Vulnerability-Lookup

CERTFR-2025-AVI-0754

Vulnerability from certfr_avis - Published: 2025-09-04 - Updated: 2025-09-04

De multiples vulnérabilités ont été découvertes dans les produits VMware. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

	Vendor	Product	Description
	VMware	Tanzu Gemfire	Tanzu GemFire Management Console versions antérieures à 1.4.0
	VMware	Tanzu Greenplum	Tanzu Greenplum versions antérieures à 7.5.4

References

Title

Publication Time

CVE-2025-49125 (GCVE-0-2025-49125)

Vulnerability from cvelistv5 – Published: 2025-06-16 14:18 – Updated: 2025-11-03 20:05

Title

Apache Tomcat: Security constraint bypass for pre/post-resources

Summary

Authentication Bypass Using an Alternate Path or Channel vulnerability in Apache Tomcat. When using PreResources or PostResources mounted other than at the root of the web application, it was possible to access those resources via an unexpected path. That path was likely not to be protected by the same security constraints as the expected path, allowing those security constraints to be bypassed. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.7, from 10.1.0-M1 through 10.1.41, from 9.0.0.M1 through 9.0.105. The following versions were EOL at the time the CVE was created but are known to be affected: 8.5.0 through 8.5.100. Other, older, EOL versions may also be affected. Users are recommended to upgrade to version 11.0.8, 10.1.42 or 9.0.106, which fix the issue.

Severity

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

SSVC

Exploitation: none Automatable: yes Technical Impact: partial

CISA Coordinator (v2.0.3)

CWE

CWE-288 - Authentication Bypass Using an Alternate Path or Channel

Assigner

apache

References

3 references

URL	Tags
https://lists.apache.org/thread/m66cytbfrty9k7dc4…	vendor-advisory
http://www.openwall.com/lists/oss-security/2025/06/16/2
https://lists.debian.org/debian-lts-announce/2025…

Impacted products

1 product

Vendor	Product	Version
Apache Software Foundation	Apache Tomcat	Affected: 11.0.0-M1 , ≤ 11.0.7 (semver) Affected: 10.1.0-M1 , ≤ 10.1.41 (semver) Affected: 9.0.0.M1 , ≤ 9.0.105 (semver) Affected: 8.5.0 , ≤ 8.5.100 (semver) Unknown: 8.0.0.RC1 , < 8.5.0 (semver) Unknown: 10.0.0-M1 , ≤ 10.0.27 (semver)

Credits

Greg K (https://github.com/gregk4sec)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T20:05:06.721Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "http://www.openwall.com/lists/oss-security/2025/06/16/2"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/07/msg00009.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "NONE",
              "baseScore": 7.5,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "NONE",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2025-49125",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-06-17T14:06:30.854034Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-29T14:26:29.605Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Apache Tomcat",
          "vendor": "Apache Software Foundation",
          "versions": [
            {
              "lessThanOrEqual": "11.0.7",
              "status": "affected",
              "version": "11.0.0-M1",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "10.1.41",
              "status": "affected",
              "version": "10.1.0-M1",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "9.0.105",
              "status": "affected",
              "version": "9.0.0.M1",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "8.5.100",
              "status": "affected",
              "version": "8.5.0",
              "versionType": "semver"
            },
            {
              "lessThan": "8.5.0",
              "status": "unknown",
              "version": "8.0.0.RC1",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "10.0.27",
              "status": "unknown",
              "version": "10.0.0-M1",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Greg K (https://github.com/gregk4sec)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eAuthentication Bypass Using an Alternate Path or Channel vulnerability in Apache Tomcat.\u0026nbsp; When using PreResources or PostResources mounted other than at the root of the web application, it was possible to access those resources via an unexpected path. That path was likely not to be protected by the same security constraints as the expected path, allowing those security constraints to be bypassed.\u003c/p\u003e\u003cp\u003eThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.7, from 10.1.0-M1 through 10.1.41, from 9.0.0.M1 through 9.0.105.\u003cbr\u003eThe following versions were EOL at the time the CVE was created but are \nknown to be affected: 8.5.0 through 8.5.100. Other, older, EOL versions \nmay also be affected.\u003cbr\u003e\u003c/p\u003e\u003cp\u003eUsers are recommended to upgrade to version 11.0.8, 10.1.42 or 9.0.106, which fix the issue.\u003c/p\u003e"
            }
          ],
          "value": "Authentication Bypass Using an Alternate Path or Channel vulnerability in Apache Tomcat.\u00a0 When using PreResources or PostResources mounted other than at the root of the web application, it was possible to access those resources via an unexpected path. That path was likely not to be protected by the same security constraints as the expected path, allowing those security constraints to be bypassed.\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.7, from 10.1.0-M1 through 10.1.41, from 9.0.0.M1 through 9.0.105.\nThe following versions were EOL at the time the CVE was created but are \nknown to be affected: 8.5.0 through 8.5.100. Other, older, EOL versions \nmay also be affected.\n\n\nUsers are recommended to upgrade to version 11.0.8, 10.1.42 or 9.0.106, which fix the issue."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "text": "moderate"
            },
            "type": "Textual description of severity"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-288",
              "description": "CWE-288 Authentication Bypass Using an Alternate Path or Channel",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-10-29T11:43:30.434Z",
        "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
        "shortName": "apache"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.apache.org/thread/m66cytbfrty9k7dc4cg6tl1czhsnbywk"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Apache Tomcat: Security constraint bypass for pre/post-resources",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
    "assignerShortName": "apache",
    "cveId": "CVE-2025-49125",
    "datePublished": "2025-06-16T14:18:09.610Z",
    "dateReserved": "2025-06-02T09:08:38.126Z",
    "dateUpdated": "2025-11-03T20:05:06.721Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-52434 (GCVE-0-2025-52434)

Vulnerability from cvelistv5 – Published: 2025-07-10 19:03 – Updated: 2025-11-04 21:11

Title

Apache Tomcat: APR/Native Connector crash leading to DoS

Summary

Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') vulnerability in Apache Tomcat when using the APR/Native connector. This was particularly noticeable with client initiated closes of HTTP/2 connections. This issue affects Apache Tomcat: from 9.0.0.M1 through 9.0.106. The following versions were EOL at the time the CVE was created but are known to be affected: 8.5.0 through 8.5.100. Other, older, EOL versions may also be affected. Users are recommended to upgrade to version 9.0.107, which fixes the issue.

Severity

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

SSVC

Exploitation: none Automatable: yes Technical Impact: partial

CISA Coordinator (v2.0.3)

CWE

CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Assigner

apache

References

3 references

URL	Tags
https://lists.apache.org/thread/gxgh65004f25y8519…	vendor-advisory
https://lists.debian.org/debian-lts-announce/2025…
http://www.openwall.com/lists/oss-security/2025/0…

Impacted products

1 product

Vendor	Product	Version
Apache Software Foundation	Apache Tomcat	Affected: 9.0.0.M1 , ≤ 9.0.106 (semver) Affected: 8.5.0 , ≤ 8.5.100 (semver) Unknown: 5 , < 8.5.0 (semver) Unknown: 10.0.0-M1 , ≤ 10.0.27 (semver)

Credits

Nacl 12SqweR WHOAMI yyzmoon

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 7.5,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2025-52434",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-07-11T14:02:46.073154Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-07-11T14:04:04.250Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-04T21:11:38.474Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/07/msg00009.html"
          },
          {
            "url": "http://www.openwall.com/lists/oss-security/2025/07/10/11"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Apache Tomcat",
          "vendor": "Apache Software Foundation",
          "versions": [
            {
              "lessThanOrEqual": "9.0.106",
              "status": "affected",
              "version": "9.0.0.M1",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "8.5.100",
              "status": "affected",
              "version": "8.5.0",
              "versionType": "semver"
            },
            {
              "lessThan": "8.5.0",
              "status": "unknown",
              "version": "5",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "10.0.27",
              "status": "unknown",
              "version": "10.0.0-M1",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Nacl"
        },
        {
          "lang": "en",
          "type": "finder",
          "value": "12SqweR"
        },
        {
          "lang": "en",
          "type": "finder",
          "value": "WHOAMI"
        },
        {
          "lang": "en",
          "type": "finder",
          "value": "yyzmoon"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eConcurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027) vulnerability in Apache Tomcat when using the APR/Native connector. This was particularly noticeable with client initiated closes of HTTP/2 connections.\u003c/p\u003e\u003cp\u003eThis issue affects Apache Tomcat: from 9.0.0.M1 through 9.0.106.\u003cbr\u003eThe following versions were EOL at the time the CVE was created but are \nknown to be affected: 8.5.0 through 8.5.100. Other, older, EOL versions \nmay also be affected.\u003cbr\u003e\u003c/p\u003e\u003cp\u003eUsers are recommended to upgrade to version 9.0.107, which fixes the issue.\u003c/p\u003e"
            }
          ],
          "value": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027) vulnerability in Apache Tomcat when using the APR/Native connector. This was particularly noticeable with client initiated closes of HTTP/2 connections.\n\nThis issue affects Apache Tomcat: from 9.0.0.M1 through 9.0.106.\nThe following versions were EOL at the time the CVE was created but are \nknown to be affected: 8.5.0 through 8.5.100. Other, older, EOL versions \nmay also be affected.\n\n\nUsers are recommended to upgrade to version 9.0.107, which fixes the issue."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "text": "important"
            },
            "type": "Textual description of severity"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-362",
              "description": "CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-10-29T11:42:53.016Z",
        "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
        "shortName": "apache"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.apache.org/thread/gxgh65004f25y8519coth6w7vchww030"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Apache Tomcat: APR/Native Connector crash leading to DoS",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
    "assignerShortName": "apache",
    "cveId": "CVE-2025-52434",
    "datePublished": "2025-07-10T19:03:47.225Z",
    "dateReserved": "2025-06-16T07:00:46.986Z",
    "dateUpdated": "2025-11-04T21:11:38.474Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-52999 (GCVE-0-2025-52999)

Vulnerability from cvelistv5 – Published: 2025-06-25 17:02 – Updated: 2025-06-25 18:04

Title

jackson-core Has Potential for StackoverflowError if user parses an input file that contains very deeply nested data

Summary

jackson-core contains core low-level incremental ("streaming") parser and generator abstractions used by Jackson Data Processor. In versions prior to 2.15.0, if a user parses an input file and it has deeply nested data, Jackson could end up throwing a StackoverflowError if the depth is particularly large. jackson-core 2.15.0 contains a configurable limit for how deep Jackson will traverse in an input document, defaulting to an allowable depth of 1000. jackson-core will throw a StreamConstraintsException if the limit is reached. jackson-databind also benefits from this change because it uses jackson-core to parse JSON inputs. As a workaround, users should avoid parsing input files from untrusted sources.

Severity

8.7 (High)


                        
                          CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

SSVC

Exploitation: none Automatable: yes Technical Impact: partial

CISA Coordinator (v2.0.3)

CWE

CWE-121 - Stack-based Buffer Overflow

Assigner

GitHub_M

References

2 references

URL	Tags
https://github.com/FasterXML/jackson-core/securit…	x_refsource_CONFIRM
https://github.com/FasterXML/jackson-core/pull/943	x_refsource_MISC

Impacted products

1 product

Vendor	Product	Version
FasterXML	jackson-core	Affected: < 2.15.0

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-52999",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-06-25T18:04:07.206576Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-06-25T18:04:23.296Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "jackson-core",
          "vendor": "FasterXML",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 2.15.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "jackson-core contains core low-level incremental (\"streaming\") parser and generator abstractions used by Jackson Data Processor. In versions prior to 2.15.0, if a user parses an input file and it has deeply nested data, Jackson could end up throwing a StackoverflowError if the depth is particularly large. jackson-core 2.15.0 contains a configurable limit for how deep Jackson will traverse in an input document, defaulting to an allowable depth of 1000. jackson-core will throw a StreamConstraintsException if the limit is reached. jackson-databind also benefits from this change because it uses jackson-core to parse JSON inputs. As a workaround, users should avoid parsing input files from untrusted sources."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 8.7,
            "baseSeverity": "HIGH",
            "privilegesRequired": "NONE",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "NONE",
            "vulnIntegrityImpact": "NONE"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-121",
              "description": "CWE-121: Stack-based Buffer Overflow",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-06-25T17:02:57.428Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/FasterXML/jackson-core/security/advisories/GHSA-h46c-h94j-95f3",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/FasterXML/jackson-core/security/advisories/GHSA-h46c-h94j-95f3"
        },
        {
          "name": "https://github.com/FasterXML/jackson-core/pull/943",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/FasterXML/jackson-core/pull/943"
        }
      ],
      "source": {
        "advisory": "GHSA-h46c-h94j-95f3",
        "discovery": "UNKNOWN"
      },
      "title": "jackson-core Has Potential for StackoverflowError if user parses an input file that contains very deeply nested data"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2025-52999",
    "datePublished": "2025-06-25T17:02:57.428Z",
    "dateReserved": "2025-06-24T03:50:36.795Z",
    "dateUpdated": "2025-06-25T18:04:23.296Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-54410 (GCVE-0-2025-54410)

Vulnerability from cvelistv5 – Published: 2025-07-30 13:24 – Updated: 2025-07-30 13:38

Title

Moby's Firewalld reload removes bridge network isolation

Summary

Moby is an open source container framework developed by Docker Inc. that is distributed as Docker Engine, Mirantis Container Runtime, and various other downstream projects/products. A firewalld vulnerability affects Moby releases before 28.0.0. When firewalld reloads, Docker fails to re-create iptables rules that isolate bridge networks, allowing any container to access all ports on any other container across different bridge networks on the same host. This breaks network segmentation between containers that should be isolated, creating significant risk in multi-tenant environments. Only containers in --internal networks remain protected. Workarounds include reloading firewalld and either restarting the docker daemon, re-creating bridge networks, or using rootless mode. Maintainers anticipate a fix for this issue in version 25.0.13.

