.20.9.6.202509251656-0 , < * (rpm)
        cpe:/a:redhat:openshift:4.20::el9
    Create a notification for this product.
    Red Hat Red Hat Web Terminal 1.11 on RHEL 9 Unaffected: 1.11-19 , < * (rpm)
        cpe:/a:redhat:webterminal:1.11::el9
    Create a notification for this product.
    Red Hat Red Hat Web Terminal 1.11 on RHEL 9 Unaffected: 1.11-8 , < * (rpm)
        cpe:/a:redhat:webterminal:1.11::el9
    Create a notification for this product.
    Red Hat Red Hat Web Terminal 1.12 on RHEL 9 Unaffected: 1.12-4 , < * (rpm)
        cpe:/a:redhat:webterminal:1.12::el9
    Create a notification for this product.
    Red Hat RHOSS-1.36-RHEL-8 Unaffected: 1.36.0-11 , < * (rpm)
        cpe:/a:redhat:openshift_serverless:1.36::el8
    Create a notification for this product.
    Red Hat RHOSS-1.36-RHEL-8 Unaffected: 1.36.0-10 , < * (rpm)
        cpe:/a:redhat:openshift_serverless:1.36::el8
    Create a notification for this product.
    Red Hat RHOSS-1.36-RHEL-8 Unaffected: 1.36.0-4 , < * (rpm)
        cpe:/a:redhat:openshift_serverless:1.36::el8
    Create a notification for this product.
    Red Hat RHOSS-1.36-RHEL-8 Unaffected: 1.36.0-9 , < * (rpm)
        cpe:/a:redhat:openshift_serverless:1.36::el8
    Create a notification for this product.
    Red Hat RHOSS-1.36-RHEL-8 Unaffected: 1.36.0-12 , < * (rpm)
        cpe:/a:redhat:openshift_serverless:1.36::el8
    Create a notification for this product.
    Red Hat RHOSS-1.36-RHEL-8 Unaffected: 1.36.0-18 , < * (rpm)
        cpe:/a:redhat:openshift_serverless:1.36::el8
    Create a notification for this product.
    Red Hat RHOSS-1.36-RHEL-8 Unaffected: 1.36.0-7 , < * (rpm)
        cpe:/a:redhat:openshift_serverless:1.36::el8
    Create a notification for this product.
    Red Hat cert-manager operator for Red Hat OpenShift 1.16 Unaffected: v1.16.5-1760515757 , < * (rpm)
        cpe:/a:redhat:cert_manager:1.16::el9
    Create a notification for this product.
    Red Hat OpenShift Compliance Operator 1 Unaffected: 1.8.0 , < * (rpm)
        cpe:/a:redhat:openshift_compliance_operator:1::el9
    Create a notification for this product.
    Red Hat OpenShift File Integrity Operator - FIO 1 Unaffected: v1.3 , < * (rpm)
        cpe:/a:redhat:openshift_file_integrity_operator:1::el9
    Create a notification for this product.
    Red Hat Red Hat Discovery 2 Unaffected: 2.2.1-1758555934 , < * (rpm)
        cpe:/a:redhat:discovery:2::el9
    Create a notification for this product.
    Red Hat Red Hat Insights proxy 1.5 Unaffected: 1.5.6-1756187445 , < * (rpm)
        cpe:/a:redhat:insights_proxy:1.5::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift distributed tracing 3.5.1 Unaffected: rhosdt-3.5-1756116455 , < * (rpm)
        cpe:/a:redhat:openshift_distributed_tracing:3.5::el8
    Create a notification for this product.
    Red Hat Red Hat OpenShift distributed tracing 3.5.1 Unaffected: rhosdt-3.5-1756116482 , < * (rpm)
        cpe:/a:redhat:openshift_distributed_tracing:3.5::el8
    Create a notification for this product.
    Red Hat Red Hat OpenShift distributed tracing 3.5.1 Unaffected: rhosdt-3.5-1756116441 , < * (rpm)
        cpe:/a:redhat:openshift_distributed_tracing:3.5::el8
    Create a notification for this product.
    Red Hat Red Hat OpenShift distributed tracing 3.5.1 Unaffected: rhosdt-3.5-1756116449 , < * (rpm)
        cpe:/a:redhat:openshift_distributed_tracing:3.5::el8
    Create a notification for this product.
