Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2025-9714 (GCVE-0-2025-9714)
Vulnerability from cvelistv5 – Published: 2025-09-10 18:43 – Updated: 2026-05-12 12:02
VLAI
EPSS
Title
Stack overflow in libxml2
Summary
Uncontrolled recursion in XPath evaluation in libxml2 up to and including version 2.9.14 allows a local attacker to cause a stack overflow via crafted expressions. XPath processing functions `xmlXPathRunEval`, `xmlXPathCtxtCompile`, and `xmlXPathEvalExpr` were resetting recursion depth to zero before making potentially recursive calls. When such functions were called recursively this could allow for uncontrolled recursion and lead to a stack overflow. These functions now preserve recursion depth across recursive calls, allowing recursion depth to be controlled.
Severity
6.2 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-674 - Uncontrolled Recursion
Assigner
References
Impacted products
12 products
| Vendor | Product | Version | |
|---|---|---|---|
| libxml2 | libxml2 |
Affected:
0 , < 2.10.0
(semver)
Affected: 0 , < 2.12.7+dfsg+really2.9.14-0.4ubuntu0.3 (dpkg) Affected: 0 , < 2.9.14+dfsg-1.3ubuntu3.5 (dpkg) Affected: 0 , < 2.9.13+dfsg-1ubuntu0.9 (dpkg) Affected: 0 , < 2.9.10+dfsg-5ubuntu0.20.04.10+esm2 (dpkg) Affected: 0 , < 2.9.4+dfsg1-6.1ubuntu1.9+esm5 (dpkg) Affected: 0 , < 2.9.3+dfsg1-1ubuntu0.7+esm10 (dpkg) Affected: 0 , < 2.9.1+dfsg1-3ubuntu4.13+esm9 (dpkg) |
|
| Siemens | RUGGEDCOM ROX MX5000 |
Affected:
0 , < V2.17.1
(custom)
|
|
| Siemens | RUGGEDCOM ROX MX5000RE |
Affected:
0 , < V2.17.1
(custom)
|
|
| Siemens | RUGGEDCOM ROX RX1400 |
Affected:
0 , < V2.17.1
(custom)
|
|
| Siemens | RUGGEDCOM ROX RX1500 |
Affected:
0 , < V2.17.1
(custom)
|
|
| Siemens | RUGGEDCOM ROX RX1501 |
Affected:
0 , < V2.17.1
(custom)
|
|
| Siemens | RUGGEDCOM ROX RX1510 |
Affected:
0 , < V2.17.1
(custom)
|
|
| Siemens | RUGGEDCOM ROX RX1511 |
Affected:
0 , < V2.17.1
(custom)
|
|
| Siemens | RUGGEDCOM ROX RX1512 |
Affected:
0 , < V2.17.1
(custom)
|
|
| Siemens | RUGGEDCOM ROX RX1524 |
Affected:
0 , < V2.17.1
(custom)
|
|
| Siemens | RUGGEDCOM ROX RX1536 |
Affected:
0 , < V2.17.1
(custom)
|
|
| Siemens | RUGGEDCOM ROX RX5000 |
Affected:
0 , < V2.17.1
(custom)
|
Credits
Nikita Sveshnikov (Positive Technologies)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-9714",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-10T18:46:42.383800Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-10T18:46:46.622Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T18:14:19.914Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/09/msg00035.html"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX MX5000",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.17.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX MX5000RE",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.17.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1400",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.17.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1500",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.17.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1501",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.17.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1510",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.17.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1511",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.17.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1512",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.17.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1524",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.17.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1536",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.17.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX5000",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.17.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-12T12:02:43.668Z",
"orgId": "0b142b55-0307-4c5a-b3c9-f314f3fb7c5e",
"shortName": "siemens-SADP"
},
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-577017.html"
}
],
"x_adpType": "supplier"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://gitlab.gnome.org/GNOME/libxml2",
"defaultStatus": "unaffected",
"modules": [
"xpath"
],
"packageName": "libxml2",
"platforms": [
"Linux"
],
"product": "libxml2",
"programFiles": [
"xpath.c"
],
"repo": "https://gitlab.gnome.org/GNOME/libxml2",
"vendor": "libxml2",
"versions": [
{
"lessThan": "2.10.0",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "2.12.7+dfsg+really2.9.14-0.4ubuntu0.3",
"status": "affected",
"version": "0",
"versionType": "dpkg"
},
{
"lessThan": "2.9.14+dfsg-1.3ubuntu3.5",
"status": "affected",
"version": "0",
"versionType": "dpkg"
},
{
"lessThan": "2.9.13+dfsg-1ubuntu0.9",
"status": "affected",
"version": "0",
"versionType": "dpkg"
},
{
"lessThan": "2.9.10+dfsg-5ubuntu0.20.04.10+esm2",
"status": "affected",
"version": "0",
"versionType": "dpkg"
},
{
"lessThan": "2.9.4+dfsg1-6.1ubuntu1.9+esm5",
"status": "affected",
"version": "0",
"versionType": "dpkg"
},
{
"lessThan": "2.9.3+dfsg1-1ubuntu0.7+esm10",
"status": "affected",
"version": "0",
"versionType": "dpkg"
},
{
"lessThan": "2.9.1+dfsg1-3ubuntu4.13+esm9",
"status": "affected",
"version": "0",
"versionType": "dpkg"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Nikita Sveshnikov (Positive Technologies)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cdiv\u003eUncontrolled recursion in\u0026nbsp;XPath evaluation\u0026nbsp;in libxml2 up to and including version 2.9.14 allows a local attacker to cause a stack overflow via crafted expressions. XPath processing functions `xmlXPathRunEval`, `\u003ccode\u003exmlXPathCtxtCompile\u003c/code\u003e`, and `\u003ccode\u003exmlXPathEvalExpr\u003c/code\u003e` were resetting recursion depth to zero before making potentially recursive calls. When such functions were called recursively this could allow for uncontrolled recursion and lead to a stack overflow. These functions now preserve recursion depth across recursive calls, allowing recursion depth to be controlled.\u003c/div\u003e"
}
],
"value": "Uncontrolled recursion in\u00a0XPath evaluation\u00a0in libxml2 up to and including version 2.9.14 allows a local attacker to cause a stack overflow via crafted expressions. XPath processing functions `xmlXPathRunEval`, `xmlXPathCtxtCompile`, and `xmlXPathEvalExpr` were resetting recursion depth to zero before making potentially recursive calls. When such functions were called recursively this could allow for uncontrolled recursion and lead to a stack overflow. These functions now preserve recursion depth across recursive calls, allowing recursion depth to be controlled."
}
],
"impacts": [
{
"capecId": "CAPEC-130",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-130 Excessive Allocation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-674",
"description": "CWE-674 Uncontrolled Recursion",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-10T18:43:12.204Z",
"orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"shortName": "canonical"
},
"references": [
{
"tags": [
"patch"
],
"url": "https://gitlab.gnome.org/GNOME/libxml2/-/commit/677a42645ef22b5a50741bad5facf9d8a8bc6d21"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Stack overflow in libxml2",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"assignerShortName": "canonical",
"cveId": "CVE-2025-9714",
"datePublished": "2025-09-10T18:43:12.204Z",
"dateReserved": "2025-08-29T23:28:33.339Z",
"dateUpdated": "2026-05-12T12:02:43.668Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2025-9714",
"date": "2026-06-05",
"epss": "0.00011",
"percentile": "0.01354"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2025-9714\",\"sourceIdentifier\":\"security@ubuntu.com\",\"published\":\"2025-09-10T19:15:42.707\",\"lastModified\":\"2026-05-12T13:17:30.330\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Uncontrolled recursion in\u00a0XPath evaluation\u00a0in libxml2 up to and including version 2.9.14 allows a local attacker to cause a stack overflow via crafted expressions. XPath processing functions `xmlXPathRunEval`, `xmlXPathCtxtCompile`, and `xmlXPathEvalExpr` were resetting recursion depth to zero before making potentially recursive calls. When such functions were called recursively this could allow for uncontrolled recursion and lead to a stack overflow. These functions now preserve recursion depth across recursive calls, allowing recursion depth to be controlled.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security@ubuntu.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":6.2,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.5,\"impactScore\":3.6},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":5.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"security@ubuntu.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-674\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:xmlsoft:libxml2:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.10.0\",\"matchCriteriaId\":\"6A6A3E8A-FBA5-4AA0-B9D8-F2536DB076F0\"}]}]}],\"references\":[{\"url\":\"https://gitlab.gnome.org/GNOME/libxml2/-/commit/677a42645ef22b5a50741bad5facf9d8a8bc6d21\",\"source\":\"security@ubuntu.com\",\"tags\":[\"Patch\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2025/09/msg00035.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://cert-portal.siemens.com/productcert/html/ssa-577017.html\",\"source\":\"0b142b55-0307-4c5a-b3c9-f314f3fb7c5e\"}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-9714\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-09-10T18:46:42.383800Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-09-10T18:46:43.927Z\"}}], \"cna\": {\"title\": \"Stack overflow in libxml2\", \"source\": {\"discovery\": \"EXTERNAL\"}, \"credits\": [{\"lang\": \"en\", \"type\": \"reporter\", \"value\": \"Nikita Sveshnikov (Positive Technologies)\"}], \"impacts\": [{\"capecId\": \"CAPEC-130\", \"descriptions\": [{\"lang\": \"en\", \"value\": \"CAPEC-130 Excessive Allocation\"}]}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 6.2, \"attackVector\": \"LOCAL\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"NONE\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"repo\": \"https://gitlab.gnome.org/GNOME/libxml2\", \"vendor\": \"libxml2\", \"modules\": [\"xpath\"], \"product\": \"libxml2\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"2.10.0\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"2.12.7+dfsg+really2.9.14-0.4ubuntu0.3\", \"versionType\": \"dpkg\"}, {\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"2.9.14+dfsg-1.3ubuntu3.5\", \"versionType\": \"dpkg\"}, {\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"2.9.13+dfsg-1ubuntu0.9\", \"versionType\": \"dpkg\"}, {\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"2.9.10+dfsg-5ubuntu0.20.04.10+esm2\", \"versionType\": \"dpkg\"}, {\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"2.9.4+dfsg1-6.1ubuntu1.9+esm5\", \"versionType\": \"dpkg\"}, {\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"2.9.3+dfsg1-1ubuntu0.7+esm10\", \"versionType\": \"dpkg\"}, {\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"2.9.1+dfsg1-3ubuntu4.13+esm9\", \"versionType\": \"dpkg\"}], \"platforms\": [\"Linux\"], \"packageName\": \"libxml2\", \"programFiles\": [\"xpath.c\"], \"collectionURL\": \"https://gitlab.gnome.org/GNOME/libxml2\", \"defaultStatus\": \"unaffected\"}], \"references\": [{\"url\": \"https://gitlab.gnome.org/GNOME/libxml2/-/commit/677a42645ef22b5a50741bad5facf9d8a8bc6d21\", \"tags\": [\"patch\"]}], \"x_generator\": {\"engine\": \"Vulnogram 0.2.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"Uncontrolled recursion in\\u00a0XPath evaluation\\u00a0in libxml2 up to and including version 2.9.14 allows a local attacker to cause a stack overflow via crafted expressions. XPath processing functions `xmlXPathRunEval`, `xmlXPathCtxtCompile`, and `xmlXPathEvalExpr` were resetting recursion depth to zero before making potentially recursive calls. When such functions were called recursively this could allow for uncontrolled recursion and lead to a stack overflow. These functions now preserve recursion depth across recursive calls, allowing recursion depth to be controlled.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003cdiv\u003eUncontrolled recursion in\u0026nbsp;XPath evaluation\u0026nbsp;in libxml2 up to and including version 2.9.14 allows a local attacker to cause a stack overflow via crafted expressions. XPath processing functions `xmlXPathRunEval`, `\u003ccode\u003exmlXPathCtxtCompile\u003c/code\u003e`, and `\u003ccode\u003exmlXPathEvalExpr\u003c/code\u003e` were resetting recursion depth to zero before making potentially recursive calls. When such functions were called recursively this could allow for uncontrolled recursion and lead to a stack overflow. These functions now preserve recursion depth across recursive calls, allowing recursion depth to be controlled.\u003c/div\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-674\", \"description\": \"CWE-674 Uncontrolled Recursion\"}]}], \"providerMetadata\": {\"orgId\": \"cc1ad9ee-3454-478d-9317-d3e869d708bc\", \"shortName\": \"canonical\", \"dateUpdated\": \"2025-09-10T18:43:12.204Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2025-9714\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-09-10T18:46:46.622Z\", \"dateReserved\": \"2025-08-29T23:28:33.339Z\", \"assignerOrgId\": \"cc1ad9ee-3454-478d-9317-d3e869d708bc\", \"datePublished\": \"2025-09-10T18:43:12.204Z\", \"assignerShortName\": \"canonical\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
RHSA-2025:23209
Vulnerability from csaf_redhat - Published: 2025-12-15 15:50 - Updated: 2026-06-05 19:39Summary
Red Hat Security Advisory: Red Hat AI Inference Server 3.2.5 (TPU)
Severity
Important
Notes
Topic: Red Hat AI Inference Server 3.2.5 (TPU) is now available.
Details: Red Hat® AI Inference Server
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in the OpenSSL CMS implementation (RFC 3211 KEK Unwrap). This vulnerability allows memory corruption, an application level denial of service, or potential execution of attacker-supplied code via crafted CMS messages using password-based encryption (PWRI).
5.6 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-tpu-rhel9@sha256:64796b48c68d31973a08e22c9530c39b1bc3ba9f376bbefa57643ef0fc857534_amd64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in libxstl/libxml2. The 'exsltDynMapFunction' function in libexslt/dynamic.c does not contain a recursion depth check, which may cause an infinite loop via a specially crafted XSLT document while handling 'dyn:map()', leading to stack exhaustion and a local denial of service.
6.2 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-tpu-rhel9@sha256:64796b48c68d31973a08e22c9530c39b1bc3ba9f376bbefa57643ef0fc857534_amd64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in the `golang.org/x/oauth2/jws` package in the token parsing component. This vulnerability is made possible because of the use of `strings.Split(token, ".")` to split JWT tokens, which can lead to excessive memory consumption when processing maliciously crafted tokens with a large number of `.` characters. An attacker could exploit this functionality by sending numerous malformed tokens and can trigger memory exhaustion and a Denial of Service.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-tpu-rhel9@sha256:64796b48c68d31973a08e22c9530c39b1bc3ba9f376bbefa57643ef0fc857534_amd64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in the golang.org/x/crypto/ssh package. SSH clients and servers are vulnerable to increased resource consumption, possibly leading to memory exhaustion and a DoS. This can occur during key exchange when the other party is slow to respond during key exchange.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-tpu-rhel9@sha256:64796b48c68d31973a08e22c9530c39b1bc3ba9f376bbefa57643ef0fc857534_amd64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in runc. CVE-2025-52565 is very similar in concept and application toCVE-2025-31133, except that it exploits a flaw in /dev/console bind-mounts. When creating the /dev/console bind-mount (to /dev/pts/$n), if an attacker replaces /dev/pts/$n with a symlink then runc will bind-mount the symlink target over /dev/console.
8.2 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-tpu-rhel9@sha256:64796b48c68d31973a08e22c9530c39b1bc3ba9f376bbefa57643ef0fc857534_amd64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A memory amplification vulnerability in libexpat allows attackers to trigger excessive dynamic memory allocations by submitting specially crafted XML input. A small input (~250 KiB) can cause the parser to allocate hundreds of megabytes, leading to denial-of-service (DoS) through memory exhaustion.
5.3 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-tpu-rhel9@sha256:64796b48c68d31973a08e22c9530c39b1bc3ba9f376bbefa57643ef0fc857534_amd64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A vulnerability in vLLM allows attackers to supply malicious serialized prompt-embedding tensors that are deserialized using torch.load() without validation. Due to PyTorch 2.8.0 disabling sparse-tensor integrity checks by default, a crafted tensor can bypass bounds checks and cause an out-of-bounds write during to_dense(), leading to a crash (DoS) and potentially remote code execution on the vLLM server.
8.8 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-tpu-rhel9@sha256:64796b48c68d31973a08e22c9530c39b1bc3ba9f376bbefa57643ef0fc857534_amd64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A denial-of-service vulnerability in vLLM allows an attacker with API access to crash the engine by submitting multimodal embedding tensors that have the correct number of dimensions but an invalid internal shape. Because vLLM validates only the tensor’s ndim and not the full expected shape, malformed embeddings trigger shape mismatches or validation failures during processing, causing the inference engine to terminate.