Severity

3.3 (Low)


                        
                          CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N

SSVC

Exploitation: none Automatable: no Technical Impact: partial

CISA Coordinator (v2.0.3)

CWE

CWE-909 - Missing Initialization of Resource

Assigner

GitHub_M

References

2 references

URL	Tags
https://github.com/moby/moby/security/advisories/…	x_refsource_CONFIRM
https://firewalld.org/documentation/howto/reload-…	x_refsource_MISC

Impacted products

1 product

Vendor	Product	Version
moby	moby	Affected: <= 25.0.12

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-54410",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-07-30T13:37:49.901547Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-07-30T13:38:40.357Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "moby",
          "vendor": "moby",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c= 25.0.12"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Moby is an open source container framework developed by Docker Inc. that is distributed as Docker Engine, Mirantis Container Runtime, and various other downstream projects/products. A firewalld vulnerability affects Moby releases before 28.0.0. When firewalld reloads, Docker fails to re-create iptables rules that isolate bridge networks, allowing any container to access all ports on any other container across different bridge networks on the same host. This breaks network segmentation between containers that should be isolated, creating significant risk in multi-tenant environments. Only containers in --internal networks remain protected.\nWorkarounds include reloading firewalld and either restarting the docker daemon, re-creating bridge networks, or using rootless mode. Maintainers anticipate a fix for this issue in version 25.0.13."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 3.3,
            "baseSeverity": "LOW",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-909",
              "description": "CWE-909: Missing Initialization of Resource",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-07-30T13:24:50.818Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/moby/moby/security/advisories/GHSA-4vq8-7jfc-9cvp",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/moby/moby/security/advisories/GHSA-4vq8-7jfc-9cvp"
        },
        {
          "name": "https://firewalld.org/documentation/howto/reload-firewalld.html",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://firewalld.org/documentation/howto/reload-firewalld.html"
        }
      ],
      "source": {
        "advisory": "GHSA-4vq8-7jfc-9cvp",
        "discovery": "UNKNOWN"
      },
      "title": "Moby\u0027s Firewalld reload removes bridge network isolation"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2025-54410",
    "datePublished": "2025-07-30T13:24:50.818Z",
    "dateReserved": "2025-07-21T23:18:10.280Z",
    "dateUpdated": "2025-07-30T13:38:40.357Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-55163 (GCVE-0-2025-55163)

Vulnerability from cvelistv5 – Published: 2025-08-13 14:17 – Updated: 2025-11-04 21:13

Title

Netty MadeYouReset HTTP/2 DDoS Vulnerability

Summary

Netty is an asynchronous, event-driven network application framework. Prior to versions 4.1.124.Final and 4.2.4.Final, Netty is vulnerable to MadeYouReset DDoS. This is a logical vulnerability in the HTTP/2 protocol, that uses malformed HTTP/2 control frames in order to break the max concurrent streams limit - which results in resource exhaustion and distributed denial of service. This issue has been patched in versions 4.1.124.Final and 4.2.4.Final.

Severity

8.2 (High)


                        
                          CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

SSVC

Exploitation: none Automatable: yes Technical Impact: partial

CISA Coordinator (v2.0.3)

CWE

CWE-770 - Allocation of Resources Without Limits or Throttling

Assigner

GitHub_M

References

3 references

URL	Tags
https://github.com/netty/netty/security/advisorie…	x_refsource_CONFIRM
https://www.kb.cert.org/vuls/id/767506
http://www.openwall.com/lists/oss-security/2025/08/16/1

Impacted products

1 product

Vendor	Product	Version
netty	netty	Affected: < 4.1.124.Final Affected: < 4.2.4.Final

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-55163",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-08-13T14:37:06.148395Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-08-13T14:37:20.727Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-04T21:13:02.288Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://www.kb.cert.org/vuls/id/767506"
          },
          {
            "url": "http://www.openwall.com/lists/oss-security/2025/08/16/1"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "netty",
          "vendor": "netty",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 4.1.124.Final"
            },
            {
              "status": "affected",
              "version": "\u003c 4.2.4.Final"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Netty is an asynchronous, event-driven network application framework. Prior to versions 4.1.124.Final and 4.2.4.Final, Netty is vulnerable to MadeYouReset DDoS. This is a logical vulnerability in the HTTP/2 protocol, that uses malformed HTTP/2 control frames in order to break the max concurrent streams limit - which results in resource exhaustion and distributed denial of service. This issue has been patched in versions 4.1.124.Final and 4.2.4.Final."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "attackComplexity": "LOW",
            "attackRequirements": "PRESENT",
            "attackVector": "NETWORK",
            "baseScore": 8.2,
            "baseSeverity": "HIGH",
            "privilegesRequired": "NONE",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "NONE",
            "vulnIntegrityImpact": "NONE"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-770",
              "description": "CWE-770: Allocation of Resources Without Limits or Throttling",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-08-13T14:17:36.111Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/netty/netty/security/advisories/GHSA-prj3-ccx8-p6x4",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/netty/netty/security/advisories/GHSA-prj3-ccx8-p6x4"
        }
      ],
      "source": {
        "advisory": "GHSA-prj3-ccx8-p6x4",
        "discovery": "UNKNOWN"
      },
      "title": "Netty MadeYouReset HTTP/2 DDoS Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2025-55163",
    "datePublished": "2025-08-13T14:17:36.111Z",
    "dateReserved": "2025-08-07T18:27:23.307Z",
    "dateUpdated": "2025-11-04T21:13:02.288Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-6020 (GCVE-0-2025-6020)

Vulnerability from cvelistv5 – Published: 2025-06-17 12:44 – Updated: 2026-06-02 12:56

Title

Linux-pam: linux-pam directory traversal

Summary

A flaw was found in linux-pam. The module pam_namespace may use access user-controlled paths without proper protection, allowing local users to elevate their privileges to root via multiple symlink attacks and race conditions.

Severity

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

SSVC

Exploitation: none Automatable: no Technical Impact: total

CISA Coordinator (v2.0.3)

CWE

CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Assigner

redhat

References

32 references

URL	Tags
https://access.redhat.com/errata/RHSA-2025:10024	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2025:10027	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2025:10180	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2025:10354	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2025:10357	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2025:10358	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2025:10359	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2025:10361	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2025:10362	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2025:10735	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2025:10823	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2025:11386	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2025:11487	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2025:14557	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2025:15099	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2025:15709	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2025:15827	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2025:15828	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2025:16524	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2025:17181	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2025:18219	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2025:20181	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2025:21885	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2025:22019	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2025:9526	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:0934	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2025-6020	vdb-entryx_refsource_REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=2372512	issue-trackingx_refsource_REDHAT
https://github.com/linux-pam/linux-pam/security/a…
http://www.openwall.com/lists/oss-security/2025/06/17/1
https://lists.debian.org/debian-lts-announce/2025…
https://cert-portal.siemens.com/productcert/html/…

Impacted products

65 products

Vendor	Product	Version
		Affected: 0 , < 1.7.1 (semver)
Red Hat	Red Hat Enterprise Linux 10	Unaffected: 0:1.6.1-8.el10 , < * (rpm) cpe:/o:redhat:enterprise_linux:10.1
Red Hat	Red Hat Enterprise Linux 10.0 Extended Update Support	Unaffected: 0:1.6.1-8.el10_0 , < * (rpm) cpe:/o:redhat:enterprise_linux_eus:10.0
Red Hat	Red Hat Enterprise Linux 7 Extended Lifecycle Support	Unaffected: 0:1.1.8-23.el7_9.1 , < * (rpm) cpe:/o:redhat:rhel_els:7
Red Hat	Red Hat Enterprise Linux 8	Unaffected: 0:1.3.1-37.el8_10 , < * (rpm) cpe:/o:redhat:enterprise_linux:8::baseos
Red Hat	Red Hat Enterprise Linux 8	Unaffected: 0:1.3.1-38.el8_10 , < * (rpm) cpe:/o:redhat:enterprise_linux:8::baseos
Red Hat	Red Hat Enterprise Linux 8.2 Advanced Update Support	Unaffected: 0:1.3.1-8.el8_2.1 , < * (rpm) cpe:/o:redhat:rhel_aus:8.2::baseos
Red Hat	Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support	Unaffected: 0:1.3.1-14.el8_4.1 , < * (rpm) cpe:/o:redhat:rhel_aus:8.4::baseos
Red Hat	Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support	Unaffected: 0:1.3.1-16.el8_6.2 , < * (rpm) cpe:/o:redhat:rhel_aus:8.6::baseos cpe:/o:redhat:rhel_e4s:8.6::baseos cpe:/o:redhat:rhel_tus:8.6::baseos
Red Hat	Red Hat Enterprise Linux 8.6 Telecommunications Update Service	Unaffected: 0:1.3.1-16.el8_6.2 , < * (rpm) cpe:/o:redhat:rhel_aus:8.6::baseos cpe:/o:redhat:rhel_e4s:8.6::baseos cpe:/o:redhat:rhel_tus:8.6::baseos
Red Hat	Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions	Unaffected: 0:1.3.1-16.el8_6.2 , < * (rpm) cpe:/o:redhat:rhel_aus:8.6::baseos cpe:/o:redhat:rhel_e4s:8.6::baseos cpe:/o:redhat:rhel_tus:8.6::baseos
Red Hat	Red Hat Enterprise Linux 8.8 Telecommunications Update Service	Unaffected: 0:1.3.1-26.el8_8.1 , < * (rpm) cpe:/o:redhat:rhel_e4s:8.8::baseos cpe:/o:redhat:rhel_tus:8.8::baseos
Red Hat	Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions	Unaffected: 0:1.3.1-26.el8_8.1 , < * (rpm) cpe:/o:redhat:rhel_e4s:8.8::baseos cpe:/o:redhat:rhel_tus:8.8::baseos
Red Hat	Red Hat Enterprise Linux 9	Unaffected: 0:1.5.1-26.el9_6 , < * (rpm) cpe:/a:redhat:enterprise_linux:9::appstream cpe:/o:redhat:enterprise_linux:9::baseos
Red Hat	Red Hat Enterprise Linux 9	Unaffected: 0:1.5.1-25.el9_6 , < * (rpm) cpe:/a:redhat:enterprise_linux:9::appstream cpe:/o:redhat:enterprise_linux:9::baseos
Red Hat	Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions	Unaffected: 0:1.5.1-9.el9_0.2 , < * (rpm) cpe:/a:redhat:rhel_e4s:9.0::appstream cpe:/o:redhat:rhel_e4s:9.0::baseos
Red Hat	Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions	Unaffected: 0:1.5.1-15.el9_2.1 , < * (rpm) cpe:/a:redhat:rhel_e4s:9.2::appstream cpe:/o:redhat:rhel_e4s:9.2::baseos
Red Hat	Red Hat Enterprise Linux 9.4 Extended Update Support	Unaffected: 0:1.5.1-24.el9_4 , < * (rpm) cpe:/a:redhat:rhel_eus:9.4::appstream cpe:/o:redhat:rhel_eus:9.4::baseos
Red Hat	Red Hat Web Terminal 1.11 on RHEL 9	Unaffected: 1.11-19 , < * (rpm) cpe:/a:redhat:webterminal:1.11::el9
Red Hat	Red Hat Web Terminal 1.11 on RHEL 9	Unaffected: 1.11-8 , < * (rpm) cpe:/a:redhat:webterminal:1.11::el9
Red Hat	Red Hat Web Terminal 1.12 on RHEL 9	Unaffected: 1.12-4 , < * (rpm) cpe:/a:redhat:webterminal:1.12::el9
Red Hat	RHEL-8 based Middleware Containers	Unaffected: 7.13.5-4.1752066672 , < * (rpm) cpe:/a:redhat:rhosemc:1.0::el8
Red Hat	RHEL-8 based Middleware Containers	Unaffected: 7.13.5-4.1752065732 , < * (rpm) cpe:/a:redhat:rhosemc:1.0::el8
Red Hat	RHEL-8 based Middleware Containers	Unaffected: 7.13.5-3.1752065737 , < * (rpm) cpe:/a:redhat:rhosemc:1.0::el8
Red Hat	RHEL-8 based Middleware Containers	Unaffected: 7.13.5-4.1752065731 , < * (rpm) cpe:/a:redhat:rhosemc:1.0::el8
Red Hat	RHEL-8 based Middleware Containers	Unaffected: 7.13.5-25 , < * (rpm) cpe:/a:redhat:rhosemc:1.0::el8
Red Hat	RHEL-8 based Middleware Containers	Unaffected: 7.13.5-4.1752065736 , < * (rpm) cpe:/a:redhat:rhosemc:1.0::el8
Red Hat	RHEL-8 based Middleware Containers	Unaffected: 7.13.5-2.1752065733 , < * (rpm) cpe:/a:redhat:rhosemc:1.0::el8
Red Hat	RHEL-8 based Middleware Containers	Unaffected: 7.13.5-4.1752065755 , < * (rpm) cpe:/a:redhat:rhosemc:1.0::el8
Red Hat	RHOSS-1.36-RHEL-8	Unaffected: 1.36.0-11 , < * (rpm) cpe:/a:redhat:openshift_serverless:1.36::el8
Red Hat	RHOSS-1.36-RHEL-8	Unaffected: 1.36.0-10 , < * (rpm) cpe:/a:redhat:openshift_serverless:1.36::el8
Red Hat	RHOSS-1.36-RHEL-8	Unaffected: 1.36.0-4 , < * (rpm) cpe:/a:redhat:openshift_serverless:1.36::el8
Red Hat	RHOSS-1.36-RHEL-8	Unaffected: 1.36.0-9 , < * (rpm) cpe:/a:redhat:openshift_serverless:1.36::el8
Red Hat	RHOSS-1.36-RHEL-8	Unaffected: 1.36.0-12 , < * (rpm) cpe:/a:redhat:openshift_serverless:1.36::el8
Red Hat	RHOSS-1.36-RHEL-8	Unaffected: 1.36.0-18 , < * (rpm) cpe:/a:redhat:openshift_serverless:1.36::el8
Red Hat	RHOSS-1.36-RHEL-8	Unaffected: 1.36.0-7 , < * (rpm) cpe:/a:redhat:openshift_serverless:1.36::el8
Red Hat	cert-manager operator for Red Hat OpenShift 1.16	Unaffected: v1.16.5-1760515757 , < * (rpm) cpe:/a:redhat:cert_manager:1.16::el9
Red Hat	OpenShift Compliance Operator 1	Unaffected: 1.8.0 , < * (rpm) cpe:/a:redhat:openshift_compliance_operator:1::el9
Red Hat	Red Hat Discovery 2	Unaffected: 2.0.0-1752592913 , < * (rpm) cpe:/a:redhat:discovery:2::el9
Red Hat	Red Hat Discovery 2	Unaffected: 2.2.1-1758555934 , < * (rpm) cpe:/a:redhat:discovery:2::el9
Red Hat	Red Hat Insights proxy 1.5	Unaffected: 1.5.7-1759331989 , < * (rpm) cpe:/a:redhat:insights_proxy:1.5::el9
Red Hat	Red Hat OpenShift distributed tracing 3.6.0	Unaffected: rhosdt-3.6-1752046452 , < * (rpm) cpe:/a:redhat:openshift_distributed_tracing:3.6::el8
Red Hat	Red Hat OpenShift distributed tracing 3.6.0	Unaffected: rhosdt-3.6-1752046437 , < * (rpm) cpe:/a:redhat:openshift_distributed_tracing:3.6::el8
Red Hat	Red Hat OpenShift distributed tracing 3.6.0	Unaffected: rhosdt-3.6-1752046439 , < * (rpm) cpe:/a:redhat:openshift_distributed_tracing:3.6::el8
Red Hat	Red Hat OpenShift distributed tracing 3.6.0	Unaffected: rhosdt-3.6-1752070865 , < * (rpm) cpe:/a:redhat:openshift_distributed_tracing:3.6::el8
Red Hat	Red Hat OpenShift distributed tracing 3.6.0	Unaffected: rhosdt-3.6-1752070873 , < * (rpm) cpe:/a:redhat:openshift_distributed_tracing:3.6::el8
Red Hat	Red Hat OpenShift distributed tracing 3.6.0	Unaffected: rhosdt-3.6-1751993590 , < * (rpm) cpe:/a:redhat:openshift_distributed_tracing:3.6::el8
Red Hat	Red Hat OpenShift distributed tracing 3.6.0	Unaffected: rhosdt-3.6-1752070827 , < * (rpm) cpe:/a:redhat:openshift_distributed_tracing:3.6::el8
Red Hat	Red Hat OpenShift distributed tracing 3.6.0	Unaffected: rhosdt-3.6-1752070833 , < * (rpm) cpe:/a:redhat:openshift_distributed_tracing:3.6::el8
Red Hat	Red Hat OpenShift distributed tracing 3.6.0	Unaffected: rhosdt-3.6-1752070866 , < * (rpm) cpe:/a:redhat:openshift_distributed_tracing:3.6::el8
Red Hat	Red Hat OpenShift sandboxed containers 1.1	Unaffected: 1.10.2-1757422110 , < * (rpm) cpe:/a:redhat:confidential_compute_attestation:1.10::el9
Red Hat	Red Hat OpenShift sandboxed containers 1.1	Unaffected: 1.10.2-1757421804 , < * (rpm) cpe:/a:redhat:confidential_compute_attestation:1.10::el9
Red Hat	Red Hat OpenShift sandboxed containers 1.1	Unaffected: 1.10.2-1757421879 , < * (rpm) cpe:/a:redhat:confidential_compute_attestation:1.10::el9
Red Hat	Red Hat OpenShift sandboxed containers 1.1	Unaffected: 1.10.2-1757422401 , < * (rpm) cpe:/a:redhat:confidential_compute_attestation:1.10::el9
Siemens	RUGGEDCOM ROX MX5000	Affected: 0 , < V2.17.1 (custom)
Siemens	RUGGEDCOM ROX MX5000RE	Affected: 0 , < V2.17.1 (custom)
Siemens	RUGGEDCOM ROX RX1400	Affected: 0 , < V2.17.1 (custom)
Siemens	RUGGEDCOM ROX RX1500	Affected: 0 , < V2.17.1 (custom)
Siemens	RUGGEDCOM ROX RX1501	Affected: 0 , < V2.17.1 (custom)
Siemens	RUGGEDCOM ROX RX1510	Affected: 0 , < V2.17.1 (custom)
Siemens	RUGGEDCOM ROX RX1511	Affected: 0 , < V2.17.1 (custom)
Siemens	RUGGEDCOM ROX RX1512	Affected: 0 , < V2.17.1 (custom)
Siemens	RUGGEDCOM ROX RX1524	Affected: 0 , < V2.17.1 (custom)
Siemens	RUGGEDCOM ROX RX1536	Affected: 0 , < V2.17.1 (custom)
Siemens	RUGGEDCOM ROX RX5000	Affected: 0 , < V2.17.1 (custom)