    Red Hat Red Hat OpenShift distributed tracing 3.5.1 Unaffected: rhosdt-3.5-1756116439 , < * (rpm)
        cpe:/a:redhat:openshift_distributed_tracing:3.5::el8
    Create a notification for this product.
    Red Hat Red Hat OpenShift distributed tracing 3.5.1 Unaffected: rhosdt-3.5-1756116447 , < * (rpm)
        cpe:/a:redhat:openshift_distributed_tracing:3.5::el8
    Create a notification for this product.
    Red Hat Red Hat OpenShift distributed tracing 3.5.1 Unaffected: rhosdt-3.5-1756128595 , < * (rpm)
        cpe:/a:redhat:openshift_distributed_tracing:3.5::el8
    Create a notification for this product.
    Red Hat Red Hat OpenShift distributed tracing 3.5.1 Unaffected: rhosdt-3.5-1756125872 , < * (rpm)
        cpe:/a:redhat:openshift_distributed_tracing:3.5::el8
    Create a notification for this product.
    Red Hat Red Hat OpenShift distributed tracing 3.5.1 Unaffected: rhosdt-3.5-1756116445 , < * (rpm)
        cpe:/a:redhat:openshift_distributed_tracing:3.5::el8
    Create a notification for this product.
    Red Hat Red Hat OpenShift sandboxed containers 1.1 Unaffected: 1.10.2-1757422110 , < * (rpm)
        cpe:/a:redhat:confidential_compute_attestation:1.10::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift sandboxed containers 1.1 Unaffected: 1.10.2-1757421846 , < * (rpm)
        cpe:/a:redhat:confidential_compute_attestation:1.10::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift sandboxed containers 1.1 Unaffected: 1.10.2-1757421804 , < * (rpm)
        cpe:/a:redhat:confidential_compute_attestation:1.10::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift sandboxed containers 1.1 Unaffected: 1.10.2-1757422070 , < * (rpm)
        cpe:/a:redhat:confidential_compute_attestation:1.10::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift sandboxed containers 1.1 Unaffected: 1.10.2-1757421879 , < * (rpm)
        cpe:/a:redhat:confidential_compute_attestation:1.10::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift sandboxed containers 1.1 Unaffected: 1.10.2-1757422401 , < * (rpm)
        cpe:/a:redhat:confidential_compute_attestation:1.10::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift sandboxed containers 1.1 Unaffected: 1.10.2-1757421890 , < * (rpm)
        cpe:/a:redhat:confidential_compute_attestation:1.10::el9
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 6     cpe:/o:redhat:enterprise_linux:6
    Create a notification for this product.
    Date Public
    2025-05-20 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-5914",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-06-10T15:14:35.773233Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-06-10T15:30:42.589Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://github.com/libarchive/libarchive/pull/2598"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://github.com/libarchive/libarchive/",
              "defaultStatus": "unaffected",
              "packageName": "libarchive",
              "versions": [
                {
                  "lessThan": "3.8.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:10.0"
              ],
              "defaultStatus": "affected",
              "packageName": "libarchive",
              "product": "Red Hat Enterprise Linux 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:3.7.7-4.el10_0",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:rhel_els:7"
              ],
              "defaultStatus": "affected",
              "packageName": "libarchive",
              "product": "Red Hat Enterprise Linux 7 Extended Lifecycle Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:3.1.2-14.el7_9.1",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:enterprise_linux:8::crb",
                "cpe:/o:redhat:enterprise_linux:8::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "libarchive",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:3.3.3-6.el8_10",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:rhel_aus:8.2::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "libarchive",
              "product": "Red Hat Enterprise Linux 8.2 Advanced Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:3.3.2-8.el8_2.1",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:rhel_aus:8.4::baseos",
                "cpe:/o:redhat:rhel_eus_long_life:8.4::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "libarchive",
              "product": "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:3.3.3-1.el8_4.1",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:rhel_aus:8.4::baseos",
                "cpe:/o:redhat:rhel_eus_long_life:8.4::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "libarchive",
              "product": "Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:3.3.3-1.el8_4.1",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:rhel_aus:8.6::baseos",
                "cpe:/o:redhat:rhel_e4s:8.6::baseos",
                "cpe:/o:redhat:rhel_tus:8.6::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "libarchive",
              "product": "Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:3.3.3-6.el8_6",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:rhel_aus:8.6::baseos",
                "cpe:/o:redhat:rhel_e4s:8.6::baseos",
                "cpe:/o:redhat:rhel_tus:8.6::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "libarchive",
              "product": "Red Hat Enterprise Linux 8.6 Telecommunications Update Service",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:3.3.3-6.el8_6",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:rhel_aus:8.6::baseos",
                "cpe:/o:redhat:rhel_e4s:8.6::baseos",
                "cpe:/o:redhat:rhel_tus:8.6::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "libarchive",
              "product": "Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:3.3.3-6.el8_6",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:rhel_e4s:8.8::baseos",
                "cpe:/o:redhat:rhel_tus:8.8::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "libarchive",
              "product": "Red Hat Enterprise Linux 8.8 Telecommunications Update Service",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:3.3.3-5.el8_8.1",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:rhel_e4s:8.8::baseos",
                "cpe:/o:redhat:rhel_tus:8.8::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "libarchive",
              "product": "Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:3.3.3-5.el8_8.1",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:enterprise_linux:9::appstream",