6.5 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-tpu-rhel9@sha256:64796b48c68d31973a08e22c9530c39b1bc3ba9f376bbefa57643ef0fc857534_amd64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A remote code execution vulnerability has been identified in vLLM. An attacker can exploit a weakness in the model loading process to silently fetch and run unauthorized, malicious Python code on the host system. This happens because the engine mistakenly executes code from a remote repository referenced in a model's configuration, even when explicit security measures are set to prevent it.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-tpu-rhel9@sha256:64796b48c68d31973a08e22c9530c39b1bc3ba9f376bbefa57643ef0fc857534_amd64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in Fulcio, a free-to-use certificate authority. This vulnerability allows a denial of service (DoS) due to excessive memory allocation when processing a malicious OpenID Connect (OIDC) identity token containing numerous period characters.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-tpu-rhel9@sha256:64796b48c68d31973a08e22c9530c39b1bc3ba9f376bbefa57643ef0fc857534_amd64 | — |
Vendor Fix
fix
|
Threats
Impact
Important
References
75 references
Acknowledgments
jub0bs
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat AI Inference Server 3.2.5 (TPU) is now available.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat\u00ae AI Inference Server",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:23209",
"url": "https://access.redhat.com/errata/RHSA-2025:23209"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-66448",
"url": "https://access.redhat.com/security/cve/CVE-2025-66448"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-66506",
"url": "https://access.redhat.com/security/cve/CVE-2025-66506"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-9230",
"url": "https://access.redhat.com/security/cve/CVE-2025-9230"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-9714",
"url": "https://access.redhat.com/security/cve/CVE-2025-9714"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "external",
"summary": "https://www.redhat.com/en/products/ai/inference-server",
"url": "https://www.redhat.com/en/products/ai/inference-server"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-22868",
"url": "https://access.redhat.com/security/cve/CVE-2025-22868"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-22869",
"url": "https://access.redhat.com/security/cve/CVE-2025-22869"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-52565",
"url": "https://access.redhat.com/security/cve/CVE-2025-52565"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-59375",
"url": "https://access.redhat.com/security/cve/CVE-2025-59375"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-62372",
"url": "https://access.redhat.com/security/cve/CVE-2025-62372"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-62164",
"url": "https://access.redhat.com/security/cve/CVE-2025-62164"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_23209.json"
}
],
"title": "Red Hat Security Advisory: Red Hat AI Inference Server 3.2.5 (TPU)",
"tracking": {
"current_release_date": "2026-06-05T19:39:29+00:00",
"generator": {
"date": "2026-06-05T19:39:29+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.2"
}
},
"id": "RHSA-2025:23209",
"initial_release_date": "2025-12-15T15:50:15+00:00",
"revision_history": [
{
"date": "2025-12-15T15:50:15+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-12-15T15:50:27+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-06-05T19:39:29+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat AI Inference Server 3.2",
"product": {
"name": "Red Hat AI Inference Server 3.2",
"product_id": "Red Hat AI Inference Server 3.2",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:ai_inference_server:3.2::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat AI Inference Server"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/rhaiis/vllm-tpu-rhel9@sha256:64796b48c68d31973a08e22c9530c39b1bc3ba9f376bbefa57643ef0fc857534_amd64",
"product": {
"name": "registry.redhat.io/rhaiis/vllm-tpu-rhel9@sha256:64796b48c68d31973a08e22c9530c39b1bc3ba9f376bbefa57643ef0fc857534_amd64",
"product_id": "registry.redhat.io/rhaiis/vllm-tpu-rhel9@sha256:64796b48c68d31973a08e22c9530c39b1bc3ba9f376bbefa57643ef0fc857534_amd64",
"product_identification_helper": {
"purl": "pkg:oci/vllm-tpu-rhel9@sha256%3A64796b48c68d31973a08e22c9530c39b1bc3ba9f376bbefa57643ef0fc857534?arch=amd64\u0026repository_url=registry.redhat.io/rhaiis\u0026tag=3.2.5-1765552619"
}
}
}
],
"category": "architecture",
"name": "amd64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhaiis/vllm-tpu-rhel9@sha256:64796b48c68d31973a08e22c9530c39b1bc3ba9f376bbefa57643ef0fc857534_amd64 as a component of Red Hat AI Inference Server 3.2",
"product_id": "Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-tpu-rhel9@sha256:64796b48c68d31973a08e22c9530c39b1bc3ba9f376bbefa57643ef0fc857534_amd64"
},
"product_reference": "registry.redhat.io/rhaiis/vllm-tpu-rhel9@sha256:64796b48c68d31973a08e22c9530c39b1bc3ba9f376bbefa57643ef0fc857534_amd64",
"relates_to_product_reference": "Red Hat AI Inference Server 3.2"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-9230",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2025-09-17T12:15:34.387000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2396054"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the OpenSSL CMS implementation (RFC 3211 KEK Unwrap). This vulnerability allows memory corruption, an application level denial of service, or potential execution of attacker-supplied code via crafted CMS messages using password-based encryption (PWRI).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openssl: Out-of-bounds read \u0026 write in RFC 3211 KEK Unwrap",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The vulnerability was rated as Moderate because, while the potential impact includes an application level denial of service and possible arbitrary code execution, successful exploitation is considered unlikely due to the high attack complexity and the fact that password-based CMS encryption (PWRI) is rarely used in real-world deployments.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-tpu-rhel9@sha256:64796b48c68d31973a08e22c9530c39b1bc3ba9f376bbefa57643ef0fc857534_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-9230"
},
{
"category": "external",
"summary": "RHBZ#2396054",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2396054"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-9230",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9230"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-9230",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-9230"
}
],
"release_date": "2025-09-30T23:59:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-12-15T15:50:15+00:00",
"details": "For more information visit https://access.redhat.com/errata/RHSA-2025:23209",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-tpu-rhel9@sha256:64796b48c68d31973a08e22c9530c39b1bc3ba9f376bbefa57643ef0fc857534_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:23209"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-tpu-rhel9@sha256:64796b48c68d31973a08e22c9530c39b1bc3ba9f376bbefa57643ef0fc857534_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-tpu-rhel9@sha256:64796b48c68d31973a08e22c9530c39b1bc3ba9f376bbefa57643ef0fc857534_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "openssl: Out-of-bounds read \u0026 write in RFC 3211 KEK Unwrap"
},
{
"cve": "CVE-2025-9714",
"cwe": {
"id": "CWE-606",
"name": "Unchecked Input for Loop Condition"
},
"discovery_date": "2025-09-02T13:03:56.452000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2392605"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in libxstl/libxml2. The \u0027exsltDynMapFunction\u0027 function in libexslt/dynamic.c does not contain a recursion depth check, which may cause an infinite loop via a specially crafted XSLT document while handling \u0027dyn:map()\u0027, leading to stack exhaustion and a local denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libxslt: libxml2: Inifinite recursion at exsltDynMapFunction function in libexslt/dynamic.c",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "No evidence was found for arbitrary memory corruption through this flaw, limiting its impact to Availability only, and reducing its severity to Moderate.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-tpu-rhel9@sha256:64796b48c68d31973a08e22c9530c39b1bc3ba9f376bbefa57643ef0fc857534_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-9714"
},
{
"category": "external",
"summary": "RHBZ#2392605",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2392605"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-9714",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9714"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-9714",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-9714"
},
{
"category": "external",
"summary": "https://gitlab.gnome.org/GNOME/libxml2/-/commit/677a42645ef22b5a50741bad5facf9d8a8bc6d21",
"url": "https://gitlab.gnome.org/GNOME/libxml2/-/commit/677a42645ef22b5a50741bad5facf9d8a8bc6d21"
},
{
"category": "external",
"summary": "https://gitlab.gnome.org/GNOME/libxslt/-/issues/148",
"url": "https://gitlab.gnome.org/GNOME/libxslt/-/issues/148"
}
],
"release_date": "2025-09-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-12-15T15:50:15+00:00",
"details": "For more information visit https://access.redhat.com/errata/RHSA-2025:23209",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-tpu-rhel9@sha256:64796b48c68d31973a08e22c9530c39b1bc3ba9f376bbefa57643ef0fc857534_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:23209"
},
{
"category": "workaround",
"details": "The impact of this flaw may be reduced by setting strict resource limits to the stack size of processes at the operational system level. This can be achieved either through the \u0027ulimit\u0027 shell built-in or the \u0027limits.conf\u0027 file.",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-tpu-rhel9@sha256:64796b48c68d31973a08e22c9530c39b1bc3ba9f376bbefa57643ef0fc857534_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-tpu-rhel9@sha256:64796b48c68d31973a08e22c9530c39b1bc3ba9f376bbefa57643ef0fc857534_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "libxslt: libxml2: Inifinite recursion at exsltDynMapFunction function in libexslt/dynamic.c"
},
{
"acknowledgments": [
{
"names": [
"jub0bs"
]
}
],
"cve": "CVE-2025-22868",
"cwe": {
"id": "CWE-1286",
"name": "Improper Validation of Syntactic Correctness of Input"
},
"discovery_date": "2025-02-26T04:00:44.350024+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2348366"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the `golang.org/x/oauth2/jws` package in the token parsing component. This vulnerability is made possible because of the use of `strings.Split(token, \".\")` to split JWT tokens, which can lead to excessive memory consumption when processing maliciously crafted tokens with a large number of `.` characters. An attacker could exploit this functionality by sending numerous malformed tokens and can trigger memory exhaustion and a Denial of Service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang.org/x/oauth2/jws: Unexpected memory consumption during token parsing in golang.org/x/oauth2/jws",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-tpu-rhel9@sha256:64796b48c68d31973a08e22c9530c39b1bc3ba9f376bbefa57643ef0fc857534_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-22868"
},
{
"category": "external",
"summary": "RHBZ#2348366",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2348366"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-22868",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22868"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-22868",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-22868"
},
{
"category": "external",
"summary": "https://go.dev/cl/652155",
"url": "https://go.dev/cl/652155"
},
{
"category": "external",
"summary": "https://go.dev/issue/71490",
"url": "https://go.dev/issue/71490"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-3488",
"url": "https://pkg.go.dev/vuln/GO-2025-3488"
}
],
"release_date": "2025-02-26T03:07:49.012000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-12-15T15:50:15+00:00",
"details": "For more information visit https://access.redhat.com/errata/RHSA-2025:23209",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-tpu-rhel9@sha256:64796b48c68d31973a08e22c9530c39b1bc3ba9f376bbefa57643ef0fc857534_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:23209"
},
{
"category": "workaround",
"details": "To mitigate this vulnerability, it is recommended to pre-validate any payloads passed to `go-jose` to check that they do not contain an excessive amount of `.` characters.",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-tpu-rhel9@sha256:64796b48c68d31973a08e22c9530c39b1bc3ba9f376bbefa57643ef0fc857534_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-tpu-rhel9@sha256:64796b48c68d31973a08e22c9530c39b1bc3ba9f376bbefa57643ef0fc857534_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang.org/x/oauth2/jws: Unexpected memory consumption during token parsing in golang.org/x/oauth2/jws"
},
{
"cve": "CVE-2025-22869",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2025-02-26T04:00:47.683125+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2348367"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the golang.org/x/crypto/ssh package. SSH clients and servers are vulnerable to increased resource consumption, possibly leading to memory exhaustion and a DoS. This can occur during key exchange when the other party is slow to respond during key exchange.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang.org/x/crypto/ssh: Denial of Service in the Key Exchange of golang.org/x/crypto/ssh",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "While this flaw affects both SSH clients and servers implemented with golang.org/x/crypto/ssh, realistically the flaw will only lead to a DoS when transferring large files, greatly reducing the likelihood of exploitation.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-tpu-rhel9@sha256:64796b48c68d31973a08e22c9530c39b1bc3ba9f376bbefa57643ef0fc857534_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-22869"
},
{
"category": "external",
"summary": "RHBZ#2348367",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2348367"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-22869",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22869"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-22869",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-22869"
},
{
"category": "external",
"summary": "https://go.dev/cl/652135",
"url": "https://go.dev/cl/652135"
},
{
"category": "external",
"summary": "https://go.dev/issue/71931",
"url": "https://go.dev/issue/71931"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-3487",
"url": "https://pkg.go.dev/vuln/GO-2025-3487"
}
],
"release_date": "2025-02-26T03:07:48.855000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-12-15T15:50:15+00:00",
"details": "For more information visit https://access.redhat.com/errata/RHSA-2025:23209",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-tpu-rhel9@sha256:64796b48c68d31973a08e22c9530c39b1bc3ba9f376bbefa57643ef0fc857534_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:23209"
},
{
"category": "workaround",
"details": "This flaw can be mitigated when using the client only connecting to trusted servers.",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-tpu-rhel9@sha256:64796b48c68d31973a08e22c9530c39b1bc3ba9f376bbefa57643ef0fc857534_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-tpu-rhel9@sha256:64796b48c68d31973a08e22c9530c39b1bc3ba9f376bbefa57643ef0fc857534_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang.org/x/crypto/ssh: Denial of Service in the Key Exchange of golang.org/x/crypto/ssh"
},
{
"cve": "CVE-2025-52565",
"cwe": {
"id": "CWE-59",
"name": "Improper Link Resolution Before File Access (\u0027Link Following\u0027)"
},
"discovery_date": "2025-10-17T14:19:18.653000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2404708"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in runc. CVE-2025-52565 is very similar in concept and application toCVE-2025-31133, except that it exploits a flaw in /dev/console\nbind-mounts. When creating the /dev/console bind-mount (to /dev/pts/$n), if an attacker replaces /dev/pts/$n with a symlink then runc will bind-mount the symlink target over /dev/console.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "runc: container escape with malicious config due to /dev/console mount and related races",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat considers this as an Important flaw since the impact is limited to local attack with minimal privileges in order to jeopardize the environment.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-tpu-rhel9@sha256:64796b48c68d31973a08e22c9530c39b1bc3ba9f376bbefa57643ef0fc857534_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-52565"
},
{
"category": "external",
"summary": "RHBZ#2404708",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2404708"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-52565",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-52565"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-52565",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-52565"
},
{
"category": "external",
"summary": "https://github.com/opencontainers/runc/security/advisories/GHSA-qw9x-cqr3-wc7r",
"url": "https://github.com/opencontainers/runc/security/advisories/GHSA-qw9x-cqr3-wc7r"
}
],
"release_date": "2025-11-05T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-12-15T15:50:15+00:00",
"details": "For more information visit https://access.redhat.com/errata/RHSA-2025:23209",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-tpu-rhel9@sha256:64796b48c68d31973a08e22c9530c39b1bc3ba9f376bbefa57643ef0fc857534_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:23209"
},
{
"category": "workaround",
"details": "Potential mitigations for this issue include:\n\n* Using user namespaces, with the host root user not mapped into the container\u0027s namespace. procfs file permissions are managed using Unix DAC and thus user namespaces stop a container process from being able to write to them.\n* Not running as a root user in the container (this includes disabling setuid binaries with noNewPrivileges). As above, procfs file permissions are managed using Unix DAC and thus non-root users cannot write to them.\n* The default SELinux policy should mitigate this issue, as the /dev/console bind-mount does not re-label the mount and so the container process should not be able to write to unsafe procfs files. However, CVE-2025-52881 allows an attacker to bypass LSM labels, and so this mitigation is not helpful when considered in combination with CVE-2025-52881.\n* The default AppArmor profile used by most runtimes will NOT help mitigate this issue, as /dev/console access is permitted. You could create a custom profile that blocks access to /dev/console, but such a profile might break regular containers. In addition, CVE-2025-52881 allows an attacker to bypass LSM labels, and so that mitigation is not helpful when considered in combination with CVE-2025-52881.",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-tpu-rhel9@sha256:64796b48c68d31973a08e22c9530c39b1bc3ba9f376bbefa57643ef0fc857534_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-tpu-rhel9@sha256:64796b48c68d31973a08e22c9530c39b1bc3ba9f376bbefa57643ef0fc857534_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "runc: container escape with malicious config due to /dev/console mount and related races"
},
{
"cve": "CVE-2025-59375",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2025-09-15T03:00:59.775098+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2395108"
}
],
"notes": [
{
"category": "description",
"text": "A memory amplification vulnerability in libexpat allows attackers to trigger excessive dynamic memory allocations by submitting specially crafted XML input. A small input (~250 KiB) can cause the parser to allocate hundreds of megabytes, leading to denial-of-service (DoS) through memory exhaustion.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "firefox: thunderbird: expat: libexpat in Expat allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue is Important rather than Critical because, while it allows for significant resource exhaustion leading to denial-of-service (DoS), it does not enable arbitrary code execution, data leakage, or privilege escalation. The vulnerability stems from an uncontrolled memory amplification behavior in libexpat\u2019s parser, where a relatively small XML payload can cause disproportionately large heap allocations. However, the flaw is limited in scope to service disruption and requires the attacker to submit a crafted XML document\u2014something that can be mitigated with proper input validation and memory usage limits. Therefore, while the exploitability is high, the impact is confined to availability, not confidentiality or integrity, making it a high-severity but not critical flaw.\n\nIn Firefox and Thunderbird, where libexpat is a transitive userspace dependency, exploitation usually just crashes the application (app-level DoS), so it is classified as Moderate instead of Important.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-tpu-rhel9@sha256:64796b48c68d31973a08e22c9530c39b1bc3ba9f376bbefa57643ef0fc857534_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-59375"
},
{
"category": "external",
"summary": "RHBZ#2395108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2395108"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-59375",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59375"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-59375",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-59375"
},
{
"category": "external",
"summary": "https://www.mozilla.org/security/advisories/mfsa2026-22/#CVE-2025-59375",
"url": "https://www.mozilla.org/security/advisories/mfsa2026-22/#CVE-2025-59375"
},
{
"category": "external",
"summary": "https://www.mozilla.org/security/advisories/mfsa2026-24/#CVE-2025-59375",
