Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2025-22872 (GCVE-0-2025-22872)
Vulnerability from cvelistv5 – Published: 2025-04-16 17:13 – Updated: 2025-05-16 23:03
VLAI
EPSS
Title
Incorrect Neutralization of Input During Web Page Generation in x/net in golang.org/x/net
Summary
The tokenizer incorrectly interprets tags with unquoted attribute values that end with a solidus character (/) as self-closing. When directly using Tokenizer, this can result in such tags incorrectly being marked as self-closing, and when using the Parse functions, this can result in content following such tags as being placed in the wrong scope during DOM construction, but only when tags are in foreign content (e.g. <math>, <svg>, etc contexts).
Severity
6.5 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| golang.org/x/net | golang.org/x/net/html |
Affected:
0 , < 0.38.0
(semver)
|
Credits
Sean Ng (https://ensy.zip)
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-22872",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-16T20:14:29.607584Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-16T20:15:13.433Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-05-16T23:03:07.693Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://security.netapp.com/advisory/ntap-20250516-0007/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://pkg.go.dev",
"defaultStatus": "unaffected",
"packageName": "golang.org/x/net/html",
"product": "golang.org/x/net/html",
"programRoutines": [
{
"name": "Tokenizer.readStartTag"
},
{
"name": "Parse"
},
{
"name": "ParseFragment"
},
{
"name": "ParseFragmentWithOptions"
},
{
"name": "ParseWithOptions"
},
{
"name": "Tokenizer.Next"
}
],
"vendor": "golang.org/x/net",
"versions": [
{
"lessThan": "0.38.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Sean Ng (https://ensy.zip)"
}
],
"descriptions": [
{
"lang": "en",
"value": "The tokenizer incorrectly interprets tags with unquoted attribute values that end with a solidus character (/) as self-closing. When directly using Tokenizer, this can result in such tags incorrectly being marked as self-closing, and when using the Parse functions, this can result in content following such tags as being placed in the wrong scope during DOM construction, but only when tags are in foreign content (e.g. \u003cmath\u003e, \u003csvg\u003e, etc contexts)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-79",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-16T17:13:02.550Z",
"orgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
"shortName": "Go"
},
"references": [
{
"url": "https://go.dev/cl/662715"
},
{
"url": "https://go.dev/issue/73070"
},
{
"url": "https://groups.google.com/g/golang-announce/c/ezSKR9vqbqA"
},
{
"url": "https://pkg.go.dev/vuln/GO-2025-3595"
}
],
"title": "Incorrect Neutralization of Input During Web Page Generation in x/net in golang.org/x/net"
}
},
"cveMetadata": {
"assignerOrgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
"assignerShortName": "Go",
"cveId": "CVE-2025-22872",
"datePublished": "2025-04-16T17:13:02.550Z",
"dateReserved": "2025-01-08T19:11:42.834Z",
"dateUpdated": "2025-05-16T23:03:07.693Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2025-22872",
"date": "2026-06-05",
"epss": "0.00017",
"percentile": "0.04449"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2025-22872\",\"sourceIdentifier\":\"security@golang.org\",\"published\":\"2025-04-16T18:16:04.183\",\"lastModified\":\"2025-05-16T23:15:19.707\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The tokenizer incorrectly interprets tags with unquoted attribute values that end with a solidus character (/) as self-closing. When directly using Tokenizer, this can result in such tags incorrectly being marked as self-closing, and when using the Parse functions, this can result in content following such tags as being placed in the wrong scope during DOM construction, but only when tags are in foreign content (e.g. \u003cmath\u003e, \u003csvg\u003e, etc contexts).\"},{\"lang\":\"es\",\"value\":\"El tokenizador interpreta incorrectamente las etiquetas con valores de atributo sin comillas que terminan en barra (/) como autocerradas. Al usar el tokenizador directamente, esto puede provocar que dichas etiquetas se marquen incorrectamente como autocerradas, y al usar las funciones de an\u00e1lisis, esto puede provocar que el contenido posterior a dichas etiquetas se coloque en el \u00e1mbito incorrecto durante la construcci\u00f3n del DOM, pero solo cuando las etiquetas se encuentran en contenido externo (por ejemplo, contextos , , etc.).\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L\",\"baseScore\":6.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"LOW\"},\"exploitabilityScore\":2.2,\"impactScore\":3.7}]},\"references\":[{\"url\":\"https://go.dev/cl/662715\",\"source\":\"security@golang.org\"},{\"url\":\"https://go.dev/issue/73070\",\"source\":\"security@golang.org\"},{\"url\":\"https://groups.google.com/g/golang-announce/c/ezSKR9vqbqA\",\"source\":\"security@golang.org\"},{\"url\":\"https://pkg.go.dev/vuln/GO-2025-3595\",\"source\":\"security@golang.org\"},{\"url\":\"https://security.netapp.com/advisory/ntap-20250516-0007/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://security.netapp.com/advisory/ntap-20250516-0007/\"}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2025-05-16T23:03:07.693Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"CHANGED\", \"version\": \"3.1\", \"baseScore\": 6.5, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L\", \"integrityImpact\": \"LOW\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"HIGH\", \"availabilityImpact\": \"LOW\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"LOW\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-22872\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-04-16T20:14:29.607584Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-04-16T20:14:58.303Z\"}}], \"cna\": {\"title\": \"Incorrect Neutralization of Input During Web Page Generation in x/net in golang.org/x/net\", \"credits\": [{\"lang\": \"en\", \"value\": \"Sean Ng (https://ensy.zip)\"}], \"affected\": [{\"vendor\": \"golang.org/x/net\", \"product\": \"golang.org/x/net/html\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"0.38.0\", \"versionType\": \"semver\"}], \"packageName\": \"golang.org/x/net/html\", \"collectionURL\": \"https://pkg.go.dev\", \"defaultStatus\": \"unaffected\", \"programRoutines\": [{\"name\": \"Tokenizer.readStartTag\"}, {\"name\": \"Parse\"}, {\"name\": \"ParseFragment\"}, {\"name\": \"ParseFragmentWithOptions\"}, {\"name\": \"ParseWithOptions\"}, {\"name\": \"Tokenizer.Next\"}]}], \"references\": [{\"url\": \"https://go.dev/cl/662715\"}, {\"url\": \"https://go.dev/issue/73070\"}, {\"url\": \"https://groups.google.com/g/golang-announce/c/ezSKR9vqbqA\"}, {\"url\": \"https://pkg.go.dev/vuln/GO-2025-3595\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"The tokenizer incorrectly interprets tags with unquoted attribute values that end with a solidus character (/) as self-closing. When directly using Tokenizer, this can result in such tags incorrectly being marked as self-closing, and when using the Parse functions, this can result in content following such tags as being placed in the wrong scope during DOM construction, but only when tags are in foreign content (e.g. \u003cmath\u003e, \u003csvg\u003e, etc contexts).\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"description\": \"CWE-79\"}]}], \"providerMetadata\": {\"orgId\": \"1bb62c36-49e3-4200-9d77-64a1400537cc\", \"shortName\": \"Go\", \"dateUpdated\": \"2025-04-16T17:13:02.550Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2025-22872\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-05-16T23:03:07.693Z\", \"dateReserved\": \"2025-01-08T19:11:42.834Z\", \"assignerOrgId\": \"1bb62c36-49e3-4200-9d77-64a1400537cc\", \"datePublished\": \"2025-04-16T17:13:02.550Z\", \"assignerShortName\": \"Go\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
GHSA-VVGC-356P-C3XW
Vulnerability from github – Published: 2025-04-16 19:22 – Updated: 2025-05-17 18:49
VLAI
Summary
golang.org/x/net vulnerable to Cross-site Scripting
Details
The tokenizer incorrectly interprets tags with unquoted attribute values that end with a solidus character (/) as self-closing. When directly using Tokenizer, this can result in such tags incorrectly being marked as self-closing, and when using the Parse functions, this can result in content following such tags as being placed in the wrong scope during DOM construction, but only when tags are in foreign content (e.g. , , etc contexts).
Severity
{
"affected": [
{
"package": {
"ecosystem": "Go",
"name": "golang.org/x/net"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.38.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2025-22872"
],
"database_specific": {
"cwe_ids": [
"CWE-79"
],
"github_reviewed": true,
"github_reviewed_at": "2025-04-16T19:22:51Z",
"nvd_published_at": "2025-04-16T18:16:04Z",
"severity": "MODERATE"
},
"details": "The tokenizer incorrectly interprets tags with unquoted attribute values that end with a solidus character (/) as self-closing. When directly using Tokenizer, this can result in such tags incorrectly being marked as self-closing, and when using the Parse functions, this can result in content following such tags as being placed in the wrong scope during DOM construction, but only when tags are in foreign content (e.g. \u003cmath\u003e, \u003csvg\u003e, etc contexts).",
"id": "GHSA-vvgc-356p-c3xw",
"modified": "2025-05-17T18:49:25Z",
"published": "2025-04-16T19:22:51Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-22872"
},
{
"type": "WEB",
"url": "https://go.dev/cl/662715"
},
{
"type": "WEB",
"url": "https://go.dev/issue/73070"
},
{
"type": "WEB",
"url": "https://groups.google.com/g/golang-announce/c/ezSKR9vqbqA"
},
{
"type": "WEB",
"url": "https://pkg.go.dev/vuln/GO-2025-3595"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20250516-0007"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N",
"type": "CVSS_V4"
}
],
"summary": "golang.org/x/net vulnerable to Cross-site Scripting"
}
MSRC_CVE-2025-22872
Vulnerability from csaf_microsoft - Published: 2025-04-02 00:00 - Updated: 2026-02-21 03:17Summary
Incorrect Neutralization of Input During Web Page Generation in x/net in golang.org/x/net
Notes
Additional Resources: To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle
Disclaimer: The information provided in the Microsoft Knowledge Base is provided \"as is\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.
6.5 (Medium)
Affected products
Fixed
38 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 20303-17084 | — | ||
| Unresolved product id: 20305-17084 | — | ||
| Unresolved product id: 20252-17086 | — | ||
| Unresolved product id: 19609-17084 | — | ||
| Unresolved product id: 19969-17086 | — | ||
| Unresolved product id: 19594-17084 | — | ||
| Unresolved product id: 19963-17086 | — | ||
| Unresolved product id: 20312-17086 | — | ||
| Unresolved product id: 19939-17086 | — | ||
| Unresolved product id: 19680-17086 | — | ||
| Unresolved product id: 20382-17086 | — | ||
| Unresolved product id: 20433-17084 | — | ||
| Unresolved product id: 19332-17084 | — | ||
| Unresolved product id: 19333-17084 | — | ||
| Unresolved product id: 19334-17084 | — | ||
| Unresolved product id: 19335-17084 | — | ||
| Unresolved product id: 19336-17084 | — | ||
| Unresolved product id: 19337-17084 | — | ||
| Unresolved product id: 19338-17084 | — | ||
| Unresolved product id: 19339-17084 | — | ||
| Unresolved product id: 19340-17084 | — | ||
| Unresolved product id: 19341-17084 | — | ||
| Unresolved product id: 19342-17084 | — | ||
| Unresolved product id: 19343-17084 | — | ||
| Unresolved product id: 19344-17084 | — | ||
| Unresolved product id: 19345-17084 | — | ||
| Unresolved product id: 19346-17084 | — | ||
| Unresolved product id: 19347-17084 | — | ||
| Unresolved product id: 19348-17084 | — | ||
| Unresolved product id: 19761-17086 | — | ||
| Unresolved product id: 19782-17086 | — | ||
| Unresolved product id: 19754-17086 | — | ||
| Unresolved product id: 19698-17086 | — | ||
| Unresolved product id: 19945-17086 | — | ||
| Unresolved product id: 20004-17084 | — | ||
| Unresolved product id: 20319-17086 | — | ||
| Unresolved product id: 20321-17084 | — | ||
| Unresolved product id: 20383-17086 | — |
Known affected
38 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 17084-8 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 17084-7 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 17086-9 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 17084-21 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 17086-12 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 17084-22 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 17086-13 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 17086-6 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 17086-15 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 17086-20 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 17086-3 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 17084-1 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 17084-40 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 17084-39 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 17084-38 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 17084-37 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 17084-36 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 17084-35 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 17084-34 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 17084-33 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 17084-32 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 17084-31 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 17084-30 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 17084-29 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 17084-28 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 17084-27 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 17084-26 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 17084-25 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 17084-24 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 17086-17 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 17086-16 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 17086-18 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 17086-19 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 17086-14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 17084-10 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 17086-5 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 17084-4 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 17086-2 | — |
Vendor Fix
fix
|
Known not affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 17084-41 | — | ||
| Unresolved product id: 17084-42 | — | ||
| Unresolved product id: 17084-23 | — | ||
| Unresolved product id: 17084-11 | — |
References
4 references
| URL | Category |
|---|---|
| https://msrc.microsoft.com/csaf/vex/2025/msrc_cve… | self |
| https://support.microsoft.com/lifecycle | external |
| https://www.first.org/cvss | external |
| https://msrc.microsoft.com/csaf/vex/2025/msrc_cve… | self |
{
"document": {
"category": "csaf_vex",
"csaf_version": "2.0",
"distribution": {
"text": "Public",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en-US",
"notes": [
{
"category": "general",
"text": "To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle",
"title": "Additional Resources"
},
{
"category": "legal_disclaimer",
"text": "The information provided in the Microsoft Knowledge Base is provided \\\"as is\\\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.",
"title": "Disclaimer"
}
],
"publisher": {
"category": "vendor",
"contact_details": "secure@microsoft.com",
"name": "Microsoft Security Response Center",
"namespace": "https://msrc.microsoft.com"
},
"references": [
{
"category": "self",
"summary": "CVE-2025-22872 Incorrect Neutralization of Input During Web Page Generation in x/net in golang.org/x/net - VEX",
"url": "https://msrc.microsoft.com/csaf/vex/2025/msrc_cve-2025-22872.json"
},
{
"category": "external",
"summary": "Microsoft Support Lifecycle",
"url": "https://support.microsoft.com/lifecycle"
},
{
"category": "external",
"summary": "Common Vulnerability Scoring System",
"url": "https://www.first.org/cvss"
}
],
"title": "Incorrect Neutralization of Input During Web Page Generation in x/net in golang.org/x/net",
"tracking": {
"current_release_date": "2026-02-21T03:17:13.000Z",
"generator": {
"date": "2026-02-25T09:08:58.985Z",
"engine": {
"name": "MSRC Generator",
"version": "1.0"
}
},
"id": "msrc_CVE-2025-22872",
"initial_release_date": "2025-04-02T00:00:00.000Z",
"revision_history": [
{
"date": "2025-04-29T00:00:00.000Z",
"legacy_version": "1",
"number": "1",
"summary": "Information published."
},
{
"date": "2025-05-05T00:00:00.000Z",
"legacy_version": "2",
"number": "2",
"summary": "Information published."
},
{
"date": "2025-05-27T00:00:00.000Z",
"legacy_version": "3",
"number": "3",
"summary": "Information published."