                "cpe:/o:redhat:enterprise_linux:9::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "libarchive",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:3.5.3-6.el9_6",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:enterprise_linux:9::appstream",
                "cpe:/o:redhat:enterprise_linux:9::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "libarchive",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:3.5.3-6.el9_6",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_e4s:9.0::appstream",
                "cpe:/o:redhat:rhel_e4s:9.0::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "libarchive",
              "product": "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:3.5.3-2.el9_0.1",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_e4s:9.2::appstream",
                "cpe:/o:redhat:rhel_e4s:9.2::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "libarchive",
              "product": "Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:3.5.3-5.el9_2",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_eus:9.4::appstream",
                "cpe:/a:redhat:rhel_eus:9.4::crb",
                "cpe:/o:redhat:rhel_eus:9.4::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "libarchive",
              "product": "Red Hat Enterprise Linux 9.4 Extended Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:3.5.3-4.el9_4.1",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift:4.14::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "rhcos",
              "product": "Red Hat OpenShift Container Platform 4.14",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "414.92.202510211419-0",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift:4.15::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "rhcos",
              "product": "Red Hat OpenShift Container Platform 4.15",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "415.92.202601271320-0",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift:4.16::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "rhcos",
              "product": "Red Hat OpenShift Container Platform 4.16",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "416.94.202601071926-0",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift:4.17::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "rhcos",
              "product": "Red Hat OpenShift Container Platform 4.17",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "417.94.202510112152-0",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift:4.18::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "rhcos",
              "product": "Red Hat OpenShift Container Platform 4.18",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "418.94.202510230424-0",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift:4.19::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "rhcos",
              "product": "Red Hat OpenShift Container Platform 4.19",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "4.19.9.6.202510140714-0",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift:4.20::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "rhcos",
              "product": "Red Hat OpenShift Container Platform 4.20",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "4.20.9.6.202509251656-0",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:webterminal:1.11::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "web-terminal/web-terminal-rhel9-operator",
              "product": "Red Hat Web Terminal 1.11 on RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1.11-19",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:webterminal:1.11::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "web-terminal/web-terminal-tooling-rhel9",
              "product": "Red Hat Web Terminal 1.11 on RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1.11-8",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:webterminal:1.12::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "web-terminal/web-terminal-tooling-rhel9",
              "product": "Red Hat Web Terminal 1.12 on RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1.12-4",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_serverless:1.36::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-serverless-1/logic-data-index-ephemeral-rhel8",
              "product": "RHOSS-1.36-RHEL-8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1.36.0-11",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_serverless:1.36::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-serverless-1/logic-data-index-postgresql-rhel8",
              "product": "RHOSS-1.36-RHEL-8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1.36.0-11",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_serverless:1.36::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-serverless-1/logic-db-migrator-tool-rhel8",
              "product": "RHOSS-1.36-RHEL-8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1.36.0-11",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_serverless:1.36::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-serverless-1/logic-jobs-service-ephemeral-rhel8",
              "product": "RHOSS-1.36-RHEL-8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1.36.0-10",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_serverless:1.36::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-serverless-1/logic-jobs-service-postgresql-rhel8",
              "product": "RHOSS-1.36-RHEL-8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1.36.0-10",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_serverless:1.36::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8",
              "product": "RHOSS-1.36-RHEL-8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1.36.0-4",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_serverless:1.36::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-serverless-1/logic-management-console-rhel8",
              "product": "RHOSS-1.36-RHEL-8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1.36.0-9",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_serverless:1.36::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-serverless-1/logic-operator-bundle",
              "product": "RHOSS-1.36-RHEL-8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1.36.0-12",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_serverless:1.36::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-serverless-1/logic-rhel8-operator",
              "product": "RHOSS-1.36-RHEL-8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1.36.0-18",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_serverless:1.36::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-serverless-1/logic-swf-builder-rhel8",