"url": "https://www.mozilla.org/security/advisories/mfsa2026-24/#CVE-2025-59375"
}
],
"release_date": "2025-09-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-12-15T15:50:15+00:00",
"details": "For more information visit https://access.redhat.com/errata/RHSA-2025:23209",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-tpu-rhel9@sha256:64796b48c68d31973a08e22c9530c39b1bc3ba9f376bbefa57643ef0fc857534_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:23209"
},
{
"category": "workaround",
"details": "To mitigate the issue, limit XML input size and complexity before parsing, and avoid accepting compressed or deeply nested XML. Use OS-level resource controls (like ulimit or setrlimit()) to cap memory usage, or run the parser in a sandboxed or isolated process with strict memory and CPU limits. This helps prevent denial-of-service by containing excessive resource consumption.",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-tpu-rhel9@sha256:64796b48c68d31973a08e22c9530c39b1bc3ba9f376bbefa57643ef0fc857534_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-tpu-rhel9@sha256:64796b48c68d31973a08e22c9530c39b1bc3ba9f376bbefa57643ef0fc857534_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "firefox: thunderbird: expat: libexpat in Expat allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing"
},
{
"cve": "CVE-2025-62164",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2025-11-21T02:01:11.280042+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2416282"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability in vLLM allows attackers to supply malicious serialized prompt-embedding tensors that are deserialized using torch.load() without validation. Due to PyTorch 2.8.0 disabling sparse-tensor integrity checks by default, a crafted tensor can bypass bounds checks and cause an out-of-bounds write during to_dense(), leading to a crash (DoS) and potentially remote code execution on the vLLM server.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "vllm: VLLM deserialization vulnerability leading to DoS and potential RCE",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is considered important rather than moderate because it involves unsafe deserialization leading to memory corruption in a network-reachable, unauthenticated API path. Unlike typical moderate flaws that may only allow limited DoS or require specific conditions, this issue allows an attacker to supply a crafted sparse tensor that triggers an out-of-bounds memory write during PyTorch\u2019s to_dense() conversion. Memory corruption in a server process handling untrusted input significantly elevates security risk because it can lead not only to a reliable crash but also to potential remote code execution, enabling full compromise of the vLLM service. Additionally, the affected code path is part of the standard Completions API workflow, making the attack surface broadly exposed in real deployments. The combination of remote exploitability, unauthenticated access, memory corruption, and potential RCE clearly positions this issue above a moderate classification and into an important severity level.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-tpu-rhel9@sha256:64796b48c68d31973a08e22c9530c39b1bc3ba9f376bbefa57643ef0fc857534_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-62164"
},
{
"category": "external",
"summary": "RHBZ#2416282",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2416282"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-62164",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-62164"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-62164",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-62164"
},
{
"category": "external",
"summary": "https://github.com/vllm-project/vllm/commit/58fab50d82838d5014f4a14d991fdb9352c9c84b",
"url": "https://github.com/vllm-project/vllm/commit/58fab50d82838d5014f4a14d991fdb9352c9c84b"
},
{
"category": "external",
"summary": "https://github.com/vllm-project/vllm/pull/27204",
"url": "https://github.com/vllm-project/vllm/pull/27204"
},
{
"category": "external",
"summary": "https://github.com/vllm-project/vllm/security/advisories/GHSA-mrw7-hf4f-83pf",
"url": "https://github.com/vllm-project/vllm/security/advisories/GHSA-mrw7-hf4f-83pf"
}
],
"release_date": "2025-11-21T01:18:38.803000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-12-15T15:50:15+00:00",
"details": "For more information visit https://access.redhat.com/errata/RHSA-2025:23209",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-tpu-rhel9@sha256:64796b48c68d31973a08e22c9530c39b1bc3ba9f376bbefa57643ef0fc857534_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:23209"
},
{
"category": "workaround",
"details": "No mitigation is currently available that meets Red Hat Product Security\u2019s standards for usability, deployment, applicability, or stability.",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-tpu-rhel9@sha256:64796b48c68d31973a08e22c9530c39b1bc3ba9f376bbefa57643ef0fc857534_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-tpu-rhel9@sha256:64796b48c68d31973a08e22c9530c39b1bc3ba9f376bbefa57643ef0fc857534_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "vllm: VLLM deserialization vulnerability leading to DoS and potential RCE"
},
{
"cve": "CVE-2025-62372",
"cwe": {
"id": "CWE-129",
"name": "Improper Validation of Array Index"
},
"discovery_date": "2025-11-21T02:00:57.180567+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2416280"
}
],
"notes": [
{
"category": "description",
"text": "A denial-of-service vulnerability in vLLM allows an attacker with API access to crash the engine by submitting multimodal embedding tensors that have the correct number of dimensions but an invalid internal shape. Because vLLM validates only the tensor\u2019s ndim and not the full expected shape, malformed embeddings trigger shape mismatches or validation failures during processing, causing the inference engine to terminate.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "vllm: vLLM vulnerable to DoS with incorrect shape of multimodal embedding inputs",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw is rated Moderate rather than Important because its impact is strictly limited to availability and requires low but existing privileges to exploit. The issue arises from incomplete shape validation of multimodal embedding tensors, which can cause deterministic crashes in the inference engine, but it does not enable memory corruption, data leakage, integrity compromise, or execution of arbitrary code. Exploitation requires an authenticated or API-key-holding user to submit malformed multimodal inputs, meaning it cannot be triggered by an unauthenticated attacker on an exposed endpoint. Additionally, the failure mode is a clean crash rather than undefined behavior, so the blast radius is constrained to service interruption rather than broader systemic compromise. These factors\u2014PR:L requirement, no confidentiality/integrity impact, deterministic failure mode, and scoped DoS only\u2014technically align the issue with Moderate severity instead of an Important flaw.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-tpu-rhel9@sha256:64796b48c68d31973a08e22c9530c39b1bc3ba9f376bbefa57643ef0fc857534_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-62372"
},
{
"category": "external",
"summary": "RHBZ#2416280",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2416280"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-62372",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-62372"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-62372",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-62372"
},
{
"category": "external",
"summary": "https://github.com/vllm-project/vllm/commit/58fab50d82838d5014f4a14d991fdb9352c9c84b",
"url": "https://github.com/vllm-project/vllm/commit/58fab50d82838d5014f4a14d991fdb9352c9c84b"
},
{
"category": "external",
"summary": "https://github.com/vllm-project/vllm/pull/27204",
"url": "https://github.com/vllm-project/vllm/pull/27204"
},
{
"category": "external",
"summary": "https://github.com/vllm-project/vllm/pull/6613",
"url": "https://github.com/vllm-project/vllm/pull/6613"
},
{
"category": "external",
"summary": "https://github.com/vllm-project/vllm/security/advisories/GHSA-pmqf-x6x8-p7qw",
"url": "https://github.com/vllm-project/vllm/security/advisories/GHSA-pmqf-x6x8-p7qw"
}
],
"release_date": "2025-11-21T01:22:37.121000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-12-15T15:50:15+00:00",
"details": "For more information visit https://access.redhat.com/errata/RHSA-2025:23209",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-tpu-rhel9@sha256:64796b48c68d31973a08e22c9530c39b1bc3ba9f376bbefa57643ef0fc857534_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:23209"
},
{
"category": "workaround",
"details": "No mitigation is currently available that meets Red Hat Product Security\u2019s standards for usability, deployment, applicability, or stability.",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-tpu-rhel9@sha256:64796b48c68d31973a08e22c9530c39b1bc3ba9f376bbefa57643ef0fc857534_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-tpu-rhel9@sha256:64796b48c68d31973a08e22c9530c39b1bc3ba9f376bbefa57643ef0fc857534_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "vllm: vLLM vulnerable to DoS with incorrect shape of multimodal embedding inputs"
},
{
"cve": "CVE-2025-66448",
"cwe": {
"id": "CWE-94",
"name": "Improper Control of Generation of Code (\u0027Code Injection\u0027)"
},
"discovery_date": "2025-12-01T23:01:07.198041+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2418152"
}
],
"notes": [
{
"category": "description",
"text": "A remote code execution vulnerability has been identified in vLLM. An attacker can exploit a weakness in the model loading process to silently fetch and run unauthorized, malicious Python code on the host system. This happens because the engine mistakenly executes code from a remote repository referenced in a model\u0027s configuration, even when explicit security measures are set to prevent it.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "vllm: vLLM: Remote Code Execution via malicious model configuration",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Important for Red Hat because vLLM, when deployed in a Red Hat environment, is susceptible to remote code execution. An attacker can craft a malicious model configuration that, when loaded, fetches and executes arbitrary Python code from a remote repository, even if `trust_remote_code` is explicitly set to `False`.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-tpu-rhel9@sha256:64796b48c68d31973a08e22c9530c39b1bc3ba9f376bbefa57643ef0fc857534_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-66448"
},
{
"category": "external",
"summary": "RHBZ#2418152",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2418152"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-66448",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66448"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-66448",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66448"
},
{
"category": "external",
"summary": "https://github.com/vllm-project/vllm/commit/ffb08379d8870a1a81ba82b72797f196838d0c86",
"url": "https://github.com/vllm-project/vllm/commit/ffb08379d8870a1a81ba82b72797f196838d0c86"
},
{
"category": "external",
"summary": "https://github.com/vllm-project/vllm/pull/28126",
"url": "https://github.com/vllm-project/vllm/pull/28126"
},
{
"category": "external",
"summary": "https://github.com/vllm-project/vllm/security/advisories/GHSA-8fr4-5q9j-m8gm",
"url": "https://github.com/vllm-project/vllm/security/advisories/GHSA-8fr4-5q9j-m8gm"
}
],
"release_date": "2025-12-01T22:45:42.566000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-12-15T15:50:15+00:00",
"details": "For more information visit https://access.redhat.com/errata/RHSA-2025:23209",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-tpu-rhel9@sha256:64796b48c68d31973a08e22c9530c39b1bc3ba9f376bbefa57643ef0fc857534_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:23209"
},
{
"category": "workaround",
"details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-tpu-rhel9@sha256:64796b48c68d31973a08e22c9530c39b1bc3ba9f376bbefa57643ef0fc857534_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-tpu-rhel9@sha256:64796b48c68d31973a08e22c9530c39b1bc3ba9f376bbefa57643ef0fc857534_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "vllm: vLLM: Remote Code Execution via malicious model configuration"
},
{
"cve": "CVE-2025-66506",
"cwe": {
"id": "CWE-405",
"name": "Asymmetric Resource Consumption (Amplification)"
},
"discovery_date": "2025-12-04T23:01:20.507333+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2419056"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Fulcio, a free-to-use certificate authority. This vulnerability allows a denial of service (DoS) due to excessive memory allocation when processing a malicious OpenID Connect (OIDC) identity token containing numerous period characters.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "github.com/sigstore/fulcio: Fulcio: Denial of Service via crafted OpenID Connect (OIDC) token",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Important for Red Hat as Fulcio, a certificate authority used for issuing code signing certificates, is susceptible to a denial of service when processing a specially crafted OpenID Connect (OIDC) token. This could lead to resource exhaustion and service unavailability in affected Red Hat products that utilize Fulcio.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-tpu-rhel9@sha256:64796b48c68d31973a08e22c9530c39b1bc3ba9f376bbefa57643ef0fc857534_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-66506"
},
{
"category": "external",
"summary": "RHBZ#2419056",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2419056"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-66506",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66506"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-66506",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66506"
},
{
"category": "external",
"summary": "https://github.com/sigstore/fulcio/commit/765a0e57608b9ef390e1eeeea8595b9054c63a5a",
"url": "https://github.com/sigstore/fulcio/commit/765a0e57608b9ef390e1eeeea8595b9054c63a5a"
},
{
"category": "external",
"summary": "https://github.com/sigstore/fulcio/security/advisories/GHSA-f83f-xpx7-ffpw",
"url": "https://github.com/sigstore/fulcio/security/advisories/GHSA-f83f-xpx7-ffpw"
}
],
"release_date": "2025-12-04T22:04:41.637000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-12-15T15:50:15+00:00",
"details": "For more information visit https://access.redhat.com/errata/RHSA-2025:23209",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-tpu-rhel9@sha256:64796b48c68d31973a08e22c9530c39b1bc3ba9f376bbefa57643ef0fc857534_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:23209"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-tpu-rhel9@sha256:64796b48c68d31973a08e22c9530c39b1bc3ba9f376bbefa57643ef0fc857534_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "github.com/sigstore/fulcio: Fulcio: Denial of Service via crafted OpenID Connect (OIDC) token"
}
]
}
RHSA-2025:23227
Vulnerability from csaf_redhat - Published: 2025-12-16 00:01 - Updated: 2026-06-04 17:50Summary
Red Hat Security Advisory: Red Hat Ceph Storage
Severity
Important
Notes
Topic: A new version of Red Hat build of Ceph Storage has been released
Details: The Red Hat Storage Ceph container images are based on the latest ubi9 base image and Ceph 8.1.
This release updates to the latest version.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process. A SUID binary or process has a special type of permission, which allows the process to run with the file owner's permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original's SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality.
4.7 (Medium)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:6e64e0e65a871117cff35f0eba405b311ac1d6ec3ccc2621d61d3811a873e0b4_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:a05f9ecd070a8a1ac7c8ba56d5551642f81d275f54f0af45e0ecb6e46103d4f8_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:b09eb0a1d99e655de562919ded095bbb5dc65961e341a54ea59ad99b55ca9b1b_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:c95ae228c11ea94b9c111d80df530af10f4a0d9198ccdf03b3685b9413b96fa8_arm64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:79e38083033e50288fb6dd6ecca312217f0876b50d8131c7c4c77ecc647bb4af_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:ac21a72147ce641191ac615abc8961e7df3055c99a44fabeb41da2934df19c01_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:d0c3f7c75a0ebda0ce2955a0c309e3dd55384008eb0bf4bc003cab0277109116_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:d69c42d3d38233336baff3ba13df429d68ac6a3a17ba1f4a170e2d1188c2e713_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:02292547622e11d0c94aca81752cc42129f8083cc2ae6e11ade8d1a5d604f278_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:8745e83f9a273994364c65a2ab6082ab61a80af05c4e1c53d23e8733126ff93b_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:a5d8d89e337645107c9b417ebf2d53424f3c2a0d5815f28ad417c1956e50a4da_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:cec72610bc57414cba82f7089059af4408d7c51022c15bd0214e03a1c313e950_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:3fec552f78ea9f55542c03b2f33c6570fb8c5797c3e451e094a8c738fd36b770_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:406c4983912bdf9bc780d331e769dd8ee0257905ac2fd172483d930852a4a5ae_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:7351e8e9218e7b8f6e8d650d2ff67c47973c8ee5f9b517aa8c11b6d0e15fe4b7_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:7e430d1c3a06d91113969a5e7bc9c0fd1f988a7cd5e1c3c1e71914487ecb3843_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:6d85a2952b9cb9f7ff6da582e52fd04956be649e635f5ebd3d4237ce113693e5_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:c484d4cbc9e5f07741a8db0f99c339e9179bf2e9a0bb9c923c91dcad39fc45d7_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:cbe4b44f0d233c50d0ce1521930904da6a69544515892fd127bec07fc880d0d3_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:e2c2f26eac8dcfe65708cdef57188787a068ca5d40941ed1a3efef2ccd0ca8be_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:0ec530e79c8620d187afcbeac1ecf3780f3322c9b7500d0ab4d27f1df6b9ed18_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:1355bc1d05962b49c060ab216ef71e8576a85748aa0847980a9e22d3a8124dea_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:32c461ce7fc4516c540a53a2f551ae6fa2eccfebac5ce24f478dba6777fb913d_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:9ff3fcb6301eee1f3d21573d10521983f90e83535f46e217fce43c937fa8bf1d_arm64 | — |
Workaround
|
Threats
Impact
Moderate
A flaw was found in libxstl/libxml2. The 'exsltDynMapFunction' function in libexslt/dynamic.c does not contain a recursion depth check, which may cause an infinite loop via a specially crafted XSLT document while handling 'dyn:map()', leading to stack exhaustion and a local denial of service.
6.2 (Medium)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:6e64e0e65a871117cff35f0eba405b311ac1d6ec3ccc2621d61d3811a873e0b4_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:a05f9ecd070a8a1ac7c8ba56d5551642f81d275f54f0af45e0ecb6e46103d4f8_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:b09eb0a1d99e655de562919ded095bbb5dc65961e341a54ea59ad99b55ca9b1b_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:c95ae228c11ea94b9c111d80df530af10f4a0d9198ccdf03b3685b9413b96fa8_arm64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:79e38083033e50288fb6dd6ecca312217f0876b50d8131c7c4c77ecc647bb4af_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:ac21a72147ce641191ac615abc8961e7df3055c99a44fabeb41da2934df19c01_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:d0c3f7c75a0ebda0ce2955a0c309e3dd55384008eb0bf4bc003cab0277109116_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:d69c42d3d38233336baff3ba13df429d68ac6a3a17ba1f4a170e2d1188c2e713_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:02292547622e11d0c94aca81752cc42129f8083cc2ae6e11ade8d1a5d604f278_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:8745e83f9a273994364c65a2ab6082ab61a80af05c4e1c53d23e8733126ff93b_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:a5d8d89e337645107c9b417ebf2d53424f3c2a0d5815f28ad417c1956e50a4da_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:cec72610bc57414cba82f7089059af4408d7c51022c15bd0214e03a1c313e950_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:3fec552f78ea9f55542c03b2f33c6570fb8c5797c3e451e094a8c738fd36b770_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:406c4983912bdf9bc780d331e769dd8ee0257905ac2fd172483d930852a4a5ae_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:7351e8e9218e7b8f6e8d650d2ff67c47973c8ee5f9b517aa8c11b6d0e15fe4b7_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:7e430d1c3a06d91113969a5e7bc9c0fd1f988a7cd5e1c3c1e71914487ecb3843_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:6d85a2952b9cb9f7ff6da582e52fd04956be649e635f5ebd3d4237ce113693e5_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:c484d4cbc9e5f07741a8db0f99c339e9179bf2e9a0bb9c923c91dcad39fc45d7_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:cbe4b44f0d233c50d0ce1521930904da6a69544515892fd127bec07fc880d0d3_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:e2c2f26eac8dcfe65708cdef57188787a068ca5d40941ed1a3efef2ccd0ca8be_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:0ec530e79c8620d187afcbeac1ecf3780f3322c9b7500d0ab4d27f1df6b9ed18_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:1355bc1d05962b49c060ab216ef71e8576a85748aa0847980a9e22d3a8124dea_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:32c461ce7fc4516c540a53a2f551ae6fa2eccfebac5ce24f478dba6777fb913d_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:9ff3fcb6301eee1f3d21573d10521983f90e83535f46e217fce43c937fa8bf1d_arm64 | — |
Workaround
|
Threats
Impact
Moderate
A memory amplification vulnerability in libexpat allows attackers to trigger excessive dynamic memory allocations by submitting specially crafted XML input. A small input (~250 KiB) can cause the parser to allocate hundreds of megabytes, leading to denial-of-service (DoS) through memory exhaustion.