Date Public

2025-06-17 00:00

Credits

Red Hat would like to thank Olivier BAL-PETRE (ANSSI - French Cybersecurity Agency) for reporting this issue.

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-6020",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-06-17T13:30:00.379966Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-03-18T14:14:28.136Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T18:13:57.307Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "http://www.openwall.com/lists/oss-security/2025/06/17/1"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/09/msg00021.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "affected": [
          {
            "defaultStatus": "unknown",
            "product": "RUGGEDCOM ROX MX5000",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V2.17.1",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "RUGGEDCOM ROX MX5000RE",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V2.17.1",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "RUGGEDCOM ROX RX1400",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V2.17.1",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "RUGGEDCOM ROX RX1500",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V2.17.1",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "RUGGEDCOM ROX RX1501",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V2.17.1",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "RUGGEDCOM ROX RX1510",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V2.17.1",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "RUGGEDCOM ROX RX1511",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V2.17.1",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "RUGGEDCOM ROX RX1512",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V2.17.1",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "RUGGEDCOM ROX RX1524",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V2.17.1",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "RUGGEDCOM ROX RX1536",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V2.17.1",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "RUGGEDCOM ROX RX5000",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V2.17.1",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-05-12T12:02:28.144Z",
          "orgId": "0b142b55-0307-4c5a-b3c9-f314f3fb7c5e",
          "shortName": "siemens-SADP"
        },
        "references": [
          {
            "url": "https://cert-portal.siemens.com/productcert/html/ssa-577017.html"
          }
        ],
        "x_adpType": "supplier"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://github.com/linux-pam/linux-pam",
          "defaultStatus": "unaffected",
          "packageName": "linux-pam",
          "versions": [
            {
              "lessThan": "1.7.1",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:10.1"
          ],
          "defaultStatus": "affected",
          "packageName": "pam",
          "product": "Red Hat Enterprise Linux 10",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.6.1-8.el10",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux_eus:10.0"
          ],
          "defaultStatus": "affected",
          "packageName": "pam",
          "product": "Red Hat Enterprise Linux 10.0 Extended Update Support",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.6.1-8.el10_0",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:rhel_els:7"
          ],
          "defaultStatus": "affected",
          "packageName": "pam",
          "product": "Red Hat Enterprise Linux 7 Extended Lifecycle Support",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.1.8-23.el7_9.1",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:8::baseos"
          ],
          "defaultStatus": "affected",
          "packageName": "pam",
          "product": "Red Hat Enterprise Linux 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.3.1-37.el8_10",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:8::baseos"
          ],
          "defaultStatus": "affected",
          "packageName": "pam",
          "product": "Red Hat Enterprise Linux 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.3.1-38.el8_10",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:rhel_aus:8.2::baseos"
          ],
          "defaultStatus": "affected",
          "packageName": "pam",
          "product": "Red Hat Enterprise Linux 8.2 Advanced Update Support",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.3.1-8.el8_2.1",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:rhel_aus:8.4::baseos"
          ],
          "defaultStatus": "affected",
          "packageName": "pam",
          "product": "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.3.1-14.el8_4.1",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:rhel_aus:8.6::baseos",
            "cpe:/o:redhat:rhel_e4s:8.6::baseos",
            "cpe:/o:redhat:rhel_tus:8.6::baseos"
          ],
          "defaultStatus": "affected",
          "packageName": "pam",
          "product": "Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.3.1-16.el8_6.2",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:rhel_aus:8.6::baseos",
            "cpe:/o:redhat:rhel_e4s:8.6::baseos",
            "cpe:/o:redhat:rhel_tus:8.6::baseos"
          ],
          "defaultStatus": "affected",
          "packageName": "pam",
          "product": "Red Hat Enterprise Linux 8.6 Telecommunications Update Service",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.3.1-16.el8_6.2",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:rhel_aus:8.6::baseos",
            "cpe:/o:redhat:rhel_e4s:8.6::baseos",
            "cpe:/o:redhat:rhel_tus:8.6::baseos"
          ],
          "defaultStatus": "affected",
          "packageName": "pam",
          "product": "Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.3.1-16.el8_6.2",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:rhel_e4s:8.8::baseos",
            "cpe:/o:redhat:rhel_tus:8.8::baseos"
          ],
          "defaultStatus": "affected",
          "packageName": "pam",
          "product": "Red Hat Enterprise Linux 8.8 Telecommunications Update Service",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.3.1-26.el8_8.1",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:rhel_e4s:8.8::baseos",
            "cpe:/o:redhat:rhel_tus:8.8::baseos"
          ],
          "defaultStatus": "affected",
          "packageName": "pam",
          "product": "Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.3.1-26.el8_8.1",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:enterprise_linux:9::appstream",
            "cpe:/o:redhat:enterprise_linux:9::baseos"
          ],
          "defaultStatus": "affected",
          "packageName": "pam",
          "product": "Red Hat Enterprise Linux 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.5.1-26.el9_6",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:enterprise_linux:9::appstream",
            "cpe:/o:redhat:enterprise_linux:9::baseos"
          ],
          "defaultStatus": "affected",
          "packageName": "pam",
          "product": "Red Hat Enterprise Linux 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.5.1-25.el9_6",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:enterprise_linux:9::appstream",
            "cpe:/o:redhat:enterprise_linux:9::baseos"
          ],
          "defaultStatus": "affected",
          "packageName": "pam",
          "product": "Red Hat Enterprise Linux 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.5.1-26.el9_6",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:enterprise_linux:9::appstream",
            "cpe:/o:redhat:enterprise_linux:9::baseos"
          ],
          "defaultStatus": "affected",
          "packageName": "pam",
          "product": "Red Hat Enterprise Linux 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.5.1-25.el9_6",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:rhel_e4s:9.0::appstream",
            "cpe:/o:redhat:rhel_e4s:9.0::baseos"
          ],
          "defaultStatus": "affected",
          "packageName": "pam",
          "product": "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.5.1-9.el9_0.2",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:rhel_e4s:9.2::appstream",
            "cpe:/o:redhat:rhel_e4s:9.2::baseos"
          ],
          "defaultStatus": "affected",
          "packageName": "pam",
          "product": "Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.5.1-15.el9_2.1",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:rhel_eus:9.4::appstream",
            "cpe:/o:redhat:rhel_eus:9.4::baseos"
          ],
          "defaultStatus": "affected",
          "packageName": "pam",
          "product": "Red Hat Enterprise Linux 9.4 Extended Update Support",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.5.1-24.el9_4",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:webterminal:1.11::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "web-terminal/web-terminal-rhel9-operator",
          "product": "Red Hat Web Terminal 1.11 on RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "1.11-19",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:webterminal:1.11::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "web-terminal/web-terminal-tooling-rhel9",
          "product": "Red Hat Web Terminal 1.11 on RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "1.11-8",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:webterminal:1.12::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "web-terminal/web-terminal-tooling-rhel9",
          "product": "Red Hat Web Terminal 1.12 on RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "1.12-4",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:rhosemc:1.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "rhpam-7/rhpam-businesscentral-monitoring-rhel8",
          "product": "RHEL-8 based Middleware Containers",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "7.13.5-4.1752066672",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:rhosemc:1.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "rhpam-7/rhpam-businesscentral-rhel8",
          "product": "RHEL-8 based Middleware Containers",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "7.13.5-4.1752065732",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:rhosemc:1.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "rhpam-7/rhpam-controller-rhel8",
          "product": "RHEL-8 based Middleware Containers",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "7.13.5-4.1752065732",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:rhosemc:1.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "rhpam-7/rhpam-dashbuilder-rhel8",
          "product": "RHEL-8 based Middleware Containers",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "7.13.5-3.1752065737",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:rhosemc:1.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "rhpam-7/rhpam-kieserver-rhel8",
          "product": "RHEL-8 based Middleware Containers",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "7.13.5-4.1752065731",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:rhosemc:1.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "rhpam-7/rhpam-operator-bundle",
          "product": "RHEL-8 based Middleware Containers",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "7.13.5-25",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:rhosemc:1.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "rhpam-7/rhpam-process-migration-rhel8",
          "product": "RHEL-8 based Middleware Containers",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "7.13.5-4.1752065736",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:rhosemc:1.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "rhpam-7/rhpam-rhel8-operator",
          "product": "RHEL-8 based Middleware Containers",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "7.13.5-2.1752065733",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:rhosemc:1.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "rhpam-7/rhpam-smartrouter-rhel8",
          "product": "RHEL-8 based Middleware Containers",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "7.13.5-4.1752065755",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:openshift_serverless:1.36::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift-serverless-1/logic-data-index-ephemeral-rhel8",
          "product": "RHOSS-1.36-RHEL-8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "1.36.0-11",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:openshift_serverless:1.36::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift-serverless-1/logic-data-index-postgresql-rhel8",
          "product": "RHOSS-1.36-RHEL-8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "1.36.0-11",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:openshift_serverless:1.36::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift-serverless-1/logic-db-migrator-tool-rhel8",
          "product": "RHOSS-1.36-RHEL-8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "1.36.0-11",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:openshift_serverless:1.36::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift-serverless-1/logic-jobs-service-ephemeral-rhel8",
          "product": "RHOSS-1.36-RHEL-8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "1.36.0-10",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:openshift_serverless:1.36::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift-serverless-1/logic-jobs-service-postgresql-rhel8",
          "product": "RHOSS-1.36-RHEL-8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "1.36.0-10",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:openshift_serverless:1.36::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8",
          "product": "RHOSS-1.36-RHEL-8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "1.36.0-4",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:openshift_serverless:1.36::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift-serverless-1/logic-management-console-rhel8",
          "product": "RHOSS-1.36-RHEL-8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "1.36.0-9",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:openshift_serverless:1.36::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift-serverless-1/logic-operator-bundle",
          "product": "RHOSS-1.36-RHEL-8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "1.36.0-12",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:openshift_serverless:1.36::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift-serverless-1/logic-rhel8-operator",
          "product": "RHOSS-1.36-RHEL-8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "1.36.0-18",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:openshift_serverless:1.36::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift-serverless-1/logic-swf-builder-rhel8",
          "product": "RHOSS-1.36-RHEL-8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "1.36.0-11",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:openshift_serverless:1.36::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift-serverless-1/logic-swf-devmode-rhel8",
          "product": "RHOSS-1.36-RHEL-8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "1.36.0-7",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:cert_manager:1.16::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "cert-manager/jetstack-cert-manager-rhel9",
          "product": "cert-manager operator for Red Hat OpenShift 1.16",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "v1.16.5-1760515757",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:openshift_compliance_operator:1::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "compliance/openshift-compliance-openscap-rhel8",
          "product": "OpenShift Compliance Operator 1",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "1.8.0",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:discovery:2::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "discovery/discovery-server-rhel9",
          "product": "Red Hat Discovery 2",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "2.0.0-1752592913",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:discovery:2::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "discovery/discovery-server-rhel9",
          "product": "Red Hat Discovery 2",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "2.2.1-1758555934",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:insights_proxy:1.5::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "insights-proxy/insights-proxy-container-rhel9",
          "product": "Red Hat Insights proxy 1.5",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "1.5.7-1759331989",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:openshift_distributed_tracing:3.6::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "rhosdt/opentelemetry-collector-rhel8",
          "product": "Red Hat OpenShift distributed tracing 3.6.0",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "rhosdt-3.6-1752046452",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:openshift_distributed_tracing:3.6::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "rhosdt/opentelemetry-rhel8-operator",
          "product": "Red Hat OpenShift distributed tracing 3.6.0",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "rhosdt-3.6-1752046437",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:openshift_distributed_tracing:3.6::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "rhosdt/opentelemetry-target-allocator-rhel8",
          "product": "Red Hat OpenShift distributed tracing 3.6.0",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "rhosdt-3.6-1752046439",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:openshift_distributed_tracing:3.6::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "rhosdt/tempo-gateway-opa-rhel8",
          "product": "Red Hat OpenShift distributed tracing 3.6.0",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "rhosdt-3.6-1752070865",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:openshift_distributed_tracing:3.6::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "rhosdt/tempo-gateway-rhel8",
          "product": "Red Hat OpenShift distributed tracing 3.6.0",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "rhosdt-3.6-1752070873",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:openshift_distributed_tracing:3.6::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "rhosdt/tempo-jaeger-query-rhel8",
          "product": "Red Hat OpenShift distributed tracing 3.6.0",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "rhosdt-3.6-1751993590",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:openshift_distributed_tracing:3.6::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "rhosdt/tempo-query-rhel8",
          "product": "Red Hat OpenShift distributed tracing 3.6.0",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "rhosdt-3.6-1752070827",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:openshift_distributed_tracing:3.6::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "rhosdt/tempo-rhel8",
          "product": "Red Hat OpenShift distributed tracing 3.6.0",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "rhosdt-3.6-1752070833",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:openshift_distributed_tracing:3.6::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "rhosdt/tempo-rhel8-operator",
          "product": "Red Hat OpenShift distributed tracing 3.6.0",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "rhosdt-3.6-1752070866",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:confidential_compute_attestation:1.10::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift-sandboxed-containers/osc-cloud-api-adaptor-rhel9",
          "product": "Red Hat OpenShift sandboxed containers 1.1",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "1.10.2-1757422110",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:confidential_compute_attestation:1.10::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift-sandboxed-containers/osc-monitor-rhel9",
          "product": "Red Hat OpenShift sandboxed containers 1.1",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "1.10.2-1757421804",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:confidential_compute_attestation:1.10::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift-sandboxed-containers/osc-podvm-builder-rhel9",
          "product": "Red Hat OpenShift sandboxed containers 1.1",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "1.10.2-1757421879",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:confidential_compute_attestation:1.10::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift-sandboxed-containers/osc-podvm-payload-rhel9",
          "product": "Red Hat OpenShift sandboxed containers 1.1",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "1.10.2-1757422401",
              "versionType": "rpm"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Red Hat would like to thank Olivier BAL-PETRE (ANSSI - French Cybersecurity Agency) for reporting this issue."
        }
      ],
      "datePublic": "2025-06-17T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A flaw was found in linux-pam. The module pam_namespace may use access user-controlled paths without proper protection, allowing local users to elevate their privileges to root via multiple symlink attacks and race conditions."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "namespace": "https://access.redhat.com/security/updates/classification/",
              "value": "Important"
            },
            "type": "Red Hat severity rating"
          }
        },
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-22",
              "description": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-06-02T12:56:26.031Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "RHSA-2025:10024",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:10024"
        },
        {
          "name": "RHSA-2025:10027",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:10027"
        },
        {
          "name": "RHSA-2025:10180",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:10180"
        },
        {
          "name": "RHSA-2025:10354",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:10354"
        },
        {
          "name": "RHSA-2025:10357",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:10357"
        },
        {
          "name": "RHSA-2025:10358",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:10358"
        },
        {
          "name": "RHSA-2025:10359",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:10359"
        },
        {
          "name": "RHSA-2025:10361",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:10361"
        },
        {
          "name": "RHSA-2025:10362",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:10362"
        },
        {
          "name": "RHSA-2025:10735",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:10735"
        },
        {
          "name": "RHSA-2025:10823",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:10823"
        },
        {
          "name": "RHSA-2025:11386",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:11386"
        },
        {
          "name": "RHSA-2025:11487",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:11487"
        },
        {
          "name": "RHSA-2025:14557",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:14557"
        },
        {
          "name": "RHSA-2025:15099",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:15099"
        },
        {
          "name": "RHSA-2025:15709",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:15709"
        },
        {
          "name": "RHSA-2025:15827",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:15827"
        },
        {
          "name": "RHSA-2025:15828",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:15828"
        },
        {
          "name": "RHSA-2025:16524",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:16524"
        },
        {
          "name": "RHSA-2025:17181",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:17181"
        },
        {
          "name": "RHSA-2025:18219",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:18219"
        },
        {
          "name": "RHSA-2025:20181",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:20181"
        },
        {
          "name": "RHSA-2025:21885",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:21885"
        },
        {
          "name": "RHSA-2025:22019",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:22019"
        },
        {
          "name": "RHSA-2025:9526",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:9526"
        },
        {
          "name": "RHSA-2026:0934",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2026:0934"
        },
        {
          "tags": [
            "vdb-entry",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/security/cve/CVE-2025-6020"
        },
        {
          "name": "RHBZ#2372512",
          "tags": [
            "issue-tracking",
            "x_refsource_REDHAT"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2372512"
        },
        {
          "url": "https://github.com/linux-pam/linux-pam/security/advisories/GHSA-f9p8-gjr4-j9gx"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2025-06-12T16:33:01.214Z",
          "value": "Reported to Red Hat."
        },
        {
          "lang": "en",
          "time": "2025-06-17T00:00:00.000Z",
          "value": "Made public."
        }
      ],
      "title": "Linux-pam: linux-pam directory traversal",
      "workarounds": [
        {
          "lang": "en",
          "value": "Disable the `pam_namespace` module if it is not essential for your environment, or carefully review and configure it to avoid operating on any directories or paths that can be influenced or controlled by unprivileged users, such as user home directories or world-writable locations like `/tmp`."
        }
      ],
      "x_generator": {
        "engine": "cvelib 1.8.0"
      },
      "x_redhatCweChain": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2025-6020",
    "datePublished": "2025-06-17T12:44:08.646Z",
    "dateReserved": "2025-06-11T22:38:25.643Z",
    "dateUpdated": "2026-06-02T12:56:26.031Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-6965 (GCVE-0-2025-6965)