              "product": "RHOSS-1.36-RHEL-8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1.36.0-11",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_serverless:1.36::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-serverless-1/logic-swf-devmode-rhel8",
              "product": "RHOSS-1.36-RHEL-8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1.36.0-7",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:cert_manager:1.16::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "cert-manager/jetstack-cert-manager-rhel9",
              "product": "cert-manager operator for Red Hat OpenShift 1.16",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v1.16.5-1760515757",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_compliance_operator:1::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "compliance/openshift-compliance-must-gather-rhel8",
              "product": "OpenShift Compliance Operator 1",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1.8.0",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_compliance_operator:1::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "compliance/openshift-compliance-openscap-rhel8",
              "product": "OpenShift Compliance Operator 1",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1.8.0",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_compliance_operator:1::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "compliance/openshift-compliance-rhel8-operator",
              "product": "OpenShift Compliance Operator 1",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1.8.0",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_file_integrity_operator:1::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "compliance/openshift-file-integrity-rhel8-operator",
              "product": "OpenShift File Integrity Operator - FIO 1",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v1.3",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:discovery:2::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "discovery/discovery-server-rhel9",
              "product": "Red Hat Discovery 2",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "2.2.1-1758555934",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:insights_proxy:1.5::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "insights-proxy/insights-proxy-container-rhel9",
              "product": "Red Hat Insights proxy 1.5",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1.5.6-1756187445",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_distributed_tracing:3.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "rhosdt/jaeger-agent-rhel8",
              "product": "Red Hat OpenShift distributed tracing 3.5.1",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "rhosdt-3.5-1756116455",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_distributed_tracing:3.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "rhosdt/jaeger-all-in-one-rhel8",
              "product": "Red Hat OpenShift distributed tracing 3.5.1",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "rhosdt-3.5-1756116482",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_distributed_tracing:3.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "rhosdt/jaeger-collector-rhel8",
              "product": "Red Hat OpenShift distributed tracing 3.5.1",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "rhosdt-3.5-1756116441",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_distributed_tracing:3.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "rhosdt/jaeger-es-index-cleaner-rhel8",
              "product": "Red Hat OpenShift distributed tracing 3.5.1",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "rhosdt-3.5-1756116449",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_distributed_tracing:3.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "rhosdt/jaeger-es-rollover-rhel8",
              "product": "Red Hat OpenShift distributed tracing 3.5.1",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "rhosdt-3.5-1756116439",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_distributed_tracing:3.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "rhosdt/jaeger-ingester-rhel8",
              "product": "Red Hat OpenShift distributed tracing 3.5.1",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "rhosdt-3.5-1756116447",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_distributed_tracing:3.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "rhosdt/jaeger-operator-bundle",
              "product": "Red Hat OpenShift distributed tracing 3.5.1",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "rhosdt-3.5-1756128595",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_distributed_tracing:3.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "rhosdt/jaeger-query-rhel8",
              "product": "Red Hat OpenShift distributed tracing 3.5.1",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "rhosdt-3.5-1756125872",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_distributed_tracing:3.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "rhosdt/jaeger-rhel8-operator",
              "product": "Red Hat OpenShift distributed tracing 3.5.1",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "rhosdt-3.5-1756116445",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:confidential_compute_attestation:1.10::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-sandboxed-containers/osc-cloud-api-adaptor-rhel9",
              "product": "Red Hat OpenShift sandboxed containers 1.1",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1.10.2-1757422110",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:confidential_compute_attestation:1.10::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-sandboxed-containers/osc-cloud-api-adaptor-webhook-rhel9",
              "product": "Red Hat OpenShift sandboxed containers 1.1",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1.10.2-1757421846",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:confidential_compute_attestation:1.10::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-sandboxed-containers/osc-monitor-rhel9",
              "product": "Red Hat OpenShift sandboxed containers 1.1",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1.10.2-1757421804",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:confidential_compute_attestation:1.10::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-sandboxed-containers/osc-must-gather-rhel9",
              "product": "Red Hat OpenShift sandboxed containers 1.1",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1.10.2-1757422070",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:confidential_compute_attestation:1.10::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-sandboxed-containers/osc-podvm-builder-rhel9",