5.3 (Medium)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:6e64e0e65a871117cff35f0eba405b311ac1d6ec3ccc2621d61d3811a873e0b4_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:a05f9ecd070a8a1ac7c8ba56d5551642f81d275f54f0af45e0ecb6e46103d4f8_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:b09eb0a1d99e655de562919ded095bbb5dc65961e341a54ea59ad99b55ca9b1b_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:c95ae228c11ea94b9c111d80df530af10f4a0d9198ccdf03b3685b9413b96fa8_arm64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:79e38083033e50288fb6dd6ecca312217f0876b50d8131c7c4c77ecc647bb4af_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:ac21a72147ce641191ac615abc8961e7df3055c99a44fabeb41da2934df19c01_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:d0c3f7c75a0ebda0ce2955a0c309e3dd55384008eb0bf4bc003cab0277109116_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:d69c42d3d38233336baff3ba13df429d68ac6a3a17ba1f4a170e2d1188c2e713_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:02292547622e11d0c94aca81752cc42129f8083cc2ae6e11ade8d1a5d604f278_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:8745e83f9a273994364c65a2ab6082ab61a80af05c4e1c53d23e8733126ff93b_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:a5d8d89e337645107c9b417ebf2d53424f3c2a0d5815f28ad417c1956e50a4da_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:cec72610bc57414cba82f7089059af4408d7c51022c15bd0214e03a1c313e950_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:3fec552f78ea9f55542c03b2f33c6570fb8c5797c3e451e094a8c738fd36b770_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:406c4983912bdf9bc780d331e769dd8ee0257905ac2fd172483d930852a4a5ae_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:7351e8e9218e7b8f6e8d650d2ff67c47973c8ee5f9b517aa8c11b6d0e15fe4b7_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:7e430d1c3a06d91113969a5e7bc9c0fd1f988a7cd5e1c3c1e71914487ecb3843_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:6d85a2952b9cb9f7ff6da582e52fd04956be649e635f5ebd3d4237ce113693e5_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:c484d4cbc9e5f07741a8db0f99c339e9179bf2e9a0bb9c923c91dcad39fc45d7_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:cbe4b44f0d233c50d0ce1521930904da6a69544515892fd127bec07fc880d0d3_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:e2c2f26eac8dcfe65708cdef57188787a068ca5d40941ed1a3efef2ccd0ca8be_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:0ec530e79c8620d187afcbeac1ecf3780f3322c9b7500d0ab4d27f1df6b9ed18_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:1355bc1d05962b49c060ab216ef71e8576a85748aa0847980a9e22d3a8124dea_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:32c461ce7fc4516c540a53a2f551ae6fa2eccfebac5ce24f478dba6777fb913d_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:9ff3fcb6301eee1f3d21573d10521983f90e83535f46e217fce43c937fa8bf1d_arm64 | — |
Workaround
|
Threats
Impact
Important
References
24 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "A new version of Red Hat build of Ceph Storage has been released",
"title": "Topic"
},
{
"category": "general",
"text": "The Red Hat Storage Ceph container images are based on the latest ubi9 base image and Ceph 8.1.\nThis release updates to the latest version.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:23227",
"url": "https://access.redhat.com/errata/RHSA-2025:23227"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-4598",
"url": "https://access.redhat.com/security/cve/CVE-2025-4598"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-59375",
"url": "https://access.redhat.com/security/cve/CVE-2025-59375"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-9714",
"url": "https://access.redhat.com/security/cve/CVE-2025-9714"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "external",
"summary": "https://docs.redhat.com/en/documentation/red_hat_ceph_storage/",
"url": "https://docs.redhat.com/en/documentation/red_hat_ceph_storage/"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_23227.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Ceph Storage",
"tracking": {
"current_release_date": "2026-06-04T17:50:00+00:00",
"generator": {
"date": "2026-06-04T17:50:00+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.1"
}
},
"id": "RHSA-2025:23227",
"initial_release_date": "2025-12-16T00:01:44+00:00",
"revision_history": [
{
"date": "2025-12-16T00:01:44+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-12-16T00:01:54+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-06-04T17:50:00+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Ceph Storage 8",
"product": {
"name": "Red Hat Ceph Storage 8",
"product_id": "Red Hat Ceph Storage 8",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:ceph_storage:8::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat Ceph Storage"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/rhceph/grafana-rhel9@sha256:79e38083033e50288fb6dd6ecca312217f0876b50d8131c7c4c77ecc647bb4af_s390x",
"product": {
"name": "registry.redhat.io/rhceph/grafana-rhel9@sha256:79e38083033e50288fb6dd6ecca312217f0876b50d8131c7c4c77ecc647bb4af_s390x",
"product_id": "registry.redhat.io/rhceph/grafana-rhel9@sha256:79e38083033e50288fb6dd6ecca312217f0876b50d8131c7c4c77ecc647bb4af_s390x",
"product_identification_helper": {
"purl": "pkg:oci/grafana-rhel9@sha256%3A79e38083033e50288fb6dd6ecca312217f0876b50d8131c7c4c77ecc647bb4af?arch=s390x\u0026repository_url=registry.redhat.io/rhceph"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:7e430d1c3a06d91113969a5e7bc9c0fd1f988a7cd5e1c3c1e71914487ecb3843_s390x",
"product": {
"name": "registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:7e430d1c3a06d91113969a5e7bc9c0fd1f988a7cd5e1c3c1e71914487ecb3843_s390x",
"product_id": "registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:7e430d1c3a06d91113969a5e7bc9c0fd1f988a7cd5e1c3c1e71914487ecb3843_s390x",
"product_identification_helper": {
"purl": "pkg:oci/rhceph-haproxy-rhel9@sha256%3A7e430d1c3a06d91113969a5e7bc9c0fd1f988a7cd5e1c3c1e71914487ecb3843?arch=s390x\u0026repository_url=registry.redhat.io/rhceph"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhceph/keepalived-rhel9@sha256:8745e83f9a273994364c65a2ab6082ab61a80af05c4e1c53d23e8733126ff93b_s390x",
"product": {
"name": "registry.redhat.io/rhceph/keepalived-rhel9@sha256:8745e83f9a273994364c65a2ab6082ab61a80af05c4e1c53d23e8733126ff93b_s390x",
"product_id": "registry.redhat.io/rhceph/keepalived-rhel9@sha256:8745e83f9a273994364c65a2ab6082ab61a80af05c4e1c53d23e8733126ff93b_s390x",
"product_identification_helper": {
"purl": "pkg:oci/keepalived-rhel9@sha256%3A8745e83f9a273994364c65a2ab6082ab61a80af05c4e1c53d23e8733126ff93b?arch=s390x\u0026repository_url=registry.redhat.io/rhceph"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:6d85a2952b9cb9f7ff6da582e52fd04956be649e635f5ebd3d4237ce113693e5_s390x",
"product": {
"name": "registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:6d85a2952b9cb9f7ff6da582e52fd04956be649e635f5ebd3d4237ce113693e5_s390x",
"product_id": "registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:6d85a2952b9cb9f7ff6da582e52fd04956be649e635f5ebd3d4237ce113693e5_s390x",
"product_identification_helper": {
"purl": "pkg:oci/rhceph-promtail-rhel9@sha256%3A6d85a2952b9cb9f7ff6da582e52fd04956be649e635f5ebd3d4237ce113693e5?arch=s390x\u0026repository_url=registry.redhat.io/rhceph"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:6e64e0e65a871117cff35f0eba405b311ac1d6ec3ccc2621d61d3811a873e0b4_s390x",
"product": {
"name": "registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:6e64e0e65a871117cff35f0eba405b311ac1d6ec3ccc2621d61d3811a873e0b4_s390x",
"product_id": "registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:6e64e0e65a871117cff35f0eba405b311ac1d6ec3ccc2621d61d3811a873e0b4_s390x",
"product_identification_helper": {
"purl": "pkg:oci/rhceph-8-rhel9@sha256%3A6e64e0e65a871117cff35f0eba405b311ac1d6ec3ccc2621d61d3811a873e0b4?arch=s390x\u0026repository_url=registry.redhat.io/rhceph"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:32c461ce7fc4516c540a53a2f551ae6fa2eccfebac5ce24f478dba6777fb913d_s390x",
"product": {
"name": "registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:32c461ce7fc4516c540a53a2f551ae6fa2eccfebac5ce24f478dba6777fb913d_s390x",
"product_id": "registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:32c461ce7fc4516c540a53a2f551ae6fa2eccfebac5ce24f478dba6777fb913d_s390x",
"product_identification_helper": {
"purl": "pkg:oci/snmp-notifier-rhel9@sha256%3A32c461ce7fc4516c540a53a2f551ae6fa2eccfebac5ce24f478dba6777fb913d?arch=s390x\u0026repository_url=registry.redhat.io/rhceph"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/rhceph/grafana-rhel9@sha256:d0c3f7c75a0ebda0ce2955a0c309e3dd55384008eb0bf4bc003cab0277109116_amd64",
"product": {
"name": "registry.redhat.io/rhceph/grafana-rhel9@sha256:d0c3f7c75a0ebda0ce2955a0c309e3dd55384008eb0bf4bc003cab0277109116_amd64",
"product_id": "registry.redhat.io/rhceph/grafana-rhel9@sha256:d0c3f7c75a0ebda0ce2955a0c309e3dd55384008eb0bf4bc003cab0277109116_amd64",
"product_identification_helper": {
"purl": "pkg:oci/grafana-rhel9@sha256%3Ad0c3f7c75a0ebda0ce2955a0c309e3dd55384008eb0bf4bc003cab0277109116?arch=amd64\u0026repository_url=registry.redhat.io/rhceph"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:406c4983912bdf9bc780d331e769dd8ee0257905ac2fd172483d930852a4a5ae_amd64",
"product": {
"name": "registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:406c4983912bdf9bc780d331e769dd8ee0257905ac2fd172483d930852a4a5ae_amd64",
"product_id": "registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:406c4983912bdf9bc780d331e769dd8ee0257905ac2fd172483d930852a4a5ae_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhceph-haproxy-rhel9@sha256%3A406c4983912bdf9bc780d331e769dd8ee0257905ac2fd172483d930852a4a5ae?arch=amd64\u0026repository_url=registry.redhat.io/rhceph"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhceph/keepalived-rhel9@sha256:02292547622e11d0c94aca81752cc42129f8083cc2ae6e11ade8d1a5d604f278_amd64",
"product": {
"name": "registry.redhat.io/rhceph/keepalived-rhel9@sha256:02292547622e11d0c94aca81752cc42129f8083cc2ae6e11ade8d1a5d604f278_amd64",
"product_id": "registry.redhat.io/rhceph/keepalived-rhel9@sha256:02292547622e11d0c94aca81752cc42129f8083cc2ae6e11ade8d1a5d604f278_amd64",
"product_identification_helper": {
"purl": "pkg:oci/keepalived-rhel9@sha256%3A02292547622e11d0c94aca81752cc42129f8083cc2ae6e11ade8d1a5d604f278?arch=amd64\u0026repository_url=registry.redhat.io/rhceph"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:c484d4cbc9e5f07741a8db0f99c339e9179bf2e9a0bb9c923c91dcad39fc45d7_amd64",
"product": {
"name": "registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:c484d4cbc9e5f07741a8db0f99c339e9179bf2e9a0bb9c923c91dcad39fc45d7_amd64",
"product_id": "registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:c484d4cbc9e5f07741a8db0f99c339e9179bf2e9a0bb9c923c91dcad39fc45d7_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhceph-promtail-rhel9@sha256%3Ac484d4cbc9e5f07741a8db0f99c339e9179bf2e9a0bb9c923c91dcad39fc45d7?arch=amd64\u0026repository_url=registry.redhat.io/rhceph"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:b09eb0a1d99e655de562919ded095bbb5dc65961e341a54ea59ad99b55ca9b1b_amd64",
"product": {
"name": "registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:b09eb0a1d99e655de562919ded095bbb5dc65961e341a54ea59ad99b55ca9b1b_amd64",
"product_id": "registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:b09eb0a1d99e655de562919ded095bbb5dc65961e341a54ea59ad99b55ca9b1b_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhceph-8-rhel9@sha256%3Ab09eb0a1d99e655de562919ded095bbb5dc65961e341a54ea59ad99b55ca9b1b?arch=amd64\u0026repository_url=registry.redhat.io/rhceph"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:0ec530e79c8620d187afcbeac1ecf3780f3322c9b7500d0ab4d27f1df6b9ed18_amd64",
"product": {
"name": "registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:0ec530e79c8620d187afcbeac1ecf3780f3322c9b7500d0ab4d27f1df6b9ed18_amd64",
"product_id": "registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:0ec530e79c8620d187afcbeac1ecf3780f3322c9b7500d0ab4d27f1df6b9ed18_amd64",
"product_identification_helper": {
"purl": "pkg:oci/snmp-notifier-rhel9@sha256%3A0ec530e79c8620d187afcbeac1ecf3780f3322c9b7500d0ab4d27f1df6b9ed18?arch=amd64\u0026repository_url=registry.redhat.io/rhceph"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/rhceph/grafana-rhel9@sha256:ac21a72147ce641191ac615abc8961e7df3055c99a44fabeb41da2934df19c01_arm64",
"product": {
"name": "registry.redhat.io/rhceph/grafana-rhel9@sha256:ac21a72147ce641191ac615abc8961e7df3055c99a44fabeb41da2934df19c01_arm64",
"product_id": "registry.redhat.io/rhceph/grafana-rhel9@sha256:ac21a72147ce641191ac615abc8961e7df3055c99a44fabeb41da2934df19c01_arm64",
"product_identification_helper": {
"purl": "pkg:oci/grafana-rhel9@sha256%3Aac21a72147ce641191ac615abc8961e7df3055c99a44fabeb41da2934df19c01?arch=arm64\u0026repository_url=registry.redhat.io/rhceph"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:7351e8e9218e7b8f6e8d650d2ff67c47973c8ee5f9b517aa8c11b6d0e15fe4b7_arm64",
"product": {
"name": "registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:7351e8e9218e7b8f6e8d650d2ff67c47973c8ee5f9b517aa8c11b6d0e15fe4b7_arm64",
"product_id": "registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:7351e8e9218e7b8f6e8d650d2ff67c47973c8ee5f9b517aa8c11b6d0e15fe4b7_arm64",
"product_identification_helper": {
"purl": "pkg:oci/rhceph-haproxy-rhel9@sha256%3A7351e8e9218e7b8f6e8d650d2ff67c47973c8ee5f9b517aa8c11b6d0e15fe4b7?arch=arm64\u0026repository_url=registry.redhat.io/rhceph"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhceph/keepalived-rhel9@sha256:cec72610bc57414cba82f7089059af4408d7c51022c15bd0214e03a1c313e950_arm64",
"product": {
"name": "registry.redhat.io/rhceph/keepalived-rhel9@sha256:cec72610bc57414cba82f7089059af4408d7c51022c15bd0214e03a1c313e950_arm64",
"product_id": "registry.redhat.io/rhceph/keepalived-rhel9@sha256:cec72610bc57414cba82f7089059af4408d7c51022c15bd0214e03a1c313e950_arm64",
"product_identification_helper": {
"purl": "pkg:oci/keepalived-rhel9@sha256%3Acec72610bc57414cba82f7089059af4408d7c51022c15bd0214e03a1c313e950?arch=arm64\u0026repository_url=registry.redhat.io/rhceph"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:e2c2f26eac8dcfe65708cdef57188787a068ca5d40941ed1a3efef2ccd0ca8be_arm64",
"product": {
"name": "registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:e2c2f26eac8dcfe65708cdef57188787a068ca5d40941ed1a3efef2ccd0ca8be_arm64",
"product_id": "registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:e2c2f26eac8dcfe65708cdef57188787a068ca5d40941ed1a3efef2ccd0ca8be_arm64",
"product_identification_helper": {
"purl": "pkg:oci/rhceph-promtail-rhel9@sha256%3Ae2c2f26eac8dcfe65708cdef57188787a068ca5d40941ed1a3efef2ccd0ca8be?arch=arm64\u0026repository_url=registry.redhat.io/rhceph"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:c95ae228c11ea94b9c111d80df530af10f4a0d9198ccdf03b3685b9413b96fa8_arm64",
"product": {
"name": "registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:c95ae228c11ea94b9c111d80df530af10f4a0d9198ccdf03b3685b9413b96fa8_arm64",
"product_id": "registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:c95ae228c11ea94b9c111d80df530af10f4a0d9198ccdf03b3685b9413b96fa8_arm64",
"product_identification_helper": {
"purl": "pkg:oci/rhceph-8-rhel9@sha256%3Ac95ae228c11ea94b9c111d80df530af10f4a0d9198ccdf03b3685b9413b96fa8?arch=arm64\u0026repository_url=registry.redhat.io/rhceph"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:9ff3fcb6301eee1f3d21573d10521983f90e83535f46e217fce43c937fa8bf1d_arm64",
"product": {
"name": "registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:9ff3fcb6301eee1f3d21573d10521983f90e83535f46e217fce43c937fa8bf1d_arm64",
"product_id": "registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:9ff3fcb6301eee1f3d21573d10521983f90e83535f46e217fce43c937fa8bf1d_arm64",
"product_identification_helper": {
"purl": "pkg:oci/snmp-notifier-rhel9@sha256%3A9ff3fcb6301eee1f3d21573d10521983f90e83535f46e217fce43c937fa8bf1d?arch=arm64\u0026repository_url=registry.redhat.io/rhceph"
}
}
}
],
"category": "architecture",
"name": "arm64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/rhceph/grafana-rhel9@sha256:d69c42d3d38233336baff3ba13df429d68ac6a3a17ba1f4a170e2d1188c2e713_ppc64le",
"product": {
"name": "registry.redhat.io/rhceph/grafana-rhel9@sha256:d69c42d3d38233336baff3ba13df429d68ac6a3a17ba1f4a170e2d1188c2e713_ppc64le",
"product_id": "registry.redhat.io/rhceph/grafana-rhel9@sha256:d69c42d3d38233336baff3ba13df429d68ac6a3a17ba1f4a170e2d1188c2e713_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/grafana-rhel9@sha256%3Ad69c42d3d38233336baff3ba13df429d68ac6a3a17ba1f4a170e2d1188c2e713?arch=ppc64le\u0026repository_url=registry.redhat.io/rhceph"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:3fec552f78ea9f55542c03b2f33c6570fb8c5797c3e451e094a8c738fd36b770_ppc64le",
"product": {
"name": "registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:3fec552f78ea9f55542c03b2f33c6570fb8c5797c3e451e094a8c738fd36b770_ppc64le",
"product_id": "registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:3fec552f78ea9f55542c03b2f33c6570fb8c5797c3e451e094a8c738fd36b770_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/rhceph-haproxy-rhel9@sha256%3A3fec552f78ea9f55542c03b2f33c6570fb8c5797c3e451e094a8c738fd36b770?arch=ppc64le\u0026repository_url=registry.redhat.io/rhceph"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhceph/keepalived-rhel9@sha256:a5d8d89e337645107c9b417ebf2d53424f3c2a0d5815f28ad417c1956e50a4da_ppc64le",
"product": {
"name": "registry.redhat.io/rhceph/keepalived-rhel9@sha256:a5d8d89e337645107c9b417ebf2d53424f3c2a0d5815f28ad417c1956e50a4da_ppc64le",
"product_id": "registry.redhat.io/rhceph/keepalived-rhel9@sha256:a5d8d89e337645107c9b417ebf2d53424f3c2a0d5815f28ad417c1956e50a4da_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/keepalived-rhel9@sha256%3Aa5d8d89e337645107c9b417ebf2d53424f3c2a0d5815f28ad417c1956e50a4da?arch=ppc64le\u0026repository_url=registry.redhat.io/rhceph"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:cbe4b44f0d233c50d0ce1521930904da6a69544515892fd127bec07fc880d0d3_ppc64le",
"product": {
"name": "registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:cbe4b44f0d233c50d0ce1521930904da6a69544515892fd127bec07fc880d0d3_ppc64le",
"product_id": "registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:cbe4b44f0d233c50d0ce1521930904da6a69544515892fd127bec07fc880d0d3_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/rhceph-promtail-rhel9@sha256%3Acbe4b44f0d233c50d0ce1521930904da6a69544515892fd127bec07fc880d0d3?arch=ppc64le\u0026repository_url=registry.redhat.io/rhceph"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:a05f9ecd070a8a1ac7c8ba56d5551642f81d275f54f0af45e0ecb6e46103d4f8_ppc64le",
"product": {
"name": "registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:a05f9ecd070a8a1ac7c8ba56d5551642f81d275f54f0af45e0ecb6e46103d4f8_ppc64le",
"product_id": "registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:a05f9ecd070a8a1ac7c8ba56d5551642f81d275f54f0af45e0ecb6e46103d4f8_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/rhceph-8-rhel9@sha256%3Aa05f9ecd070a8a1ac7c8ba56d5551642f81d275f54f0af45e0ecb6e46103d4f8?arch=ppc64le\u0026repository_url=registry.redhat.io/rhceph"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:1355bc1d05962b49c060ab216ef71e8576a85748aa0847980a9e22d3a8124dea_ppc64le",
"product": {
"name": "registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:1355bc1d05962b49c060ab216ef71e8576a85748aa0847980a9e22d3a8124dea_ppc64le",