Vulnerability from cvelistv5 – Published: 2025-07-15 13:44 – Updated: 2026-04-29 03:55

Title

Integer Truncation on SQLite

Summary

There exists a vulnerability in SQLite versions before 3.50.2 where the number of aggregate terms could exceed the number of columns available. This could lead to a memory corruption issue. We recommend upgrading to version 3.50.2 or above.

Severity

7.2 (High)


                        
                          CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:L/VI:H/VA:L/SC:L/SI:H/SA:L/S:N/AU:N/R:U/V:D/RE:L/U:Green

SSVC

Exploitation: poc Automatable: no Technical Impact: total

CISA Coordinator (v2.0.3)

CWE

CWE-197 - Numeric Truncation Error

Assigner

Google

References

9 references

URL	Tags
https://www.sqlite.org/src/info/5508b56fd24016c13…
http://seclists.org/fulldisclosure/2025/Sep/57
http://seclists.org/fulldisclosure/2025/Sep/56
http://seclists.org/fulldisclosure/2025/Sep/53
http://seclists.org/fulldisclosure/2025/Sep/58
http://seclists.org/fulldisclosure/2025/Sep/49
http://www.openwall.com/lists/oss-security/2025/09/06/1
https://cert-portal.siemens.com/productcert/html/…
https://cert-portal.siemens.com/productcert/html/…

Impacted products

3 products

Vendor	Product	Version
SQLite	SQLite	Affected: 0 , < 3.50.2 (semver)
Siemens	RUGGEDCOM CROSSBOW Station Access Controller (SAC)	Affected: 0 , < V5.8 (custom)
Siemens	SIDIS Prime	Affected: 0 , < V4.0.800 (custom)

Date Public

2025-06-27 22:00

Credits

Vlad Stolyarov of Google's Threat Analysis Group, with assistance from Google Big Sleep

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-6965",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-04-28T00:00:00+00:00",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-04-29T03:55:46.708Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-04T21:14:51.528Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "http://seclists.org/fulldisclosure/2025/Sep/57"
          },
          {
            "url": "http://seclists.org/fulldisclosure/2025/Sep/56"
          },
          {
            "url": "http://seclists.org/fulldisclosure/2025/Sep/53"
          },
          {
            "url": "http://seclists.org/fulldisclosure/2025/Sep/58"
          },
          {
            "url": "http://seclists.org/fulldisclosure/2025/Sep/49"
          },
          {
            "url": "http://www.openwall.com/lists/oss-security/2025/09/06/1"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "affected": [
          {
            "defaultStatus": "unknown",
            "product": "RUGGEDCOM CROSSBOW Station Access Controller (SAC)",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V5.8",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SIDIS Prime",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V4.0.800",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-04-14T08:58:07.313Z",
          "orgId": "0b142b55-0307-4c5a-b3c9-f314f3fb7c5e",
          "shortName": "siemens-SADP"
        },
        "references": [
          {
            "url": "https://cert-portal.siemens.com/productcert/html/ssa-485750.html"
          },
          {
            "url": "https://cert-portal.siemens.com/productcert/html/ssa-225816.html"
          }
        ],
        "x_adpType": "supplier"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://www.sqlite.org/src",
          "defaultStatus": "unaffected",
          "packageName": "expr.c",
          "product": "SQLite",
          "programFiles": [
            "expr.c"
          ],
          "vendor": "SQLite",
          "versions": [
            {
              "lessThan": "3.50.2",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Vlad Stolyarov of Google\u0027s Threat Analysis Group, with assistance from Google Big Sleep"
        }
      ],
      "datePublic": "2025-06-27T22:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "There exists a vulnerability in SQLite versions before 3.50.2 where the number of aggregate terms could exceed the number of columns available. This could lead to a memory corruption issue. We recommend upgrading to version 3.50.2 or above."
            }
          ],
          "value": "There exists a vulnerability in SQLite versions before 3.50.2 where the number of aggregate terms could exceed the number of columns available. This could lead to a memory corruption issue. We recommend upgrading to version 3.50.2 or above."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-679",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-679 Exploitation of Improperly Configured or Implemented Memory Protections"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NO",
            "Recovery": "USER",
            "Safety": "NEGLIGIBLE",
            "attackComplexity": "HIGH",
            "attackRequirements": "PRESENT",
            "attackVector": "NETWORK",
            "baseScore": 7.2,
            "baseSeverity": "HIGH",
            "privilegesRequired": "LOW",
            "providerUrgency": "GREEN",
            "subAvailabilityImpact": "LOW",
            "subConfidentialityImpact": "LOW",
            "subIntegrityImpact": "HIGH",
            "userInteraction": "NONE",
            "valueDensity": "DIFFUSE",
            "vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:L/VI:H/VA:L/SC:L/SI:H/SA:L/S:N/AU:N/R:U/V:D/RE:L/U:Green",
            "version": "4.0",
            "vulnAvailabilityImpact": "LOW",
            "vulnConfidentialityImpact": "LOW",
            "vulnIntegrityImpact": "HIGH",
            "vulnerabilityResponseEffort": "LOW"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-197",
              "description": "CWE-197: Numeric Truncation Error",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-07-15T13:44:00.784Z",
        "orgId": "14ed7db2-1595-443d-9d34-6215bf890778",
        "shortName": "Google"
      },
      "references": [
        {
          "url": "https://www.sqlite.org/src/info/5508b56fd24016c13981ec280ecdd833007c9d8dd595edb295b984c2b487b5c8"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Integer Truncation on SQLite",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "14ed7db2-1595-443d-9d34-6215bf890778",
    "assignerShortName": "Google",
    "cveId": "CVE-2025-6965",
    "datePublished": "2025-07-15T13:44:00.784Z",
    "dateReserved": "2025-07-01T09:19:04.750Z",
    "dateUpdated": "2026-04-29T03:55:46.708Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-7425 (GCVE-0-2025-7425)

Vulnerability from cvelistv5 – Published: 2025-07-10 13:53 – Updated: 2026-06-06 07:56

Title

Libxslt: libxml2: heap use-after-free in libxslt caused by atype corruption in xmlattrptr

Summary

A flaw was found in libxslt where the attribute type, atype, flags are modified in a way that corrupts internal memory management. When XSLT functions, such as the key() process, result in tree fragments, this corruption prevents the proper cleanup of ID attributes. As a result, the system may access freed memory, causing crashes or enabling attackers to trigger heap corruption.