},
{
"date": "2025-06-06T00:00:00.000Z",
"legacy_version": "4",
"number": "4",
"summary": "Added packer to CBL-Mariner 2.0\nAdded cni-plugins to CBL-Mariner 2.0\nAdded kubevirt to CBL-Mariner 2.0\nAdded sriov-network-device-plugin to CBL-Mariner 2.0\nAdded cni-plugins to Azure Linux 3.0\nAdded helm to Azure Linux 3.0\nAdded ig to Azure Linux 3.0\nAdded influxdb to Azure Linux 3.0\nAdded kubernetes to Azure Linux 3.0\nAdded kubevirt to Azure Linux 3.0\nAdded multus to Azure Linux 3.0\nAdded telegraf to Azure Linux 3.0\nAdded cf-cli to Azure Linux 3.0\nAdded containerized-data-importer to Azure Linux 3.0\nAdded docker-compose to Azure Linux 3.0\nAdded gh to Azure Linux 3.0\nAdded kube-vip-cloud-provider to Azure Linux 3.0\nAdded packer to Azure Linux 3.0\nAdded prometheus-adapter to Azure Linux 3.0\nAdded sriov-network-device-plugin to Azure Linux 3.0\nAdded keda to Azure Linux 3.0"
},
{
"date": "2025-07-10T00:00:00.000Z",
"legacy_version": "5",
"number": "5",
"summary": "Added cert-manager to CBL-Mariner 2.0\nAdded helm to CBL-Mariner 2.0\nAdded kubernetes to CBL-Mariner 2.0\nAdded multus to CBL-Mariner 2.0\nAdded telegraf to CBL-Mariner 2.0\nAdded vitess to CBL-Mariner 2.0\nAdded packer to CBL-Mariner 2.0\nAdded cni-plugins to CBL-Mariner 2.0\nAdded kubevirt to CBL-Mariner 2.0\nAdded sriov-network-device-plugin to CBL-Mariner 2.0\nAdded cert-manager to Azure Linux 3.0\nAdded containerd2 to Azure Linux 3.0\nAdded dasel to Azure Linux 3.0\nAdded docker-buildx to Azure Linux 3.0\nAdded cni-plugins to Azure Linux 3.0\nAdded helm to Azure Linux 3.0\nAdded ig to Azure Linux 3.0\nAdded influxdb to Azure Linux 3.0\nAdded kubernetes to Azure Linux 3.0\nAdded kubevirt to Azure Linux 3.0\nAdded multus to Azure Linux 3.0\nAdded telegraf to Azure Linux 3.0\nAdded cf-cli to Azure Linux 3.0\nAdded containerized-data-importer to Azure Linux 3.0\nAdded docker-compose to Azure Linux 3.0\nAdded gh to Azure Linux 3.0\nAdded kube-vip-cloud-provider to Azure Linux 3.0\nAdded packer to Azure Linux 3.0\nAdded prometheus-adapter to Azure Linux 3.0\nAdded sriov-network-device-plugin to Azure Linux 3.0\nAdded keda to Azure Linux 3.0"
},
{
"date": "2026-02-21T03:17:13.000Z",
"legacy_version": "5.1",
"number": "6",
"summary": "Information published."
}
],
"status": "final",
"version": "6"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "3.0",
"product": {
"name": "Azure Linux 3.0",
"product_id": "17084"
}
},
{
"category": "product_version",
"name": "2.0",
"product": {
"name": "CBL Mariner 2.0",
"product_id": "17086"
}
}
],
"category": "product_name",
"name": "Azure Linux"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cazl3 cri-tools 1.32.0-2",
"product": {
"name": "\u003cazl3 cri-tools 1.32.0-2",
"product_id": "8"
}
},
{
"category": "product_version",
"name": "azl3 cri-tools 1.32.0-2",
"product": {
"name": "azl3 cri-tools 1.32.0-2",
"product_id": "20303"
}
},
{
"category": "product_version_range",
"name": "\u003ccbl2 cri-tools 1.29.0-8",
"product": {
"name": "\u003ccbl2 cri-tools 1.29.0-8",
"product_id": "3"
}
},
{
"category": "product_version",
"name": "cbl2 cri-tools 1.29.0-8",
"product": {
"name": "cbl2 cri-tools 1.29.0-8",
"product_id": "20382"
}
},
{
"category": "product_version_range",
"name": "\u003ccbl2 cri-tools 1.29.0-6",
"product": {
"name": "\u003ccbl2 cri-tools 1.29.0-6",
"product_id": "18"
}
},
{
"category": "product_version",
"name": "cbl2 cri-tools 1.29.0-6",
"product": {
"name": "cbl2 cri-tools 1.29.0-6",
"product_id": "19754"
}
}
],
"category": "product_name",
"name": "cri-tools"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cazl3 docker-buildx 0.14.0-6",
"product": {
"name": "\u003cazl3 docker-buildx 0.14.0-6",
"product_id": "7"
}
},
{
"category": "product_version",
"name": "azl3 docker-buildx 0.14.0-6",
"product": {
"name": "azl3 docker-buildx 0.14.0-6",
"product_id": "20305"
}
}
],
"category": "product_name",
"name": "docker-buildx"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003ccbl2 cert-manager 1.11.2-23",
"product": {
"name": "\u003ccbl2 cert-manager 1.11.2-23",
"product_id": "9"
}
},
{
"category": "product_version",
"name": "cbl2 cert-manager 1.11.2-23",
"product": {
"name": "cbl2 cert-manager 1.11.2-23",
"product_id": "20252"
}
},
{
"category": "product_version_range",
"name": "\u003cazl3 cert-manager 1.12.15-4",
"product": {
"name": "\u003cazl3 cert-manager 1.12.15-4",
"product_id": "22"
}
},
{
"category": "product_version",
"name": "azl3 cert-manager 1.12.15-4",
"product": {
"name": "azl3 cert-manager 1.12.15-4",
"product_id": "19594"
}
}
],
"category": "product_name",
"name": "cert-manager"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cazl3 containerd2 2.0.0-12",
"product": {
"name": "\u003cazl3 containerd2 2.0.0-12",
"product_id": "21"
}
},
{
"category": "product_version",
"name": "azl3 containerd2 2.0.0-12",
"product": {
"name": "azl3 containerd2 2.0.0-12",
"product_id": "19609"
}
}
],
"category": "product_name",
"name": "containerd2"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003ccbl2 cni-plugins 1.3.0-8",
"product": {
"name": "\u003ccbl2 cni-plugins 1.3.0-8",
"product_id": "12"
}
},
{
"category": "product_version",
"name": "cbl2 cni-plugins 1.3.0-8",
"product": {
"name": "cbl2 cni-plugins 1.3.0-8",
"product_id": "19969"
}
},
{
"category": "product_version_range",
"name": "\u003cazl3 cni-plugins 1.4.0-3",
"product": {
"name": "\u003cazl3 cni-plugins 1.4.0-3",
"product_id": "24"
}
},
{
"category": "product_version",
"name": "azl3 cni-plugins 1.4.0-3",
"product": {
"name": "azl3 cni-plugins 1.4.0-3",
"product_id": "19348"
}
}
],
"category": "product_name",
"name": "cni-plugins"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003ccbl2 helm 3.14.2-6",
"product": {
"name": "\u003ccbl2 helm 3.14.2-6",
"product_id": "13"
}
},
{
"category": "product_version",
"name": "cbl2 helm 3.14.2-6",
"product": {
"name": "cbl2 helm 3.14.2-6",
"product_id": "19963"
}
},
{
"category": "product_version_range",
"name": "\u003cazl3 helm 3.15.2-3",
"product": {
"name": "\u003cazl3 helm 3.15.2-3",
"product_id": "39"
}
},
{
"category": "product_version",
"name": "azl3 helm 3.15.2-3",
"product": {
"name": "azl3 helm 3.15.2-3",
"product_id": "19333"
}
}
],
"category": "product_name",
"name": "helm"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003ccbl2 multus 4.0.2-8",
"product": {
"name": "\u003ccbl2 multus 4.0.2-8",
"product_id": "6"
}
},
{
"category": "product_version",
"name": "cbl2 multus 4.0.2-8",
"product": {
"name": "cbl2 multus 4.0.2-8",
"product_id": "20312"
}
},
{
"category": "product_version_range",
"name": "\u003cazl3 multus 4.0.2-5",
"product": {
"name": "\u003cazl3 multus 4.0.2-5",
"product_id": "27"
}
},
{
"category": "product_version",
"name": "azl3 multus 4.0.2-5",
"product": {
"name": "azl3 multus 4.0.2-5",
"product_id": "19345"
}
}
],
"category": "product_name",
"name": "multus"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003ccbl2 telegraf 1.29.4-16",
"product": {
"name": "\u003ccbl2 telegraf 1.29.4-16",
"product_id": "15"
}
},
{
"category": "product_version",
"name": "cbl2 telegraf 1.29.4-16",
"product": {
"name": "cbl2 telegraf 1.29.4-16",
"product_id": "19939"
}
},
{
"category": "product_version_range",
"name": "\u003cazl3 telegraf 1.31.0-10",
"product": {
"name": "\u003cazl3 telegraf 1.31.0-10",
"product_id": "29"
}
},
{
"category": "product_version",
"name": "azl3 telegraf 1.31.0-10",
"product": {
"name": "azl3 telegraf 1.31.0-10",
"product_id": "19343"
}
}
],
"category": "product_name",
"name": "telegraf"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003ccbl2 sriov-network-device-plugin 3.6.2-9",
"product": {
"name": "\u003ccbl2 sriov-network-device-plugin 3.6.2-9",
"product_id": "20"
}
},
{
"category": "product_version",
"name": "cbl2 sriov-network-device-plugin 3.6.2-9",
"product": {
"name": "cbl2 sriov-network-device-plugin 3.6.2-9",
"product_id": "19680"
}
},
{
"category": "product_version_range",
"name": "\u003cazl3 sriov-network-device-plugin 3.7.0-4",
"product": {
"name": "\u003cazl3 sriov-network-device-plugin 3.7.0-4",
"product_id": "31"
}
},
{
"category": "product_version",
"name": "azl3 sriov-network-device-plugin 3.7.0-4",
"product": {
"name": "azl3 sriov-network-device-plugin 3.7.0-4",
"product_id": "19341"
}
}
],
"category": "product_name",
"name": "sriov-network-device-plugin"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cazl3 nvidia-container-toolkit 1.17.8-2",
"product": {
"name": "\u003cazl3 nvidia-container-toolkit 1.17.8-2",
"product_id": "1"
}
},
{
"category": "product_version",
"name": "azl3 nvidia-container-toolkit 1.17.8-2",
"product": {
"name": "azl3 nvidia-container-toolkit 1.17.8-2",
"product_id": "20433"
}
},
{
"category": "product_version_range",
"name": "\u003ccbl2 nvidia-container-toolkit 1.17.8-1",
"product": {
"name": "\u003ccbl2 nvidia-container-toolkit 1.17.8-1",
"product_id": "5"
}
},
{
"category": "product_version",
"name": "cbl2 nvidia-container-toolkit 1.17.8-1",
"product": {
"name": "cbl2 nvidia-container-toolkit 1.17.8-1",
"product_id": "20319"
}
},
{
"category": "product_version_range",
"name": "\u003cazl3 nvidia-container-toolkit 1.17.8-1",
"product": {
"name": "\u003cazl3 nvidia-container-toolkit 1.17.8-1",
"product_id": "4"
}
},
{
"category": "product_version",
"name": "azl3 nvidia-container-toolkit 1.17.8-1",
"product": {
"name": "azl3 nvidia-container-toolkit 1.17.8-1",
"product_id": "20321"
}
},
{
"category": "product_version_range",
"name": "\u003ccbl2 nvidia-container-toolkit 1.17.8-3",
"product": {
"name": "\u003ccbl2 nvidia-container-toolkit 1.17.8-3",
"product_id": "2"
}
},
{
"category": "product_version",
"name": "cbl2 nvidia-container-toolkit 1.17.8-3",
"product": {
"name": "cbl2 nvidia-container-toolkit 1.17.8-3",
"product_id": "20383"
}
}
],
"category": "product_name",
"name": "nvidia-container-toolkit"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cazl3 kube-vip-cloud-provider 0.0.10-4",
"product": {
"name": "\u003cazl3 kube-vip-cloud-provider 0.0.10-4",
"product_id": "40"
}
},
{
"category": "product_version",
"name": "azl3 kube-vip-cloud-provider 0.0.10-4",
"product": {
"name": "azl3 kube-vip-cloud-provider 0.0.10-4",
"product_id": "19332"
}
}
],
"category": "product_name",
"name": "kube-vip-cloud-provider"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cazl3 docker-compose 2.27.0-5",
"product": {
"name": "\u003cazl3 docker-compose 2.27.0-5",
"product_id": "38"
}
},
{
"category": "product_version",
"name": "azl3 docker-compose 2.27.0-5",
"product": {
"name": "azl3 docker-compose 2.27.0-5",
"product_id": "19334"
}
}
],
"category": "product_name",
"name": "docker-compose"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cazl3 packer 1.9.5-9",
"product": {
"name": "\u003cazl3 packer 1.9.5-9",
"product_id": "37"
}
},
{
"category": "product_version",
"name": "azl3 packer 1.9.5-9",
"product": {
"name": "azl3 packer 1.9.5-9",
"product_id": "19335"
}
},
{
"category": "product_version_range",
"name": "\u003ccbl2 packer 1.9.5-13",
"product": {
"name": "\u003ccbl2 packer 1.9.5-13",
"product_id": "14"
}
},
{
"category": "product_version",
"name": "cbl2 packer 1.9.5-13",
"product": {
"name": "cbl2 packer 1.9.5-13",
"product_id": "19945"
}
}
],
"category": "product_name",
"name": "packer"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cazl3 prometheus-adapter 0.12.0-3",
"product": {
"name": "\u003cazl3 prometheus-adapter 0.12.0-3",
"product_id": "36"
}
},
{
"category": "product_version",
"name": "azl3 prometheus-adapter 0.12.0-3",
"product": {
"name": "azl3 prometheus-adapter 0.12.0-3",
"product_id": "19336"
}
}
],
"category": "product_name",
"name": "prometheus-adapter"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cazl3 cf-cli 8.7.11-3",
"product": {
"name": "\u003cazl3 cf-cli 8.7.11-3",
"product_id": "35"
}
},
{
"category": "product_version",
"name": "azl3 cf-cli 8.7.11-3",
"product": {
"name": "azl3 cf-cli 8.7.11-3",
"product_id": "19337"
}
}
],
"category": "product_name",
"name": "cf-cli"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cazl3 gh 2.62.0-8",
"product": {
"name": "\u003cazl3 gh 2.62.0-8",
"product_id": "34"
}
},
{
"category": "product_version",
"name": "azl3 gh 2.62.0-8",
"product": {
"name": "azl3 gh 2.62.0-8",
"product_id": "19338"
}
}
],
"category": "product_name",
"name": "gh"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cazl3 kubevirt 1.2.0-17",
"product": {
"name": "\u003cazl3 kubevirt 1.2.0-17",
"product_id": "33"
}
},
{
"category": "product_version",
"name": "azl3 kubevirt 1.2.0-17",
"product": {
"name": "azl3 kubevirt 1.2.0-17",
"product_id": "19339"
}
},
{
"category": "product_version_range",
"name": "\u003ccbl2 kubevirt 0.59.0-28",
"product": {
"name": "\u003ccbl2 kubevirt 0.59.0-28",
"product_id": "16"
}
},
{
"category": "product_version",
"name": "cbl2 kubevirt 0.59.0-28",
"product": {
"name": "cbl2 kubevirt 0.59.0-28",
"product_id": "19782"
}
}
],
"category": "product_name",
"name": "kubevirt"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cazl3 kubernetes 1.30.10-7",
"product": {
"name": "\u003cazl3 kubernetes 1.30.10-7",
"product_id": "32"
}
},
{
"category": "product_version",
"name": "azl3 kubernetes 1.30.10-7",
"product": {
"name": "azl3 kubernetes 1.30.10-7",
"product_id": "19340"
}
},
{
"category": "product_version_range",
"name": "\u003ccbl2 kubernetes 1.28.4-18",
"product": {
"name": "\u003ccbl2 kubernetes 1.28.4-18",
"product_id": "17"
}
},
{
"category": "product_version",
"name": "cbl2 kubernetes 1.28.4-18",
"product": {
"name": "cbl2 kubernetes 1.28.4-18",
"product_id": "19761"
}
}
],
"category": "product_name",
"name": "kubernetes"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cazl3 ig 0.37.0-4",
"product": {
"name": "\u003cazl3 ig 0.37.0-4",
"product_id": "30"
}
},
{
"category": "product_version",
"name": "azl3 ig 0.37.0-4",
"product": {
"name": "azl3 ig 0.37.0-4",
"product_id": "19342"
}
}
],
"category": "product_name",
"name": "ig"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cazl3 influxdb 2.7.5-5",
"product": {
"name": "\u003cazl3 influxdb 2.7.5-5",
"product_id": "28"
}
},
{
"category": "product_version",
"name": "azl3 influxdb 2.7.5-5",
"product": {
"name": "azl3 influxdb 2.7.5-5",
"product_id": "19344"
}
}
],
"category": "product_name",
"name": "influxdb"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cazl3 containerized-data-importer 1.57.0-14",
"product": {
"name": "\u003cazl3 containerized-data-importer 1.57.0-14",
"product_id": "26"
}
},
{
"category": "product_version",
"name": "azl3 containerized-data-importer 1.57.0-14",
"product": {
"name": "azl3 containerized-data-importer 1.57.0-14",
"product_id": "19346"
}
}
],
"category": "product_name",
"name": "containerized-data-importer"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cazl3 keda 2.14.1-7",
"product": {
"name": "\u003cazl3 keda 2.14.1-7",
"product_id": "25"
}
},
{
"category": "product_version",
"name": "azl3 keda 2.14.1-7",
"product": {
"name": "azl3 keda 2.14.1-7",
"product_id": "19347"
}
}
],
"category": "product_name",
"name": "keda"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003ccbl2 vitess 17.0.7-8",
"product": {
"name": "\u003ccbl2 vitess 17.0.7-8",
"product_id": "19"
}
},
{
"category": "product_version",
"name": "cbl2 vitess 17.0.7-8",
"product": {
"name": "cbl2 vitess 17.0.7-8",
"product_id": "19698"
}
}
],
"category": "product_name",
"name": "vitess"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cazl3 dasel 2.8.1-2",
"product": {
"name": "\u003cazl3 dasel 2.8.1-2",
"product_id": "10"
}
},
{
"category": "product_version",
"name": "azl3 dasel 2.8.1-2",
"product": {
"name": "azl3 dasel 2.8.1-2",
"product_id": "20004"
}
}
],
"category": "product_name",
"name": "dasel"
},
{
"category": "product_name",
"name": "azl3 node-problem-detector 0.8.20-2",
"product": {
"name": "azl3 node-problem-detector 0.8.20-2",