"product_id": "registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:1355bc1d05962b49c060ab216ef71e8576a85748aa0847980a9e22d3a8124dea_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/snmp-notifier-rhel9@sha256%3A1355bc1d05962b49c060ab216ef71e8576a85748aa0847980a9e22d3a8124dea?arch=ppc64le\u0026repository_url=registry.redhat.io/rhceph"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhceph/grafana-rhel9@sha256:79e38083033e50288fb6dd6ecca312217f0876b50d8131c7c4c77ecc647bb4af_s390x as a component of Red Hat Ceph Storage 8",
"product_id": "Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:79e38083033e50288fb6dd6ecca312217f0876b50d8131c7c4c77ecc647bb4af_s390x"
},
"product_reference": "registry.redhat.io/rhceph/grafana-rhel9@sha256:79e38083033e50288fb6dd6ecca312217f0876b50d8131c7c4c77ecc647bb4af_s390x",
"relates_to_product_reference": "Red Hat Ceph Storage 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhceph/grafana-rhel9@sha256:ac21a72147ce641191ac615abc8961e7df3055c99a44fabeb41da2934df19c01_arm64 as a component of Red Hat Ceph Storage 8",
"product_id": "Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:ac21a72147ce641191ac615abc8961e7df3055c99a44fabeb41da2934df19c01_arm64"
},
"product_reference": "registry.redhat.io/rhceph/grafana-rhel9@sha256:ac21a72147ce641191ac615abc8961e7df3055c99a44fabeb41da2934df19c01_arm64",
"relates_to_product_reference": "Red Hat Ceph Storage 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhceph/grafana-rhel9@sha256:d0c3f7c75a0ebda0ce2955a0c309e3dd55384008eb0bf4bc003cab0277109116_amd64 as a component of Red Hat Ceph Storage 8",
"product_id": "Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:d0c3f7c75a0ebda0ce2955a0c309e3dd55384008eb0bf4bc003cab0277109116_amd64"
},
"product_reference": "registry.redhat.io/rhceph/grafana-rhel9@sha256:d0c3f7c75a0ebda0ce2955a0c309e3dd55384008eb0bf4bc003cab0277109116_amd64",
"relates_to_product_reference": "Red Hat Ceph Storage 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhceph/grafana-rhel9@sha256:d69c42d3d38233336baff3ba13df429d68ac6a3a17ba1f4a170e2d1188c2e713_ppc64le as a component of Red Hat Ceph Storage 8",
"product_id": "Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:d69c42d3d38233336baff3ba13df429d68ac6a3a17ba1f4a170e2d1188c2e713_ppc64le"
},
"product_reference": "registry.redhat.io/rhceph/grafana-rhel9@sha256:d69c42d3d38233336baff3ba13df429d68ac6a3a17ba1f4a170e2d1188c2e713_ppc64le",
"relates_to_product_reference": "Red Hat Ceph Storage 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhceph/keepalived-rhel9@sha256:02292547622e11d0c94aca81752cc42129f8083cc2ae6e11ade8d1a5d604f278_amd64 as a component of Red Hat Ceph Storage 8",
"product_id": "Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:02292547622e11d0c94aca81752cc42129f8083cc2ae6e11ade8d1a5d604f278_amd64"
},
"product_reference": "registry.redhat.io/rhceph/keepalived-rhel9@sha256:02292547622e11d0c94aca81752cc42129f8083cc2ae6e11ade8d1a5d604f278_amd64",
"relates_to_product_reference": "Red Hat Ceph Storage 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhceph/keepalived-rhel9@sha256:8745e83f9a273994364c65a2ab6082ab61a80af05c4e1c53d23e8733126ff93b_s390x as a component of Red Hat Ceph Storage 8",
"product_id": "Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:8745e83f9a273994364c65a2ab6082ab61a80af05c4e1c53d23e8733126ff93b_s390x"
},
"product_reference": "registry.redhat.io/rhceph/keepalived-rhel9@sha256:8745e83f9a273994364c65a2ab6082ab61a80af05c4e1c53d23e8733126ff93b_s390x",
"relates_to_product_reference": "Red Hat Ceph Storage 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhceph/keepalived-rhel9@sha256:a5d8d89e337645107c9b417ebf2d53424f3c2a0d5815f28ad417c1956e50a4da_ppc64le as a component of Red Hat Ceph Storage 8",
"product_id": "Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:a5d8d89e337645107c9b417ebf2d53424f3c2a0d5815f28ad417c1956e50a4da_ppc64le"
},
"product_reference": "registry.redhat.io/rhceph/keepalived-rhel9@sha256:a5d8d89e337645107c9b417ebf2d53424f3c2a0d5815f28ad417c1956e50a4da_ppc64le",
"relates_to_product_reference": "Red Hat Ceph Storage 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhceph/keepalived-rhel9@sha256:cec72610bc57414cba82f7089059af4408d7c51022c15bd0214e03a1c313e950_arm64 as a component of Red Hat Ceph Storage 8",
"product_id": "Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:cec72610bc57414cba82f7089059af4408d7c51022c15bd0214e03a1c313e950_arm64"
},
"product_reference": "registry.redhat.io/rhceph/keepalived-rhel9@sha256:cec72610bc57414cba82f7089059af4408d7c51022c15bd0214e03a1c313e950_arm64",
"relates_to_product_reference": "Red Hat Ceph Storage 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:6e64e0e65a871117cff35f0eba405b311ac1d6ec3ccc2621d61d3811a873e0b4_s390x as a component of Red Hat Ceph Storage 8",
"product_id": "Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:6e64e0e65a871117cff35f0eba405b311ac1d6ec3ccc2621d61d3811a873e0b4_s390x"
},
"product_reference": "registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:6e64e0e65a871117cff35f0eba405b311ac1d6ec3ccc2621d61d3811a873e0b4_s390x",
"relates_to_product_reference": "Red Hat Ceph Storage 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:a05f9ecd070a8a1ac7c8ba56d5551642f81d275f54f0af45e0ecb6e46103d4f8_ppc64le as a component of Red Hat Ceph Storage 8",
"product_id": "Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:a05f9ecd070a8a1ac7c8ba56d5551642f81d275f54f0af45e0ecb6e46103d4f8_ppc64le"
},
"product_reference": "registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:a05f9ecd070a8a1ac7c8ba56d5551642f81d275f54f0af45e0ecb6e46103d4f8_ppc64le",
"relates_to_product_reference": "Red Hat Ceph Storage 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:b09eb0a1d99e655de562919ded095bbb5dc65961e341a54ea59ad99b55ca9b1b_amd64 as a component of Red Hat Ceph Storage 8",
"product_id": "Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:b09eb0a1d99e655de562919ded095bbb5dc65961e341a54ea59ad99b55ca9b1b_amd64"
},
"product_reference": "registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:b09eb0a1d99e655de562919ded095bbb5dc65961e341a54ea59ad99b55ca9b1b_amd64",
"relates_to_product_reference": "Red Hat Ceph Storage 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:c95ae228c11ea94b9c111d80df530af10f4a0d9198ccdf03b3685b9413b96fa8_arm64 as a component of Red Hat Ceph Storage 8",
"product_id": "Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:c95ae228c11ea94b9c111d80df530af10f4a0d9198ccdf03b3685b9413b96fa8_arm64"
},
"product_reference": "registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:c95ae228c11ea94b9c111d80df530af10f4a0d9198ccdf03b3685b9413b96fa8_arm64",
"relates_to_product_reference": "Red Hat Ceph Storage 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:3fec552f78ea9f55542c03b2f33c6570fb8c5797c3e451e094a8c738fd36b770_ppc64le as a component of Red Hat Ceph Storage 8",
"product_id": "Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:3fec552f78ea9f55542c03b2f33c6570fb8c5797c3e451e094a8c738fd36b770_ppc64le"
},
"product_reference": "registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:3fec552f78ea9f55542c03b2f33c6570fb8c5797c3e451e094a8c738fd36b770_ppc64le",
"relates_to_product_reference": "Red Hat Ceph Storage 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:406c4983912bdf9bc780d331e769dd8ee0257905ac2fd172483d930852a4a5ae_amd64 as a component of Red Hat Ceph Storage 8",
"product_id": "Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:406c4983912bdf9bc780d331e769dd8ee0257905ac2fd172483d930852a4a5ae_amd64"
},
"product_reference": "registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:406c4983912bdf9bc780d331e769dd8ee0257905ac2fd172483d930852a4a5ae_amd64",
"relates_to_product_reference": "Red Hat Ceph Storage 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:7351e8e9218e7b8f6e8d650d2ff67c47973c8ee5f9b517aa8c11b6d0e15fe4b7_arm64 as a component of Red Hat Ceph Storage 8",
"product_id": "Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:7351e8e9218e7b8f6e8d650d2ff67c47973c8ee5f9b517aa8c11b6d0e15fe4b7_arm64"
},
"product_reference": "registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:7351e8e9218e7b8f6e8d650d2ff67c47973c8ee5f9b517aa8c11b6d0e15fe4b7_arm64",
"relates_to_product_reference": "Red Hat Ceph Storage 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:7e430d1c3a06d91113969a5e7bc9c0fd1f988a7cd5e1c3c1e71914487ecb3843_s390x as a component of Red Hat Ceph Storage 8",
"product_id": "Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:7e430d1c3a06d91113969a5e7bc9c0fd1f988a7cd5e1c3c1e71914487ecb3843_s390x"
},
"product_reference": "registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:7e430d1c3a06d91113969a5e7bc9c0fd1f988a7cd5e1c3c1e71914487ecb3843_s390x",
"relates_to_product_reference": "Red Hat Ceph Storage 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:6d85a2952b9cb9f7ff6da582e52fd04956be649e635f5ebd3d4237ce113693e5_s390x as a component of Red Hat Ceph Storage 8",
"product_id": "Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:6d85a2952b9cb9f7ff6da582e52fd04956be649e635f5ebd3d4237ce113693e5_s390x"
},
"product_reference": "registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:6d85a2952b9cb9f7ff6da582e52fd04956be649e635f5ebd3d4237ce113693e5_s390x",
"relates_to_product_reference": "Red Hat Ceph Storage 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:c484d4cbc9e5f07741a8db0f99c339e9179bf2e9a0bb9c923c91dcad39fc45d7_amd64 as a component of Red Hat Ceph Storage 8",
"product_id": "Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:c484d4cbc9e5f07741a8db0f99c339e9179bf2e9a0bb9c923c91dcad39fc45d7_amd64"
},
"product_reference": "registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:c484d4cbc9e5f07741a8db0f99c339e9179bf2e9a0bb9c923c91dcad39fc45d7_amd64",
"relates_to_product_reference": "Red Hat Ceph Storage 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:cbe4b44f0d233c50d0ce1521930904da6a69544515892fd127bec07fc880d0d3_ppc64le as a component of Red Hat Ceph Storage 8",
"product_id": "Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:cbe4b44f0d233c50d0ce1521930904da6a69544515892fd127bec07fc880d0d3_ppc64le"
},
"product_reference": "registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:cbe4b44f0d233c50d0ce1521930904da6a69544515892fd127bec07fc880d0d3_ppc64le",
"relates_to_product_reference": "Red Hat Ceph Storage 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:e2c2f26eac8dcfe65708cdef57188787a068ca5d40941ed1a3efef2ccd0ca8be_arm64 as a component of Red Hat Ceph Storage 8",
"product_id": "Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:e2c2f26eac8dcfe65708cdef57188787a068ca5d40941ed1a3efef2ccd0ca8be_arm64"
},
"product_reference": "registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:e2c2f26eac8dcfe65708cdef57188787a068ca5d40941ed1a3efef2ccd0ca8be_arm64",
"relates_to_product_reference": "Red Hat Ceph Storage 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:0ec530e79c8620d187afcbeac1ecf3780f3322c9b7500d0ab4d27f1df6b9ed18_amd64 as a component of Red Hat Ceph Storage 8",
"product_id": "Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:0ec530e79c8620d187afcbeac1ecf3780f3322c9b7500d0ab4d27f1df6b9ed18_amd64"
},
"product_reference": "registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:0ec530e79c8620d187afcbeac1ecf3780f3322c9b7500d0ab4d27f1df6b9ed18_amd64",
"relates_to_product_reference": "Red Hat Ceph Storage 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:1355bc1d05962b49c060ab216ef71e8576a85748aa0847980a9e22d3a8124dea_ppc64le as a component of Red Hat Ceph Storage 8",
"product_id": "Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:1355bc1d05962b49c060ab216ef71e8576a85748aa0847980a9e22d3a8124dea_ppc64le"
},
"product_reference": "registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:1355bc1d05962b49c060ab216ef71e8576a85748aa0847980a9e22d3a8124dea_ppc64le",
"relates_to_product_reference": "Red Hat Ceph Storage 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:32c461ce7fc4516c540a53a2f551ae6fa2eccfebac5ce24f478dba6777fb913d_s390x as a component of Red Hat Ceph Storage 8",
"product_id": "Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:32c461ce7fc4516c540a53a2f551ae6fa2eccfebac5ce24f478dba6777fb913d_s390x"
},
"product_reference": "registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:32c461ce7fc4516c540a53a2f551ae6fa2eccfebac5ce24f478dba6777fb913d_s390x",
"relates_to_product_reference": "Red Hat Ceph Storage 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:9ff3fcb6301eee1f3d21573d10521983f90e83535f46e217fce43c937fa8bf1d_arm64 as a component of Red Hat Ceph Storage 8",
"product_id": "Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:9ff3fcb6301eee1f3d21573d10521983f90e83535f46e217fce43c937fa8bf1d_arm64"
},
"product_reference": "registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:9ff3fcb6301eee1f3d21573d10521983f90e83535f46e217fce43c937fa8bf1d_arm64",
"relates_to_product_reference": "Red Hat Ceph Storage 8"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-4598",
"cwe": {
"id": "CWE-364",
"name": "Signal Handler Race Condition"
},
"discovery_date": "2025-05-29T19:04:54.578000+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:79e38083033e50288fb6dd6ecca312217f0876b50d8131c7c4c77ecc647bb4af_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:ac21a72147ce641191ac615abc8961e7df3055c99a44fabeb41da2934df19c01_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:d0c3f7c75a0ebda0ce2955a0c309e3dd55384008eb0bf4bc003cab0277109116_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:d69c42d3d38233336baff3ba13df429d68ac6a3a17ba1f4a170e2d1188c2e713_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:02292547622e11d0c94aca81752cc42129f8083cc2ae6e11ade8d1a5d604f278_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:8745e83f9a273994364c65a2ab6082ab61a80af05c4e1c53d23e8733126ff93b_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:a5d8d89e337645107c9b417ebf2d53424f3c2a0d5815f28ad417c1956e50a4da_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:cec72610bc57414cba82f7089059af4408d7c51022c15bd0214e03a1c313e950_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:3fec552f78ea9f55542c03b2f33c6570fb8c5797c3e451e094a8c738fd36b770_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:406c4983912bdf9bc780d331e769dd8ee0257905ac2fd172483d930852a4a5ae_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:7351e8e9218e7b8f6e8d650d2ff67c47973c8ee5f9b517aa8c11b6d0e15fe4b7_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:7e430d1c3a06d91113969a5e7bc9c0fd1f988a7cd5e1c3c1e71914487ecb3843_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:6d85a2952b9cb9f7ff6da582e52fd04956be649e635f5ebd3d4237ce113693e5_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:c484d4cbc9e5f07741a8db0f99c339e9179bf2e9a0bb9c923c91dcad39fc45d7_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:cbe4b44f0d233c50d0ce1521930904da6a69544515892fd127bec07fc880d0d3_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:e2c2f26eac8dcfe65708cdef57188787a068ca5d40941ed1a3efef2ccd0ca8be_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:0ec530e79c8620d187afcbeac1ecf3780f3322c9b7500d0ab4d27f1df6b9ed18_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:1355bc1d05962b49c060ab216ef71e8576a85748aa0847980a9e22d3a8124dea_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:32c461ce7fc4516c540a53a2f551ae6fa2eccfebac5ce24f478dba6777fb913d_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:9ff3fcb6301eee1f3d21573d10521983f90e83535f46e217fce43c937fa8bf1d_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2369242"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original\u0027s privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process.\n\nA SUID binary or process has a special type of permission, which allows the process to run with the file owner\u0027s permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original\u0027s SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "systemd-coredump: race condition that allows a local attacker to crash a SUID program and gain read access to the resulting core dump",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw was rated as having a severity of Moderate due to the complexity to exploit this flaw. The attacker needs to setup a way to win the race condition and have an unprivileged local account to successfully exploit this vulnerability.\n\nBy default Red Hat Enterprise Linux 8 doesn\u0027t allow systemd-coredump to create dumps of SUID programs as the /proc/sys/fs/suid_dumpable is set to 0, disabling by default this capability.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:6e64e0e65a871117cff35f0eba405b311ac1d6ec3ccc2621d61d3811a873e0b4_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:a05f9ecd070a8a1ac7c8ba56d5551642f81d275f54f0af45e0ecb6e46103d4f8_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:b09eb0a1d99e655de562919ded095bbb5dc65961e341a54ea59ad99b55ca9b1b_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:c95ae228c11ea94b9c111d80df530af10f4a0d9198ccdf03b3685b9413b96fa8_arm64"
],
"known_not_affected": [
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:79e38083033e50288fb6dd6ecca312217f0876b50d8131c7c4c77ecc647bb4af_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:ac21a72147ce641191ac615abc8961e7df3055c99a44fabeb41da2934df19c01_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:d0c3f7c75a0ebda0ce2955a0c309e3dd55384008eb0bf4bc003cab0277109116_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:d69c42d3d38233336baff3ba13df429d68ac6a3a17ba1f4a170e2d1188c2e713_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:02292547622e11d0c94aca81752cc42129f8083cc2ae6e11ade8d1a5d604f278_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:8745e83f9a273994364c65a2ab6082ab61a80af05c4e1c53d23e8733126ff93b_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:a5d8d89e337645107c9b417ebf2d53424f3c2a0d5815f28ad417c1956e50a4da_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:cec72610bc57414cba82f7089059af4408d7c51022c15bd0214e03a1c313e950_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:3fec552f78ea9f55542c03b2f33c6570fb8c5797c3e451e094a8c738fd36b770_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:406c4983912bdf9bc780d331e769dd8ee0257905ac2fd172483d930852a4a5ae_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:7351e8e9218e7b8f6e8d650d2ff67c47973c8ee5f9b517aa8c11b6d0e15fe4b7_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:7e430d1c3a06d91113969a5e7bc9c0fd1f988a7cd5e1c3c1e71914487ecb3843_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:6d85a2952b9cb9f7ff6da582e52fd04956be649e635f5ebd3d4237ce113693e5_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:c484d4cbc9e5f07741a8db0f99c339e9179bf2e9a0bb9c923c91dcad39fc45d7_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:cbe4b44f0d233c50d0ce1521930904da6a69544515892fd127bec07fc880d0d3_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:e2c2f26eac8dcfe65708cdef57188787a068ca5d40941ed1a3efef2ccd0ca8be_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:0ec530e79c8620d187afcbeac1ecf3780f3322c9b7500d0ab4d27f1df6b9ed18_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:1355bc1d05962b49c060ab216ef71e8576a85748aa0847980a9e22d3a8124dea_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:32c461ce7fc4516c540a53a2f551ae6fa2eccfebac5ce24f478dba6777fb913d_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:9ff3fcb6301eee1f3d21573d10521983f90e83535f46e217fce43c937fa8bf1d_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-4598"
},
{
"category": "external",
"summary": "RHBZ#2369242",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2369242"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-4598",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4598"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-4598",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-4598"
},
{
"category": "external",
"summary": "https://www.openwall.com/lists/oss-security/2025/05/29/3",
"url": "https://www.openwall.com/lists/oss-security/2025/05/29/3"
}
],
"release_date": "2025-05-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-12-16T00:01:44+00:00",
"details": "The container images provided by this update can be downloaded from the\nRed Hat container registry at registry.redhat.io using the \"podman pull\" command.",
"product_ids": [
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:6e64e0e65a871117cff35f0eba405b311ac1d6ec3ccc2621d61d3811a873e0b4_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:a05f9ecd070a8a1ac7c8ba56d5551642f81d275f54f0af45e0ecb6e46103d4f8_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:b09eb0a1d99e655de562919ded095bbb5dc65961e341a54ea59ad99b55ca9b1b_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:c95ae228c11ea94b9c111d80df530af10f4a0d9198ccdf03b3685b9413b96fa8_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:23227"
},
{
"category": "workaround",
"details": "This issue can be mitigated by disabling the capability of the system to generate a coredump for SUID binaries. The perform that, the following command can be ran as `root` user:\n\n~~~\necho 0 \u003e /proc/sys/fs/suid_dumpable\n~~~\n\nWhile this mitigates this vulnerability while it\u0027s not possible to update the systemd package, it disables the capability of analyzing crashes for such binaries.",
"product_ids": [
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:79e38083033e50288fb6dd6ecca312217f0876b50d8131c7c4c77ecc647bb4af_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:ac21a72147ce641191ac615abc8961e7df3055c99a44fabeb41da2934df19c01_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:d0c3f7c75a0ebda0ce2955a0c309e3dd55384008eb0bf4bc003cab0277109116_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:d69c42d3d38233336baff3ba13df429d68ac6a3a17ba1f4a170e2d1188c2e713_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:02292547622e11d0c94aca81752cc42129f8083cc2ae6e11ade8d1a5d604f278_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:8745e83f9a273994364c65a2ab6082ab61a80af05c4e1c53d23e8733126ff93b_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:a5d8d89e337645107c9b417ebf2d53424f3c2a0d5815f28ad417c1956e50a4da_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:cec72610bc57414cba82f7089059af4408d7c51022c15bd0214e03a1c313e950_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:6e64e0e65a871117cff35f0eba405b311ac1d6ec3ccc2621d61d3811a873e0b4_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:a05f9ecd070a8a1ac7c8ba56d5551642f81d275f54f0af45e0ecb6e46103d4f8_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:b09eb0a1d99e655de562919ded095bbb5dc65961e341a54ea59ad99b55ca9b1b_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:c95ae228c11ea94b9c111d80df530af10f4a0d9198ccdf03b3685b9413b96fa8_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:3fec552f78ea9f55542c03b2f33c6570fb8c5797c3e451e094a8c738fd36b770_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:406c4983912bdf9bc780d331e769dd8ee0257905ac2fd172483d930852a4a5ae_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:7351e8e9218e7b8f6e8d650d2ff67c47973c8ee5f9b517aa8c11b6d0e15fe4b7_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:7e430d1c3a06d91113969a5e7bc9c0fd1f988a7cd5e1c3c1e71914487ecb3843_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:6d85a2952b9cb9f7ff6da582e52fd04956be649e635f5ebd3d4237ce113693e5_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:c484d4cbc9e5f07741a8db0f99c339e9179bf2e9a0bb9c923c91dcad39fc45d7_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:cbe4b44f0d233c50d0ce1521930904da6a69544515892fd127bec07fc880d0d3_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:e2c2f26eac8dcfe65708cdef57188787a068ca5d40941ed1a3efef2ccd0ca8be_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:0ec530e79c8620d187afcbeac1ecf3780f3322c9b7500d0ab4d27f1df6b9ed18_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:1355bc1d05962b49c060ab216ef71e8576a85748aa0847980a9e22d3a8124dea_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:32c461ce7fc4516c540a53a2f551ae6fa2eccfebac5ce24f478dba6777fb913d_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:9ff3fcb6301eee1f3d21573d10521983f90e83535f46e217fce43c937fa8bf1d_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:79e38083033e50288fb6dd6ecca312217f0876b50d8131c7c4c77ecc647bb4af_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:ac21a72147ce641191ac615abc8961e7df3055c99a44fabeb41da2934df19c01_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:d0c3f7c75a0ebda0ce2955a0c309e3dd55384008eb0bf4bc003cab0277109116_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:d69c42d3d38233336baff3ba13df429d68ac6a3a17ba1f4a170e2d1188c2e713_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:02292547622e11d0c94aca81752cc42129f8083cc2ae6e11ade8d1a5d604f278_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:8745e83f9a273994364c65a2ab6082ab61a80af05c4e1c53d23e8733126ff93b_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:a5d8d89e337645107c9b417ebf2d53424f3c2a0d5815f28ad417c1956e50a4da_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:cec72610bc57414cba82f7089059af4408d7c51022c15bd0214e03a1c313e950_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:6e64e0e65a871117cff35f0eba405b311ac1d6ec3ccc2621d61d3811a873e0b4_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:a05f9ecd070a8a1ac7c8ba56d5551642f81d275f54f0af45e0ecb6e46103d4f8_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:b09eb0a1d99e655de562919ded095bbb5dc65961e341a54ea59ad99b55ca9b1b_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:c95ae228c11ea94b9c111d80df530af10f4a0d9198ccdf03b3685b9413b96fa8_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:3fec552f78ea9f55542c03b2f33c6570fb8c5797c3e451e094a8c738fd36b770_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:406c4983912bdf9bc780d331e769dd8ee0257905ac2fd172483d930852a4a5ae_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:7351e8e9218e7b8f6e8d650d2ff67c47973c8ee5f9b517aa8c11b6d0e15fe4b7_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:7e430d1c3a06d91113969a5e7bc9c0fd1f988a7cd5e1c3c1e71914487ecb3843_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:6d85a2952b9cb9f7ff6da582e52fd04956be649e635f5ebd3d4237ce113693e5_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:c484d4cbc9e5f07741a8db0f99c339e9179bf2e9a0bb9c923c91dcad39fc45d7_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:cbe4b44f0d233c50d0ce1521930904da6a69544515892fd127bec07fc880d0d3_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:e2c2f26eac8dcfe65708cdef57188787a068ca5d40941ed1a3efef2ccd0ca8be_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:0ec530e79c8620d187afcbeac1ecf3780f3322c9b7500d0ab4d27f1df6b9ed18_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:1355bc1d05962b49c060ab216ef71e8576a85748aa0847980a9e22d3a8124dea_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:32c461ce7fc4516c540a53a2f551ae6fa2eccfebac5ce24f478dba6777fb913d_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:9ff3fcb6301eee1f3d21573d10521983f90e83535f46e217fce43c937fa8bf1d_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "systemd-coredump: race condition that allows a local attacker to crash a SUID program and gain read access to the resulting core dump"
},
{
"cve": "CVE-2025-9714",
"cwe": {
"id": "CWE-606",
"name": "Unchecked Input for Loop Condition"
},
"discovery_date": "2025-09-02T13:03:56.452000+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:79e38083033e50288fb6dd6ecca312217f0876b50d8131c7c4c77ecc647bb4af_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:ac21a72147ce641191ac615abc8961e7df3055c99a44fabeb41da2934df19c01_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:d0c3f7c75a0ebda0ce2955a0c309e3dd55384008eb0bf4bc003cab0277109116_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:d69c42d3d38233336baff3ba13df429d68ac6a3a17ba1f4a170e2d1188c2e713_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:02292547622e11d0c94aca81752cc42129f8083cc2ae6e11ade8d1a5d604f278_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:8745e83f9a273994364c65a2ab6082ab61a80af05c4e1c53d23e8733126ff93b_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:a5d8d89e337645107c9b417ebf2d53424f3c2a0d5815f28ad417c1956e50a4da_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:cec72610bc57414cba82f7089059af4408d7c51022c15bd0214e03a1c313e950_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:3fec552f78ea9f55542c03b2f33c6570fb8c5797c3e451e094a8c738fd36b770_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:406c4983912bdf9bc780d331e769dd8ee0257905ac2fd172483d930852a4a5ae_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:7351e8e9218e7b8f6e8d650d2ff67c47973c8ee5f9b517aa8c11b6d0e15fe4b7_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:7e430d1c3a06d91113969a5e7bc9c0fd1f988a7cd5e1c3c1e71914487ecb3843_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:6d85a2952b9cb9f7ff6da582e52fd04956be649e635f5ebd3d4237ce113693e5_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:c484d4cbc9e5f07741a8db0f99c339e9179bf2e9a0bb9c923c91dcad39fc45d7_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:cbe4b44f0d233c50d0ce1521930904da6a69544515892fd127bec07fc880d0d3_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:e2c2f26eac8dcfe65708cdef57188787a068ca5d40941ed1a3efef2ccd0ca8be_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:0ec530e79c8620d187afcbeac1ecf3780f3322c9b7500d0ab4d27f1df6b9ed18_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:1355bc1d05962b49c060ab216ef71e8576a85748aa0847980a9e22d3a8124dea_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:32c461ce7fc4516c540a53a2f551ae6fa2eccfebac5ce24f478dba6777fb913d_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:9ff3fcb6301eee1f3d21573d10521983f90e83535f46e217fce43c937fa8bf1d_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2392605"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in libxstl/libxml2. The \u0027exsltDynMapFunction\u0027 function in libexslt/dynamic.c does not contain a recursion depth check, which may cause an infinite loop via a specially crafted XSLT document while handling \u0027dyn:map()\u0027, leading to stack exhaustion and a local denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libxslt: libxml2: Inifinite recursion at exsltDynMapFunction function in libexslt/dynamic.c",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "No evidence was found for arbitrary memory corruption through this flaw, limiting its impact to Availability only, and reducing its severity to Moderate.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:6e64e0e65a871117cff35f0eba405b311ac1d6ec3ccc2621d61d3811a873e0b4_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:a05f9ecd070a8a1ac7c8ba56d5551642f81d275f54f0af45e0ecb6e46103d4f8_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:b09eb0a1d99e655de562919ded095bbb5dc65961e341a54ea59ad99b55ca9b1b_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:c95ae228c11ea94b9c111d80df530af10f4a0d9198ccdf03b3685b9413b96fa8_arm64"
],
"known_not_affected": [
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:79e38083033e50288fb6dd6ecca312217f0876b50d8131c7c4c77ecc647bb4af_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:ac21a72147ce641191ac615abc8961e7df3055c99a44fabeb41da2934df19c01_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:d0c3f7c75a0ebda0ce2955a0c309e3dd55384008eb0bf4bc003cab0277109116_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:d69c42d3d38233336baff3ba13df429d68ac6a3a17ba1f4a170e2d1188c2e713_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:02292547622e11d0c94aca81752cc42129f8083cc2ae6e11ade8d1a5d604f278_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:8745e83f9a273994364c65a2ab6082ab61a80af05c4e1c53d23e8733126ff93b_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:a5d8d89e337645107c9b417ebf2d53424f3c2a0d5815f28ad417c1956e50a4da_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:cec72610bc57414cba82f7089059af4408d7c51022c15bd0214e03a1c313e950_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:3fec552f78ea9f55542c03b2f33c6570fb8c5797c3e451e094a8c738fd36b770_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:406c4983912bdf9bc780d331e769dd8ee0257905ac2fd172483d930852a4a5ae_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:7351e8e9218e7b8f6e8d650d2ff67c47973c8ee5f9b517aa8c11b6d0e15fe4b7_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:7e430d1c3a06d91113969a5e7bc9c0fd1f988a7cd5e1c3c1e71914487ecb3843_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:6d85a2952b9cb9f7ff6da582e52fd04956be649e635f5ebd3d4237ce113693e5_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:c484d4cbc9e5f07741a8db0f99c339e9179bf2e9a0bb9c923c91dcad39fc45d7_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:cbe4b44f0d233c50d0ce1521930904da6a69544515892fd127bec07fc880d0d3_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:e2c2f26eac8dcfe65708cdef57188787a068ca5d40941ed1a3efef2ccd0ca8be_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:0ec530e79c8620d187afcbeac1ecf3780f3322c9b7500d0ab4d27f1df6b9ed18_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:1355bc1d05962b49c060ab216ef71e8576a85748aa0847980a9e22d3a8124dea_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:32c461ce7fc4516c540a53a2f551ae6fa2eccfebac5ce24f478dba6777fb913d_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:9ff3fcb6301eee1f3d21573d10521983f90e83535f46e217fce43c937fa8bf1d_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-9714"
},
{
"category": "external",
"summary": "RHBZ#2392605",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2392605"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-9714",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9714"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-9714",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-9714"
},
{
"category": "external",
"summary": "https://gitlab.gnome.org/GNOME/libxml2/-/commit/677a42645ef22b5a50741bad5facf9d8a8bc6d21",
"url": "https://gitlab.gnome.org/GNOME/libxml2/-/commit/677a42645ef22b5a50741bad5facf9d8a8bc6d21"
},
{
"category": "external",
"summary": "https://gitlab.gnome.org/GNOME/libxslt/-/issues/148",
"url": "https://gitlab.gnome.org/GNOME/libxslt/-/issues/148"
}
],
"release_date": "2025-09-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-12-16T00:01:44+00:00",
"details": "The container images provided by this update can be downloaded from the\nRed Hat container registry at registry.redhat.io using the \"podman pull\" command.",
"product_ids": [
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:6e64e0e65a871117cff35f0eba405b311ac1d6ec3ccc2621d61d3811a873e0b4_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:a05f9ecd070a8a1ac7c8ba56d5551642f81d275f54f0af45e0ecb6e46103d4f8_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:b09eb0a1d99e655de562919ded095bbb5dc65961e341a54ea59ad99b55ca9b1b_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:c95ae228c11ea94b9c111d80df530af10f4a0d9198ccdf03b3685b9413b96fa8_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:23227"
},
{
"category": "workaround",
"details": "The impact of this flaw may be reduced by setting strict resource limits to the stack size of processes at the operational system level. This can be achieved either through the \u0027ulimit\u0027 shell built-in or the \u0027limits.conf\u0027 file.",
"product_ids": [
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:79e38083033e50288fb6dd6ecca312217f0876b50d8131c7c4c77ecc647bb4af_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:ac21a72147ce641191ac615abc8961e7df3055c99a44fabeb41da2934df19c01_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:d0c3f7c75a0ebda0ce2955a0c309e3dd55384008eb0bf4bc003cab0277109116_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:d69c42d3d38233336baff3ba13df429d68ac6a3a17ba1f4a170e2d1188c2e713_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:02292547622e11d0c94aca81752cc42129f8083cc2ae6e11ade8d1a5d604f278_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:8745e83f9a273994364c65a2ab6082ab61a80af05c4e1c53d23e8733126ff93b_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:a5d8d89e337645107c9b417ebf2d53424f3c2a0d5815f28ad417c1956e50a4da_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:cec72610bc57414cba82f7089059af4408d7c51022c15bd0214e03a1c313e950_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:6e64e0e65a871117cff35f0eba405b311ac1d6ec3ccc2621d61d3811a873e0b4_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:a05f9ecd070a8a1ac7c8ba56d5551642f81d275f54f0af45e0ecb6e46103d4f8_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:b09eb0a1d99e655de562919ded095bbb5dc65961e341a54ea59ad99b55ca9b1b_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:c95ae228c11ea94b9c111d80df530af10f4a0d9198ccdf03b3685b9413b96fa8_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:3fec552f78ea9f55542c03b2f33c6570fb8c5797c3e451e094a8c738fd36b770_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:406c4983912bdf9bc780d331e769dd8ee0257905ac2fd172483d930852a4a5ae_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:7351e8e9218e7b8f6e8d650d2ff67c47973c8ee5f9b517aa8c11b6d0e15fe4b7_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:7e430d1c3a06d91113969a5e7bc9c0fd1f988a7cd5e1c3c1e71914487ecb3843_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:6d85a2952b9cb9f7ff6da582e52fd04956be649e635f5ebd3d4237ce113693e5_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:c484d4cbc9e5f07741a8db0f99c339e9179bf2e9a0bb9c923c91dcad39fc45d7_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:cbe4b44f0d233c50d0ce1521930904da6a69544515892fd127bec07fc880d0d3_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:e2c2f26eac8dcfe65708cdef57188787a068ca5d40941ed1a3efef2ccd0ca8be_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:0ec530e79c8620d187afcbeac1ecf3780f3322c9b7500d0ab4d27f1df6b9ed18_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:1355bc1d05962b49c060ab216ef71e8576a85748aa0847980a9e22d3a8124dea_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:32c461ce7fc4516c540a53a2f551ae6fa2eccfebac5ce24f478dba6777fb913d_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:9ff3fcb6301eee1f3d21573d10521983f90e83535f46e217fce43c937fa8bf1d_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:79e38083033e50288fb6dd6ecca312217f0876b50d8131c7c4c77ecc647bb4af_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:ac21a72147ce641191ac615abc8961e7df3055c99a44fabeb41da2934df19c01_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:d0c3f7c75a0ebda0ce2955a0c309e3dd55384008eb0bf4bc003cab0277109116_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:d69c42d3d38233336baff3ba13df429d68ac6a3a17ba1f4a170e2d1188c2e713_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:02292547622e11d0c94aca81752cc42129f8083cc2ae6e11ade8d1a5d604f278_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:8745e83f9a273994364c65a2ab6082ab61a80af05c4e1c53d23e8733126ff93b_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:a5d8d89e337645107c9b417ebf2d53424f3c2a0d5815f28ad417c1956e50a4da_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:cec72610bc57414cba82f7089059af4408d7c51022c15bd0214e03a1c313e950_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:6e64e0e65a871117cff35f0eba405b311ac1d6ec3ccc2621d61d3811a873e0b4_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:a05f9ecd070a8a1ac7c8ba56d5551642f81d275f54f0af45e0ecb6e46103d4f8_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:b09eb0a1d99e655de562919ded095bbb5dc65961e341a54ea59ad99b55ca9b1b_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:c95ae228c11ea94b9c111d80df530af10f4a0d9198ccdf03b3685b9413b96fa8_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:3fec552f78ea9f55542c03b2f33c6570fb8c5797c3e451e094a8c738fd36b770_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:406c4983912bdf9bc780d331e769dd8ee0257905ac2fd172483d930852a4a5ae_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:7351e8e9218e7b8f6e8d650d2ff67c47973c8ee5f9b517aa8c11b6d0e15fe4b7_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:7e430d1c3a06d91113969a5e7bc9c0fd1f988a7cd5e1c3c1e71914487ecb3843_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:6d85a2952b9cb9f7ff6da582e52fd04956be649e635f5ebd3d4237ce113693e5_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:c484d4cbc9e5f07741a8db0f99c339e9179bf2e9a0bb9c923c91dcad39fc45d7_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:cbe4b44f0d233c50d0ce1521930904da6a69544515892fd127bec07fc880d0d3_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:e2c2f26eac8dcfe65708cdef57188787a068ca5d40941ed1a3efef2ccd0ca8be_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:0ec530e79c8620d187afcbeac1ecf3780f3322c9b7500d0ab4d27f1df6b9ed18_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:1355bc1d05962b49c060ab216ef71e8576a85748aa0847980a9e22d3a8124dea_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:32c461ce7fc4516c540a53a2f551ae6fa2eccfebac5ce24f478dba6777fb913d_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:9ff3fcb6301eee1f3d21573d10521983f90e83535f46e217fce43c937fa8bf1d_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "libxslt: libxml2: Inifinite recursion at exsltDynMapFunction function in libexslt/dynamic.c"
},
{
"cve": "CVE-2025-59375",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2025-09-15T03:00:59.775098+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:79e38083033e50288fb6dd6ecca312217f0876b50d8131c7c4c77ecc647bb4af_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:ac21a72147ce641191ac615abc8961e7df3055c99a44fabeb41da2934df19c01_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:d0c3f7c75a0ebda0ce2955a0c309e3dd55384008eb0bf4bc003cab0277109116_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:d69c42d3d38233336baff3ba13df429d68ac6a3a17ba1f4a170e2d1188c2e713_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:02292547622e11d0c94aca81752cc42129f8083cc2ae6e11ade8d1a5d604f278_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:8745e83f9a273994364c65a2ab6082ab61a80af05c4e1c53d23e8733126ff93b_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:a5d8d89e337645107c9b417ebf2d53424f3c2a0d5815f28ad417c1956e50a4da_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:cec72610bc57414cba82f7089059af4408d7c51022c15bd0214e03a1c313e950_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:3fec552f78ea9f55542c03b2f33c6570fb8c5797c3e451e094a8c738fd36b770_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:406c4983912bdf9bc780d331e769dd8ee0257905ac2fd172483d930852a4a5ae_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:7351e8e9218e7b8f6e8d650d2ff67c47973c8ee5f9b517aa8c11b6d0e15fe4b7_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:7e430d1c3a06d91113969a5e7bc9c0fd1f988a7cd5e1c3c1e71914487ecb3843_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:6d85a2952b9cb9f7ff6da582e52fd04956be649e635f5ebd3d4237ce113693e5_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:c484d4cbc9e5f07741a8db0f99c339e9179bf2e9a0bb9c923c91dcad39fc45d7_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:cbe4b44f0d233c50d0ce1521930904da6a69544515892fd127bec07fc880d0d3_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:e2c2f26eac8dcfe65708cdef57188787a068ca5d40941ed1a3efef2ccd0ca8be_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:0ec530e79c8620d187afcbeac1ecf3780f3322c9b7500d0ab4d27f1df6b9ed18_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:1355bc1d05962b49c060ab216ef71e8576a85748aa0847980a9e22d3a8124dea_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:32c461ce7fc4516c540a53a2f551ae6fa2eccfebac5ce24f478dba6777fb913d_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:9ff3fcb6301eee1f3d21573d10521983f90e83535f46e217fce43c937fa8bf1d_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2395108"
}
],
"notes": [
{
"category": "description",
"text": "A memory amplification vulnerability in libexpat allows attackers to trigger excessive dynamic memory allocations by submitting specially crafted XML input. A small input (~250 KiB) can cause the parser to allocate hundreds of megabytes, leading to denial-of-service (DoS) through memory exhaustion.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "firefox: thunderbird: expat: libexpat in Expat allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue is Important rather than Critical because, while it allows for significant resource exhaustion leading to denial-of-service (DoS), it does not enable arbitrary code execution, data leakage, or privilege escalation. The vulnerability stems from an uncontrolled memory amplification behavior in libexpat\u2019s parser, where a relatively small XML payload can cause disproportionately large heap allocations. However, the flaw is limited in scope to service disruption and requires the attacker to submit a crafted XML document\u2014something that can be mitigated with proper input validation and memory usage limits. Therefore, while the exploitability is high, the impact is confined to availability, not confidentiality or integrity, making it a high-severity but not critical flaw.\n\nIn Firefox and Thunderbird, where libexpat is a transitive userspace dependency, exploitation usually just crashes the application (app-level DoS), so it is classified as Moderate instead of Important.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:6e64e0e65a871117cff35f0eba405b311ac1d6ec3ccc2621d61d3811a873e0b4_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:a05f9ecd070a8a1ac7c8ba56d5551642f81d275f54f0af45e0ecb6e46103d4f8_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:b09eb0a1d99e655de562919ded095bbb5dc65961e341a54ea59ad99b55ca9b1b_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:c95ae228c11ea94b9c111d80df530af10f4a0d9198ccdf03b3685b9413b96fa8_arm64"
],
"known_not_affected": [
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:79e38083033e50288fb6dd6ecca312217f0876b50d8131c7c4c77ecc647bb4af_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:ac21a72147ce641191ac615abc8961e7df3055c99a44fabeb41da2934df19c01_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:d0c3f7c75a0ebda0ce2955a0c309e3dd55384008eb0bf4bc003cab0277109116_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:d69c42d3d38233336baff3ba13df429d68ac6a3a17ba1f4a170e2d1188c2e713_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:02292547622e11d0c94aca81752cc42129f8083cc2ae6e11ade8d1a5d604f278_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:8745e83f9a273994364c65a2ab6082ab61a80af05c4e1c53d23e8733126ff93b_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:a5d8d89e337645107c9b417ebf2d53424f3c2a0d5815f28ad417c1956e50a4da_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:cec72610bc57414cba82f7089059af4408d7c51022c15bd0214e03a1c313e950_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:3fec552f78ea9f55542c03b2f33c6570fb8c5797c3e451e094a8c738fd36b770_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:406c4983912bdf9bc780d331e769dd8ee0257905ac2fd172483d930852a4a5ae_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:7351e8e9218e7b8f6e8d650d2ff67c47973c8ee5f9b517aa8c11b6d0e15fe4b7_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:7e430d1c3a06d91113969a5e7bc9c0fd1f988a7cd5e1c3c1e71914487ecb3843_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:6d85a2952b9cb9f7ff6da582e52fd04956be649e635f5ebd3d4237ce113693e5_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:c484d4cbc9e5f07741a8db0f99c339e9179bf2e9a0bb9c923c91dcad39fc45d7_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:cbe4b44f0d233c50d0ce1521930904da6a69544515892fd127bec07fc880d0d3_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:e2c2f26eac8dcfe65708cdef57188787a068ca5d40941ed1a3efef2ccd0ca8be_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:0ec530e79c8620d187afcbeac1ecf3780f3322c9b7500d0ab4d27f1df6b9ed18_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:1355bc1d05962b49c060ab216ef71e8576a85748aa0847980a9e22d3a8124dea_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:32c461ce7fc4516c540a53a2f551ae6fa2eccfebac5ce24f478dba6777fb913d_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:9ff3fcb6301eee1f3d21573d10521983f90e83535f46e217fce43c937fa8bf1d_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-59375"
},
{
"category": "external",
"summary": "RHBZ#2395108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2395108"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-59375",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59375"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-59375",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-59375"
},
{
"category": "external",
"summary": "https://www.mozilla.org/security/advisories/mfsa2026-22/#CVE-2025-59375",
"url": "https://www.mozilla.org/security/advisories/mfsa2026-22/#CVE-2025-59375"
},
{
"category": "external",
"summary": "https://www.mozilla.org/security/advisories/mfsa2026-24/#CVE-2025-59375",
"url": "https://www.mozilla.org/security/advisories/mfsa2026-24/#CVE-2025-59375"
}
],
"release_date": "2025-09-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-12-16T00:01:44+00:00",
"details": "The container images provided by this update can be downloaded from the\nRed Hat container registry at registry.redhat.io using the \"podman pull\" command.",
"product_ids": [
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:6e64e0e65a871117cff35f0eba405b311ac1d6ec3ccc2621d61d3811a873e0b4_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:a05f9ecd070a8a1ac7c8ba56d5551642f81d275f54f0af45e0ecb6e46103d4f8_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:b09eb0a1d99e655de562919ded095bbb5dc65961e341a54ea59ad99b55ca9b1b_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:c95ae228c11ea94b9c111d80df530af10f4a0d9198ccdf03b3685b9413b96fa8_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:23227"
},
{
"category": "workaround",
"details": "To mitigate the issue, limit XML input size and complexity before parsing, and avoid accepting compressed or deeply nested XML. Use OS-level resource controls (like ulimit or setrlimit()) to cap memory usage, or run the parser in a sandboxed or isolated process with strict memory and CPU limits. This helps prevent denial-of-service by containing excessive resource consumption.",
"product_ids": [
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:79e38083033e50288fb6dd6ecca312217f0876b50d8131c7c4c77ecc647bb4af_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:ac21a72147ce641191ac615abc8961e7df3055c99a44fabeb41da2934df19c01_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:d0c3f7c75a0ebda0ce2955a0c309e3dd55384008eb0bf4bc003cab0277109116_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:d69c42d3d38233336baff3ba13df429d68ac6a3a17ba1f4a170e2d1188c2e713_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:02292547622e11d0c94aca81752cc42129f8083cc2ae6e11ade8d1a5d604f278_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:8745e83f9a273994364c65a2ab6082ab61a80af05c4e1c53d23e8733126ff93b_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:a5d8d89e337645107c9b417ebf2d53424f3c2a0d5815f28ad417c1956e50a4da_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:cec72610bc57414cba82f7089059af4408d7c51022c15bd0214e03a1c313e950_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:6e64e0e65a871117cff35f0eba405b311ac1d6ec3ccc2621d61d3811a873e0b4_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:a05f9ecd070a8a1ac7c8ba56d5551642f81d275f54f0af45e0ecb6e46103d4f8_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:b09eb0a1d99e655de562919ded095bbb5dc65961e341a54ea59ad99b55ca9b1b_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:c95ae228c11ea94b9c111d80df530af10f4a0d9198ccdf03b3685b9413b96fa8_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:3fec552f78ea9f55542c03b2f33c6570fb8c5797c3e451e094a8c738fd36b770_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:406c4983912bdf9bc780d331e769dd8ee0257905ac2fd172483d930852a4a5ae_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:7351e8e9218e7b8f6e8d650d2ff67c47973c8ee5f9b517aa8c11b6d0e15fe4b7_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:7e430d1c3a06d91113969a5e7bc9c0fd1f988a7cd5e1c3c1e71914487ecb3843_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:6d85a2952b9cb9f7ff6da582e52fd04956be649e635f5ebd3d4237ce113693e5_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:c484d4cbc9e5f07741a8db0f99c339e9179bf2e9a0bb9c923c91dcad39fc45d7_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:cbe4b44f0d233c50d0ce1521930904da6a69544515892fd127bec07fc880d0d3_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:e2c2f26eac8dcfe65708cdef57188787a068ca5d40941ed1a3efef2ccd0ca8be_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:0ec530e79c8620d187afcbeac1ecf3780f3322c9b7500d0ab4d27f1df6b9ed18_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:1355bc1d05962b49c060ab216ef71e8576a85748aa0847980a9e22d3a8124dea_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:32c461ce7fc4516c540a53a2f551ae6fa2eccfebac5ce24f478dba6777fb913d_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:9ff3fcb6301eee1f3d21573d10521983f90e83535f46e217fce43c937fa8bf1d_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:79e38083033e50288fb6dd6ecca312217f0876b50d8131c7c4c77ecc647bb4af_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:ac21a72147ce641191ac615abc8961e7df3055c99a44fabeb41da2934df19c01_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:d0c3f7c75a0ebda0ce2955a0c309e3dd55384008eb0bf4bc003cab0277109116_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:d69c42d3d38233336baff3ba13df429d68ac6a3a17ba1f4a170e2d1188c2e713_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:02292547622e11d0c94aca81752cc42129f8083cc2ae6e11ade8d1a5d604f278_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:8745e83f9a273994364c65a2ab6082ab61a80af05c4e1c53d23e8733126ff93b_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:a5d8d89e337645107c9b417ebf2d53424f3c2a0d5815f28ad417c1956e50a4da_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:cec72610bc57414cba82f7089059af4408d7c51022c15bd0214e03a1c313e950_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:6e64e0e65a871117cff35f0eba405b311ac1d6ec3ccc2621d61d3811a873e0b4_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:a05f9ecd070a8a1ac7c8ba56d5551642f81d275f54f0af45e0ecb6e46103d4f8_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:b09eb0a1d99e655de562919ded095bbb5dc65961e341a54ea59ad99b55ca9b1b_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:c95ae228c11ea94b9c111d80df530af10f4a0d9198ccdf03b3685b9413b96fa8_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:3fec552f78ea9f55542c03b2f33c6570fb8c5797c3e451e094a8c738fd36b770_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:406c4983912bdf9bc780d331e769dd8ee0257905ac2fd172483d930852a4a5ae_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:7351e8e9218e7b8f6e8d650d2ff67c47973c8ee5f9b517aa8c11b6d0e15fe4b7_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:7e430d1c3a06d91113969a5e7bc9c0fd1f988a7cd5e1c3c1e71914487ecb3843_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:6d85a2952b9cb9f7ff6da582e52fd04956be649e635f5ebd3d4237ce113693e5_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:c484d4cbc9e5f07741a8db0f99c339e9179bf2e9a0bb9c923c91dcad39fc45d7_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:cbe4b44f0d233c50d0ce1521930904da6a69544515892fd127bec07fc880d0d3_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:e2c2f26eac8dcfe65708cdef57188787a068ca5d40941ed1a3efef2ccd0ca8be_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:0ec530e79c8620d187afcbeac1ecf3780f3322c9b7500d0ab4d27f1df6b9ed18_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:1355bc1d05962b49c060ab216ef71e8576a85748aa0847980a9e22d3a8124dea_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:32c461ce7fc4516c540a53a2f551ae6fa2eccfebac5ce24f478dba6777fb913d_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:9ff3fcb6301eee1f3d21573d10521983f90e83535f46e217fce43c937fa8bf1d_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "firefox: thunderbird: expat: libexpat in Expat allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing"
}
]
}
RHSA-2025:23234
Vulnerability from csaf_redhat - Published: 2025-12-16 00:56 - Updated: 2026-06-04 17:50Summary
Red Hat Security Advisory: Red Hat Ceph Storage
Severity
Moderate
Notes
Topic: A new version of Red Hat build of Ceph Storage has been released
Details: The Red Hat Storage Ceph container images are based on the latest ubi9 base image and Ceph 7.1.
This release updates to the latest version.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process. A SUID binary or process has a special type of permission, which allows the process to run with the file owner's permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original's SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality.
4.7 (Medium)
Affected products
Fixed
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:7ba9953f452becf20f89c2782fb5bf408bc96219ace5764943b78e07963cabf0_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:ccaca0c393ff2ec3f4177fd5627fc55fbe1cb8706fbfc96b7bddb02de80a1ade_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:cfaf2a3c9513bd280265b0e2ca5f7d60022a2e362027becfeb2c133179925523_ppc64le | — |
Vendor Fix
fix
Workaround
|
Known not affected
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Ceph Storage 7:registry.redhat.io/rhceph/grafana-rhel9@sha256:2948da59e125936f88275352373396b5e8fe8552c2fccb4eef0122b329e8fd86_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 7:registry.redhat.io/rhceph/grafana-rhel9@sha256:3248d1c8a0e5944e571be24d3aa0c188478fa7c8ce1049247e047c2bfbd0ce4a_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 7:registry.redhat.io/rhceph/grafana-rhel9@sha256:422ff213185d6d7828217266262f78f32d7d4910783916e8ed1a203062cbcaeb_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 7:registry.redhat.io/rhceph/grafana-rhel9@sha256:e468d68b98ee628b68580ab65223a7b09c54e463cc07f030b087af64aa430f2e_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 7:registry.redhat.io/rhceph/keepalived-rhel9@sha256:06442a924c3efff1c077ff316661ef4133f351f72ca60ccf1eeec45deacebede_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 7:registry.redhat.io/rhceph/keepalived-rhel9@sha256:10bb1bf6e58604488998652bf8a9ab81ed9373030bed5e95572145716e71e4a3_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 7:registry.redhat.io/rhceph/keepalived-rhel9@sha256:9ba6f61f42066f946b761360d08b8f8114d8bed87364c206f5ce4df63a03f592_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:1fda63e06ffffe25eae770f98f9db3a628627a81c7a830064ac8ac0256fe4d97_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:2aaf7260c5a04318f176fd0bbfb278f11ea0dae523a775ba596ca87096169771_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:d9d045f74a6602f6536642511880eb3819056412c9ec7195537d04ff2192ac99_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:36cc9fde56dd1fd380b5c9f5bdd4e837980eeeb26bbcc776b05be748e23bd2bf_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:59232f6b74da7b47602f8d800bdaff4019431e0672b848f382bf0b07c639dc0c_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:c746dede748b7fed2dc144b481a2338448fed9a885d2add3dd8c56bd81dc4930_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 7:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:1e41b14d3d94ba1f2a7b2350d31ce55fad9cba15fbc4addb2249029e5d05ad2d_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 7:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:22549436a7705ad158bad40441d6d8fb29466fffd9efb2832febdeb4e5c21412_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 7:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:f4efe2a624caaf3f01c5c1638158ade6dfc3bff384796a7b73a41fa6ce9e8976_ppc64le | — |
Workaround
|
Threats
Impact
Moderate
A flaw was found in libxstl/libxml2. The 'exsltDynMapFunction' function in libexslt/dynamic.c does not contain a recursion depth check, which may cause an infinite loop via a specially crafted XSLT document while handling 'dyn:map()', leading to stack exhaustion and a local denial of service.