Severity

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H

SSVC

Exploitation: poc Automatable: no Technical Impact: total

CISA Coordinator (v2.0.3)

CWE

CWE-416 - Use After Free

Assigner

redhat

References

43 references

URL	Tags
https://access.redhat.com/errata/RHBA-2025:12345	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2025:12447	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2025:12450	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2025:13267	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2025:13308	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2025:13309	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2025:13310	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2025:13311	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2025:13312	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2025:13313	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2025:13314	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2025:13335	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2025:13464	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2025:13622	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2025:14059	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2025:14396	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2025:14818	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2025:14819	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2025:14853	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2025:14858	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2025:15308	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2025:15672	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2025:15827	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2025:15828	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2025:18219	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2025:21885	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2025:21913	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:0934	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:11503	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2025-7425	vdb-entryx_refsource_REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=2379274	issue-trackingx_refsource_REDHAT
https://gitlab.gnome.org/GNOME/libxslt/-/issues/140
https://lists.debian.org/debian-lts-announce/2025…
http://seclists.org/fulldisclosure/2025/Aug/0
http://seclists.org/fulldisclosure/2025/Jul/37
http://seclists.org/fulldisclosure/2025/Jul/35
http://seclists.org/fulldisclosure/2025/Jul/32
http://seclists.org/fulldisclosure/2025/Jul/30
http://www.openwall.com/lists/oss-security/2025/07/11/2
https://cert-portal.siemens.com/productcert/html/…
https://cert-portal.siemens.com/productcert/html/…
https://cert-portal.siemens.com/productcert/html/…
https://cert-portal.siemens.com/productcert/html/…

Impacted products

66 products

Vendor	Product	Version
GNOME	libxml2	Affected: 0 , < 2.15.2 (semver)
Red Hat	Red Hat Enterprise Linux 10	Unaffected: 0:2.12.5-8.el10_0 , < * (rpm) cpe:/o:redhat:enterprise_linux:10.0
Red Hat	Red Hat Enterprise Linux 10	Unaffected: 0:1.1.39-8.el10_0 , < * (rpm) cpe:/o:redhat:enterprise_linux:10.0
Red Hat	Red Hat Enterprise Linux 7 Extended Lifecycle Support	Unaffected: 0:2.9.1-6.el7_9.12 , < * (rpm) cpe:/o:redhat:rhel_els:7
Red Hat	Red Hat Enterprise Linux 8	Unaffected: 0:2.9.7-21.el8_10.2 , < * (rpm) cpe:/a:redhat:enterprise_linux:8::appstream cpe:/o:redhat:enterprise_linux:8::baseos
Red Hat	Red Hat Enterprise Linux 8.2 Advanced Update Support	Unaffected: 0:2.9.7-9.el8_2.4 , < * (rpm) cpe:/a:redhat:rhel_aus:8.2::appstream cpe:/o:redhat:rhel_aus:8.2::baseos
Red Hat	Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support	Unaffected: 0:2.9.7-9.el8_4.7 , < * (rpm) cpe:/a:redhat:rhel_aus:8.4::appstream cpe:/a:redhat:rhel_eus_long_life:8.4::appstream cpe:/o:redhat:rhel_aus:8.4::baseos cpe:/o:redhat:rhel_eus_long_life:8.4::baseos
Red Hat	Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On	Unaffected: 0:2.9.7-9.el8_4.7 , < * (rpm) cpe:/a:redhat:rhel_aus:8.4::appstream cpe:/a:redhat:rhel_eus_long_life:8.4::appstream cpe:/o:redhat:rhel_aus:8.4::baseos cpe:/o:redhat:rhel_eus_long_life:8.4::baseos
Red Hat	Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support	Unaffected: 0:2.9.7-13.el8_6.11 , < * (rpm) cpe:/a:redhat:rhel_aus:8.6::appstream cpe:/a:redhat:rhel_e4s:8.6::appstream cpe:/a:redhat:rhel_tus:8.6::appstream cpe:/o:redhat:rhel_aus:8.6::baseos cpe:/o:redhat:rhel_e4s:8.6::baseos cpe:/o:redhat:rhel_tus:8.6::baseos
Red Hat	Red Hat Enterprise Linux 8.6 Telecommunications Update Service	Unaffected: 0:2.9.7-13.el8_6.11 , < * (rpm) cpe:/a:redhat:rhel_aus:8.6::appstream cpe:/a:redhat:rhel_e4s:8.6::appstream cpe:/a:redhat:rhel_tus:8.6::appstream cpe:/o:redhat:rhel_aus:8.6::baseos cpe:/o:redhat:rhel_e4s:8.6::baseos cpe:/o:redhat:rhel_tus:8.6::baseos
Red Hat	Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions	Unaffected: 0:2.9.7-13.el8_6.11 , < * (rpm) cpe:/a:redhat:rhel_aus:8.6::appstream cpe:/a:redhat:rhel_e4s:8.6::appstream cpe:/a:redhat:rhel_tus:8.6::appstream cpe:/o:redhat:rhel_aus:8.6::baseos cpe:/o:redhat:rhel_e4s:8.6::baseos cpe:/o:redhat:rhel_tus:8.6::baseos
Red Hat	Red Hat Enterprise Linux 8.8 Telecommunications Update Service	Unaffected: 0:2.9.7-16.el8_8.10 , < * (rpm) cpe:/a:redhat:rhel_e4s:8.8::appstream cpe:/a:redhat:rhel_tus:8.8::appstream cpe:/o:redhat:rhel_e4s:8.8::baseos cpe:/o:redhat:rhel_tus:8.8::baseos
Red Hat	Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions	Unaffected: 0:2.9.7-16.el8_8.10 , < * (rpm) cpe:/a:redhat:rhel_e4s:8.8::appstream cpe:/a:redhat:rhel_tus:8.8::appstream cpe:/o:redhat:rhel_e4s:8.8::baseos cpe:/o:redhat:rhel_tus:8.8::baseos
Red Hat	Red Hat Enterprise Linux 9	Unaffected: 0:2.9.13-11.el9_6 , < * (rpm) cpe:/a:redhat:enterprise_linux:9::appstream cpe:/o:redhat:enterprise_linux:9::baseos
Red Hat	Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions	Unaffected: 0:2.9.13-1.el9_0.6 , < * (rpm) cpe:/a:redhat:rhel_e4s:9.0::appstream cpe:/o:redhat:rhel_e4s:9.0::baseos
Red Hat	Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions	Unaffected: 0:2.9.13-3.el9_2.8 , < * (rpm) cpe:/a:redhat:rhel_e4s:9.2::appstream cpe:/o:redhat:rhel_e4s:9.2::baseos
Red Hat	Red Hat Enterprise Linux 9.4 Extended Update Support	Unaffected: 0:2.9.13-11.el9_4 , < * (rpm) cpe:/a:redhat:rhel_eus:9.4::appstream cpe:/o:redhat:rhel_eus:9.4::baseos
Red Hat	Red Hat OpenShift Container Platform 4.12	Unaffected: 412.86.202509030110-0 , < * (rpm) cpe:/a:redhat:openshift:4.12::el8
Red Hat	Red Hat OpenShift Container Platform 4.13	Unaffected: 413.92.202509030117-0 , < * (rpm) cpe:/a:redhat:openshift:4.13::el9
Red Hat	Red Hat OpenShift Container Platform 4.14	Unaffected: 414.92.202508270040-0 , < * (rpm) cpe:/a:redhat:openshift:4.14::el9
Red Hat	Red Hat OpenShift Container Platform 4.15	Unaffected: 415.92.202508192014-0 , < * (rpm) cpe:/a:redhat:openshift:4.15::el9
Red Hat	Red Hat OpenShift Container Platform 4.16	Unaffected: 416.94.202508261955-0 , < * (rpm) cpe:/a:redhat:openshift:4.16::el9
Red Hat	Red Hat OpenShift Container Platform 4.17	Unaffected: 417.94.202508141510-0 , < * (rpm) cpe:/a:redhat:openshift:4.17::el9
Red Hat	Red Hat OpenShift Container Platform 4.18	Unaffected: 418.94.202508261658-0 , < * (rpm) cpe:/a:redhat:openshift:4.18::el9
Red Hat	Red Hat OpenShift Container Platform 4.19	Unaffected: 4.19.9.6.202508271124-0 , < * (rpm) cpe:/a:redhat:openshift:4.19::el9
Red Hat	Red Hat Web Terminal 1.11 on RHEL 9	Unaffected: 1.11-19 , < * (rpm) cpe:/a:redhat:webterminal:1.11::el9
Red Hat	Red Hat Web Terminal 1.11 on RHEL 9	Unaffected: 1.11-8 , < * (rpm) cpe:/a:redhat:webterminal:1.11::el9
Red Hat	Red Hat Web Terminal 1.12 on RHEL 9	Unaffected: 1.12-4 , < * (rpm) cpe:/a:redhat:webterminal:1.12::el9
Red Hat	RHOSS-1.36-RHEL-8	Unaffected: 1.36.0-11 , < * (rpm) cpe:/a:redhat:openshift_serverless:1.36::el8
Red Hat	RHOSS-1.36-RHEL-8	Unaffected: 1.36.0-10 , < * (rpm) cpe:/a:redhat:openshift_serverless:1.36::el8
Red Hat	RHOSS-1.36-RHEL-8	Unaffected: 1.36.0-4 , < * (rpm) cpe:/a:redhat:openshift_serverless:1.36::el8
Red Hat	RHOSS-1.36-RHEL-8	Unaffected: 1.36.0-9 , < * (rpm) cpe:/a:redhat:openshift_serverless:1.36::el8
Red Hat	RHOSS-1.36-RHEL-8	Unaffected: 1.36.0-12 , < * (rpm) cpe:/a:redhat:openshift_serverless:1.36::el8
Red Hat	RHOSS-1.36-RHEL-8	Unaffected: 1.36.0-18 , < * (rpm) cpe:/a:redhat:openshift_serverless:1.36::el8
Red Hat	RHOSS-1.36-RHEL-8	Unaffected: 1.36.0-7 , < * (rpm) cpe:/a:redhat:openshift_serverless:1.36::el8
Red Hat	cert-manager operator for Red Hat OpenShift 1.16	Unaffected: v1.16.5-1760515757 , < * (rpm) cpe:/a:redhat:cert_manager:1.16::el9
Red Hat	OpenShift Compliance Operator 1	Unaffected: 1.8.0 , < * (rpm) cpe:/a:redhat:openshift_compliance_operator:1::el9
Red Hat	OpenShift File Integrity Operator - FIO 1	Unaffected: v1.3 , < * (rpm) cpe:/a:redhat:openshift_file_integrity_operator:1::el9
Red Hat	Red Hat Discovery 2	Unaffected: 2.0.1-1754478727 , < * (rpm) cpe:/a:redhat:discovery:2::el9
Red Hat	Red Hat Hardened Images	Unaffected: 2.15.3-0.1.hum1 , < * (rpm) cpe:/a:redhat:hummingbird:1
Red Hat	Red Hat Insights proxy 1.5	Unaffected: 1.5.5-1754504343 , < * (rpm) cpe:/a:redhat:insights_proxy:1.5::el9
Red Hat	Red Hat OpenShift distributed tracing 3.5.1	Unaffected: rhosdt-3.5-1754559657 , < * (rpm) cpe:/a:redhat:openshift_distributed_tracing:3.5::el8
Red Hat	Red Hat OpenShift distributed tracing 3.5.1	Unaffected: rhosdt-3.5-1754559845 , < * (rpm) cpe:/a:redhat:openshift_distributed_tracing:3.5::el8
Red Hat	Red Hat OpenShift distributed tracing 3.5.1	Unaffected: rhosdt-3.5-1754559691 , < * (rpm) cpe:/a:redhat:openshift_distributed_tracing:3.5::el8
Red Hat	Red Hat OpenShift distributed tracing 3.5.1	Unaffected: rhosdt-3.5-1754559660 , < * (rpm) cpe:/a:redhat:openshift_distributed_tracing:3.5::el8
Red Hat	Red Hat OpenShift distributed tracing 3.5.1	Unaffected: rhosdt-3.5-1754559663 , < * (rpm) cpe:/a:redhat:openshift_distributed_tracing:3.5::el8
Red Hat	Red Hat OpenShift distributed tracing 3.5.1	Unaffected: rhosdt-3.5-1754569861 , < * (rpm) cpe:/a:redhat:openshift_distributed_tracing:3.5::el8
Red Hat	Red Hat OpenShift distributed tracing 3.5.1	Unaffected: rhosdt-3.5-1754559846 , < * (rpm) cpe:/a:redhat:openshift_distributed_tracing:3.5::el8
Red Hat	Red Hat OpenShift distributed tracing 3.5.1	Unaffected: rhosdt-3.5-1754559651 , < * (rpm) cpe:/a:redhat:openshift_distributed_tracing:3.5::el8
Red Hat	Red Hat Enterprise Linux 6	cpe:/o:redhat:enterprise_linux:6
Siemens	RUGGEDCOM ROX MX5000	Affected: 0 , < V2.17.1 (custom)
Siemens	RUGGEDCOM ROX MX5000RE	Affected: 0 , < V2.17.1 (custom)
Siemens	RUGGEDCOM ROX RX1400	Affected: 0 , < V2.17.1 (custom)
Siemens	RUGGEDCOM ROX RX1500	Affected: 0 , < V2.17.1 (custom)
Siemens	RUGGEDCOM ROX RX1501	Affected: 0 , < V2.17.1 (custom)
Siemens	RUGGEDCOM ROX RX1510	Affected: 0 , < V2.17.1 (custom)
Siemens	RUGGEDCOM ROX RX1511	Affected: 0 , < V2.17.1 (custom)
Siemens	RUGGEDCOM ROX RX1512	Affected: 0 , < V2.17.1 (custom)
Siemens	RUGGEDCOM ROX RX1524	Affected: 0 , < V2.17.1 (custom)
Siemens	RUGGEDCOM ROX RX1536	Affected: 0 , < V2.17.1 (custom)
Siemens	RUGGEDCOM ROX RX5000	Affected: 0 , < V2.17.1 (custom)
Siemens	SIMATIC CN 4100	Affected: 0 , < V5.0 (custom)
Siemens	SIMATIC S7-1500 CPU 1518-4 PN/DP MFP	Affected: V3.1.5 , < * (custom)
Siemens	SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP	Affected: V3.1.5 , < * (custom)
Siemens	SIMATIC S7-1500 TM MFP - GNU/Linux subsystem	Affected: 0 , < * (custom)
Siemens	SIPLUS S7-1500 CPU 1518-4 PN/DP MFP	Affected: V3.1.5 , < * (custom)

Date Public

2025-07-10 00:00

Credits

Red Hat would like to thank Sergei Glazunov (Google Project Zero) for reporting this issue.

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-7425",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-07-10T15:21:27.766014Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-07-10T15:21:30.858Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "exploit"
            ],
            "url": "https://gitlab.gnome.org/GNOME/libxslt/-/issues/140"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-04T21:14:55.508Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/09/msg00035.html"
          },
          {
            "url": "http://seclists.org/fulldisclosure/2025/Aug/0"
          },
          {
            "url": "http://seclists.org/fulldisclosure/2025/Jul/37"
          },
          {
            "url": "http://seclists.org/fulldisclosure/2025/Jul/35"
          },
          {
            "url": "http://seclists.org/fulldisclosure/2025/Jul/32"
          },
          {
            "url": "http://seclists.org/fulldisclosure/2025/Jul/30"
          },
          {
            "url": "http://www.openwall.com/lists/oss-security/2025/07/11/2"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "affected": [
          {
            "defaultStatus": "unknown",
            "product": "RUGGEDCOM ROX MX5000",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V2.17.1",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "RUGGEDCOM ROX MX5000RE",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V2.17.1",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "RUGGEDCOM ROX RX1400",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V2.17.1",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "RUGGEDCOM ROX RX1500",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V2.17.1",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "RUGGEDCOM ROX RX1501",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V2.17.1",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "RUGGEDCOM ROX RX1510",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V2.17.1",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "RUGGEDCOM ROX RX1511",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V2.17.1",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "RUGGEDCOM ROX RX1512",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V2.17.1",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "RUGGEDCOM ROX RX1524",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V2.17.1",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "RUGGEDCOM ROX RX1536",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V2.17.1",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "RUGGEDCOM ROX RX5000",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V2.17.1",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SIMATIC CN 4100",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V5.0",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SIMATIC S7-1500 CPU 1518-4 PN/DP MFP",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "*",
                "status": "affected",
                "version": "V3.1.5",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SIMATIC S7-1500 CPU 1518-4 PN/DP MFP",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "*",
                "status": "affected",
                "version": "V3.1.5",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "*",
                "status": "affected",
                "version": "V3.1.5",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "*",
                "status": "affected",
                "version": "V3.1.5",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SIMATIC S7-1500 TM MFP - GNU/Linux subsystem",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SIPLUS S7-1500 CPU 1518-4 PN/DP MFP",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "*",
                "status": "affected",
                "version": "V3.1.5",
                "versionType": "custom"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-05-12T12:02:33.327Z",
          "orgId": "0b142b55-0307-4c5a-b3c9-f314f3fb7c5e",
          "shortName": "siemens-SADP"
        },
        "references": [
          {
            "url": "https://cert-portal.siemens.com/productcert/html/ssa-265688.html"
          },
          {
            "url": "https://cert-portal.siemens.com/productcert/html/ssa-082556.html"
          },
          {
            "url": "https://cert-portal.siemens.com/productcert/html/ssa-577017.html"
          },
          {
            "url": "https://cert-portal.siemens.com/productcert/html/ssa-032379.html"
          }
        ],
        "x_adpType": "supplier"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://gitlab.gnome.org/GNOME/libxml2/",
          "defaultStatus": "unaffected",
          "packageName": "libxml2",
          "product": "libxml2",
          "vendor": "GNOME",
          "versions": [
            {
              "lessThan": "2.15.2",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:10.0"
          ],
          "defaultStatus": "affected",
          "packageName": "libxml2",
          "product": "Red Hat Enterprise Linux 10",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.12.5-8.el10_0",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:10.0"
          ],
          "defaultStatus": "affected",
          "packageName": "libxslt",
          "product": "Red Hat Enterprise Linux 10",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.1.39-8.el10_0",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:rhel_els:7"
          ],
          "defaultStatus": "affected",
          "packageName": "libxml2",
          "product": "Red Hat Enterprise Linux 7 Extended Lifecycle Support",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.9.1-6.el7_9.12",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:enterprise_linux:8::appstream",
            "cpe:/o:redhat:enterprise_linux:8::baseos"
          ],
          "defaultStatus": "affected",
          "packageName": "libxml2",
          "product": "Red Hat Enterprise Linux 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.9.7-21.el8_10.2",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:enterprise_linux:8::appstream",
            "cpe:/o:redhat:enterprise_linux:8::baseos"
          ],
          "defaultStatus": "affected",
          "packageName": "libxml2",
          "product": "Red Hat Enterprise Linux 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.9.7-21.el8_10.2",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:rhel_aus:8.2::appstream",
            "cpe:/o:redhat:rhel_aus:8.2::baseos"
          ],
          "defaultStatus": "affected",
          "packageName": "libxml2",
          "product": "Red Hat Enterprise Linux 8.2 Advanced Update Support",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.9.7-9.el8_2.4",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:rhel_aus:8.4::appstream",
            "cpe:/a:redhat:rhel_eus_long_life:8.4::appstream",
            "cpe:/o:redhat:rhel_aus:8.4::baseos",
            "cpe:/o:redhat:rhel_eus_long_life:8.4::baseos"
          ],
          "defaultStatus": "affected",
          "packageName": "libxml2",
          "product": "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.9.7-9.el8_4.7",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:rhel_aus:8.4::appstream",
            "cpe:/a:redhat:rhel_eus_long_life:8.4::appstream",
            "cpe:/o:redhat:rhel_aus:8.4::baseos",
            "cpe:/o:redhat:rhel_eus_long_life:8.4::baseos"
          ],
          "defaultStatus": "affected",
          "packageName": "libxml2",
          "product": "Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.9.7-9.el8_4.7",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:rhel_aus:8.6::appstream",
            "cpe:/a:redhat:rhel_e4s:8.6::appstream",
            "cpe:/a:redhat:rhel_tus:8.6::appstream",
            "cpe:/o:redhat:rhel_aus:8.6::baseos",
            "cpe:/o:redhat:rhel_e4s:8.6::baseos",
            "cpe:/o:redhat:rhel_tus:8.6::baseos"
          ],
          "defaultStatus": "affected",
          "packageName": "libxml2",
          "product": "Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.9.7-13.el8_6.11",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:rhel_aus:8.6::appstream",
            "cpe:/a:redhat:rhel_e4s:8.6::appstream",
            "cpe:/a:redhat:rhel_tus:8.6::appstream",
            "cpe:/o:redhat:rhel_aus:8.6::baseos",
            "cpe:/o:redhat:rhel_e4s:8.6::baseos",
            "cpe:/o:redhat:rhel_tus:8.6::baseos"
          ],
          "defaultStatus": "affected",
          "packageName": "libxml2",
          "product": "Red Hat Enterprise Linux 8.6 Telecommunications Update Service",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.9.7-13.el8_6.11",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:rhel_aus:8.6::appstream",
            "cpe:/a:redhat:rhel_e4s:8.6::appstream",
            "cpe:/a:redhat:rhel_tus:8.6::appstream",
            "cpe:/o:redhat:rhel_aus:8.6::baseos",
            "cpe:/o:redhat:rhel_e4s:8.6::baseos",
            "cpe:/o:redhat:rhel_tus:8.6::baseos"
          ],
          "defaultStatus": "affected",
          "packageName": "libxml2",
          "product": "Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.9.7-13.el8_6.11",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:rhel_e4s:8.8::appstream",
            "cpe:/a:redhat:rhel_tus:8.8::appstream",
            "cpe:/o:redhat:rhel_e4s:8.8::baseos",
            "cpe:/o:redhat:rhel_tus:8.8::baseos"
          ],
          "defaultStatus": "affected",
          "packageName": "libxml2",
          "product": "Red Hat Enterprise Linux 8.8 Telecommunications Update Service",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.9.7-16.el8_8.10",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:rhel_e4s:8.8::appstream",
            "cpe:/a:redhat:rhel_tus:8.8::appstream",
            "cpe:/o:redhat:rhel_e4s:8.8::baseos",
            "cpe:/o:redhat:rhel_tus:8.8::baseos"
          ],
          "defaultStatus": "affected",
          "packageName": "libxml2",
          "product": "Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.9.7-16.el8_8.10",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:enterprise_linux:9::appstream",
            "cpe:/o:redhat:enterprise_linux:9::baseos"
          ],
          "defaultStatus": "affected",
          "packageName": "libxml2",
          "product": "Red Hat Enterprise Linux 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.9.13-11.el9_6",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:enterprise_linux:9::appstream",
            "cpe:/o:redhat:enterprise_linux:9::baseos"
          ],
          "defaultStatus": "affected",
          "packageName": "libxml2",
          "product": "Red Hat Enterprise Linux 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.9.13-11.el9_6",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:rhel_e4s:9.0::appstream",
            "cpe:/o:redhat:rhel_e4s:9.0::baseos"
          ],
          "defaultStatus": "affected",
          "packageName": "libxml2",
          "product": "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.9.13-1.el9_0.6",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:rhel_e4s:9.2::appstream",
            "cpe:/o:redhat:rhel_e4s:9.2::baseos"
          ],
          "defaultStatus": "affected",
          "packageName": "libxml2",
          "product": "Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.9.13-3.el9_2.8",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:rhel_eus:9.4::appstream",
            "cpe:/o:redhat:rhel_eus:9.4::baseos"
          ],
          "defaultStatus": "affected",
          "packageName": "libxml2",
          "product": "Red Hat Enterprise Linux 9.4 Extended Update Support",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.9.13-11.el9_4",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:openshift:4.12::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "rhcos",
          "product": "Red Hat OpenShift Container Platform 4.12",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "412.86.202509030110-0",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:openshift:4.13::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rhcos",
          "product": "Red Hat OpenShift Container Platform 4.13",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "413.92.202509030117-0",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:openshift:4.14::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rhcos",
          "product": "Red Hat OpenShift Container Platform 4.14",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "414.92.202508270040-0",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:openshift:4.15::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rhcos",
          "product": "Red Hat OpenShift Container Platform 4.15",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "415.92.202508192014-0",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:openshift:4.16::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rhcos",
          "product": "Red Hat OpenShift Container Platform 4.16",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "416.94.202508261955-0",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:openshift:4.17::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rhcos",
          "product": "Red Hat OpenShift Container Platform 4.17",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "417.94.202508141510-0",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:openshift:4.18::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rhcos",
          "product": "Red Hat OpenShift Container Platform 4.18",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "418.94.202508261658-0",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:openshift:4.19::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rhcos",
          "product": "Red Hat OpenShift Container Platform 4.19",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "4.19.9.6.202508271124-0",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:webterminal:1.11::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "web-terminal/web-terminal-rhel9-operator",
          "product": "Red Hat Web Terminal 1.11 on RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "1.11-19",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:webterminal:1.11::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "web-terminal/web-terminal-tooling-rhel9",
          "product": "Red Hat Web Terminal 1.11 on RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "1.11-8",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:webterminal:1.12::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "web-terminal/web-terminal-tooling-rhel9",
          "product": "Red Hat Web Terminal 1.12 on RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "1.12-4",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:openshift_serverless:1.36::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift-serverless-1/logic-data-index-ephemeral-rhel8",
          "product": "RHOSS-1.36-RHEL-8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "1.36.0-11",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:openshift_serverless:1.36::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift-serverless-1/logic-data-index-postgresql-rhel8",
          "product": "RHOSS-1.36-RHEL-8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "1.36.0-11",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:openshift_serverless:1.36::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift-serverless-1/logic-db-migrator-tool-rhel8",
          "product": "RHOSS-1.36-RHEL-8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "1.36.0-11",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:openshift_serverless:1.36::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift-serverless-1/logic-jobs-service-ephemeral-rhel8",
          "product": "RHOSS-1.36-RHEL-8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "1.36.0-10",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:openshift_serverless:1.36::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift-serverless-1/logic-jobs-service-postgresql-rhel8",
          "product": "RHOSS-1.36-RHEL-8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "1.36.0-10",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:openshift_serverless:1.36::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8",
          "product": "RHOSS-1.36-RHEL-8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "1.36.0-4",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:openshift_serverless:1.36::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift-serverless-1/logic-management-console-rhel8",
          "product": "RHOSS-1.36-RHEL-8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "1.36.0-9",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:openshift_serverless:1.36::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift-serverless-1/logic-operator-bundle",
          "product": "RHOSS-1.36-RHEL-8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "1.36.0-12",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:openshift_serverless:1.36::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift-serverless-1/logic-rhel8-operator",
          "product": "RHOSS-1.36-RHEL-8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "1.36.0-18",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:openshift_serverless:1.36::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift-serverless-1/logic-swf-builder-rhel8",
          "product": "RHOSS-1.36-RHEL-8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "1.36.0-11",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:openshift_serverless:1.36::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift-serverless-1/logic-swf-devmode-rhel8",
          "product": "RHOSS-1.36-RHEL-8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "1.36.0-7",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:cert_manager:1.16::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "cert-manager/jetstack-cert-manager-rhel9",
          "product": "cert-manager operator for Red Hat OpenShift 1.16",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "v1.16.5-1760515757",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:openshift_compliance_operator:1::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "compliance/openshift-compliance-must-gather-rhel8",
          "product": "OpenShift Compliance Operator 1",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "1.8.0",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:openshift_compliance_operator:1::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "compliance/openshift-compliance-openscap-rhel8",
          "product": "OpenShift Compliance Operator 1",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "1.8.0",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:openshift_compliance_operator:1::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "compliance/openshift-compliance-rhel8-operator",
          "product": "OpenShift Compliance Operator 1",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "1.8.0",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:openshift_file_integrity_operator:1::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "compliance/openshift-file-integrity-rhel8-operator",
          "product": "OpenShift File Integrity Operator - FIO 1",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "v1.3",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:discovery:2::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "discovery/discovery-server-rhel9",
          "product": "Red Hat Discovery 2",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "2.0.1-1754478727",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:hummingbird:1"
          ],
          "defaultStatus": "affected",
          "packageName": "libxml2-main",
          "product": "Red Hat Hardened Images",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "2.15.3-0.1.hum1",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:insights_proxy:1.5::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "insights-proxy/insights-proxy-container-rhel9",
          "product": "Red Hat Insights proxy 1.5",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "1.5.5-1754504343",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:openshift_distributed_tracing:3.5::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "rhosdt/jaeger-agent-rhel8",
          "product": "Red Hat OpenShift distributed tracing 3.5.1",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "rhosdt-3.5-1754559657",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:openshift_distributed_tracing:3.5::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "rhosdt/jaeger-all-in-one-rhel8",
          "product": "Red Hat OpenShift distributed tracing 3.5.1",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "rhosdt-3.5-1754559845",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:openshift_distributed_tracing:3.5::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "rhosdt/jaeger-collector-rhel8",
          "product": "Red Hat OpenShift distributed tracing 3.5.1",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "rhosdt-3.5-1754559691",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:openshift_distributed_tracing:3.5::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "rhosdt/jaeger-es-index-cleaner-rhel8",
          "product": "Red Hat OpenShift distributed tracing 3.5.1",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "rhosdt-3.5-1754559660",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:openshift_distributed_tracing:3.5::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "rhosdt/jaeger-es-rollover-rhel8",
          "product": "Red Hat OpenShift distributed tracing 3.5.1",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "rhosdt-3.5-1754559663",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:openshift_distributed_tracing:3.5::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "rhosdt/jaeger-ingester-rhel8",
          "product": "Red Hat OpenShift distributed tracing 3.5.1",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "rhosdt-3.5-1754559657",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:openshift_distributed_tracing:3.5::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "rhosdt/jaeger-operator-bundle",
          "product": "Red Hat OpenShift distributed tracing 3.5.1",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "rhosdt-3.5-1754569861",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:openshift_distributed_tracing:3.5::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "rhosdt/jaeger-query-rhel8",
          "product": "Red Hat OpenShift distributed tracing 3.5.1",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "rhosdt-3.5-1754559846",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:openshift_distributed_tracing:3.5::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "rhosdt/jaeger-rhel8-operator",
          "product": "Red Hat OpenShift distributed tracing 3.5.1",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "rhosdt-3.5-1754559651",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:6"
          ],
          "defaultStatus": "unknown",
          "packageName": "libxslt",
          "product": "Red Hat Enterprise Linux 6",
          "vendor": "Red Hat"
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Red Hat would like to thank Sergei Glazunov (Google Project Zero) for reporting this issue."
        }
      ],
      "datePublic": "2025-07-10T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A flaw was found in libxslt where the attribute type, atype, flags are modified in a way that corrupts internal memory management. When XSLT functions, such as the key() process, result in tree fragments, this corruption prevents the proper cleanup of ID attributes. As a result, the system may access freed memory, causing crashes or enabling attackers to trigger heap corruption."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "namespace": "https://access.redhat.com/security/updates/classification/",
              "value": "Important"
            },
            "type": "Red Hat severity rating"
          }
        },
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-416",
              "description": "Use After Free",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-06-06T07:56:14.688Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "RHBA-2025:12345",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHBA-2025:12345"
        },
        {
          "name": "RHSA-2025:12447",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:12447"
        },
        {
          "name": "RHSA-2025:12450",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:12450"
        },
        {
          "name": "RHSA-2025:13267",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:13267"
        },
        {
          "name": "RHSA-2025:13308",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:13308"
        },
        {
          "name": "RHSA-2025:13309",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:13309"
        },
        {
          "name": "RHSA-2025:13310",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:13310"
        },
        {
          "name": "RHSA-2025:13311",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:13311"
        },
        {
          "name": "RHSA-2025:13312",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:13312"
        },
        {
          "name": "RHSA-2025:13313",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:13313"
        },
        {
          "name": "RHSA-2025:13314",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:13314"
        },
        {
          "name": "RHSA-2025:13335",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:13335"
        },
        {
          "name": "RHSA-2025:13464",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:13464"
        },
        {
          "name": "RHSA-2025:13622",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:13622"
        },
        {
          "name": "RHSA-2025:14059",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:14059"
        },
        {
          "name": "RHSA-2025:14396",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:14396"
        },
        {
          "name": "RHSA-2025:14818",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:14818"
        },
        {
          "name": "RHSA-2025:14819",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:14819"
        },
        {
          "name": "RHSA-2025:14853",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:14853"
        },
        {
          "name": "RHSA-2025:14858",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:14858"
        },
        {
          "name": "RHSA-2025:15308",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:15308"
        },
        {
          "name": "RHSA-2025:15672",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:15672"
        },
        {
          "name": "RHSA-2025:15827",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:15827"
        },
        {
          "name": "RHSA-2025:15828",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:15828"
        },
        {
          "name": "RHSA-2025:18219",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:18219"
        },
        {
          "name": "RHSA-2025:21885",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:21885"
        },
        {
          "name": "RHSA-2025:21913",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:21913"
        },
        {
          "name": "RHSA-2026:0934",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2026:0934"
        },
        {
          "name": "RHSA-2026:11503",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2026:11503"
        },
        {
          "tags": [
            "vdb-entry",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/security/cve/CVE-2025-7425"
        },
        {
          "name": "RHBZ#2379274",
          "tags": [
            "issue-tracking",
            "x_refsource_REDHAT"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2379274"
        },
        {
          "url": "https://gitlab.gnome.org/GNOME/libxslt/-/issues/140"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2025-07-10T09:37:28.172Z",
          "value": "Reported to Red Hat."
        },
        {
          "lang": "en",
          "time": "2025-07-10T00:00:00.000Z",
          "value": "Made public."
        }
      ],
      "title": "Libxslt: libxml2: heap use-after-free in libxslt caused by atype corruption in xmlattrptr",
      "workarounds": [
        {
          "lang": "en",
          "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
        }
      ],
      "x_generator": {
        "engine": "cvelib 1.8.0"
      },
      "x_redhatCweChain": "CWE-416: Use After Free"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2025-7425",
    "datePublished": "2025-07-10T13:53:37.295Z",
    "dateReserved": "2025-07-10T08:44:06.287Z",
    "dateUpdated": "2026-06-06T07:56:14.688Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-8941 (GCVE-0-2025-8941)

Vulnerability from cvelistv5 – Published: 2025-08-13 14:42 – Updated: 2026-02-26 17:48

Title

Linux-pam: incomplete fix for cve-2025-6020

Summary

A flaw was found in linux-pam. The pam_namespace module may improperly handle user-controlled paths, allowing local users to exploit symlink attacks and race conditions to elevate their privileges to root. This CVE provides a "complete" fix for CVE-2025-6020.

Severity

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

SSVC

Exploitation: none Automatable: no Technical Impact: total

CISA Coordinator (v2.0.3)

CWE

CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Assigner

redhat

References

19 references

URL	Tags
https://access.redhat.com/errata/RHSA-2025:14557	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2025:15099	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2025:15100	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2025:15101	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2025:15102	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2025:15103	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2025:15104	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2025:15105	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2025:15106	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2025:15107	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2025:15709	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2025:15827	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2025:15828	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2025:16524	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2025:17181	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2025:18219	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2025:21885	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2025-8941	vdb-entryx_refsource_REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=2388220	issue-trackingx_refsource_REDHAT

Impacted products

26 products

Vendor	Product	Version

Red Hat	Red Hat Enterprise Linux 7 Extended Lifecycle Support	Unaffected: 0:1.1.8-23.el7_9.2 , < * (rpm) cpe:/o:redhat:rhel_els:7
Red Hat	Red Hat Enterprise Linux 8	Unaffected: 0:1.3.1-38.el8_10 , < * (rpm) cpe:/o:redhat:enterprise_linux:8::baseos
Red Hat	Red Hat Enterprise Linux 8.2 Advanced Update Support	Unaffected: 0:1.3.1-8.el8_2.2 , < * (rpm) cpe:/o:redhat:rhel_aus:8.2::baseos
Red Hat	Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support	Unaffected: 0:1.3.1-14.el8_4.2 , < * (rpm) cpe:/o:redhat:rhel_eus_long_life:8.4::baseos cpe:/o:redhat:rhel_aus:8.4::baseos
Red Hat	Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On	Unaffected: 0:1.3.1-14.el8_4.2 , < * (rpm) cpe:/o:redhat:rhel_eus_long_life:8.4::baseos cpe:/o:redhat:rhel_aus:8.4::baseos
Red Hat	Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support	Unaffected: 0:1.3.1-16.el8_6.3 , < * (rpm) cpe:/o:redhat:rhel_e4s:8.6::baseos cpe:/o:redhat:rhel_tus:8.6::baseos cpe:/o:redhat:rhel_aus:8.6::baseos
Red Hat	Red Hat Enterprise Linux 8.6 Telecommunications Update Service	Unaffected: 0:1.3.1-16.el8_6.3 , < * (rpm) cpe:/o:redhat:rhel_e4s:8.6::baseos cpe:/o:redhat:rhel_tus:8.6::baseos cpe:/o:redhat:rhel_aus:8.6::baseos
Red Hat	Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions	Unaffected: 0:1.3.1-16.el8_6.3 , < * (rpm) cpe:/o:redhat:rhel_e4s:8.6::baseos cpe:/o:redhat:rhel_tus:8.6::baseos cpe:/o:redhat:rhel_aus:8.6::baseos
Red Hat	Red Hat Enterprise Linux 8.8 Telecommunications Update Service	Unaffected: 0:1.3.1-26.el8_8.2 , < * (rpm) cpe:/o:redhat:rhel_e4s:8.8::baseos cpe:/o:redhat:rhel_tus:8.8::baseos
Red Hat	Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions	Unaffected: 0:1.3.1-26.el8_8.2 , < * (rpm) cpe:/o:redhat:rhel_e4s:8.8::baseos cpe:/o:redhat:rhel_tus:8.8::baseos
Red Hat	Red Hat Enterprise Linux 9	Unaffected: 0:1.5.1-26.el9_6 , < * (rpm) cpe:/a:redhat:enterprise_linux:9::appstream cpe:/o:redhat:enterprise_linux:9::baseos
Red Hat	Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions	Unaffected: 0:1.5.1-9.el9_0.3 , < * (rpm) cpe:/a:redhat:rhel_e4s:9.0::appstream cpe:/o:redhat:rhel_e4s:9.0::baseos
Red Hat	Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions	Unaffected: 0:1.5.1-15.el9_2.2 , < * (rpm) cpe:/a:redhat:rhel_e4s:9.2::appstream cpe:/o:redhat:rhel_e4s:9.2::baseos
Red Hat	Red Hat Enterprise Linux 9.4 Extended Update Support	Unaffected: 0:1.5.1-24.el9_4.1 , < * (rpm) cpe:/o:redhat:rhel_eus:9.4::baseos cpe:/a:redhat:rhel_eus:9.4::appstream
Red Hat	Red Hat Web Terminal 1.11 on RHEL 9	Unaffected: 1.11-19 , < * (rpm) cpe:/a:redhat:webterminal:1.11::el9
Red Hat	Red Hat Web Terminal 1.11 on RHEL 9	Unaffected: 1.11-8 , < * (rpm) cpe:/a:redhat:webterminal:1.11::el9
Red Hat	Red Hat Web Terminal 1.12 on RHEL 9	Unaffected: 1.12-4 , < * (rpm) cpe:/a:redhat:webterminal:1.12::el9
Red Hat	cert-manager operator for Red Hat OpenShift 1.16	Unaffected: sha256:330e8b5ab4841a21f8f5f23cc7fb192197872f11639b12bf4b1e70831f636323 , < * (rpm) cpe:/a:redhat:cert_manager:1.16::el9
Red Hat	Compliance Operator 1	Unaffected: sha256:c953e9f9abf9cf25bf65bb3ffdc86ccf49b3e69a1cf3fbb47b6972e421fd6628 , < * (rpm) cpe:/a:redhat:openshift_compliance_operator:1::el9
Red Hat	Red Hat Discovery 2	Unaffected: sha256:c85cfbcaf7888885e57596b7b8bde3894718cfc33326499b24961a66a62cf083 , < * (rpm) cpe:/a:redhat:discovery:2::el9
Red Hat	Red Hat Insights proxy 1.5	Unaffected: sha256:4ca38b33efec0d2dd17a8fd822a7c18281810676ceabb0c1db90953cb91cd5ea , < * (rpm) cpe:/a:redhat:insights_proxy:1.5::el9
Red Hat	Red Hat OpenShift sandboxed containers 1.1	Unaffected: sha256:24722900db1425bf0c27f6ad6f3fb7d79ff9ebc433bdab58423fa71bab76122b , < * (rpm) cpe:/a:redhat:confidential_compute_attestation:1.10::el9
Red Hat	Red Hat OpenShift sandboxed containers 1.1	Unaffected: sha256:f5e1602d72177d77f1b879c76e6f6cfbc2979c136c06ca9f03ea97ffb369b7a6 , < * (rpm) cpe:/a:redhat:confidential_compute_attestation:1.10::el9
Red Hat	Red Hat OpenShift sandboxed containers 1.1	Unaffected: sha256:cead623ceda4048cabaa81c371ed2a8143f5c5514276fca1d71685bd9e6d1e65 , < * (rpm) cpe:/a:redhat:confidential_compute_attestation:1.10::el9
Red Hat	Red Hat OpenShift sandboxed containers 1.1	Unaffected: sha256:59fb1f7f1653361d94f7d48b42d8fe19ed3263c1c78654837c11f2135544c1ac , < * (rpm) cpe:/a:redhat:confidential_compute_attestation:1.10::el9

Date Public

2025-08-13 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-8941",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-08-14T03:56:02.437686Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-02-26T17:48:41.074Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://github.com/linux-pam/linux-pam",
          "defaultStatus": "unaffected",
          "packageName": "linux-pam"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:rhel_els:7"
          ],
          "defaultStatus": "affected",
          "packageName": "pam",
          "product": "Red Hat Enterprise Linux 7 Extended Lifecycle Support",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.1.8-23.el7_9.2",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:8::baseos"
          ],
          "defaultStatus": "affected",
          "packageName": "pam",
          "product": "Red Hat Enterprise Linux 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.3.1-38.el8_10",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:rhel_aus:8.2::baseos"
          ],
          "defaultStatus": "affected",
          "packageName": "pam",
          "product": "Red Hat Enterprise Linux 8.2 Advanced Update Support",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.3.1-8.el8_2.2",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:rhel_eus_long_life:8.4::baseos",
            "cpe:/o:redhat:rhel_aus:8.4::baseos"
          ],
          "defaultStatus": "affected",
          "packageName": "pam",
          "product": "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.3.1-14.el8_4.2",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:rhel_eus_long_life:8.4::baseos",
            "cpe:/o:redhat:rhel_aus:8.4::baseos"
          ],
          "defaultStatus": "affected",
          "packageName": "pam",
          "product": "Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.3.1-14.el8_4.2",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:rhel_e4s:8.6::baseos",
            "cpe:/o:redhat:rhel_tus:8.6::baseos",
            "cpe:/o:redhat:rhel_aus:8.6::baseos"
          ],
          "defaultStatus": "affected",
          "packageName": "pam",
          "product": "Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.3.1-16.el8_6.3",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:rhel_e4s:8.6::baseos",
            "cpe:/o:redhat:rhel_tus:8.6::baseos",
            "cpe:/o:redhat:rhel_aus:8.6::baseos"
          ],
          "defaultStatus": "affected",
          "packageName": "pam",
          "product": "Red Hat Enterprise Linux 8.6 Telecommunications Update Service",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.3.1-16.el8_6.3",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:rhel_e4s:8.6::baseos",
            "cpe:/o:redhat:rhel_tus:8.6::baseos",
            "cpe:/o:redhat:rhel_aus:8.6::baseos"
          ],
          "defaultStatus": "affected",
          "packageName": "pam",
          "product": "Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.3.1-16.el8_6.3",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:rhel_e4s:8.8::baseos",
            "cpe:/o:redhat:rhel_tus:8.8::baseos"
          ],
          "defaultStatus": "affected",
          "packageName": "pam",
          "product": "Red Hat Enterprise Linux 8.8 Telecommunications Update Service",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.3.1-26.el8_8.2",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:rhel_e4s:8.8::baseos",
            "cpe:/o:redhat:rhel_tus:8.8::baseos"
          ],
          "defaultStatus": "affected",
          "packageName": "pam",
          "product": "Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.3.1-26.el8_8.2",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:enterprise_linux:9::appstream",
            "cpe:/o:redhat:enterprise_linux:9::baseos"
          ],
          "defaultStatus": "affected",
          "packageName": "pam",
          "product": "Red Hat Enterprise Linux 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.5.1-26.el9_6",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:enterprise_linux:9::appstream",
            "cpe:/o:redhat:enterprise_linux:9::baseos"
          ],
          "defaultStatus": "affected",
          "packageName": "pam",
          "product": "Red Hat Enterprise Linux 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.5.1-26.el9_6",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:rhel_e4s:9.0::appstream",
            "cpe:/o:redhat:rhel_e4s:9.0::baseos"
          ],
          "defaultStatus": "affected",
          "packageName": "pam",
          "product": "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.5.1-9.el9_0.3",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:rhel_e4s:9.2::appstream",
            "cpe:/o:redhat:rhel_e4s:9.2::baseos"
          ],
          "defaultStatus": "affected",
          "packageName": "pam",
          "product": "Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.5.1-15.el9_2.2",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:rhel_eus:9.4::baseos",
            "cpe:/a:redhat:rhel_eus:9.4::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "pam",
          "product": "Red Hat Enterprise Linux 9.4 Extended Update Support",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.5.1-24.el9_4.1",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:webterminal:1.11::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "web-terminal/web-terminal-rhel9-operator",
          "product": "Red Hat Web Terminal 1.11 on RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "1.11-19",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:webterminal:1.11::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "web-terminal/web-terminal-tooling-rhel9",
          "product": "Red Hat Web Terminal 1.11 on RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "1.11-8",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:webterminal:1.12::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "web-terminal/web-terminal-tooling-rhel9",
          "product": "Red Hat Web Terminal 1.12 on RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "1.12-4",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:cert_manager:1.16::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "cert-manager/jetstack-cert-manager-rhel9",
          "product": "cert-manager operator for Red Hat OpenShift 1.16",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "sha256:330e8b5ab4841a21f8f5f23cc7fb192197872f11639b12bf4b1e70831f636323",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:openshift_compliance_operator:1::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "compliance/openshift-compliance-openscap-rhel8",
          "product": "Compliance Operator 1",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "sha256:c953e9f9abf9cf25bf65bb3ffdc86ccf49b3e69a1cf3fbb47b6972e421fd6628",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:discovery:2::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "discovery/discovery-server-rhel9",
          "product": "Red Hat Discovery 2",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "sha256:c85cfbcaf7888885e57596b7b8bde3894718cfc33326499b24961a66a62cf083",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:insights_proxy:1.5::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "insights-proxy/insights-proxy-container-rhel9",
          "product": "Red Hat Insights proxy 1.5",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "sha256:4ca38b33efec0d2dd17a8fd822a7c18281810676ceabb0c1db90953cb91cd5ea",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:confidential_compute_attestation:1.10::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift-sandboxed-containers/osc-cloud-api-adaptor-rhel9",
          "product": "Red Hat OpenShift sandboxed containers 1.1",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "sha256:24722900db1425bf0c27f6ad6f3fb7d79ff9ebc433bdab58423fa71bab76122b",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:confidential_compute_attestation:1.10::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift-sandboxed-containers/osc-monitor-rhel9",
          "product": "Red Hat OpenShift sandboxed containers 1.1",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "sha256:f5e1602d72177d77f1b879c76e6f6cfbc2979c136c06ca9f03ea97ffb369b7a6",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:confidential_compute_attestation:1.10::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift-sandboxed-containers/osc-podvm-builder-rhel9",
          "product": "Red Hat OpenShift sandboxed containers 1.1",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "sha256:cead623ceda4048cabaa81c371ed2a8143f5c5514276fca1d71685bd9e6d1e65",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:confidential_compute_attestation:1.10::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift-sandboxed-containers/osc-podvm-payload-rhel9",
          "product": "Red Hat OpenShift sandboxed containers 1.1",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "sha256:59fb1f7f1653361d94f7d48b42d8fe19ed3263c1c78654837c11f2135544c1ac",
              "versionType": "rpm"
            }
          ]
        }
      ],
      "datePublic": "2025-08-13T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A flaw was found in linux-pam. The pam_namespace module may improperly handle user-controlled paths, allowing local users to exploit symlink attacks and race conditions to elevate their privileges to root. This CVE provides a \"complete\" fix for CVE-2025-6020."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "namespace": "https://access.redhat.com/security/updates/classification/",
              "value": "Important"
            },
            "type": "Red Hat severity rating"
          }
        },
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-22",
              "description": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-12-10T20:56:35.028Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "RHSA-2025:14557",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:14557"
        },
        {
          "name": "RHSA-2025:15099",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:15099"
        },
        {
          "name": "RHSA-2025:15100",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:15100"
        },
        {
          "name": "RHSA-2025:15101",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:15101"
        },
        {
          "name": "RHSA-2025:15102",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:15102"
        },
        {
          "name": "RHSA-2025:15103",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:15103"
        },
        {
          "name": "RHSA-2025:15104",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:15104"
        },
        {
          "name": "RHSA-2025:15105",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:15105"
        },
        {
          "name": "RHSA-2025:15106",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:15106"
        },
        {
          "name": "RHSA-2025:15107",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:15107"
        },
        {
          "name": "RHSA-2025:15709",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:15709"
        },
        {
          "name": "RHSA-2025:15827",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:15827"
        },
        {
          "name": "RHSA-2025:15828",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:15828"
        },
        {
          "name": "RHSA-2025:16524",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:16524"
        },
        {
          "name": "RHSA-2025:17181",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:17181"
        },
        {
          "name": "RHSA-2025:18219",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:18219"
        },
        {
          "name": "RHSA-2025:21885",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:21885"
        },
        {
          "tags": [
            "vdb-entry",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/security/cve/CVE-2025-8941"
        },
        {
          "name": "RHBZ#2388220",
          "tags": [
            "issue-tracking",
            "x_refsource_REDHAT"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2388220"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2025-08-13T12:11:55.270Z",
          "value": "Reported to Red Hat."
        },
        {
          "lang": "en",
          "time": "2025-08-13T00:00:00.000Z",
          "value": "Made public."
        }
      ],
      "title": "Linux-pam: incomplete fix for cve-2025-6020",
      "workarounds": [
        {
          "lang": "en",
          "value": "Disable the `pam_namespace` module if it is not essential for your environment, or carefully review and configure it to avoid operating on any directories or paths that can be influenced or controlled by unprivileged users, such as user home directories or world-writable locations like `/tmp`."
        }
      ],
      "x_generator": {
        "engine": "cvelib 1.8.0"
      },
      "x_redhatCweChain": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2025-8941",
    "datePublished": "2025-08-13T14:42:37.570Z",
    "dateReserved": "2025-08-13T12:24:47.522Z",
    "dateUpdated": "2026-02-26T17:48:41.074Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-9288 (GCVE-0-2025-9288)

Vulnerability from cvelistv5 – Published: 2025-08-20 21:59 – Updated: 2025-11-03 18:14

Title

Missing type checks leading to hash rewind and passing on crafted data

Summary

Improper Input Validation vulnerability in sha.js allows Input Data Manipulation.This issue affects sha.js: through 2.4.11.

Severity

9.1 (Critical)


                        
                          CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:H/VA:H/SC:H/SI:H/SA:N

SSVC

Exploitation: poc Automatable: no Technical Impact: partial

CISA Coordinator (v2.0.3)

CWE

CWE-20 - Improper Input Validation

Assigner

harborist

References

4 references

URL	Tags
https://github.com/browserify/sha.js/security/adv…	vendor-advisory
https://github.com/browserify/sha.js/pull/78	patch
https://www.cve.org/CVERecord?id=CVE-2025-9287	related
https://lists.debian.org/debian-lts-announce/2025…

Impacted products

1 product

Vendor	Product	Version
		Affected: 0 , ≤ 2.4.11 (semver)

Credits

https://github.com/ChALkeR https://github.com/ChALkeR https://github.com/ChALkeR https://github.com/ljharb

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-9288",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-08-21T13:25:33.531962Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-08-21T14:47:54.315Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "exploit"
            ],
            "url": "https://github.com/browserify/sha.js/security/advisories/GHSA-95m3-7q98-8xr5"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T18:14:17.994Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/09/msg00016.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://npmjs.com/sha.js",
          "defaultStatus": "unaffected",
          "packageName": "sha.js",
          "repo": "https://github.com/browserify/sha.js",
          "versions": [
            {
              "lessThanOrEqual": "2.4.11",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "https://github.com/ChALkeR"
        },
        {
          "lang": "en",
          "type": "finder",
          "value": "https://github.com/ChALkeR"
        },
        {
          "lang": "en",
          "type": "remediation developer",
          "value": "https://github.com/ChALkeR"
        },
        {
          "lang": "en",
          "type": "coordinator",
          "value": "https://github.com/ljharb"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Improper Input Validation vulnerability in sha.js allows Input Data Manipulation.\u003cp\u003eThis issue affects sha.js: through \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e2.4.11\u003c/span\u003e.\u003c/p\u003e"
            }
          ],
          "value": "Improper Input Validation vulnerability in sha.js allows Input Data Manipulation.This issue affects sha.js: through 2.4.11."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-153",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-153 Input Data Manipulation"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "HIGH",
            "attackRequirements": "PRESENT",
            "attackVector": "NETWORK",
            "baseScore": 9.1,
            "baseSeverity": "CRITICAL",
            "privilegesRequired": "NONE",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "HIGH",
            "subIntegrityImpact": "HIGH",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:H/VA:H/SC:H/SI:H/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "NONE",
            "vulnIntegrityImpact": "HIGH",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-20",
              "description": "CWE-20 Improper Input Validation",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-08-20T21:59:44.728Z",
        "orgId": "7ffcee3d-2c14-4c3e-b844-86c6a321a158",
        "shortName": "harborist"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://github.com/browserify/sha.js/security/advisories/GHSA-95m3-7q98-8xr5"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/browserify/sha.js/pull/78"
        },
        {
          "tags": [
            "related"
          ],
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-9287"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Missing type checks leading to hash rewind and passing on crafted data",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7ffcee3d-2c14-4c3e-b844-86c6a321a158",
    "assignerShortName": "harborist",
    "cveId": "CVE-2025-9288",
    "datePublished": "2025-08-20T21:59:44.728Z",
    "dateReserved": "2025-08-20T21:52:52.809Z",
    "dateUpdated": "2025-11-03T18:14:17.994Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CERTFR-2025-AVI-0754

Solutions

CVE-2025-49125 (GCVE-0-2025-49125)

CVE-2025-52434 (GCVE-0-2025-52434)

CVE-2025-52999 (GCVE-0-2025-52999)

CVE-2025-54410 (GCVE-0-2025-54410)

CVE-2025-55163 (GCVE-0-2025-55163)

CVE-2025-6020 (GCVE-0-2025-6020)

CVE-2025-6965 (GCVE-0-2025-6965)

CVE-2025-7425 (GCVE-0-2025-7425)

CVE-2025-8941 (GCVE-0-2025-8941)

CVE-2025-9288 (GCVE-0-2025-9288)

Tags

Sightings

Nomenclature