"product_id": "41"
}
},
{
"category": "product_name",
"name": "azl3 libcontainers-common 20240213-3",
"product": {
"name": "azl3 libcontainers-common 20240213-3",
"product_id": "42"
}
},
{
"category": "product_name",
"name": "azl3 application-gateway-kubernetes-ingress 1.7.7-2",
"product": {
"name": "azl3 application-gateway-kubernetes-ingress 1.7.7-2",
"product_id": "23"
}
},
{
"category": "product_name",
"name": "azl3 cloud-provider-kubevirt 0.5.1-1",
"product": {
"name": "azl3 cloud-provider-kubevirt 0.5.1-1",
"product_id": "11"
}
}
],
"category": "vendor",
"name": "Microsoft"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003cazl3 cri-tools 1.32.0-2 as a component of Azure Linux 3.0",
"product_id": "17084-8"
},
"product_reference": "8",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "azl3 cri-tools 1.32.0-2 as a component of Azure Linux 3.0",
"product_id": "20303-17084"
},
"product_reference": "20303",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003cazl3 docker-buildx 0.14.0-6 as a component of Azure Linux 3.0",
"product_id": "17084-7"
},
"product_reference": "7",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "azl3 docker-buildx 0.14.0-6 as a component of Azure Linux 3.0",
"product_id": "20305-17084"
},
"product_reference": "20305",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003ccbl2 cert-manager 1.11.2-23 as a component of CBL Mariner 2.0",
"product_id": "17086-9"
},
"product_reference": "9",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cbl2 cert-manager 1.11.2-23 as a component of CBL Mariner 2.0",
"product_id": "20252-17086"
},
"product_reference": "20252",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003cazl3 containerd2 2.0.0-12 as a component of Azure Linux 3.0",
"product_id": "17084-21"
},
"product_reference": "21",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "azl3 containerd2 2.0.0-12 as a component of Azure Linux 3.0",
"product_id": "19609-17084"
},
"product_reference": "19609",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003ccbl2 cni-plugins 1.3.0-8 as a component of CBL Mariner 2.0",
"product_id": "17086-12"
},
"product_reference": "12",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cbl2 cni-plugins 1.3.0-8 as a component of CBL Mariner 2.0",
"product_id": "19969-17086"
},
"product_reference": "19969",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "azl3 node-problem-detector 0.8.20-2 as a component of Azure Linux 3.0",
"product_id": "17084-41"
},
"product_reference": "41",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003cazl3 cert-manager 1.12.15-4 as a component of Azure Linux 3.0",
"product_id": "17084-22"
},
"product_reference": "22",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "azl3 cert-manager 1.12.15-4 as a component of Azure Linux 3.0",
"product_id": "19594-17084"
},
"product_reference": "19594",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003ccbl2 helm 3.14.2-6 as a component of CBL Mariner 2.0",
"product_id": "17086-13"
},
"product_reference": "13",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cbl2 helm 3.14.2-6 as a component of CBL Mariner 2.0",
"product_id": "19963-17086"
},
"product_reference": "19963",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003ccbl2 multus 4.0.2-8 as a component of CBL Mariner 2.0",
"product_id": "17086-6"
},
"product_reference": "6",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cbl2 multus 4.0.2-8 as a component of CBL Mariner 2.0",
"product_id": "20312-17086"
},
"product_reference": "20312",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003ccbl2 telegraf 1.29.4-16 as a component of CBL Mariner 2.0",
"product_id": "17086-15"
},
"product_reference": "15",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cbl2 telegraf 1.29.4-16 as a component of CBL Mariner 2.0",
"product_id": "19939-17086"
},
"product_reference": "19939",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003ccbl2 sriov-network-device-plugin 3.6.2-9 as a component of CBL Mariner 2.0",
"product_id": "17086-20"
},
"product_reference": "20",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cbl2 sriov-network-device-plugin 3.6.2-9 as a component of CBL Mariner 2.0",
"product_id": "19680-17086"
},
"product_reference": "19680",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003ccbl2 cri-tools 1.29.0-8 as a component of CBL Mariner 2.0",
"product_id": "17086-3"
},
"product_reference": "3",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cbl2 cri-tools 1.29.0-8 as a component of CBL Mariner 2.0",
"product_id": "20382-17086"
},
"product_reference": "20382",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003cazl3 nvidia-container-toolkit 1.17.8-2 as a component of Azure Linux 3.0",
"product_id": "17084-1"
},
"product_reference": "1",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "azl3 nvidia-container-toolkit 1.17.8-2 as a component of Azure Linux 3.0",
"product_id": "20433-17084"
},
"product_reference": "20433",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003cazl3 kube-vip-cloud-provider 0.0.10-4 as a component of Azure Linux 3.0",
"product_id": "17084-40"
},
"product_reference": "40",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "azl3 kube-vip-cloud-provider 0.0.10-4 as a component of Azure Linux 3.0",
"product_id": "19332-17084"
},
"product_reference": "19332",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003cazl3 helm 3.15.2-3 as a component of Azure Linux 3.0",
"product_id": "17084-39"
},
"product_reference": "39",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "azl3 helm 3.15.2-3 as a component of Azure Linux 3.0",
"product_id": "19333-17084"
},
"product_reference": "19333",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003cazl3 docker-compose 2.27.0-5 as a component of Azure Linux 3.0",
"product_id": "17084-38"
},
"product_reference": "38",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "azl3 docker-compose 2.27.0-5 as a component of Azure Linux 3.0",
"product_id": "19334-17084"
},
"product_reference": "19334",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003cazl3 packer 1.9.5-9 as a component of Azure Linux 3.0",
"product_id": "17084-37"
},
"product_reference": "37",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "azl3 packer 1.9.5-9 as a component of Azure Linux 3.0",
"product_id": "19335-17084"
},
"product_reference": "19335",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003cazl3 prometheus-adapter 0.12.0-3 as a component of Azure Linux 3.0",
"product_id": "17084-36"
},
"product_reference": "36",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "azl3 prometheus-adapter 0.12.0-3 as a component of Azure Linux 3.0",
"product_id": "19336-17084"
},
"product_reference": "19336",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003cazl3 cf-cli 8.7.11-3 as a component of Azure Linux 3.0",
"product_id": "17084-35"
},
"product_reference": "35",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "azl3 cf-cli 8.7.11-3 as a component of Azure Linux 3.0",
"product_id": "19337-17084"
},
"product_reference": "19337",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003cazl3 gh 2.62.0-8 as a component of Azure Linux 3.0",
"product_id": "17084-34"
},
"product_reference": "34",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "azl3 gh 2.62.0-8 as a component of Azure Linux 3.0",
"product_id": "19338-17084"
},
"product_reference": "19338",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003cazl3 kubevirt 1.2.0-17 as a component of Azure Linux 3.0",
"product_id": "17084-33"
},
"product_reference": "33",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "azl3 kubevirt 1.2.0-17 as a component of Azure Linux 3.0",
"product_id": "19339-17084"
},
"product_reference": "19339",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003cazl3 kubernetes 1.30.10-7 as a component of Azure Linux 3.0",
"product_id": "17084-32"
},
"product_reference": "32",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "azl3 kubernetes 1.30.10-7 as a component of Azure Linux 3.0",
"product_id": "19340-17084"
},
"product_reference": "19340",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003cazl3 sriov-network-device-plugin 3.7.0-4 as a component of Azure Linux 3.0",
"product_id": "17084-31"
},
"product_reference": "31",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "azl3 sriov-network-device-plugin 3.7.0-4 as a component of Azure Linux 3.0",
"product_id": "19341-17084"
},
"product_reference": "19341",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003cazl3 ig 0.37.0-4 as a component of Azure Linux 3.0",
"product_id": "17084-30"
},
"product_reference": "30",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "azl3 ig 0.37.0-4 as a component of Azure Linux 3.0",
"product_id": "19342-17084"
},
"product_reference": "19342",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003cazl3 telegraf 1.31.0-10 as a component of Azure Linux 3.0",
"product_id": "17084-29"
},
"product_reference": "29",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "azl3 telegraf 1.31.0-10 as a component of Azure Linux 3.0",
"product_id": "19343-17084"
},
"product_reference": "19343",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003cazl3 influxdb 2.7.5-5 as a component of Azure Linux 3.0",
"product_id": "17084-28"
},
"product_reference": "28",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "azl3 influxdb 2.7.5-5 as a component of Azure Linux 3.0",
"product_id": "19344-17084"
},
"product_reference": "19344",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003cazl3 multus 4.0.2-5 as a component of Azure Linux 3.0",
"product_id": "17084-27"
},
"product_reference": "27",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "azl3 multus 4.0.2-5 as a component of Azure Linux 3.0",
"product_id": "19345-17084"
},
"product_reference": "19345",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003cazl3 containerized-data-importer 1.57.0-14 as a component of Azure Linux 3.0",
"product_id": "17084-26"
},
"product_reference": "26",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "azl3 containerized-data-importer 1.57.0-14 as a component of Azure Linux 3.0",
"product_id": "19346-17084"
},
"product_reference": "19346",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003cazl3 keda 2.14.1-7 as a component of Azure Linux 3.0",
"product_id": "17084-25"
},
"product_reference": "25",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "azl3 keda 2.14.1-7 as a component of Azure Linux 3.0",
"product_id": "19347-17084"
},
"product_reference": "19347",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003cazl3 cni-plugins 1.4.0-3 as a component of Azure Linux 3.0",
"product_id": "17084-24"
},
"product_reference": "24",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "azl3 cni-plugins 1.4.0-3 as a component of Azure Linux 3.0",
"product_id": "19348-17084"
},
"product_reference": "19348",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "azl3 libcontainers-common 20240213-3 as a component of Azure Linux 3.0",
"product_id": "17084-42"
},
"product_reference": "42",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "azl3 application-gateway-kubernetes-ingress 1.7.7-2 as a component of Azure Linux 3.0",
"product_id": "17084-23"
},
"product_reference": "23",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003ccbl2 kubernetes 1.28.4-18 as a component of CBL Mariner 2.0",
"product_id": "17086-17"
},
"product_reference": "17",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cbl2 kubernetes 1.28.4-18 as a component of CBL Mariner 2.0",
"product_id": "19761-17086"
},
"product_reference": "19761",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "azl3 cloud-provider-kubevirt 0.5.1-1 as a component of Azure Linux 3.0",
"product_id": "17084-11"
},
"product_reference": "11",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003ccbl2 kubevirt 0.59.0-28 as a component of CBL Mariner 2.0",
"product_id": "17086-16"
},
"product_reference": "16",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cbl2 kubevirt 0.59.0-28 as a component of CBL Mariner 2.0",
"product_id": "19782-17086"
},
"product_reference": "19782",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003ccbl2 cri-tools 1.29.0-6 as a component of CBL Mariner 2.0",
"product_id": "17086-18"
},
"product_reference": "18",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cbl2 cri-tools 1.29.0-6 as a component of CBL Mariner 2.0",
"product_id": "19754-17086"
},
"product_reference": "19754",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003ccbl2 vitess 17.0.7-8 as a component of CBL Mariner 2.0",
"product_id": "17086-19"
},
"product_reference": "19",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cbl2 vitess 17.0.7-8 as a component of CBL Mariner 2.0",
"product_id": "19698-17086"
},
"product_reference": "19698",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003ccbl2 packer 1.9.5-13 as a component of CBL Mariner 2.0",
"product_id": "17086-14"
},
"product_reference": "14",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cbl2 packer 1.9.5-13 as a component of CBL Mariner 2.0",
"product_id": "19945-17086"
},
"product_reference": "19945",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003cazl3 dasel 2.8.1-2 as a component of Azure Linux 3.0",
"product_id": "17084-10"
},
"product_reference": "10",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "azl3 dasel 2.8.1-2 as a component of Azure Linux 3.0",
"product_id": "20004-17084"
},
"product_reference": "20004",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003ccbl2 nvidia-container-toolkit 1.17.8-1 as a component of CBL Mariner 2.0",
"product_id": "17086-5"
},
"product_reference": "5",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cbl2 nvidia-container-toolkit 1.17.8-1 as a component of CBL Mariner 2.0",
"product_id": "20319-17086"
},
"product_reference": "20319",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003cazl3 nvidia-container-toolkit 1.17.8-1 as a component of Azure Linux 3.0",
"product_id": "17084-4"
},
"product_reference": "4",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "azl3 nvidia-container-toolkit 1.17.8-1 as a component of Azure Linux 3.0",
"product_id": "20321-17084"
},
"product_reference": "20321",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003ccbl2 nvidia-container-toolkit 1.17.8-3 as a component of CBL Mariner 2.0",
"product_id": "17086-2"
},
"product_reference": "2",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cbl2 nvidia-container-toolkit 1.17.8-3 as a component of CBL Mariner 2.0",
"product_id": "20383-17086"
},
"product_reference": "20383",
"relates_to_product_reference": "17086"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-22872",
"flags": [
{
"label": "component_not_present",
"product_ids": [
"17084-41",
"17084-42",
"17084-23",
"17084-11"
]
}
],
"notes": [
{
"category": "general",
"text": "Go",
"title": "Assigning CNA"
}
],
"product_status": {
"fixed": [
"20303-17084",
"20305-17084",
"20252-17086",
"19609-17084",
"19969-17086",
"19594-17084",
"19963-17086",
"20312-17086",
"19939-17086",
"19680-17086",
"20382-17086",
"20433-17084",
"19332-17084",
"19333-17084",
"19334-17084",
"19335-17084",
"19336-17084",
"19337-17084",
"19338-17084",
"19339-17084",
"19340-17084",
"19341-17084",
"19342-17084",
"19343-17084",
"19344-17084",
"19345-17084",
"19346-17084",
"19347-17084",
"19348-17084",
"19761-17086",
"19782-17086",
"19754-17086",
"19698-17086",
"19945-17086",
"20004-17084",
"20319-17086",
"20321-17084",
"20383-17086"
],
"known_affected": [
"17084-8",
"17084-7",
"17086-9",
"17084-21",
"17086-12",
"17084-22",
"17086-13",
"17086-6",
"17086-15",
"17086-20",
"17086-3",
"17084-1",
"17084-40",
"17084-39",
"17084-38",
"17084-37",
"17084-36",
"17084-35",
"17084-34",
"17084-33",
"17084-32",
"17084-31",
"17084-30",
"17084-29",
"17084-28",
"17084-27",
"17084-26",
"17084-25",
"17084-24",
"17086-17",
"17086-16",
"17086-18",
"17086-19",
"17086-14",
"17084-10",
"17086-5",
"17084-4",
"17086-2"
],
"known_not_affected": [
"17084-41",
"17084-42",
"17084-23",
"17084-11"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-22872 Incorrect Neutralization of Input During Web Page Generation in x/net in golang.org/x/net - VEX",
"url": "https://msrc.microsoft.com/csaf/vex/2025/msrc_cve-2025-22872.json"
}
],
"remediations": [
{
"category": "vendor_fix",
"date": "2025-04-29T00:00:00.000Z",
"details": "1.32.0-2:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade",
"product_ids": [
"17084-8"
],
"url": "https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade"
},
{
"category": "vendor_fix",
"date": "2025-04-29T00:00:00.000Z",
"details": "0.14.0-6:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade",
"product_ids": [
"17084-7"
],
"url": "https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade"
},
{
"category": "vendor_fix",
"date": "2025-04-29T00:00:00.000Z",
"details": "1.11.2-23:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade",
"product_ids": [
"17086-9"
],
"url": "https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade"
},
{
"category": "vendor_fix",
"date": "2025-04-29T00:00:00.000Z",
"details": "2.0.0-9:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade",
"product_ids": [
"17084-21"
],
"url": "https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade"
},
{
"category": "vendor_fix",
"date": "2025-04-29T00:00:00.000Z",
"details": "1.3.0-8:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade",
"product_ids": [
"17086-12"
],
"url": "https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade"
},
{
"category": "vendor_fix",
"date": "2025-04-29T00:00:00.000Z",
"details": "1.12.15-4:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade",
"product_ids": [
"17084-22"
],
"url": "https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade"
},
{
"category": "vendor_fix",
"date": "2025-04-29T00:00:00.000Z",
"details": "3.14.2-6:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade",
"product_ids": [
"17086-13"
],
"url": "https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade"
},
{
"category": "vendor_fix",
"date": "2025-04-29T00:00:00.000Z",
"details": "4.0.2-8:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade",
"product_ids": [
"17086-6"
],
"url": "https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade"
},
{
"category": "vendor_fix",
"date": "2025-04-29T00:00:00.000Z",
"details": "1.29.4-16:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade",
"product_ids": [
"17086-15"
],
"url": "https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade"
},
{
"category": "vendor_fix",
"date": "2025-04-29T00:00:00.000Z",
"details": "3.6.2-9:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade",
"product_ids": [
"17086-20"
],
"url": "https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade"
},
{
"category": "vendor_fix",
"date": "2025-04-29T00:00:00.000Z",
"details": "1.29.0-8:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade",
"product_ids": [
"17086-3"
],
"url": "https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade"
},
{
"category": "vendor_fix",
"date": "2025-04-29T00:00:00.000Z",
"details": "1.17.8-2:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade",
"product_ids": [
"17084-1",
"17086-5",
"17084-4"
],
"url": "https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade"
},
{
"category": "vendor_fix",
"date": "2025-04-29T00:00:00.000Z",
"details": "0.0.10-4:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade",
"product_ids": [
"17084-40"
],
"url": "https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade"
},
{
"category": "vendor_fix",
"date": "2025-04-29T00:00:00.000Z",
"details": "3.15.2-3:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade",
"product_ids": [
"17084-39"
],
"url": "https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade"
},
{
"category": "vendor_fix",
"date": "2025-04-29T00:00:00.000Z",
"details": "2.27.0-5:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade",
"product_ids": [
"17084-38"
],
"url": "https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade"
},
{
"category": "vendor_fix",
"date": "2025-04-29T00:00:00.000Z",
"details": "1.9.5-9:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade",
"product_ids": [
"17084-37"
],
"url": "https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade"
},
{
"category": "vendor_fix",
"date": "2025-04-29T00:00:00.000Z",
"details": "0.12.0-3:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade",
"product_ids": [
"17084-36"
],
"url": "https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade"
},
{
"category": "vendor_fix",
"date": "2025-04-29T00:00:00.000Z",
"details": "8.7.11-3:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade",
"product_ids": [
"17084-35"
],
"url": "https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade"
},
{
"category": "vendor_fix",
"date": "2025-04-29T00:00:00.000Z",
"details": "2.62.0-8:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade",
"product_ids": [
"17084-34"
],
"url": "https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade"
},
{
"category": "vendor_fix",
"date": "2025-04-29T00:00:00.000Z",
"details": "1.2.0-17:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade",
"product_ids": [
"17084-33"
],
"url": "https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade"
},
{
"category": "vendor_fix",
"date": "2025-04-29T00:00:00.000Z",
"details": "1.30.10-7:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade",
"product_ids": [
"17084-32"
],
"url": "https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade"
},
{
"category": "vendor_fix",
"date": "2025-04-29T00:00:00.000Z",
"details": "3.7.0-4:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade",
"product_ids": [
"17084-31"
],
"url": "https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade"
},
{
"category": "vendor_fix",
"date": "2025-04-29T00:00:00.000Z",
"details": "0.37.0-4:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade",
"product_ids": [
"17084-30"
],
"url": "https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade"
},
{
"category": "vendor_fix",
"date": "2025-04-29T00:00:00.000Z",
"details": "1.31.0-10:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade",
"product_ids": [
"17084-29"
],
"url": "https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade"
},
{
"category": "vendor_fix",
"date": "2025-04-29T00:00:00.000Z",
"details": "2.7.5-5:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade",
"product_ids": [
"17084-28"
],
"url": "https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade"
},
{
"category": "vendor_fix",
"date": "2025-04-29T00:00:00.000Z",
"details": "4.0.2-5:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade",
"product_ids": [
"17084-27"
],
"url": "https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade"
},
{
"category": "vendor_fix",
"date": "2025-04-29T00:00:00.000Z",
"details": "1.57.0-14:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade",
"product_ids": [
"17084-26"
],
"url": "https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade"
},
{
"category": "vendor_fix",
"date": "2025-04-29T00:00:00.000Z",
"details": "2.14.1-7:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade",
"product_ids": [
"17084-25"
],
"url": "https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade"
},
{
"category": "vendor_fix",
"date": "2025-04-29T00:00:00.000Z",
"details": "1.4.0-3:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade",
"product_ids": [
"17084-24"
],
"url": "https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade"
},
{
"category": "vendor_fix",
"date": "2025-04-29T00:00:00.000Z",
"details": "1.28.4-18:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade",
"product_ids": [
"17086-17"
],
"url": "https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade"
},
{
"category": "vendor_fix",
"date": "2025-04-29T00:00:00.000Z",
"details": "0.59.0-28:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade",
"product_ids": [
"17086-16"
],
"url": "https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade"
},
{
"category": "vendor_fix",
"date": "2025-04-29T00:00:00.000Z",
"details": "1.29.0-7:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade",
"product_ids": [
"17086-18"
],
"url": "https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade"
},
{
"category": "vendor_fix",
"date": "2025-04-29T00:00:00.000Z",
"details": "17.0.7-8:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade",
"product_ids": [
"17086-19"
],
"url": "https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade"
},
{
"category": "vendor_fix",
"date": "2025-04-29T00:00:00.000Z",
"details": "1.9.5-13:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade",
"product_ids": [
"17086-14"
],
"url": "https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade"
},
{
"category": "vendor_fix",
"date": "2025-04-29T00:00:00.000Z",
"details": "2.8.1-2:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade",
"product_ids": [
"17084-10"
],
"url": "https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade"
},
{
"category": "vendor_fix",
"date": "2025-04-29T00:00:00.000Z",
"details": "1.17.8-3:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade",
"product_ids": [
"17086-2"
],
"url": "https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"environmentalsScore": 0.0,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"temporalScore": 6.5,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"17084-8",
"17084-7",
"17086-9",
"17084-21",
"17086-12",
"17084-22",
"17086-13",
"17086-6",
"17086-15",
"17086-20",
"17086-3",
"17084-1",
"17084-40",
"17084-39",
"17084-38",
"17084-37",
"17084-36",
"17084-35",
"17084-34",
"17084-33",
"17084-32",
"17084-31",
"17084-30",
"17084-29",
"17084-28",
"17084-27",
"17084-26",
"17084-25",
"17084-24",
"17086-17",
"17086-16",
"17086-18",
"17086-19",
"17086-14",
"17084-10",
"17086-5",
"17084-4",
"17086-2"
]
}
],
"title": "Incorrect Neutralization of Input During Web Page Generation in x/net in golang.org/x/net"
}
]
}
OPENSUSE-SU-2025:15008-1
Vulnerability from csaf_opensuse - Published: 2025-04-17 00:00 - Updated: 2025-04-17 00:00Summary
govulncheck-vulndb-0.0.20250416T165455-1.1 on GA media
Severity
Moderate
Notes
Title of the patch: govulncheck-vulndb-0.0.20250416T165455-1.1 on GA media
Description of the patch: These are all security issues fixed in the govulncheck-vulndb-0.0.20250416T165455-1.1 package on the GA media of openSUSE Tumbleweed.
Patchnames: openSUSE-Tumbleweed-2025-15008
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
6.5 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250416T165455-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250416T165455-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250416T165455-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250416T165455-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
References
5 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "govulncheck-vulndb-0.0.20250416T165455-1.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the govulncheck-vulndb-0.0.20250416T165455-1.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2025-15008",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2025_15008-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-22872 page",
"url": "https://www.suse.com/security/cve/CVE-2025-22872/"
}
],
"title": "govulncheck-vulndb-0.0.20250416T165455-1.1 on GA media",
"tracking": {
"current_release_date": "2025-04-17T00:00:00Z",
"generator": {
"date": "2025-04-17T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2025:15008-1",
"initial_release_date": "2025-04-17T00:00:00Z",
"revision_history": [
{
"date": "2025-04-17T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "govulncheck-vulndb-0.0.20250416T165455-1.1.aarch64",
"product": {
"name": "govulncheck-vulndb-0.0.20250416T165455-1.1.aarch64",
"product_id": "govulncheck-vulndb-0.0.20250416T165455-1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "govulncheck-vulndb-0.0.20250416T165455-1.1.ppc64le",
"product": {
"name": "govulncheck-vulndb-0.0.20250416T165455-1.1.ppc64le",
"product_id": "govulncheck-vulndb-0.0.20250416T165455-1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "govulncheck-vulndb-0.0.20250416T165455-1.1.s390x",
"product": {
"name": "govulncheck-vulndb-0.0.20250416T165455-1.1.s390x",
"product_id": "govulncheck-vulndb-0.0.20250416T165455-1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "govulncheck-vulndb-0.0.20250416T165455-1.1.x86_64",
"product": {
"name": "govulncheck-vulndb-0.0.20250416T165455-1.1.x86_64",
"product_id": "govulncheck-vulndb-0.0.20250416T165455-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "govulncheck-vulndb-0.0.20250416T165455-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250416T165455-1.1.aarch64"
},
"product_reference": "govulncheck-vulndb-0.0.20250416T165455-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "govulncheck-vulndb-0.0.20250416T165455-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250416T165455-1.1.ppc64le"
},
"product_reference": "govulncheck-vulndb-0.0.20250416T165455-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "govulncheck-vulndb-0.0.20250416T165455-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250416T165455-1.1.s390x"
},
"product_reference": "govulncheck-vulndb-0.0.20250416T165455-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "govulncheck-vulndb-0.0.20250416T165455-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250416T165455-1.1.x86_64"
},
"product_reference": "govulncheck-vulndb-0.0.20250416T165455-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-22872",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-22872"
}
],
"notes": [
{
"category": "general",
"text": "The tokenizer incorrectly interprets tags with unquoted attribute values that end with a solidus character (/) as self-closing. When directly using Tokenizer, this can result in such tags incorrectly being marked as self-closing, and when using the Parse functions, this can result in content following such tags as being placed in the wrong scope during DOM construction, but only when tags are in foreign content (e.g. \u003cmath\u003e, \u003csvg\u003e, etc contexts).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250416T165455-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250416T165455-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250416T165455-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250416T165455-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-22872",
"url": "https://www.suse.com/security/cve/CVE-2025-22872"
},
{
"category": "external",
"summary": "SUSE Bug 1241710 for CVE-2025-22872",
"url": "https://bugzilla.suse.com/1241710"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250416T165455-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250416T165455-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250416T165455-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250416T165455-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250416T165455-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250416T165455-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250416T165455-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250416T165455-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-22872"
}
]
}
OPENSUSE-SU-2025:15028-1
Vulnerability from csaf_opensuse - Published: 2025-04-25 00:00 - Updated: 2025-04-25 00:00Summary
distrobuilder-3.2-2.1 on GA media
Severity
Moderate
Notes
Title of the patch: distrobuilder-3.2-2.1 on GA media
Description of the patch: These are all security issues fixed in the distrobuilder-3.2-2.1 package on the GA media of openSUSE Tumbleweed.
Patchnames: openSUSE-Tumbleweed-2025-15028
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
6.5 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:distrobuilder-3.2-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:distrobuilder-3.2-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:distrobuilder-3.2-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:distrobuilder-3.2-2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
References
5 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "distrobuilder-3.2-2.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the distrobuilder-3.2-2.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2025-15028",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2025_15028-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-22872 page",
"url": "https://www.suse.com/security/cve/CVE-2025-22872/"
}
],
"title": "distrobuilder-3.2-2.1 on GA media",
"tracking": {
"current_release_date": "2025-04-25T00:00:00Z",
"generator": {
"date": "2025-04-25T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2025:15028-1",
"initial_release_date": "2025-04-25T00:00:00Z",
"revision_history": [
{
"date": "2025-04-25T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "distrobuilder-3.2-2.1.aarch64",
"product": {
"name": "distrobuilder-3.2-2.1.aarch64",
"product_id": "distrobuilder-3.2-2.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "distrobuilder-3.2-2.1.ppc64le",
"product": {
"name": "distrobuilder-3.2-2.1.ppc64le",
"product_id": "distrobuilder-3.2-2.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "distrobuilder-3.2-2.1.s390x",
"product": {
"name": "distrobuilder-3.2-2.1.s390x",
"product_id": "distrobuilder-3.2-2.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "distrobuilder-3.2-2.1.x86_64",
"product": {
"name": "distrobuilder-3.2-2.1.x86_64",
"product_id": "distrobuilder-3.2-2.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "distrobuilder-3.2-2.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:distrobuilder-3.2-2.1.aarch64"
},
"product_reference": "distrobuilder-3.2-2.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "distrobuilder-3.2-2.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:distrobuilder-3.2-2.1.ppc64le"
},
"product_reference": "distrobuilder-3.2-2.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "distrobuilder-3.2-2.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:distrobuilder-3.2-2.1.s390x"
},
"product_reference": "distrobuilder-3.2-2.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "distrobuilder-3.2-2.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:distrobuilder-3.2-2.1.x86_64"
},
"product_reference": "distrobuilder-3.2-2.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-22872",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-22872"
}
],
"notes": [
{
"category": "general",
"text": "The tokenizer incorrectly interprets tags with unquoted attribute values that end with a solidus character (/) as self-closing. When directly using Tokenizer, this can result in such tags incorrectly being marked as self-closing, and when using the Parse functions, this can result in content following such tags as being placed in the wrong scope during DOM construction, but only when tags are in foreign content (e.g. \u003cmath\u003e, \u003csvg\u003e, etc contexts).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:distrobuilder-3.2-2.1.aarch64",
"openSUSE Tumbleweed:distrobuilder-3.2-2.1.ppc64le",
"openSUSE Tumbleweed:distrobuilder-3.2-2.1.s390x",
"openSUSE Tumbleweed:distrobuilder-3.2-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-22872",
"url": "https://www.suse.com/security/cve/CVE-2025-22872"
},
{
"category": "external",
"summary": "SUSE Bug 1241710 for CVE-2025-22872",
"url": "https://bugzilla.suse.com/1241710"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:distrobuilder-3.2-2.1.aarch64",
"openSUSE Tumbleweed:distrobuilder-3.2-2.1.ppc64le",
"openSUSE Tumbleweed:distrobuilder-3.2-2.1.s390x",
"openSUSE Tumbleweed:distrobuilder-3.2-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:distrobuilder-3.2-2.1.aarch64",
"openSUSE Tumbleweed:distrobuilder-3.2-2.1.ppc64le",
"openSUSE Tumbleweed:distrobuilder-3.2-2.1.s390x",
"openSUSE Tumbleweed:distrobuilder-3.2-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-25T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-22872"
}
]
}
OPENSUSE-SU-2025:15034-1
Vulnerability from csaf_opensuse - Published: 2025-04-26 00:00 - Updated: 2025-04-26 00:00Summary
subfinder-2.7.0-3.1 on GA media
Severity
Moderate
Notes
Title of the patch: subfinder-2.7.0-3.1 on GA media
Description of the patch: These are all security issues fixed in the subfinder-2.7.0-3.1 package on the GA media of openSUSE Tumbleweed.
Patchnames: openSUSE-Tumbleweed-2025-15034
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
6.5 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:subfinder-2.7.0-3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:subfinder-2.7.0-3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:subfinder-2.7.0-3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:subfinder-2.7.0-3.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
References
7 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "subfinder-2.7.0-3.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the subfinder-2.7.0-3.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2025-15034",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2025_15034-1.json"
},
{
"category": "self",
"summary": "URL for openSUSE-SU-2025:15034-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/IJN6I53PLG7NO5USQWWJUIVQTZDQDRHC/"
},
{
"category": "self",
"summary": "E-Mail link for openSUSE-SU-2025:15034-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/IJN6I53PLG7NO5USQWWJUIVQTZDQDRHC/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-22872 page",
"url": "https://www.suse.com/security/cve/CVE-2025-22872/"
}
],
"title": "subfinder-2.7.0-3.1 on GA media",
"tracking": {
"current_release_date": "2025-04-26T00:00:00Z",
"generator": {
"date": "2025-04-26T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2025:15034-1",
"initial_release_date": "2025-04-26T00:00:00Z",
"revision_history": [
{
"date": "2025-04-26T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "subfinder-2.7.0-3.1.aarch64",
"product": {
"name": "subfinder-2.7.0-3.1.aarch64",
"product_id": "subfinder-2.7.0-3.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "subfinder-2.7.0-3.1.ppc64le",
"product": {
"name": "subfinder-2.7.0-3.1.ppc64le",
"product_id": "subfinder-2.7.0-3.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "subfinder-2.7.0-3.1.s390x",
"product": {
"name": "subfinder-2.7.0-3.1.s390x",
"product_id": "subfinder-2.7.0-3.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "subfinder-2.7.0-3.1.x86_64",
"product": {
"name": "subfinder-2.7.0-3.1.x86_64",
"product_id": "subfinder-2.7.0-3.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "subfinder-2.7.0-3.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:subfinder-2.7.0-3.1.aarch64"
},
"product_reference": "subfinder-2.7.0-3.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "subfinder-2.7.0-3.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:subfinder-2.7.0-3.1.ppc64le"
},
"product_reference": "subfinder-2.7.0-3.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "subfinder-2.7.0-3.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:subfinder-2.7.0-3.1.s390x"
},
"product_reference": "subfinder-2.7.0-3.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "subfinder-2.7.0-3.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:subfinder-2.7.0-3.1.x86_64"
},
"product_reference": "subfinder-2.7.0-3.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-22872",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-22872"
}
],
"notes": [
{
"category": "general",
"text": "The tokenizer incorrectly interprets tags with unquoted attribute values that end with a solidus character (/) as self-closing. When directly using Tokenizer, this can result in such tags incorrectly being marked as self-closing, and when using the Parse functions, this can result in content following such tags as being placed in the wrong scope during DOM construction, but only when tags are in foreign content (e.g. \u003cmath\u003e, \u003csvg\u003e, etc contexts).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:subfinder-2.7.0-3.1.aarch64",
"openSUSE Tumbleweed:subfinder-2.7.0-3.1.ppc64le",
"openSUSE Tumbleweed:subfinder-2.7.0-3.1.s390x",
"openSUSE Tumbleweed:subfinder-2.7.0-3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-22872",
"url": "https://www.suse.com/security/cve/CVE-2025-22872"
},
{
"category": "external",
"summary": "SUSE Bug 1241710 for CVE-2025-22872",
"url": "https://bugzilla.suse.com/1241710"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:subfinder-2.7.0-3.1.aarch64",
"openSUSE Tumbleweed:subfinder-2.7.0-3.1.ppc64le",
"openSUSE Tumbleweed:subfinder-2.7.0-3.1.s390x",
"openSUSE Tumbleweed:subfinder-2.7.0-3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:subfinder-2.7.0-3.1.aarch64",
"openSUSE Tumbleweed:subfinder-2.7.0-3.1.ppc64le",
"openSUSE Tumbleweed:subfinder-2.7.0-3.1.s390x",
"openSUSE Tumbleweed:subfinder-2.7.0-3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-26T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-22872"
}
]
}
OPENSUSE-SU-2025:15036-1
Vulnerability from csaf_opensuse - Published: 2025-04-27 00:00 - Updated: 2025-04-27 00:00Summary
glow-2.1.0-2.1 on GA media
Severity
Moderate
Notes
Title of the patch: glow-2.1.0-2.1 on GA media
Description of the patch: These are all security issues fixed in the glow-2.1.0-2.1 package on the GA media of openSUSE Tumbleweed.
Patchnames: openSUSE-Tumbleweed-2025-15036
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
6.5 (Medium)
Affected products
Recommended
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:glow-2.1.0-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:glow-2.1.0-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:glow-2.1.0-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:glow-2.1.0-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:glow-bash-completion-2.1.0-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:glow-bash-completion-2.1.0-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:glow-bash-completion-2.1.0-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:glow-bash-completion-2.1.0-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:glow-fish-completion-2.1.0-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:glow-fish-completion-2.1.0-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:glow-fish-completion-2.1.0-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:glow-fish-completion-2.1.0-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:glow-zsh-completion-2.1.0-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:glow-zsh-completion-2.1.0-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:glow-zsh-completion-2.1.0-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:glow-zsh-completion-2.1.0-2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
References
7 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "glow-2.1.0-2.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the glow-2.1.0-2.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2025-15036",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2025_15036-1.json"
},
{
"category": "self",
"summary": "URL for openSUSE-SU-2025:15036-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/QPKEZWS6JMWB5YHJ6IJNYFNNGZGXQM55/"
},
{
"category": "self",
"summary": "E-Mail link for openSUSE-SU-2025:15036-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/QPKEZWS6JMWB5YHJ6IJNYFNNGZGXQM55/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-22872 page",
"url": "https://www.suse.com/security/cve/CVE-2025-22872/"
}
],
"title": "glow-2.1.0-2.1 on GA media",
"tracking": {
"current_release_date": "2025-04-27T00:00:00Z",
"generator": {
"date": "2025-04-27T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2025:15036-1",
"initial_release_date": "2025-04-27T00:00:00Z",
"revision_history": [
{
"date": "2025-04-27T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "glow-2.1.0-2.1.aarch64",
"product": {
"name": "glow-2.1.0-2.1.aarch64",
"product_id": "glow-2.1.0-2.1.aarch64"
}
},
{
"category": "product_version",
"name": "glow-bash-completion-2.1.0-2.1.aarch64",
"product": {
"name": "glow-bash-completion-2.1.0-2.1.aarch64",
"product_id": "glow-bash-completion-2.1.0-2.1.aarch64"
}
},
{
"category": "product_version",
"name": "glow-fish-completion-2.1.0-2.1.aarch64",
"product": {
"name": "glow-fish-completion-2.1.0-2.1.aarch64",
"product_id": "glow-fish-completion-2.1.0-2.1.aarch64"
}
},
{
"category": "product_version",
"name": "glow-zsh-completion-2.1.0-2.1.aarch64",
"product": {
"name": "glow-zsh-completion-2.1.0-2.1.aarch64",
"product_id": "glow-zsh-completion-2.1.0-2.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "glow-2.1.0-2.1.ppc64le",
"product": {
"name": "glow-2.1.0-2.1.ppc64le",
"product_id": "glow-2.1.0-2.1.ppc64le"
}
},
{
"category": "product_version",
"name": "glow-bash-completion-2.1.0-2.1.ppc64le",
"product": {
"name": "glow-bash-completion-2.1.0-2.1.ppc64le",
"product_id": "glow-bash-completion-2.1.0-2.1.ppc64le"
}
},
{
"category": "product_version",
"name": "glow-fish-completion-2.1.0-2.1.ppc64le",
"product": {
"name": "glow-fish-completion-2.1.0-2.1.ppc64le",
"product_id": "glow-fish-completion-2.1.0-2.1.ppc64le"
}
},
{
"category": "product_version",
"name": "glow-zsh-completion-2.1.0-2.1.ppc64le",
"product": {
"name": "glow-zsh-completion-2.1.0-2.1.ppc64le",
"product_id": "glow-zsh-completion-2.1.0-2.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "glow-2.1.0-2.1.s390x",
"product": {
"name": "glow-2.1.0-2.1.s390x",
"product_id": "glow-2.1.0-2.1.s390x"
}
},
{
"category": "product_version",
"name": "glow-bash-completion-2.1.0-2.1.s390x",
"product": {
"name": "glow-bash-completion-2.1.0-2.1.s390x",
"product_id": "glow-bash-completion-2.1.0-2.1.s390x"
}
},
{
"category": "product_version",
"name": "glow-fish-completion-2.1.0-2.1.s390x",
"product": {
"name": "glow-fish-completion-2.1.0-2.1.s390x",
"product_id": "glow-fish-completion-2.1.0-2.1.s390x"
}
},
{
"category": "product_version",
"name": "glow-zsh-completion-2.1.0-2.1.s390x",
"product": {
"name": "glow-zsh-completion-2.1.0-2.1.s390x",
"product_id": "glow-zsh-completion-2.1.0-2.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "glow-2.1.0-2.1.x86_64",
"product": {
"name": "glow-2.1.0-2.1.x86_64",
"product_id": "glow-2.1.0-2.1.x86_64"
}
},
{
"category": "product_version",
"name": "glow-bash-completion-2.1.0-2.1.x86_64",
"product": {
"name": "glow-bash-completion-2.1.0-2.1.x86_64",
"product_id": "glow-bash-completion-2.1.0-2.1.x86_64"
}
},
{
"category": "product_version",
"name": "glow-fish-completion-2.1.0-2.1.x86_64",
"product": {
"name": "glow-fish-completion-2.1.0-2.1.x86_64",
"product_id": "glow-fish-completion-2.1.0-2.1.x86_64"
}
},
{
"category": "product_version",
"name": "glow-zsh-completion-2.1.0-2.1.x86_64",
"product": {
"name": "glow-zsh-completion-2.1.0-2.1.x86_64",
"product_id": "glow-zsh-completion-2.1.0-2.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "glow-2.1.0-2.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:glow-2.1.0-2.1.aarch64"
},
"product_reference": "glow-2.1.0-2.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "glow-2.1.0-2.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:glow-2.1.0-2.1.ppc64le"
},
"product_reference": "glow-2.1.0-2.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "glow-2.1.0-2.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:glow-2.1.0-2.1.s390x"
},
"product_reference": "glow-2.1.0-2.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "glow-2.1.0-2.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:glow-2.1.0-2.1.x86_64"
},
"product_reference": "glow-2.1.0-2.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "glow-bash-completion-2.1.0-2.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:glow-bash-completion-2.1.0-2.1.aarch64"
},
"product_reference": "glow-bash-completion-2.1.0-2.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "glow-bash-completion-2.1.0-2.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:glow-bash-completion-2.1.0-2.1.ppc64le"
},
"product_reference": "glow-bash-completion-2.1.0-2.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "glow-bash-completion-2.1.0-2.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:glow-bash-completion-2.1.0-2.1.s390x"
},
"product_reference": "glow-bash-completion-2.1.0-2.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "glow-bash-completion-2.1.0-2.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:glow-bash-completion-2.1.0-2.1.x86_64"
},
"product_reference": "glow-bash-completion-2.1.0-2.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "glow-fish-completion-2.1.0-2.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:glow-fish-completion-2.1.0-2.1.aarch64"
},
"product_reference": "glow-fish-completion-2.1.0-2.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "glow-fish-completion-2.1.0-2.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:glow-fish-completion-2.1.0-2.1.ppc64le"
},
"product_reference": "glow-fish-completion-2.1.0-2.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "glow-fish-completion-2.1.0-2.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:glow-fish-completion-2.1.0-2.1.s390x"
},
"product_reference": "glow-fish-completion-2.1.0-2.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "glow-fish-completion-2.1.0-2.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:glow-fish-completion-2.1.0-2.1.x86_64"
},
"product_reference": "glow-fish-completion-2.1.0-2.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "glow-zsh-completion-2.1.0-2.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:glow-zsh-completion-2.1.0-2.1.aarch64"
},
"product_reference": "glow-zsh-completion-2.1.0-2.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "glow-zsh-completion-2.1.0-2.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:glow-zsh-completion-2.1.0-2.1.ppc64le"
},
"product_reference": "glow-zsh-completion-2.1.0-2.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "glow-zsh-completion-2.1.0-2.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:glow-zsh-completion-2.1.0-2.1.s390x"
},
"product_reference": "glow-zsh-completion-2.1.0-2.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "glow-zsh-completion-2.1.0-2.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:glow-zsh-completion-2.1.0-2.1.x86_64"
},
"product_reference": "glow-zsh-completion-2.1.0-2.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-22872",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-22872"
}
],
"notes": [
{
"category": "general",
"text": "The tokenizer incorrectly interprets tags with unquoted attribute values that end with a solidus character (/) as self-closing. When directly using Tokenizer, this can result in such tags incorrectly being marked as self-closing, and when using the Parse functions, this can result in content following such tags as being placed in the wrong scope during DOM construction, but only when tags are in foreign content (e.g. \u003cmath\u003e, \u003csvg\u003e, etc contexts).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:glow-2.1.0-2.1.aarch64",
"openSUSE Tumbleweed:glow-2.1.0-2.1.ppc64le",
"openSUSE Tumbleweed:glow-2.1.0-2.1.s390x",
"openSUSE Tumbleweed:glow-2.1.0-2.1.x86_64",
"openSUSE Tumbleweed:glow-bash-completion-2.1.0-2.1.aarch64",
"openSUSE Tumbleweed:glow-bash-completion-2.1.0-2.1.ppc64le",
"openSUSE Tumbleweed:glow-bash-completion-2.1.0-2.1.s390x",
"openSUSE Tumbleweed:glow-bash-completion-2.1.0-2.1.x86_64",
"openSUSE Tumbleweed:glow-fish-completion-2.1.0-2.1.aarch64",
"openSUSE Tumbleweed:glow-fish-completion-2.1.0-2.1.ppc64le",
"openSUSE Tumbleweed:glow-fish-completion-2.1.0-2.1.s390x",
"openSUSE Tumbleweed:glow-fish-completion-2.1.0-2.1.x86_64",
"openSUSE Tumbleweed:glow-zsh-completion-2.1.0-2.1.aarch64",
"openSUSE Tumbleweed:glow-zsh-completion-2.1.0-2.1.ppc64le",
"openSUSE Tumbleweed:glow-zsh-completion-2.1.0-2.1.s390x",
"openSUSE Tumbleweed:glow-zsh-completion-2.1.0-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-22872",
"url": "https://www.suse.com/security/cve/CVE-2025-22872"
},
{
"category": "external",
"summary": "SUSE Bug 1241710 for CVE-2025-22872",
"url": "https://bugzilla.suse.com/1241710"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:glow-2.1.0-2.1.aarch64",
"openSUSE Tumbleweed:glow-2.1.0-2.1.ppc64le",
"openSUSE Tumbleweed:glow-2.1.0-2.1.s390x",
"openSUSE Tumbleweed:glow-2.1.0-2.1.x86_64",
"openSUSE Tumbleweed:glow-bash-completion-2.1.0-2.1.aarch64",
"openSUSE Tumbleweed:glow-bash-completion-2.1.0-2.1.ppc64le",
"openSUSE Tumbleweed:glow-bash-completion-2.1.0-2.1.s390x",
"openSUSE Tumbleweed:glow-bash-completion-2.1.0-2.1.x86_64",
"openSUSE Tumbleweed:glow-fish-completion-2.1.0-2.1.aarch64",
"openSUSE Tumbleweed:glow-fish-completion-2.1.0-2.1.ppc64le",
"openSUSE Tumbleweed:glow-fish-completion-2.1.0-2.1.s390x",
"openSUSE Tumbleweed:glow-fish-completion-2.1.0-2.1.x86_64",
"openSUSE Tumbleweed:glow-zsh-completion-2.1.0-2.1.aarch64",
"openSUSE Tumbleweed:glow-zsh-completion-2.1.0-2.1.ppc64le",
"openSUSE Tumbleweed:glow-zsh-completion-2.1.0-2.1.s390x",
"openSUSE Tumbleweed:glow-zsh-completion-2.1.0-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:glow-2.1.0-2.1.aarch64",
"openSUSE Tumbleweed:glow-2.1.0-2.1.ppc64le",
"openSUSE Tumbleweed:glow-2.1.0-2.1.s390x",
"openSUSE Tumbleweed:glow-2.1.0-2.1.x86_64",
"openSUSE Tumbleweed:glow-bash-completion-2.1.0-2.1.aarch64",
"openSUSE Tumbleweed:glow-bash-completion-2.1.0-2.1.ppc64le",
"openSUSE Tumbleweed:glow-bash-completion-2.1.0-2.1.s390x",
"openSUSE Tumbleweed:glow-bash-completion-2.1.0-2.1.x86_64",
"openSUSE Tumbleweed:glow-fish-completion-2.1.0-2.1.aarch64",
"openSUSE Tumbleweed:glow-fish-completion-2.1.0-2.1.ppc64le",
"openSUSE Tumbleweed:glow-fish-completion-2.1.0-2.1.s390x",
"openSUSE Tumbleweed:glow-fish-completion-2.1.0-2.1.x86_64",
"openSUSE Tumbleweed:glow-zsh-completion-2.1.0-2.1.aarch64",
"openSUSE Tumbleweed:glow-zsh-completion-2.1.0-2.1.ppc64le",
"openSUSE Tumbleweed:glow-zsh-completion-2.1.0-2.1.s390x",
"openSUSE Tumbleweed:glow-zsh-completion-2.1.0-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-27T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-22872"
}
]
}
OPENSUSE-SU-2025:15046-1
Vulnerability from csaf_opensuse - Published: 2025-05-02 00:00 - Updated: 2025-05-02 00:00Summary
docker-28.1.1_ce-16.1 on GA media
Severity
Moderate
Notes
Title of the patch: docker-28.1.1_ce-16.1 on GA media
Description of the patch: These are all security issues fixed in the docker-28.1.1_ce-16.1 package on the GA media of openSUSE Tumbleweed.
Patchnames: openSUSE-Tumbleweed-2025-15046
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
6.5 (Medium)
Affected products
Recommended
24 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:docker-28.1.1_ce-16.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-28.1.1_ce-16.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-28.1.1_ce-16.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-28.1.1_ce-16.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-bash-completion-28.1.1_ce-16.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-bash-completion-28.1.1_ce-16.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-bash-completion-28.1.1_ce-16.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-bash-completion-28.1.1_ce-16.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-buildx-0.23.0-16.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-buildx-0.23.0-16.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-buildx-0.23.0-16.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-buildx-0.23.0-16.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-fish-completion-28.1.1_ce-16.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-fish-completion-28.1.1_ce-16.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-fish-completion-28.1.1_ce-16.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-fish-completion-28.1.1_ce-16.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-rootless-extras-28.1.1_ce-16.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-rootless-extras-28.1.1_ce-16.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-rootless-extras-28.1.1_ce-16.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-rootless-extras-28.1.1_ce-16.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-zsh-completion-28.1.1_ce-16.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-zsh-completion-28.1.1_ce-16.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-zsh-completion-28.1.1_ce-16.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-zsh-completion-28.1.1_ce-16.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
References
5 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "docker-28.1.1_ce-16.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the docker-28.1.1_ce-16.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2025-15046",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2025_15046-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-22872 page",
"url": "https://www.suse.com/security/cve/CVE-2025-22872/"
}
],
"title": "docker-28.1.1_ce-16.1 on GA media",
"tracking": {
"current_release_date": "2025-05-02T00:00:00Z",
"generator": {
"date": "2025-05-02T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2025:15046-1",
"initial_release_date": "2025-05-02T00:00:00Z",
"revision_history": [
{
"date": "2025-05-02T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "docker-28.1.1_ce-16.1.aarch64",
"product": {
"name": "docker-28.1.1_ce-16.1.aarch64",
"product_id": "docker-28.1.1_ce-16.1.aarch64"
}
},
{
"category": "product_version",
"name": "docker-bash-completion-28.1.1_ce-16.1.aarch64",
"product": {
"name": "docker-bash-completion-28.1.1_ce-16.1.aarch64",
"product_id": "docker-bash-completion-28.1.1_ce-16.1.aarch64"
}
},
{
"category": "product_version",
"name": "docker-buildx-0.23.0-16.1.aarch64",
"product": {
"name": "docker-buildx-0.23.0-16.1.aarch64",
"product_id": "docker-buildx-0.23.0-16.1.aarch64"
}
},
{
"category": "product_version",
"name": "docker-fish-completion-28.1.1_ce-16.1.aarch64",
"product": {
"name": "docker-fish-completion-28.1.1_ce-16.1.aarch64",
"product_id": "docker-fish-completion-28.1.1_ce-16.1.aarch64"
}
},
{
"category": "product_version",
"name": "docker-rootless-extras-28.1.1_ce-16.1.aarch64",
"product": {
"name": "docker-rootless-extras-28.1.1_ce-16.1.aarch64",
"product_id": "docker-rootless-extras-28.1.1_ce-16.1.aarch64"
}
},
{
"category": "product_version",
"name": "docker-zsh-completion-28.1.1_ce-16.1.aarch64",
"product": {
"name": "docker-zsh-completion-28.1.1_ce-16.1.aarch64",
"product_id": "docker-zsh-completion-28.1.1_ce-16.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "docker-28.1.1_ce-16.1.ppc64le",
"product": {
"name": "docker-28.1.1_ce-16.1.ppc64le",
"product_id": "docker-28.1.1_ce-16.1.ppc64le"
}
},
{
"category": "product_version",
"name": "docker-bash-completion-28.1.1_ce-16.1.ppc64le",
"product": {
"name": "docker-bash-completion-28.1.1_ce-16.1.ppc64le",
"product_id": "docker-bash-completion-28.1.1_ce-16.1.ppc64le"
}
},
{
"category": "product_version",
"name": "docker-buildx-0.23.0-16.1.ppc64le",
"product": {
"name": "docker-buildx-0.23.0-16.1.ppc64le",
"product_id": "docker-buildx-0.23.0-16.1.ppc64le"
}
},
{
"category": "product_version",
"name": "docker-fish-completion-28.1.1_ce-16.1.ppc64le",
"product": {
"name": "docker-fish-completion-28.1.1_ce-16.1.ppc64le",
"product_id": "docker-fish-completion-28.1.1_ce-16.1.ppc64le"
}
},
{
"category": "product_version",
"name": "docker-rootless-extras-28.1.1_ce-16.1.ppc64le",
"product": {
"name": "docker-rootless-extras-28.1.1_ce-16.1.ppc64le",
"product_id": "docker-rootless-extras-28.1.1_ce-16.1.ppc64le"
}
},
{
"category": "product_version",
"name": "docker-zsh-completion-28.1.1_ce-16.1.ppc64le",
"product": {
"name": "docker-zsh-completion-28.1.1_ce-16.1.ppc64le",
"product_id": "docker-zsh-completion-28.1.1_ce-16.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "docker-28.1.1_ce-16.1.s390x",
"product": {
"name": "docker-28.1.1_ce-16.1.s390x",
"product_id": "docker-28.1.1_ce-16.1.s390x"
}
},
{
"category": "product_version",
"name": "docker-bash-completion-28.1.1_ce-16.1.s390x",
"product": {
"name": "docker-bash-completion-28.1.1_ce-16.1.s390x",
"product_id": "docker-bash-completion-28.1.1_ce-16.1.s390x"
}
},
{
"category": "product_version",
"name": "docker-buildx-0.23.0-16.1.s390x",
"product": {
"name": "docker-buildx-0.23.0-16.1.s390x",
"product_id": "docker-buildx-0.23.0-16.1.s390x"
}
},
{
"category": "product_version",
"name": "docker-fish-completion-28.1.1_ce-16.1.s390x",
"product": {
"name": "docker-fish-completion-28.1.1_ce-16.1.s390x",
"product_id": "docker-fish-completion-28.1.1_ce-16.1.s390x"
}
},
{
"category": "product_version",
"name": "docker-rootless-extras-28.1.1_ce-16.1.s390x",
"product": {
"name": "docker-rootless-extras-28.1.1_ce-16.1.s390x",
"product_id": "docker-rootless-extras-28.1.1_ce-16.1.s390x"
}
},
{
"category": "product_version",
"name": "docker-zsh-completion-28.1.1_ce-16.1.s390x",
"product": {
"name": "docker-zsh-completion-28.1.1_ce-16.1.s390x",
"product_id": "docker-zsh-completion-28.1.1_ce-16.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "docker-28.1.1_ce-16.1.x86_64",
"product": {
"name": "docker-28.1.1_ce-16.1.x86_64",
"product_id": "docker-28.1.1_ce-16.1.x86_64"
}
},
{
"category": "product_version",
"name": "docker-bash-completion-28.1.1_ce-16.1.x86_64",
"product": {
"name": "docker-bash-completion-28.1.1_ce-16.1.x86_64",
"product_id": "docker-bash-completion-28.1.1_ce-16.1.x86_64"
}
},
{
"category": "product_version",
"name": "docker-buildx-0.23.0-16.1.x86_64",
"product": {
"name": "docker-buildx-0.23.0-16.1.x86_64",
"product_id": "docker-buildx-0.23.0-16.1.x86_64"
}
},
{
"category": "product_version",
"name": "docker-fish-completion-28.1.1_ce-16.1.x86_64",
"product": {
"name": "docker-fish-completion-28.1.1_ce-16.1.x86_64",
"product_id": "docker-fish-completion-28.1.1_ce-16.1.x86_64"
}
},
{
"category": "product_version",
"name": "docker-rootless-extras-28.1.1_ce-16.1.x86_64",
"product": {
"name": "docker-rootless-extras-28.1.1_ce-16.1.x86_64",
"product_id": "docker-rootless-extras-28.1.1_ce-16.1.x86_64"
}
},
{
"category": "product_version",
"name": "docker-zsh-completion-28.1.1_ce-16.1.x86_64",
"product": {
"name": "docker-zsh-completion-28.1.1_ce-16.1.x86_64",
"product_id": "docker-zsh-completion-28.1.1_ce-16.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-28.1.1_ce-16.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:docker-28.1.1_ce-16.1.aarch64"
},
"product_reference": "docker-28.1.1_ce-16.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-28.1.1_ce-16.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:docker-28.1.1_ce-16.1.ppc64le"
},
"product_reference": "docker-28.1.1_ce-16.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-28.1.1_ce-16.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:docker-28.1.1_ce-16.1.s390x"
},
"product_reference": "docker-28.1.1_ce-16.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-28.1.1_ce-16.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:docker-28.1.1_ce-16.1.x86_64"
},
"product_reference": "docker-28.1.1_ce-16.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-bash-completion-28.1.1_ce-16.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:docker-bash-completion-28.1.1_ce-16.1.aarch64"
},
"product_reference": "docker-bash-completion-28.1.1_ce-16.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-bash-completion-28.1.1_ce-16.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:docker-bash-completion-28.1.1_ce-16.1.ppc64le"
},
"product_reference": "docker-bash-completion-28.1.1_ce-16.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-bash-completion-28.1.1_ce-16.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:docker-bash-completion-28.1.1_ce-16.1.s390x"
},
"product_reference": "docker-bash-completion-28.1.1_ce-16.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-bash-completion-28.1.1_ce-16.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:docker-bash-completion-28.1.1_ce-16.1.x86_64"
},
"product_reference": "docker-bash-completion-28.1.1_ce-16.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-buildx-0.23.0-16.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:docker-buildx-0.23.0-16.1.aarch64"
},
"product_reference": "docker-buildx-0.23.0-16.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-buildx-0.23.0-16.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:docker-buildx-0.23.0-16.1.ppc64le"
},
"product_reference": "docker-buildx-0.23.0-16.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-buildx-0.23.0-16.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:docker-buildx-0.23.0-16.1.s390x"
},
"product_reference": "docker-buildx-0.23.0-16.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-buildx-0.23.0-16.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:docker-buildx-0.23.0-16.1.x86_64"
},
"product_reference": "docker-buildx-0.23.0-16.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-fish-completion-28.1.1_ce-16.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:docker-fish-completion-28.1.1_ce-16.1.aarch64"
},
"product_reference": "docker-fish-completion-28.1.1_ce-16.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-fish-completion-28.1.1_ce-16.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:docker-fish-completion-28.1.1_ce-16.1.ppc64le"
},
"product_reference": "docker-fish-completion-28.1.1_ce-16.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-fish-completion-28.1.1_ce-16.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:docker-fish-completion-28.1.1_ce-16.1.s390x"
},
"product_reference": "docker-fish-completion-28.1.1_ce-16.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-fish-completion-28.1.1_ce-16.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:docker-fish-completion-28.1.1_ce-16.1.x86_64"
},
"product_reference": "docker-fish-completion-28.1.1_ce-16.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-rootless-extras-28.1.1_ce-16.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:docker-rootless-extras-28.1.1_ce-16.1.aarch64"
},
"product_reference": "docker-rootless-extras-28.1.1_ce-16.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-rootless-extras-28.1.1_ce-16.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:docker-rootless-extras-28.1.1_ce-16.1.ppc64le"
},
"product_reference": "docker-rootless-extras-28.1.1_ce-16.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-rootless-extras-28.1.1_ce-16.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:docker-rootless-extras-28.1.1_ce-16.1.s390x"
},
"product_reference": "docker-rootless-extras-28.1.1_ce-16.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-rootless-extras-28.1.1_ce-16.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:docker-rootless-extras-28.1.1_ce-16.1.x86_64"
},
"product_reference": "docker-rootless-extras-28.1.1_ce-16.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-zsh-completion-28.1.1_ce-16.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:docker-zsh-completion-28.1.1_ce-16.1.aarch64"
},
"product_reference": "docker-zsh-completion-28.1.1_ce-16.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-zsh-completion-28.1.1_ce-16.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:docker-zsh-completion-28.1.1_ce-16.1.ppc64le"
},
"product_reference": "docker-zsh-completion-28.1.1_ce-16.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-zsh-completion-28.1.1_ce-16.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:docker-zsh-completion-28.1.1_ce-16.1.s390x"
},
"product_reference": "docker-zsh-completion-28.1.1_ce-16.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-zsh-completion-28.1.1_ce-16.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:docker-zsh-completion-28.1.1_ce-16.1.x86_64"
},
"product_reference": "docker-zsh-completion-28.1.1_ce-16.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-22872",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-22872"
}
],
"notes": [
{
"category": "general",
"text": "The tokenizer incorrectly interprets tags with unquoted attribute values that end with a solidus character (/) as self-closing. When directly using Tokenizer, this can result in such tags incorrectly being marked as self-closing, and when using the Parse functions, this can result in content following such tags as being placed in the wrong scope during DOM construction, but only when tags are in foreign content (e.g. \u003cmath\u003e, \u003csvg\u003e, etc contexts).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:docker-28.1.1_ce-16.1.aarch64",
"openSUSE Tumbleweed:docker-28.1.1_ce-16.1.ppc64le",
"openSUSE Tumbleweed:docker-28.1.1_ce-16.1.s390x",
"openSUSE Tumbleweed:docker-28.1.1_ce-16.1.x86_64",
"openSUSE Tumbleweed:docker-bash-completion-28.1.1_ce-16.1.aarch64",
"openSUSE Tumbleweed:docker-bash-completion-28.1.1_ce-16.1.ppc64le",
"openSUSE Tumbleweed:docker-bash-completion-28.1.1_ce-16.1.s390x",
"openSUSE Tumbleweed:docker-bash-completion-28.1.1_ce-16.1.x86_64",
"openSUSE Tumbleweed:docker-buildx-0.23.0-16.1.aarch64",
"openSUSE Tumbleweed:docker-buildx-0.23.0-16.1.ppc64le",
"openSUSE Tumbleweed:docker-buildx-0.23.0-16.1.s390x",
"openSUSE Tumbleweed:docker-buildx-0.23.0-16.1.x86_64",
"openSUSE Tumbleweed:docker-fish-completion-28.1.1_ce-16.1.aarch64",
"openSUSE Tumbleweed:docker-fish-completion-28.1.1_ce-16.1.ppc64le",
"openSUSE Tumbleweed:docker-fish-completion-28.1.1_ce-16.1.s390x",
"openSUSE Tumbleweed:docker-fish-completion-28.1.1_ce-16.1.x86_64",
"openSUSE Tumbleweed:docker-rootless-extras-28.1.1_ce-16.1.aarch64",
"openSUSE Tumbleweed:docker-rootless-extras-28.1.1_ce-16.1.ppc64le",
"openSUSE Tumbleweed:docker-rootless-extras-28.1.1_ce-16.1.s390x",
"openSUSE Tumbleweed:docker-rootless-extras-28.1.1_ce-16.1.x86_64",
"openSUSE Tumbleweed:docker-zsh-completion-28.1.1_ce-16.1.aarch64",
"openSUSE Tumbleweed:docker-zsh-completion-28.1.1_ce-16.1.ppc64le",
"openSUSE Tumbleweed:docker-zsh-completion-28.1.1_ce-16.1.s390x",
"openSUSE Tumbleweed:docker-zsh-completion-28.1.1_ce-16.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-22872",
"url": "https://www.suse.com/security/cve/CVE-2025-22872"
},
{
"category": "external",
"summary": "SUSE Bug 1241710 for CVE-2025-22872",
"url": "https://bugzilla.suse.com/1241710"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:docker-28.1.1_ce-16.1.aarch64",
"openSUSE Tumbleweed:docker-28.1.1_ce-16.1.ppc64le",
"openSUSE Tumbleweed:docker-28.1.1_ce-16.1.s390x",
"openSUSE Tumbleweed:docker-28.1.1_ce-16.1.x86_64",
"openSUSE Tumbleweed:docker-bash-completion-28.1.1_ce-16.1.aarch64",
"openSUSE Tumbleweed:docker-bash-completion-28.1.1_ce-16.1.ppc64le",
"openSUSE Tumbleweed:docker-bash-completion-28.1.1_ce-16.1.s390x",
"openSUSE Tumbleweed:docker-bash-completion-28.1.1_ce-16.1.x86_64",
"openSUSE Tumbleweed:docker-buildx-0.23.0-16.1.aarch64",
"openSUSE Tumbleweed:docker-buildx-0.23.0-16.1.ppc64le",
"openSUSE Tumbleweed:docker-buildx-0.23.0-16.1.s390x",
"openSUSE Tumbleweed:docker-buildx-0.23.0-16.1.x86_64",
"openSUSE Tumbleweed:docker-fish-completion-28.1.1_ce-16.1.aarch64",
"openSUSE Tumbleweed:docker-fish-completion-28.1.1_ce-16.1.ppc64le",
"openSUSE Tumbleweed:docker-fish-completion-28.1.1_ce-16.1.s390x",
"openSUSE Tumbleweed:docker-fish-completion-28.1.1_ce-16.1.x86_64",
"openSUSE Tumbleweed:docker-rootless-extras-28.1.1_ce-16.1.aarch64",
"openSUSE Tumbleweed:docker-rootless-extras-28.1.1_ce-16.1.ppc64le",
"openSUSE Tumbleweed:docker-rootless-extras-28.1.1_ce-16.1.s390x",
"openSUSE Tumbleweed:docker-rootless-extras-28.1.1_ce-16.1.x86_64",
"openSUSE Tumbleweed:docker-zsh-completion-28.1.1_ce-16.1.aarch64",
"openSUSE Tumbleweed:docker-zsh-completion-28.1.1_ce-16.1.ppc64le",
"openSUSE Tumbleweed:docker-zsh-completion-28.1.1_ce-16.1.s390x",
"openSUSE Tumbleweed:docker-zsh-completion-28.1.1_ce-16.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:docker-28.1.1_ce-16.1.aarch64",
"openSUSE Tumbleweed:docker-28.1.1_ce-16.1.ppc64le",
"openSUSE Tumbleweed:docker-28.1.1_ce-16.1.s390x",
"openSUSE Tumbleweed:docker-28.1.1_ce-16.1.x86_64",
"openSUSE Tumbleweed:docker-bash-completion-28.1.1_ce-16.1.aarch64",
"openSUSE Tumbleweed:docker-bash-completion-28.1.1_ce-16.1.ppc64le",
"openSUSE Tumbleweed:docker-bash-completion-28.1.1_ce-16.1.s390x",
"openSUSE Tumbleweed:docker-bash-completion-28.1.1_ce-16.1.x86_64",
"openSUSE Tumbleweed:docker-buildx-0.23.0-16.1.aarch64",
"openSUSE Tumbleweed:docker-buildx-0.23.0-16.1.ppc64le",
"openSUSE Tumbleweed:docker-buildx-0.23.0-16.1.s390x",
"openSUSE Tumbleweed:docker-buildx-0.23.0-16.1.x86_64",
"openSUSE Tumbleweed:docker-fish-completion-28.1.1_ce-16.1.aarch64",
"openSUSE Tumbleweed:docker-fish-completion-28.1.1_ce-16.1.ppc64le",
"openSUSE Tumbleweed:docker-fish-completion-28.1.1_ce-16.1.s390x",
"openSUSE Tumbleweed:docker-fish-completion-28.1.1_ce-16.1.x86_64",
"openSUSE Tumbleweed:docker-rootless-extras-28.1.1_ce-16.1.aarch64",
"openSUSE Tumbleweed:docker-rootless-extras-28.1.1_ce-16.1.ppc64le",
"openSUSE Tumbleweed:docker-rootless-extras-28.1.1_ce-16.1.s390x",
"openSUSE Tumbleweed:docker-rootless-extras-28.1.1_ce-16.1.x86_64",
"openSUSE Tumbleweed:docker-zsh-completion-28.1.1_ce-16.1.aarch64",
"openSUSE Tumbleweed:docker-zsh-completion-28.1.1_ce-16.1.ppc64le",
"openSUSE Tumbleweed:docker-zsh-completion-28.1.1_ce-16.1.s390x",
"openSUSE Tumbleweed:docker-zsh-completion-28.1.1_ce-16.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-05-02T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-22872"
}
]
}
OPENSUSE-SU-2025:15047-1
Vulnerability from csaf_opensuse - Published: 2025-05-02 00:00 - Updated: 2025-05-02 00:00Summary
hauler-1.2.4-1.1 on GA media
Severity
Moderate
Notes
Title of the patch: hauler-1.2.4-1.1 on GA media
Description of the patch: These are all security issues fixed in the hauler-1.2.4-1.1 package on the GA media of openSUSE Tumbleweed.
Patchnames: openSUSE-Tumbleweed-2025-15047
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
6.5 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:hauler-1.2.4-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:hauler-1.2.4-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:hauler-1.2.4-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:hauler-1.2.4-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
References
5 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "hauler-1.2.4-1.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the hauler-1.2.4-1.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2025-15047",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2025_15047-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-22872 page",
"url": "https://www.suse.com/security/cve/CVE-2025-22872/"
}
],
"title": "hauler-1.2.4-1.1 on GA media",
"tracking": {
"current_release_date": "2025-05-02T00:00:00Z",
"generator": {
"date": "2025-05-02T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2025:15047-1",
"initial_release_date": "2025-05-02T00:00:00Z",
"revision_history": [
{
"date": "2025-05-02T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "hauler-1.2.4-1.1.aarch64",
"product": {
"name": "hauler-1.2.4-1.1.aarch64",
"product_id": "hauler-1.2.4-1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "hauler-1.2.4-1.1.ppc64le",
"product": {
"name": "hauler-1.2.4-1.1.ppc64le",
"product_id": "hauler-1.2.4-1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "hauler-1.2.4-1.1.s390x",
"product": {
"name": "hauler-1.2.4-1.1.s390x",
"product_id": "hauler-1.2.4-1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "hauler-1.2.4-1.1.x86_64",
"product": {
"name": "hauler-1.2.4-1.1.x86_64",
"product_id": "hauler-1.2.4-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "hauler-1.2.4-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:hauler-1.2.4-1.1.aarch64"
},
"product_reference": "hauler-1.2.4-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "hauler-1.2.4-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:hauler-1.2.4-1.1.ppc64le"
},
"product_reference": "hauler-1.2.4-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "hauler-1.2.4-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:hauler-1.2.4-1.1.s390x"
},
"product_reference": "hauler-1.2.4-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "hauler-1.2.4-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:hauler-1.2.4-1.1.x86_64"
},
"product_reference": "hauler-1.2.4-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-22872",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-22872"
}
],
"notes": [
{
"category": "general",
"text": "The tokenizer incorrectly interprets tags with unquoted attribute values that end with a solidus character (/) as self-closing. When directly using Tokenizer, this can result in such tags incorrectly being marked as self-closing, and when using the Parse functions, this can result in content following such tags as being placed in the wrong scope during DOM construction, but only when tags are in foreign content (e.g. \u003cmath\u003e, \u003csvg\u003e, etc contexts).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:hauler-1.2.4-1.1.aarch64",
"openSUSE Tumbleweed:hauler-1.2.4-1.1.ppc64le",
"openSUSE Tumbleweed:hauler-1.2.4-1.1.s390x",
"openSUSE Tumbleweed:hauler-1.2.4-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-22872",
"url": "https://www.suse.com/security/cve/CVE-2025-22872"
},
{
"category": "external",
"summary": "SUSE Bug 1241710 for CVE-2025-22872",
"url": "https://bugzilla.suse.com/1241710"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:hauler-1.2.4-1.1.aarch64",
"openSUSE Tumbleweed:hauler-1.2.4-1.1.ppc64le",
"openSUSE Tumbleweed:hauler-1.2.4-1.1.s390x",
"openSUSE Tumbleweed:hauler-1.2.4-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:hauler-1.2.4-1.1.aarch64",
"openSUSE Tumbleweed:hauler-1.2.4-1.1.ppc64le",
"openSUSE Tumbleweed:hauler-1.2.4-1.1.s390x",
"openSUSE Tumbleweed:hauler-1.2.4-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-05-02T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-22872"
}
]
}
OPENSUSE-SU-2025:15147-1
Vulnerability from csaf_opensuse - Published: 2025-05-22 00:00 - Updated: 2025-05-22 00:00Summary
kubo-0.35.0-1.1 on GA media
Severity
Moderate
Notes
Title of the patch: kubo-0.35.0-1.1 on GA media
Description of the patch: These are all security issues fixed in the kubo-0.35.0-1.1 package on the GA media of openSUSE Tumbleweed.
Patchnames: openSUSE-Tumbleweed-2025-15147
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
6.5 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:kubo-0.35.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:kubo-0.35.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:kubo-0.35.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:kubo-0.35.0-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
References
7 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "kubo-0.35.0-1.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the kubo-0.35.0-1.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2025-15147",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2025_15147-1.json"
},
{
"category": "self",
"summary": "URL for openSUSE-SU-2025:15147-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/QA73DOMVV4XIT7C22BBHOSQN2YR3QNWF/"
},
{
"category": "self",
"summary": "E-Mail link for openSUSE-SU-2025:15147-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/QA73DOMVV4XIT7C22BBHOSQN2YR3QNWF/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-22872 page",
"url": "https://www.suse.com/security/cve/CVE-2025-22872/"
}
],
"title": "kubo-0.35.0-1.1 on GA media",
"tracking": {
"current_release_date": "2025-05-22T00:00:00Z",
"generator": {
"date": "2025-05-22T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2025:15147-1",
"initial_release_date": "2025-05-22T00:00:00Z",
"revision_history": [
{
"date": "2025-05-22T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "kubo-0.35.0-1.1.aarch64",
"product": {
"name": "kubo-0.35.0-1.1.aarch64",
"product_id": "kubo-0.35.0-1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "kubo-0.35.0-1.1.ppc64le",
"product": {
"name": "kubo-0.35.0-1.1.ppc64le",
"product_id": "kubo-0.35.0-1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "kubo-0.35.0-1.1.s390x",
"product": {
"name": "kubo-0.35.0-1.1.s390x",
"product_id": "kubo-0.35.0-1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "kubo-0.35.0-1.1.x86_64",
"product": {
"name": "kubo-0.35.0-1.1.x86_64",
"product_id": "kubo-0.35.0-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "kubo-0.35.0-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:kubo-0.35.0-1.1.aarch64"
},
"product_reference": "kubo-0.35.0-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kubo-0.35.0-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:kubo-0.35.0-1.1.ppc64le"
},
"product_reference": "kubo-0.35.0-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kubo-0.35.0-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:kubo-0.35.0-1.1.s390x"
},
"product_reference": "kubo-0.35.0-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kubo-0.35.0-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:kubo-0.35.0-1.1.x86_64"
},
"product_reference": "kubo-0.35.0-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-22872",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-22872"
}
],
"notes": [
{
"category": "general",
"text": "The tokenizer incorrectly interprets tags with unquoted attribute values that end with a solidus character (/) as self-closing. When directly using Tokenizer, this can result in such tags incorrectly being marked as self-closing, and when using the Parse functions, this can result in content following such tags as being placed in the wrong scope during DOM construction, but only when tags are in foreign content (e.g. \u003cmath\u003e, \u003csvg\u003e, etc contexts).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kubo-0.35.0-1.1.aarch64",
"openSUSE Tumbleweed:kubo-0.35.0-1.1.ppc64le",
"openSUSE Tumbleweed:kubo-0.35.0-1.1.s390x",
"openSUSE Tumbleweed:kubo-0.35.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-22872",
"url": "https://www.suse.com/security/cve/CVE-2025-22872"
},
{
"category": "external",
"summary": "SUSE Bug 1241710 for CVE-2025-22872",
"url": "https://bugzilla.suse.com/1241710"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kubo-0.35.0-1.1.aarch64",
"openSUSE Tumbleweed:kubo-0.35.0-1.1.ppc64le",
"openSUSE Tumbleweed:kubo-0.35.0-1.1.s390x",
"openSUSE Tumbleweed:kubo-0.35.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kubo-0.35.0-1.1.aarch64",
"openSUSE Tumbleweed:kubo-0.35.0-1.1.ppc64le",
"openSUSE Tumbleweed:kubo-0.35.0-1.1.s390x",
"openSUSE Tumbleweed:kubo-0.35.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-05-22T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-22872"
}
]
}
OPENSUSE-SU-2025:15171-1
Vulnerability from csaf_opensuse - Published: 2025-05-27 00:00 - Updated: 2025-05-27 00:00Summary
grafana-11.6.1+security01-1.1 on GA media
Severity
Moderate
Notes
Title of the patch: grafana-11.6.1+security01-1.1 on GA media
Description of the patch: These are all security issues fixed in the grafana-11.6.1+security01-1.1 package on the GA media of openSUSE Tumbleweed.
Patchnames: openSUSE-Tumbleweed-2025-15171
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
6.5 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:grafana-11.6.1+security01-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:grafana-11.6.1+security01-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:grafana-11.6.1+security01-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:grafana-11.6.1+security01-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.5 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:grafana-11.6.1+security01-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:grafana-11.6.1+security01-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:grafana-11.6.1+security01-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:grafana-11.6.1+security01-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.6 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:grafana-11.6.1+security01-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:grafana-11.6.1+security01-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:grafana-11.6.1+security01-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:grafana-11.6.1+security01-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
11 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "grafana-11.6.1+security01-1.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the grafana-11.6.1+security01-1.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2025-15171",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2025_15171-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-22872 page",
"url": "https://www.suse.com/security/cve/CVE-2025-22872/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-3580 page",
"url": "https://www.suse.com/security/cve/CVE-2025-3580/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-4123 page",
"url": "https://www.suse.com/security/cve/CVE-2025-4123/"
}
],
"title": "grafana-11.6.1+security01-1.1 on GA media",
"tracking": {
"current_release_date": "2025-05-27T00:00:00Z",
"generator": {
"date": "2025-05-27T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2025:15171-1",
"initial_release_date": "2025-05-27T00:00:00Z",
"revision_history": [
{
"date": "2025-05-27T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "grafana-11.6.1+security01-1.1.aarch64",
"product": {
"name": "grafana-11.6.1+security01-1.1.aarch64",
"product_id": "grafana-11.6.1+security01-1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "grafana-11.6.1+security01-1.1.ppc64le",
"product": {
"name": "grafana-11.6.1+security01-1.1.ppc64le",
"product_id": "grafana-11.6.1+security01-1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "grafana-11.6.1+security01-1.1.s390x",
"product": {
"name": "grafana-11.6.1+security01-1.1.s390x",
"product_id": "grafana-11.6.1+security01-1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "grafana-11.6.1+security01-1.1.x86_64",
"product": {
"name": "grafana-11.6.1+security01-1.1.x86_64",
"product_id": "grafana-11.6.1+security01-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-11.6.1+security01-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:grafana-11.6.1+security01-1.1.aarch64"
},
"product_reference": "grafana-11.6.1+security01-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-11.6.1+security01-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:grafana-11.6.1+security01-1.1.ppc64le"
},
"product_reference": "grafana-11.6.1+security01-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-11.6.1+security01-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:grafana-11.6.1+security01-1.1.s390x"
},
"product_reference": "grafana-11.6.1+security01-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-11.6.1+security01-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:grafana-11.6.1+security01-1.1.x86_64"
},
"product_reference": "grafana-11.6.1+security01-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-22872",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-22872"
}
],
"notes": [
{
"category": "general",
"text": "The tokenizer incorrectly interprets tags with unquoted attribute values that end with a solidus character (/) as self-closing. When directly using Tokenizer, this can result in such tags incorrectly being marked as self-closing, and when using the Parse functions, this can result in content following such tags as being placed in the wrong scope during DOM construction, but only when tags are in foreign content (e.g. \u003cmath\u003e, \u003csvg\u003e, etc contexts).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:grafana-11.6.1+security01-1.1.aarch64",
"openSUSE Tumbleweed:grafana-11.6.1+security01-1.1.ppc64le",
"openSUSE Tumbleweed:grafana-11.6.1+security01-1.1.s390x",
"openSUSE Tumbleweed:grafana-11.6.1+security01-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-22872",
"url": "https://www.suse.com/security/cve/CVE-2025-22872"
},
{
"category": "external",
"summary": "SUSE Bug 1241710 for CVE-2025-22872",
"url": "https://bugzilla.suse.com/1241710"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:grafana-11.6.1+security01-1.1.aarch64",
"openSUSE Tumbleweed:grafana-11.6.1+security01-1.1.ppc64le",
"openSUSE Tumbleweed:grafana-11.6.1+security01-1.1.s390x",
"openSUSE Tumbleweed:grafana-11.6.1+security01-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:grafana-11.6.1+security01-1.1.aarch64",
"openSUSE Tumbleweed:grafana-11.6.1+security01-1.1.ppc64le",
"openSUSE Tumbleweed:grafana-11.6.1+security01-1.1.s390x",
"openSUSE Tumbleweed:grafana-11.6.1+security01-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-05-27T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-22872"
},
{
"cve": "CVE-2025-3580",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-3580"
}
],
"notes": [
{
"category": "general",
"text": "An access control vulnerability was discovered in Grafana OSS where an Organization administrator could permanently delete the Server administrator account. This vulnerability exists in the DELETE /api/org/users/ endpoint.\n\nThe vulnerability can be exploited when:\n\n1. An Organization administrator exists\n\n2. The Server administrator is either:\n\n - Not part of any organization, or\n - Part of the same organization as the Organization administrator\nImpact:\n\n- Organization administrators can permanently delete Server administrator accounts\n\n- If the only Server administrator is deleted, the Grafana instance becomes unmanageable\n\n- No super-user permissions remain in the system\n\n- Affects all users, organizations, and teams managed in the instance\n\nThe vulnerability is particularly serious as it can lead to a complete loss of administrative control over the Grafana instance.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:grafana-11.6.1+security01-1.1.aarch64",
"openSUSE Tumbleweed:grafana-11.6.1+security01-1.1.ppc64le",
"openSUSE Tumbleweed:grafana-11.6.1+security01-1.1.s390x",
"openSUSE Tumbleweed:grafana-11.6.1+security01-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-3580",
"url": "https://www.suse.com/security/cve/CVE-2025-3580"
},
{
"category": "external",
"summary": "SUSE Bug 1243672 for CVE-2025-3580",
"url": "https://bugzilla.suse.com/1243672"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:grafana-11.6.1+security01-1.1.aarch64",
"openSUSE Tumbleweed:grafana-11.6.1+security01-1.1.ppc64le",
"openSUSE Tumbleweed:grafana-11.6.1+security01-1.1.s390x",
"openSUSE Tumbleweed:grafana-11.6.1+security01-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:grafana-11.6.1+security01-1.1.aarch64",
"openSUSE Tumbleweed:grafana-11.6.1+security01-1.1.ppc64le",
"openSUSE Tumbleweed:grafana-11.6.1+security01-1.1.s390x",
"openSUSE Tumbleweed:grafana-11.6.1+security01-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-05-27T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-3580"
},
{
"cve": "CVE-2025-4123",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-4123"
}
],
"notes": [
{
"category": "general",
"text": "A cross-site scripting (XSS) vulnerability exists in Grafana caused by combining a client path traversal and open redirect. This allows attackers to redirect users to a website that hosts a frontend plugin that will execute arbitrary JavaScript. This vulnerability does not require editor permissions and if anonymous access is enabled, the XSS will work. If the Grafana Image Renderer plugin is installed, it is possible to exploit the open redirect to achieve a full read SSRF.\n\nThe default Content-Security-Policy (CSP) in Grafana will block the XSS though the `connect-src` directive.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:grafana-11.6.1+security01-1.1.aarch64",
"openSUSE Tumbleweed:grafana-11.6.1+security01-1.1.ppc64le",
"openSUSE Tumbleweed:grafana-11.6.1+security01-1.1.s390x",
"openSUSE Tumbleweed:grafana-11.6.1+security01-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-4123",
"url": "https://www.suse.com/security/cve/CVE-2025-4123"
},
{
"category": "external",
"summary": "SUSE Bug 1243714 for CVE-2025-4123",
"url": "https://bugzilla.suse.com/1243714"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:grafana-11.6.1+security01-1.1.aarch64",
"openSUSE Tumbleweed:grafana-11.6.1+security01-1.1.ppc64le",
"openSUSE Tumbleweed:grafana-11.6.1+security01-1.1.s390x",
"openSUSE Tumbleweed:grafana-11.6.1+security01-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.6,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:grafana-11.6.1+security01-1.1.aarch64",
"openSUSE Tumbleweed:grafana-11.6.1+security01-1.1.ppc64le",
"openSUSE Tumbleweed:grafana-11.6.1+security01-1.1.s390x",
"openSUSE Tumbleweed:grafana-11.6.1+security01-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-05-27T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2025-4123"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…