              "product": "Red Hat OpenShift sandboxed containers 1.1",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1.10.2-1757421879",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:confidential_compute_attestation:1.10::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-sandboxed-containers/osc-podvm-payload-rhel9",
              "product": "Red Hat OpenShift sandboxed containers 1.1",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1.10.2-1757422401",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:confidential_compute_attestation:1.10::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-sandboxed-containers/osc-rhel9-operator",
              "product": "Red Hat OpenShift sandboxed containers 1.1",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1.10.2-1757421890",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:6"
              ],
              "defaultStatus": "unknown",
              "packageName": "libarchive",
              "product": "Red Hat Enterprise Linux 6",
              "vendor": "Red Hat"
            }
          ],
          "datePublic": "2025-05-20T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability has been identified in the libarchive library, specifically within the archive_read_format_rar_seek_data() function. This flaw involves an integer overflow that can ultimately lead to a double-free condition. Exploiting a double-free vulnerability can result in memory corruption, enabling an attacker to execute arbitrary code or cause a denial-of-service condition."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Important"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-190",
                  "description": "Integer Overflow or Wraparound",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-30T10:40:27.148Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "RHSA-2025:14130",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:14130"
            },
            {
              "name": "RHSA-2025:14135",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:14135"
            },
            {
              "name": "RHSA-2025:14137",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:14137"
            },
            {
              "name": "RHSA-2025:14141",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:14141"
            },
            {
              "name": "RHSA-2025:14142",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:14142"
            },
            {
              "name": "RHSA-2025:14525",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:14525"
            },
            {
              "name": "RHSA-2025:14528",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:14528"
            },
            {
              "name": "RHSA-2025:14594",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:14594"
            },
            {
              "name": "RHSA-2025:14644",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:14644"
            },
            {
              "name": "RHSA-2025:14808",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:14808"
            },
            {
              "name": "RHSA-2025:14810",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:14810"
            },
            {
              "name": "RHSA-2025:14828",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:14828"
            },
            {
              "name": "RHSA-2025:15024",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:15024"
            },
            {
              "name": "RHSA-2025:15397",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:15397"
            },
            {
              "name": "RHSA-2025:15709",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:15709"
            },
            {
              "name": "RHSA-2025:15827",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:15827"
            },
            {
              "name": "RHSA-2025:15828",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:15828"
            },
            {
              "name": "RHSA-2025:16524",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:16524"
            },
            {
              "name": "RHSA-2025:18217",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:18217"
            },
            {
              "name": "RHSA-2025:18218",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:18218"
            },
            {
              "name": "RHSA-2025:18219",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:18219"
            },
            {
              "name": "RHSA-2025:19041",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:19041"
            },
            {
              "name": "RHSA-2025:19046",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:19046"
            },
            {
              "name": "RHSA-2025:21885",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:21885"
            },
            {
              "name": "RHSA-2025:21913",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:21913"
            },
            {
              "name": "RHSA-2026:0326",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2026:0326"
            },
            {
              "name": "RHSA-2026:0934",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2026:0934"
            },
            {
              "name": "RHSA-2026:1541",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2026:1541"
            },
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2025-5914"
            },
            {
              "name": "RHBZ#2370861",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2370861"
            },
            {
              "url": "https://github.com/libarchive/libarchive/pull/2598"
            },
            {
              "url": "https://github.com/libarchive/libarchive/releases/tag/v3.8.0"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-06-06T17:58:25.491Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2025-05-20T00:00:00.000Z",
              "value": "Made public."
            }
          ],
          "title": "Libarchive: double free at archive_read_format_rar_seek_data() in archive_read_support_format_rar.c",
          "x_generator": {
            "engine": "cvelib 1.8.0"
          },
          "x_redhatCweChain": "CWE-190: Integer Overflow or Wraparound"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2025-5914",
        "datePublished": "2025-06-09T19:53:48.923Z",
        "dateReserved": "2025-06-09T08:10:18.779Z",
        "dateUpdated": "2026-06-30T10:40:27.148Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }