CVE-2025-11065 (GCVE-0-2025-11065)
Vulnerability from cvelistv5 – Published: 2026-01-26 19:36 – Updated: 2026-06-29 23:28
VLAI
Title
Github.com/go-viper/mapstructure/v2: go-viper's mapstructure may leak sensitive information in logs in github.com/go-viper/mapstructure
Summary
A flaw was found in github.com/go-viper/mapstructure/v2, in the field processing component using mapstructure.WeakDecode. This vulnerability allows information disclosure through detailed error messages that may leak sensitive input values via malformed user-supplied data processed in security-critical contexts.
Severity
5.3 (Medium)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-209 - Generation of Error Message Containing Sensitive Information
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://access.redhat.com/security/cve/CVE-2025-11065 | vdb-entryx_refsource_REDHAT |
| https://bugzilla.redhat.com/show_bug.cgi?id=2391829 | issue-trackingx_refsource_REDHAT |
| https://github.com/go-viper/mapstructure/commit/7… | |
| https://github.com/go-viper/mapstructure/security… |
Impacted products
16 products
Date Public
2025-08-29 14:52
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-11065",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-03T19:21:11.932692Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-03T19:21:17.175Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/go-viper/mapstructure/security/advisories/GHSA-2464-8j7c-4cjm"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://github.com/go-viper/mapstructure/",
"defaultStatus": "unaffected",
"packageName": "github.com/go-viper/mapstructure/v2",
"versions": [
{
"lessThan": "2.4.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:openshift_pipelines:1"
],
"defaultStatus": "affected",
"packageName": "openshift-pipelines-client",
"product": "OpenShift Pipelines",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:acm:2"
],
"defaultStatus": "affected",
"packageName": "rhacm2/acm-grafana-rhel9",
"product": "Red Hat Advanced Cluster Management for Kubernetes 2",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:acm:2"
],
"defaultStatus": "affected",
"packageName": "rhacm2/submariner-rhel9-operator",
"product": "Red Hat Advanced Cluster Management for Kubernetes 2",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:advanced_cluster_security:4"
],
"defaultStatus": "affected",
"packageName": "advanced-cluster-security/rhacs-central-db-rhel8",
"product": "Red Hat Advanced Cluster Security 4",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:advanced_cluster_security:4"
],
"defaultStatus": "affected",
"packageName": "advanced-cluster-security/rhacs-main-rhel8",
"product": "Red Hat Advanced Cluster Security 4",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:advanced_cluster_security:4"
],
"defaultStatus": "affected",
"packageName": "advanced-cluster-security/rhacs-rhel8-operator",
"product": "Red Hat Advanced Cluster Security 4",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:advanced_cluster_security:4"
],
"defaultStatus": "affected",
"packageName": "advanced-cluster-security/rhacs-roxctl-rhel8",
"product": "Red Hat Advanced Cluster Security 4",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:advanced_cluster_security:4"
],
"defaultStatus": "affected",
"packageName": "advanced-cluster-security/rhacs-scanner-v4-db-rhel8",
"product": "Red Hat Advanced Cluster Security 4",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:advanced_cluster_security:4"
],
"defaultStatus": "affected",
"packageName": "advanced-cluster-security/rhacs-scanner-v4-rhel8",
"product": "Red Hat Advanced Cluster Security 4",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:certifications:1::el8"
],
"defaultStatus": "affected",
"packageName": "redhat-certification-preflight",
"product": "Red Hat Certification for Red Hat Enterprise Linux 8",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:certifications:9"
],
"defaultStatus": "affected",
"packageName": "redhat-certification-preflight",
"product": "Red Hat Certification Program for Red Hat Enterprise Linux 9",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:10"
],
"defaultStatus": "affected",
"packageName": "gvisor-tap-vsock",
"product": "Red Hat Enterprise Linux 10",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:10"
],
"defaultStatus": "affected",
"packageName": "opentelemetry-collector",
"product": "Red Hat Enterprise Linux 10",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:10"
],
"defaultStatus": "affected",
"packageName": "toolbox",
"product": "Red Hat Enterprise Linux 10",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:9"
],
"defaultStatus": "affected",
"packageName": "gvisor-tap-vsock",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:9"
],
"defaultStatus": "affected",
"packageName": "opentelemetry-collector",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:9"
],
"defaultStatus": "affected",
"packageName": "toolbox",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:openshift_ai"
],
"defaultStatus": "affected",
"packageName": "rhoai/odh-model-registry-rhel9",
"product": "Red Hat OpenShift AI (RHOAI)",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:openshift_ai"
],
"defaultStatus": "affected",
"packageName": "rhoai/odh-rhel9-operator",
"product": "Red Hat OpenShift AI (RHOAI)",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:openshift:4"
],
"defaultStatus": "affected",
"packageName": "microshift",
"product": "Red Hat OpenShift Container Platform 4",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:openshift:4"
],
"defaultStatus": "affected",
"packageName": "openshift",
"product": "Red Hat OpenShift Container Platform 4",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:openshift:4"
],
"defaultStatus": "affected",
"packageName": "openshift4/ose-helm-operator",
"product": "Red Hat OpenShift Container Platform 4",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:openshift:4"
],
"defaultStatus": "affected",
"packageName": "openshift4/ose-helm-rhel9-operator",
"product": "Red Hat OpenShift Container Platform 4",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:openshift:4"
],
"defaultStatus": "affected",
"packageName": "podman",
"product": "Red Hat OpenShift Container Platform 4",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:openshift_devspaces:3"
],
"defaultStatus": "affected",
"packageName": "devspaces/traefik-rhel9",
"product": "Red Hat OpenShift Dev Spaces",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:openshift_devspaces:3"
],
"defaultStatus": "unaffected",
"packageName": "devspaces/udi-base-rhel9",
"product": "Red Hat OpenShift Dev Spaces",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:openshift_devspaces:3"
],
"defaultStatus": "unaffected",
"packageName": "devspaces/udi-rhel9",
"product": "Red Hat OpenShift Dev Spaces",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:openshift_distributed_tracing:3"
],
"defaultStatus": "affected",
"packageName": "rhosdt/opentelemetry-collector-rhel8",
"product": "Red Hat OpenShift distributed tracing 3",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:openshift_gitops:1"
],
"defaultStatus": "affected",
"packageName": "openshift-gitops-1/argocd-rhel8",
"product": "Red Hat OpenShift GitOps",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:openshift_gitops:1"
],
"defaultStatus": "affected",
"packageName": "openshift-gitops-1/argocd-rhel9",
"product": "Red Hat OpenShift GitOps",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:trusted_application_pipeline:1"
],
"defaultStatus": "affected",
"packageName": "rhtap-task-runner/rhtap-task-runner-rhel9",
"product": "Red Hat Trusted Application Pipeline",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:trusted_artifact_signer:1"
],
"defaultStatus": "affected",
"packageName": "rhtas/cosign-rhel9",
"product": "Red Hat Trusted Artifact Signer",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:trusted_artifact_signer:1"
],
"defaultStatus": "affected",
"packageName": "rhtas/fulcio-rhel9",
"product": "Red Hat Trusted Artifact Signer",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:trusted_artifact_signer:1"
],
"defaultStatus": "affected",
"packageName": "rhtas/gitsign-rhel9",
"product": "Red Hat Trusted Artifact Signer",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:trusted_artifact_signer:1"
],
"defaultStatus": "affected",
"packageName": "rhtas/rekor-backfill-redis-rhel9",
"product": "Red Hat Trusted Artifact Signer",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:trusted_artifact_signer:1"
],
"defaultStatus": "affected",
"packageName": "rhtas/rekor-cli-rhel9",
"product": "Red Hat Trusted Artifact Signer",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:trusted_artifact_signer:1"
],
"defaultStatus": "affected",
"packageName": "rhtas/rekor-server-rhel9",
"product": "Red Hat Trusted Artifact Signer",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:trusted_artifact_signer:1"
],
"defaultStatus": "affected",
"packageName": "rhtas/timestamp-authority-rhel9",
"product": "Red Hat Trusted Artifact Signer",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:zero_trust_workload_identity_manager:0"
],
"defaultStatus": "affected",
"packageName": "zero-trust-workload-identity-manager/spiffe-spire-agent-rhel9",
"product": "Zero Trust Workload Identity Manager - Tech Preview",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:zero_trust_workload_identity_manager:0"
],
"defaultStatus": "affected",
"packageName": "zero-trust-workload-identity-manager/spiffe-spire-oidc-discovery-provider-rhel9",
"product": "Zero Trust Workload Identity Manager - Tech Preview",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:zero_trust_workload_identity_manager:0"
],
"defaultStatus": "affected",
"packageName": "zero-trust-workload-identity-manager/spiffe-spire-server-rhel9",
"product": "Zero Trust Workload Identity Manager - Tech Preview",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:zero_trust_workload_identity_manager:0"
],
"defaultStatus": "affected",
"packageName": "zero-trust-workload-identity-manager/zero-trust-workload-identity-manager-rhel9",
"product": "Zero Trust Workload Identity Manager - Tech Preview",
"vendor": "Red Hat"
}
],
"datePublic": "2025-08-29T14:52:35.000Z",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in github.com/go-viper/mapstructure/v2, in the field processing component using mapstructure.WeakDecode. This vulnerability allows information disclosure through detailed error messages that may leak sensitive input values via malformed user-supplied data processed in security-critical contexts."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Moderate"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-209",
"description": "Generation of Error Message Containing Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-29T23:28:27.767Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2025-11065"
},
{
"name": "RHBZ#2391829",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2391829"
},
{
"url": "https://github.com/go-viper/mapstructure/commit/742921c9ba2854d27baa64272487fc5075d2c39c"
},
{
"url": "https://github.com/go-viper/mapstructure/security/advisories/GHSA-2464-8j7c-4cjm"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-08-29T17:01:44.012Z",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2025-08-29T14:52:35.000Z",
"value": "Made public."
}
],
"title": "Github.com/go-viper/mapstructure/v2: go-viper\u0027s mapstructure may leak sensitive information in logs in github.com/go-viper/mapstructure",
"workarounds": [
{
"lang": "en",
"value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
}
],
"x_generator": {
"engine": "cvelib 1.8.0"
},
"x_redhatCweChain": "CWE-209: Generation of Error Message Containing Sensitive Information"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2025-11065",
"datePublished": "2026-01-26T19:36:28.900Z",
"dateReserved": "2025-09-26T12:01:08.227Z",
"dateUpdated": "2026-06-29T23:28:27.767Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2025-11065",
"date": "2026-06-30",
"epss": "0.00357",
"percentile": "0.27585"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2025-11065\",\"sourceIdentifier\":\"secalert@redhat.com\",\"published\":\"2026-01-26T20:16:06.840\",\"lastModified\":\"2026-06-30T00:16:51.197\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A flaw was found in github.com/go-viper/mapstructure/v2, in the field processing component using mapstructure.WeakDecode. This vulnerability allows information disclosure through detailed error messages that may leak sensitive input values via malformed user-supplied data processed in security-critical contexts.\"},{\"lang\":\"es\",\"value\":\"Se encontr\u00f3 una falla en github.com/go-viper/mapstructure/v2, en el componente de procesamiento de campos que utiliza mapstructure.WeakDecode. Esta vulnerabilidad permite la revelaci\u00f3n de informaci\u00f3n a trav\u00e9s de mensajes de error detallados que pueden filtrar valores de entrada sensibles a trav\u00e9s de datos malformados proporcionados por el usuario procesados en contextos cr\u00edticos para la seguridad.\"}],\"affected\":[{\"source\":\"secalert@redhat.com\",\"affectedData\":[{\"defaultStatus\":\"unaffected\",\"collectionURL\":\"https://github.com/go-viper/mapstructure/\",\"packageName\":\"github.com/go-viper/mapstructure/v2\",\"versions\":[{\"version\":\"0\",\"lessThan\":\"2.4.0\",\"versionType\":\"semver\",\"status\":\"affected\"}]},{\"vendor\":\"Red Hat\",\"product\":\"OpenShift Pipelines\",\"defaultStatus\":\"affected\",\"collectionURL\":\"https://access.redhat.com/downloads/content/package-browser/\",\"packageName\":\"openshift-pipelines-client\",\"cpes\":[\"cpe:/a:redhat:openshift_pipelines:1\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Advanced Cluster Management for Kubernetes 2\",\"defaultStatus\":\"affected\",\"collectionURL\":\"https://access.redhat.com/downloads/content/package-browser/\",\"packageName\":\"rhacm2/acm-grafana-rhel9\",\"cpes\":[\"cpe:/a:redhat:acm:2\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Advanced Cluster Management for Kubernetes 2\",\"defaultStatus\":\"affected\",\"collectionURL\":\"https://access.redhat.com/downloads/content/package-browser/\",\"packageName\":\"rhacm2/submariner-rhel9-operator\",\"cpes\":[\"cpe:/a:redhat:acm:2\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Advanced Cluster Security 4\",\"defaultStatus\":\"affected\",\"collectionURL\":\"https://access.redhat.com/downloads/content/package-browser/\",\"packageName\":\"advanced-cluster-security/rhacs-central-db-rhel8\",\"cpes\":[\"cpe:/a:redhat:advanced_cluster_security:4\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Advanced Cluster Security 4\",\"defaultStatus\":\"affected\",\"collectionURL\":\"https://access.redhat.com/downloads/content/package-browser/\",\"packageName\":\"advanced-cluster-security/rhacs-main-rhel8\",\"cpes\":[\"cpe:/a:redhat:advanced_cluster_security:4\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Advanced Cluster Security 4\",\"defaultStatus\":\"affected\",\"collectionURL\":\"https://access.redhat.com/downloads/content/package-browser/\",\"packageName\":\"advanced-cluster-security/rhacs-rhel8-operator\",\"cpes\":[\"cpe:/a:redhat:advanced_cluster_security:4\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Advanced Cluster Security 4\",\"defaultStatus\":\"affected\",\"collectionURL\":\"https://access.redhat.com/downloads/content/package-browser/\",\"packageName\":\"advanced-cluster-security/rhacs-roxctl-rhel8\",\"cpes\":[\"cpe:/a:redhat:advanced_cluster_security:4\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Advanced Cluster Security 4\",\"defaultStatus\":\"affected\",\"collectionURL\":\"https://access.redhat.com/downloads/content/package-browser/\",\"packageName\":\"advanced-cluster-security/rhacs-scanner-v4-db-rhel8\",\"cpes\":[\"cpe:/a:redhat:advanced_cluster_security:4\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Advanced Cluster Security 4\",\"defaultStatus\":\"affected\",\"collectionURL\":\"https://access.redhat.com/downloads/content/package-browser/\",\"packageName\":\"advanced-cluster-security/rhacs-scanner-v4-rhel8\",\"cpes\":[\"cpe:/a:redhat:advanced_cluster_security:4\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Certification for Red Hat Enterprise Linux 8\",\"defaultStatus\":\"affected\",\"collectionURL\":\"https://access.redhat.com/downloads/content/package-browser/\",\"packageName\":\"redhat-certification-preflight\",\"cpes\":[\"cpe:/a:redhat:certifications:1::el8\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Certification Program for Red Hat Enterprise Linux 9\",\"defaultStatus\":\"affected\",\"collectionURL\":\"https://access.redhat.com/downloads/content/package-browser/\",\"packageName\":\"redhat-certification-preflight\",\"cpes\":[\"cpe:/a:redhat:certifications:9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux 10\",\"defaultStatus\":\"affected\",\"collectionURL\":\"https://access.redhat.com/downloads/content/package-browser/\",\"packageName\":\"gvisor-tap-vsock\",\"cpes\":[\"cpe:/o:redhat:enterprise_linux:10\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux 10\",\"defaultStatus\":\"affected\",\"collectionURL\":\"https://access.redhat.com/downloads/content/package-browser/\",\"packageName\":\"opentelemetry-collector\",\"cpes\":[\"cpe:/o:redhat:enterprise_linux:10\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux 10\",\"defaultStatus\":\"affected\",\"collectionURL\":\"https://access.redhat.com/downloads/content/package-browser/\",\"packageName\":\"toolbox\",\"cpes\":[\"cpe:/o:redhat:enterprise_linux:10\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux 9\",\"defaultStatus\":\"affected\",\"collectionURL\":\"https://access.redhat.com/downloads/content/package-browser/\",\"packageName\":\"gvisor-tap-vsock\",\"cpes\":[\"cpe:/o:redhat:enterprise_linux:9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux 9\",\"defaultStatus\":\"affected\",\"collectionURL\":\"https://access.redhat.com/downloads/content/package-browser/\",\"packageName\":\"opentelemetry-collector\",\"cpes\":[\"cpe:/o:redhat:enterprise_linux:9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux 9\",\"defaultStatus\":\"affected\",\"collectionURL\":\"https://access.redhat.com/downloads/content/package-browser/\",\"packageName\":\"toolbox\",\"cpes\":[\"cpe:/o:redhat:enterprise_linux:9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat OpenShift AI (RHOAI)\",\"defaultStatus\":\"affected\",\"collectionURL\":\"https://access.redhat.com/downloads/content/package-browser/\",\"packageName\":\"rhoai/odh-model-registry-rhel9\",\"cpes\":[\"cpe:/a:redhat:openshift_ai\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat OpenShift AI (RHOAI)\",\"defaultStatus\":\"affected\",\"collectionURL\":\"https://access.redhat.com/downloads/content/package-browser/\",\"packageName\":\"rhoai/odh-rhel9-operator\",\"cpes\":[\"cpe:/a:redhat:openshift_ai\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat OpenShift Container Platform 4\",\"defaultStatus\":\"affected\",\"collectionURL\":\"https://access.redhat.com/downloads/content/package-browser/\",\"packageName\":\"microshift\",\"cpes\":[\"cpe:/a:redhat:openshift:4\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat OpenShift Container Platform 4\",\"defaultStatus\":\"affected\",\"collectionURL\":\"https://access.redhat.com/downloads/content/package-browser/\",\"packageName\":\"openshift\",\"cpes\":[\"cpe:/a:redhat:openshift:4\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat OpenShift Container Platform 4\",\"defaultStatus\":\"affected\",\"collectionURL\":\"https://access.redhat.com/downloads/content/package-browser/\",\"packageName\":\"openshift4/ose-helm-operator\",\"cpes\":[\"cpe:/a:redhat:openshift:4\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat OpenShift Container Platform 4\",\"defaultStatus\":\"affected\",\"collectionURL\":\"https://access.redhat.com/downloads/content/package-browser/\",\"packageName\":\"openshift4/ose-helm-rhel9-operator\",\"cpes\":[\"cpe:/a:redhat:openshift:4\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat OpenShift Container Platform 4\",\"defaultStatus\":\"affected\",\"collectionURL\":\"https://access.redhat.com/downloads/content/package-browser/\",\"packageName\":\"podman\",\"cpes\":[\"cpe:/a:redhat:openshift:4\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat OpenShift Dev Spaces\",\"defaultStatus\":\"affected\",\"collectionURL\":\"https://access.redhat.com/downloads/content/package-browser/\",\"packageName\":\"devspaces/traefik-rhel9\",\"cpes\":[\"cpe:/a:redhat:openshift_devspaces:3\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat OpenShift Dev Spaces\",\"defaultStatus\":\"unaffected\",\"collectionURL\":\"https://access.redhat.com/downloads/content/package-browser/\",\"packageName\":\"devspaces/udi-base-rhel9\",\"cpes\":[\"cpe:/a:redhat:openshift_devspaces:3\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat OpenShift Dev Spaces\",\"defaultStatus\":\"unaffected\",\"collectionURL\":\"https://access.redhat.com/downloads/content/package-browser/\",\"packageName\":\"devspaces/udi-rhel9\",\"cpes\":[\"cpe:/a:redhat:openshift_devspaces:3\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat OpenShift distributed tracing 3\",\"defaultStatus\":\"affected\",\"collectionURL\":\"https://access.redhat.com/downloads/content/package-browser/\",\"packageName\":\"rhosdt/opentelemetry-collector-rhel8\",\"cpes\":[\"cpe:/a:redhat:openshift_distributed_tracing:3\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat OpenShift GitOps\",\"defaultStatus\":\"affected\",\"collectionURL\":\"https://access.redhat.com/downloads/content/package-browser/\",\"packageName\":\"openshift-gitops-1/argocd-rhel8\",\"cpes\":[\"cpe:/a:redhat:openshift_gitops:1\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat OpenShift GitOps\",\"defaultStatus\":\"affected\",\"collectionURL\":\"https://access.redhat.com/downloads/content/package-browser/\",\"packageName\":\"openshift-gitops-1/argocd-rhel9\",\"cpes\":[\"cpe:/a:redhat:openshift_gitops:1\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Trusted Application Pipeline\",\"defaultStatus\":\"affected\",\"collectionURL\":\"https://access.redhat.com/downloads/content/package-browser/\",\"packageName\":\"rhtap-task-runner/rhtap-task-runner-rhel9\",\"cpes\":[\"cpe:/a:redhat:trusted_application_pipeline:1\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Trusted Artifact Signer\",\"defaultStatus\":\"affected\",\"collectionURL\":\"https://access.redhat.com/downloads/content/package-browser/\",\"packageName\":\"rhtas/cosign-rhel9\",\"cpes\":[\"cpe:/a:redhat:trusted_artifact_signer:1\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Trusted Artifact Signer\",\"defaultStatus\":\"affected\",\"collectionURL\":\"https://access.redhat.com/downloads/content/package-browser/\",\"packageName\":\"rhtas/fulcio-rhel9\",\"cpes\":[\"cpe:/a:redhat:trusted_artifact_signer:1\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Trusted Artifact Signer\",\"defaultStatus\":\"affected\",\"collectionURL\":\"https://access.redhat.com/downloads/content/package-browser/\",\"packageName\":\"rhtas/gitsign-rhel9\",\"cpes\":[\"cpe:/a:redhat:trusted_artifact_signer:1\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Trusted Artifact Signer\",\"defaultStatus\":\"affected\",\"collectionURL\":\"https://access.redhat.com/downloads/content/package-browser/\",\"packageName\":\"rhtas/rekor-backfill-redis-rhel9\",\"cpes\":[\"cpe:/a:redhat:trusted_artifact_signer:1\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Trusted Artifact Signer\",\"defaultStatus\":\"affected\",\"collectionURL\":\"https://access.redhat.com/downloads/content/package-browser/\",\"packageName\":\"rhtas/rekor-cli-rhel9\",\"cpes\":[\"cpe:/a:redhat:trusted_artifact_signer:1\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Trusted Artifact Signer\",\"defaultStatus\":\"affected\",\"collectionURL\":\"https://access.redhat.com/downloads/content/package-browser/\",\"packageName\":\"rhtas/rekor-server-rhel9\",\"cpes\":[\"cpe:/a:redhat:trusted_artifact_signer:1\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Trusted Artifact Signer\",\"defaultStatus\":\"affected\",\"collectionURL\":\"https://access.redhat.com/downloads/content/package-browser/\",\"packageName\":\"rhtas/timestamp-authority-rhel9\",\"cpes\":[\"cpe:/a:redhat:trusted_artifact_signer:1\"]},{\"vendor\":\"Red Hat\",\"product\":\"Zero Trust Workload Identity Manager - Tech Preview\",\"defaultStatus\":\"affected\",\"collectionURL\":\"https://access.redhat.com/downloads/content/package-browser/\",\"packageName\":\"zero-trust-workload-identity-manager/spiffe-spire-agent-rhel9\",\"cpes\":[\"cpe:/a:redhat:zero_trust_workload_identity_manager:0\"]},{\"vendor\":\"Red Hat\",\"product\":\"Zero Trust Workload Identity Manager - Tech Preview\",\"defaultStatus\":\"affected\",\"collectionURL\":\"https://access.redhat.com/downloads/content/package-browser/\",\"packageName\":\"zero-trust-workload-identity-manager/spiffe-spire-oidc-discovery-provider-rhel9\",\"cpes\":[\"cpe:/a:redhat:zero_trust_workload_identity_manager:0\"]},{\"vendor\":\"Red Hat\",\"product\":\"Zero Trust Workload Identity Manager - Tech Preview\",\"defaultStatus\":\"affected\",\"collectionURL\":\"https://access.redhat.com/downloads/content/package-browser/\",\"packageName\":\"zero-trust-workload-identity-manager/spiffe-spire-server-rhel9\",\"cpes\":[\"cpe:/a:redhat:zero_trust_workload_identity_manager:0\"]},{\"vendor\":\"Red Hat\",\"product\":\"Zero Trust Workload Identity Manager - Tech Preview\",\"defaultStatus\":\"affected\",\"collectionURL\":\"https://access.redhat.com/downloads/content/package-browser/\",\"packageName\":\"zero-trust-workload-identity-manager/zero-trust-workload-identity-manager-rhel9\",\"cpes\":[\"cpe:/a:redhat:zero_trust_workload_identity_manager:0\"]}]}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"secalert@redhat.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N\",\"baseScore\":5.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":1.6,\"impactScore\":3.6}],\"ssvcV203\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"ssvcData\":{\"timestamp\":\"2026-02-03T19:21:11.932692Z\",\"id\":\"CVE-2025-11065\",\"options\":[{\"exploitation\":\"poc\"},{\"automatable\":\"no\"},{\"technicalImpact\":\"partial\"}],\"role\":\"CISA Coordinator\",\"version\":\"2.0.3\"}}]},\"weaknesses\":[{\"source\":\"secalert@redhat.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-209\"}]}],\"references\":[{\"url\":\"https://access.redhat.com/security/cve/CVE-2025-11065\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=2391829\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://github.com/go-viper/mapstructure/commit/742921c9ba2854d27baa64272487fc5075d2c39c\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://github.com/go-viper/mapstructure/security/advisories/GHSA-2464-8j7c-4cjm\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://github.com/go-viper/mapstructure/security/advisories/GHSA-2464-8j7c-4cjm\",\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\"}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-11065\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"poc\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-02-03T19:21:11.932692Z\"}}}], \"references\": [{\"url\": \"https://github.com/go-viper/mapstructure/security/advisories/GHSA-2464-8j7c-4cjm\", \"tags\": [\"exploit\"]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-02-03T19:21:05.294Z\"}}], \"cna\": {\"title\": \"Github.com/go-viper/mapstructure/v2: go-viper\u0027s mapstructure may leak sensitive information in logs in github.com/go-viper/mapstructure\", \"metrics\": [{\"other\": {\"type\": \"Red Hat severity rating\", \"content\": {\"value\": \"Moderate\", \"namespace\": \"https://access.redhat.com/security/updates/classification/\"}}}, {\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 5.3, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"attackComplexity\": \"HIGH\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}}], \"affected\": [{\"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"2.4.0\", \"versionType\": \"semver\"}], \"packageName\": \"github.com/go-viper/mapstructure/v2\", \"collectionURL\": \"https://github.com/go-viper/mapstructure/\", \"defaultStatus\": \"unaffected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift_pipelines:1\"], \"vendor\": \"Red Hat\", \"product\": \"OpenShift Pipelines\", \"packageName\": \"openshift-pipelines-client\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:acm:2\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Advanced Cluster Management for Kubernetes 2\", \"packageName\": \"rhacm2/acm-grafana-rhel9\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:acm:2\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Advanced Cluster Management for Kubernetes 2\", \"packageName\": \"rhacm2/submariner-rhel9-operator\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:advanced_cluster_security:4\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Advanced Cluster Security 4\", \"packageName\": \"advanced-cluster-security/rhacs-central-db-rhel8\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:advanced_cluster_security:4\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Advanced Cluster Security 4\", \"packageName\": \"advanced-cluster-security/rhacs-main-rhel8\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:advanced_cluster_security:4\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Advanced Cluster Security 4\", \"packageName\": \"advanced-cluster-security/rhacs-rhel8-operator\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:advanced_cluster_security:4\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Advanced Cluster Security 4\", \"packageName\": \"advanced-cluster-security/rhacs-roxctl-rhel8\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:advanced_cluster_security:4\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Advanced Cluster Security 4\", \"packageName\": \"advanced-cluster-security/rhacs-scanner-v4-db-rhel8\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:advanced_cluster_security:4\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Advanced Cluster Security 4\", \"packageName\": \"advanced-cluster-security/rhacs-scanner-v4-rhel8\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:certifications:1::el8\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Certification for Red Hat Enterprise Linux 8\", \"packageName\": \"redhat-certification-preflight\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:certifications:9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Certification Program for Red Hat Enterprise Linux 9\", \"packageName\": \"redhat-certification-preflight\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/o:redhat:enterprise_linux:10\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 10\", \"packageName\": \"gvisor-tap-vsock\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/o:redhat:enterprise_linux:10\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 10\", \"packageName\": \"opentelemetry-collector\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/o:redhat:enterprise_linux:10\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 10\", \"packageName\": \"toolbox\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/o:redhat:enterprise_linux:9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 9\", \"packageName\": \"gvisor-tap-vsock\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/o:redhat:enterprise_linux:9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 9\", \"packageName\": \"opentelemetry-collector\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/o:redhat:enterprise_linux:9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 9\", \"packageName\": \"toolbox\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift_ai\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift AI (RHOAI)\", \"packageName\": \"rhoai/odh-model-registry-rhel9\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift_ai\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift AI (RHOAI)\", \"packageName\": \"rhoai/odh-rhel9-operator\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift:4\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift Container Platform 4\", \"packageName\": \"microshift\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift:4\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift Container Platform 4\", \"packageName\": \"openshift\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift:4\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift Container Platform 4\", \"packageName\": \"openshift4/ose-helm-operator\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift:4\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift Container Platform 4\", \"packageName\": \"openshift4/ose-helm-rhel9-operator\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift:4\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift Container Platform 4\", \"packageName\": \"podman\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift_devspaces:3\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift Dev Spaces\", \"packageName\": \"devspaces/traefik-rhel9\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift_devspaces:3\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift Dev Spaces\", \"packageName\": \"devspaces/udi-base-rhel9\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"unaffected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift_devspaces:3\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift Dev Spaces\", \"packageName\": \"devspaces/udi-rhel9\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"unaffected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift_distributed_tracing:3\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift distributed tracing 3\", \"packageName\": \"rhosdt/opentelemetry-collector-rhel8\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift_gitops:1\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift GitOps\", \"packageName\": \"openshift-gitops-1/argocd-rhel8\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift_gitops:1\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift GitOps\", \"packageName\": \"openshift-gitops-1/argocd-rhel9\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:trusted_application_pipeline:1\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Trusted Application Pipeline\", \"packageName\": \"rhtap-task-runner/rhtap-task-runner-rhel9\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:trusted_artifact_signer:1\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Trusted Artifact Signer\", \"packageName\": \"rhtas/cosign-rhel9\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:trusted_artifact_signer:1\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Trusted Artifact Signer\", \"packageName\": \"rhtas/fulcio-rhel9\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:trusted_artifact_signer:1\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Trusted Artifact Signer\", \"packageName\": \"rhtas/gitsign-rhel9\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:trusted_artifact_signer:1\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Trusted Artifact Signer\", \"packageName\": \"rhtas/rekor-backfill-redis-rhel9\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:trusted_artifact_signer:1\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Trusted Artifact Signer\", \"packageName\": \"rhtas/rekor-cli-rhel9\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:trusted_artifact_signer:1\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Trusted Artifact Signer\", \"packageName\": \"rhtas/rekor-server-rhel9\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:trusted_artifact_signer:1\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Trusted Artifact Signer\", \"packageName\": \"rhtas/timestamp-authority-rhel9\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:zero_trust_workload_identity_manager:0\"], \"vendor\": \"Red Hat\", \"product\": \"Zero Trust Workload Identity Manager - Tech Preview\", \"packageName\": \"zero-trust-workload-identity-manager/spiffe-spire-agent-rhel9\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:zero_trust_workload_identity_manager:0\"], \"vendor\": \"Red Hat\", \"product\": \"Zero Trust Workload Identity Manager - Tech Preview\", \"packageName\": \"zero-trust-workload-identity-manager/spiffe-spire-oidc-discovery-provider-rhel9\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:zero_trust_workload_identity_manager:0\"], \"vendor\": \"Red Hat\", \"product\": \"Zero Trust Workload Identity Manager - Tech Preview\", \"packageName\": \"zero-trust-workload-identity-manager/spiffe-spire-server-rhel9\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:zero_trust_workload_identity_manager:0\"], \"vendor\": \"Red Hat\", \"product\": \"Zero Trust Workload Identity Manager - Tech Preview\", \"packageName\": \"zero-trust-workload-identity-manager/zero-trust-workload-identity-manager-rhel9\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}], \"timeline\": [{\"lang\": \"en\", \"time\": \"2025-08-29T17:01:44.012Z\", \"value\": \"Reported to Red Hat.\"}, {\"lang\": \"en\", \"time\": \"2025-08-29T14:52:35.000Z\", \"value\": \"Made public.\"}], \"datePublic\": \"2025-08-29T14:52:35.000Z\", \"references\": [{\"url\": \"https://access.redhat.com/security/cve/CVE-2025-11065\", \"tags\": [\"vdb-entry\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=2391829\", \"name\": \"RHBZ#2391829\", \"tags\": [\"issue-tracking\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://github.com/go-viper/mapstructure/commit/742921c9ba2854d27baa64272487fc5075d2c39c\"}, {\"url\": \"https://github.com/go-viper/mapstructure/security/advisories/GHSA-2464-8j7c-4cjm\"}], \"workarounds\": [{\"lang\": \"en\", \"value\": \"Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.\"}], \"x_generator\": {\"engine\": \"cvelib 1.8.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"A flaw was found in github.com/go-viper/mapstructure/v2, in the field processing component using mapstructure.WeakDecode. This vulnerability allows information disclosure through detailed error messages that may leak sensitive input values via malformed user-supplied data processed in security-critical contexts.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-209\", \"description\": \"Generation of Error Message Containing Sensitive Information\"}]}], \"providerMetadata\": {\"orgId\": \"53f830b8-0a3f-465b-8143-3b8a9948e749\", \"shortName\": \"redhat\", \"dateUpdated\": \"2026-06-29T23:28:27.767Z\"}, \"x_redhatCweChain\": \"CWE-209: Generation of Error Message Containing Sensitive Information\"}}",
"cveMetadata": "{\"cveId\": \"CVE-2025-11065\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-06-29T23:28:27.767Z\", \"dateReserved\": \"2025-09-26T12:01:08.227Z\", \"assignerOrgId\": \"53f830b8-0a3f-465b-8143-3b8a9948e749\", \"datePublished\": \"2026-01-26T19:36:28.900Z\", \"assignerShortName\": \"redhat\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
Loading…
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…