6.2 (Medium)
Affected products
Fixed
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:7ba9953f452becf20f89c2782fb5bf408bc96219ace5764943b78e07963cabf0_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:ccaca0c393ff2ec3f4177fd5627fc55fbe1cb8706fbfc96b7bddb02de80a1ade_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:cfaf2a3c9513bd280265b0e2ca5f7d60022a2e362027becfeb2c133179925523_ppc64le | — |
Vendor Fix
fix
Workaround
|
Known not affected
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Ceph Storage 7:registry.redhat.io/rhceph/grafana-rhel9@sha256:2948da59e125936f88275352373396b5e8fe8552c2fccb4eef0122b329e8fd86_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 7:registry.redhat.io/rhceph/grafana-rhel9@sha256:3248d1c8a0e5944e571be24d3aa0c188478fa7c8ce1049247e047c2bfbd0ce4a_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 7:registry.redhat.io/rhceph/grafana-rhel9@sha256:422ff213185d6d7828217266262f78f32d7d4910783916e8ed1a203062cbcaeb_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 7:registry.redhat.io/rhceph/grafana-rhel9@sha256:e468d68b98ee628b68580ab65223a7b09c54e463cc07f030b087af64aa430f2e_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 7:registry.redhat.io/rhceph/keepalived-rhel9@sha256:06442a924c3efff1c077ff316661ef4133f351f72ca60ccf1eeec45deacebede_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 7:registry.redhat.io/rhceph/keepalived-rhel9@sha256:10bb1bf6e58604488998652bf8a9ab81ed9373030bed5e95572145716e71e4a3_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 7:registry.redhat.io/rhceph/keepalived-rhel9@sha256:9ba6f61f42066f946b761360d08b8f8114d8bed87364c206f5ce4df63a03f592_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:1fda63e06ffffe25eae770f98f9db3a628627a81c7a830064ac8ac0256fe4d97_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:2aaf7260c5a04318f176fd0bbfb278f11ea0dae523a775ba596ca87096169771_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:d9d045f74a6602f6536642511880eb3819056412c9ec7195537d04ff2192ac99_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:36cc9fde56dd1fd380b5c9f5bdd4e837980eeeb26bbcc776b05be748e23bd2bf_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:59232f6b74da7b47602f8d800bdaff4019431e0672b848f382bf0b07c639dc0c_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:c746dede748b7fed2dc144b481a2338448fed9a885d2add3dd8c56bd81dc4930_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 7:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:1e41b14d3d94ba1f2a7b2350d31ce55fad9cba15fbc4addb2249029e5d05ad2d_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 7:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:22549436a7705ad158bad40441d6d8fb29466fffd9efb2832febdeb4e5c21412_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 7:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:f4efe2a624caaf3f01c5c1638158ade6dfc3bff384796a7b73a41fa6ce9e8976_ppc64le | — |
Workaround
|
Threats
Impact
Moderate
References
17 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "A new version of Red Hat build of Ceph Storage has been released",
"title": "Topic"
},
{
"category": "general",
"text": "The Red Hat Storage Ceph container images are based on the latest ubi9 base image and Ceph 7.1.\nThis release updates to the latest version.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:23234",
"url": "https://access.redhat.com/errata/RHSA-2025:23234"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-4598",
"url": "https://access.redhat.com/security/cve/CVE-2025-4598"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-9714",
"url": "https://access.redhat.com/security/cve/CVE-2025-9714"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "external",
"summary": "https://docs.redhat.com/en/documentation/red_hat_ceph_storage/",
"url": "https://docs.redhat.com/en/documentation/red_hat_ceph_storage/"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_23234.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Ceph Storage",
"tracking": {
"current_release_date": "2026-06-04T17:50:00+00:00",
"generator": {
"date": "2026-06-04T17:50:00+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.1"
}
},
"id": "RHSA-2025:23234",
"initial_release_date": "2025-12-16T00:56:50+00:00",
"revision_history": [
{
"date": "2025-12-16T00:56:50+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-12-16T12:30:38+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-06-04T17:50:00+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Ceph Storage 7",
"product": {
"name": "Red Hat Ceph Storage 7",
"product_id": "Red Hat Ceph Storage 7",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:ceph_storage:7::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat Ceph Storage"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/rhceph/grafana-rhel9@sha256:422ff213185d6d7828217266262f78f32d7d4910783916e8ed1a203062cbcaeb_amd64",
"product": {
"name": "registry.redhat.io/rhceph/grafana-rhel9@sha256:422ff213185d6d7828217266262f78f32d7d4910783916e8ed1a203062cbcaeb_amd64",
"product_id": "registry.redhat.io/rhceph/grafana-rhel9@sha256:422ff213185d6d7828217266262f78f32d7d4910783916e8ed1a203062cbcaeb_amd64",
"product_identification_helper": {
"purl": "pkg:oci/grafana-rhel9@sha256%3A422ff213185d6d7828217266262f78f32d7d4910783916e8ed1a203062cbcaeb?arch=amd64\u0026repository_url=registry.redhat.io/rhceph"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:d9d045f74a6602f6536642511880eb3819056412c9ec7195537d04ff2192ac99_amd64",
"product": {
"name": "registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:d9d045f74a6602f6536642511880eb3819056412c9ec7195537d04ff2192ac99_amd64",
"product_id": "registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:d9d045f74a6602f6536642511880eb3819056412c9ec7195537d04ff2192ac99_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhceph-haproxy-rhel9@sha256%3Ad9d045f74a6602f6536642511880eb3819056412c9ec7195537d04ff2192ac99?arch=amd64\u0026repository_url=registry.redhat.io/rhceph"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhceph/keepalived-rhel9@sha256:9ba6f61f42066f946b761360d08b8f8114d8bed87364c206f5ce4df63a03f592_amd64",
"product": {
"name": "registry.redhat.io/rhceph/keepalived-rhel9@sha256:9ba6f61f42066f946b761360d08b8f8114d8bed87364c206f5ce4df63a03f592_amd64",
"product_id": "registry.redhat.io/rhceph/keepalived-rhel9@sha256:9ba6f61f42066f946b761360d08b8f8114d8bed87364c206f5ce4df63a03f592_amd64",
"product_identification_helper": {
"purl": "pkg:oci/keepalived-rhel9@sha256%3A9ba6f61f42066f946b761360d08b8f8114d8bed87364c206f5ce4df63a03f592?arch=amd64\u0026repository_url=registry.redhat.io/rhceph"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:c746dede748b7fed2dc144b481a2338448fed9a885d2add3dd8c56bd81dc4930_amd64",
"product": {
"name": "registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:c746dede748b7fed2dc144b481a2338448fed9a885d2add3dd8c56bd81dc4930_amd64",
"product_id": "registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:c746dede748b7fed2dc144b481a2338448fed9a885d2add3dd8c56bd81dc4930_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhceph-promtail-rhel9@sha256%3Ac746dede748b7fed2dc144b481a2338448fed9a885d2add3dd8c56bd81dc4930?arch=amd64\u0026repository_url=registry.redhat.io/rhceph"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:ccaca0c393ff2ec3f4177fd5627fc55fbe1cb8706fbfc96b7bddb02de80a1ade_amd64",
"product": {
"name": "registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:ccaca0c393ff2ec3f4177fd5627fc55fbe1cb8706fbfc96b7bddb02de80a1ade_amd64",
"product_id": "registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:ccaca0c393ff2ec3f4177fd5627fc55fbe1cb8706fbfc96b7bddb02de80a1ade_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhceph-7-rhel9@sha256%3Accaca0c393ff2ec3f4177fd5627fc55fbe1cb8706fbfc96b7bddb02de80a1ade?arch=amd64\u0026repository_url=registry.redhat.io/rhceph"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:1e41b14d3d94ba1f2a7b2350d31ce55fad9cba15fbc4addb2249029e5d05ad2d_amd64",
"product": {
"name": "registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:1e41b14d3d94ba1f2a7b2350d31ce55fad9cba15fbc4addb2249029e5d05ad2d_amd64",
"product_id": "registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:1e41b14d3d94ba1f2a7b2350d31ce55fad9cba15fbc4addb2249029e5d05ad2d_amd64",
"product_identification_helper": {
"purl": "pkg:oci/snmp-notifier-rhel9@sha256%3A1e41b14d3d94ba1f2a7b2350d31ce55fad9cba15fbc4addb2249029e5d05ad2d?arch=amd64\u0026repository_url=registry.redhat.io/rhceph"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/rhceph/grafana-rhel9@sha256:e468d68b98ee628b68580ab65223a7b09c54e463cc07f030b087af64aa430f2e_arm64",
"product": {
"name": "registry.redhat.io/rhceph/grafana-rhel9@sha256:e468d68b98ee628b68580ab65223a7b09c54e463cc07f030b087af64aa430f2e_arm64",
"product_id": "registry.redhat.io/rhceph/grafana-rhel9@sha256:e468d68b98ee628b68580ab65223a7b09c54e463cc07f030b087af64aa430f2e_arm64",
"product_identification_helper": {
"purl": "pkg:oci/grafana-rhel9@sha256%3Ae468d68b98ee628b68580ab65223a7b09c54e463cc07f030b087af64aa430f2e?arch=arm64\u0026repository_url=registry.redhat.io/rhceph"
}
}
}
],
"category": "architecture",
"name": "arm64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/rhceph/grafana-rhel9@sha256:2948da59e125936f88275352373396b5e8fe8552c2fccb4eef0122b329e8fd86_s390x",
"product": {
"name": "registry.redhat.io/rhceph/grafana-rhel9@sha256:2948da59e125936f88275352373396b5e8fe8552c2fccb4eef0122b329e8fd86_s390x",
"product_id": "registry.redhat.io/rhceph/grafana-rhel9@sha256:2948da59e125936f88275352373396b5e8fe8552c2fccb4eef0122b329e8fd86_s390x",
"product_identification_helper": {
"purl": "pkg:oci/grafana-rhel9@sha256%3A2948da59e125936f88275352373396b5e8fe8552c2fccb4eef0122b329e8fd86?arch=s390x\u0026repository_url=registry.redhat.io/rhceph"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:1fda63e06ffffe25eae770f98f9db3a628627a81c7a830064ac8ac0256fe4d97_s390x",
"product": {
"name": "registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:1fda63e06ffffe25eae770f98f9db3a628627a81c7a830064ac8ac0256fe4d97_s390x",
"product_id": "registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:1fda63e06ffffe25eae770f98f9db3a628627a81c7a830064ac8ac0256fe4d97_s390x",
"product_identification_helper": {
"purl": "pkg:oci/rhceph-haproxy-rhel9@sha256%3A1fda63e06ffffe25eae770f98f9db3a628627a81c7a830064ac8ac0256fe4d97?arch=s390x\u0026repository_url=registry.redhat.io/rhceph"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhceph/keepalived-rhel9@sha256:06442a924c3efff1c077ff316661ef4133f351f72ca60ccf1eeec45deacebede_s390x",
"product": {
"name": "registry.redhat.io/rhceph/keepalived-rhel9@sha256:06442a924c3efff1c077ff316661ef4133f351f72ca60ccf1eeec45deacebede_s390x",
"product_id": "registry.redhat.io/rhceph/keepalived-rhel9@sha256:06442a924c3efff1c077ff316661ef4133f351f72ca60ccf1eeec45deacebede_s390x",
"product_identification_helper": {
"purl": "pkg:oci/keepalived-rhel9@sha256%3A06442a924c3efff1c077ff316661ef4133f351f72ca60ccf1eeec45deacebede?arch=s390x\u0026repository_url=registry.redhat.io/rhceph"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:59232f6b74da7b47602f8d800bdaff4019431e0672b848f382bf0b07c639dc0c_s390x",
"product": {
"name": "registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:59232f6b74da7b47602f8d800bdaff4019431e0672b848f382bf0b07c639dc0c_s390x",
"product_id": "registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:59232f6b74da7b47602f8d800bdaff4019431e0672b848f382bf0b07c639dc0c_s390x",
"product_identification_helper": {
"purl": "pkg:oci/rhceph-promtail-rhel9@sha256%3A59232f6b74da7b47602f8d800bdaff4019431e0672b848f382bf0b07c639dc0c?arch=s390x\u0026repository_url=registry.redhat.io/rhceph"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:7ba9953f452becf20f89c2782fb5bf408bc96219ace5764943b78e07963cabf0_s390x",
"product": {
"name": "registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:7ba9953f452becf20f89c2782fb5bf408bc96219ace5764943b78e07963cabf0_s390x",
"product_id": "registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:7ba9953f452becf20f89c2782fb5bf408bc96219ace5764943b78e07963cabf0_s390x",
"product_identification_helper": {
"purl": "pkg:oci/rhceph-7-rhel9@sha256%3A7ba9953f452becf20f89c2782fb5bf408bc96219ace5764943b78e07963cabf0?arch=s390x\u0026repository_url=registry.redhat.io/rhceph"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:22549436a7705ad158bad40441d6d8fb29466fffd9efb2832febdeb4e5c21412_s390x",
"product": {
"name": "registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:22549436a7705ad158bad40441d6d8fb29466fffd9efb2832febdeb4e5c21412_s390x",
"product_id": "registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:22549436a7705ad158bad40441d6d8fb29466fffd9efb2832febdeb4e5c21412_s390x",
"product_identification_helper": {
"purl": "pkg:oci/snmp-notifier-rhel9@sha256%3A22549436a7705ad158bad40441d6d8fb29466fffd9efb2832febdeb4e5c21412?arch=s390x\u0026repository_url=registry.redhat.io/rhceph"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/rhceph/grafana-rhel9@sha256:3248d1c8a0e5944e571be24d3aa0c188478fa7c8ce1049247e047c2bfbd0ce4a_ppc64le",
"product": {
"name": "registry.redhat.io/rhceph/grafana-rhel9@sha256:3248d1c8a0e5944e571be24d3aa0c188478fa7c8ce1049247e047c2bfbd0ce4a_ppc64le",
"product_id": "registry.redhat.io/rhceph/grafana-rhel9@sha256:3248d1c8a0e5944e571be24d3aa0c188478fa7c8ce1049247e047c2bfbd0ce4a_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/grafana-rhel9@sha256%3A3248d1c8a0e5944e571be24d3aa0c188478fa7c8ce1049247e047c2bfbd0ce4a?arch=ppc64le\u0026repository_url=registry.redhat.io/rhceph"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:2aaf7260c5a04318f176fd0bbfb278f11ea0dae523a775ba596ca87096169771_ppc64le",
"product": {
"name": "registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:2aaf7260c5a04318f176fd0bbfb278f11ea0dae523a775ba596ca87096169771_ppc64le",
"product_id": "registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:2aaf7260c5a04318f176fd0bbfb278f11ea0dae523a775ba596ca87096169771_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/rhceph-haproxy-rhel9@sha256%3A2aaf7260c5a04318f176fd0bbfb278f11ea0dae523a775ba596ca87096169771?arch=ppc64le\u0026repository_url=registry.redhat.io/rhceph"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhceph/keepalived-rhel9@sha256:10bb1bf6e58604488998652bf8a9ab81ed9373030bed5e95572145716e71e4a3_ppc64le",
"product": {
"name": "registry.redhat.io/rhceph/keepalived-rhel9@sha256:10bb1bf6e58604488998652bf8a9ab81ed9373030bed5e95572145716e71e4a3_ppc64le",
"product_id": "registry.redhat.io/rhceph/keepalived-rhel9@sha256:10bb1bf6e58604488998652bf8a9ab81ed9373030bed5e95572145716e71e4a3_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/keepalived-rhel9@sha256%3A10bb1bf6e58604488998652bf8a9ab81ed9373030bed5e95572145716e71e4a3?arch=ppc64le\u0026repository_url=registry.redhat.io/rhceph"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:36cc9fde56dd1fd380b5c9f5bdd4e837980eeeb26bbcc776b05be748e23bd2bf_ppc64le",
"product": {
"name": "registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:36cc9fde56dd1fd380b5c9f5bdd4e837980eeeb26bbcc776b05be748e23bd2bf_ppc64le",
"product_id": "registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:36cc9fde56dd1fd380b5c9f5bdd4e837980eeeb26bbcc776b05be748e23bd2bf_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/rhceph-promtail-rhel9@sha256%3A36cc9fde56dd1fd380b5c9f5bdd4e837980eeeb26bbcc776b05be748e23bd2bf?arch=ppc64le\u0026repository_url=registry.redhat.io/rhceph"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:cfaf2a3c9513bd280265b0e2ca5f7d60022a2e362027becfeb2c133179925523_ppc64le",
"product": {
"name": "registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:cfaf2a3c9513bd280265b0e2ca5f7d60022a2e362027becfeb2c133179925523_ppc64le",
"product_id": "registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:cfaf2a3c9513bd280265b0e2ca5f7d60022a2e362027becfeb2c133179925523_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/rhceph-7-rhel9@sha256%3Acfaf2a3c9513bd280265b0e2ca5f7d60022a2e362027becfeb2c133179925523?arch=ppc64le\u0026repository_url=registry.redhat.io/rhceph"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:f4efe2a624caaf3f01c5c1638158ade6dfc3bff384796a7b73a41fa6ce9e8976_ppc64le",
"product": {
"name": "registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:f4efe2a624caaf3f01c5c1638158ade6dfc3bff384796a7b73a41fa6ce9e8976_ppc64le",
"product_id": "registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:f4efe2a624caaf3f01c5c1638158ade6dfc3bff384796a7b73a41fa6ce9e8976_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/snmp-notifier-rhel9@sha256%3Af4efe2a624caaf3f01c5c1638158ade6dfc3bff384796a7b73a41fa6ce9e8976?arch=ppc64le\u0026repository_url=registry.redhat.io/rhceph"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhceph/grafana-rhel9@sha256:2948da59e125936f88275352373396b5e8fe8552c2fccb4eef0122b329e8fd86_s390x as a component of Red Hat Ceph Storage 7",
"product_id": "Red Hat Ceph Storage 7:registry.redhat.io/rhceph/grafana-rhel9@sha256:2948da59e125936f88275352373396b5e8fe8552c2fccb4eef0122b329e8fd86_s390x"
},
"product_reference": "registry.redhat.io/rhceph/grafana-rhel9@sha256:2948da59e125936f88275352373396b5e8fe8552c2fccb4eef0122b329e8fd86_s390x",
"relates_to_product_reference": "Red Hat Ceph Storage 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhceph/grafana-rhel9@sha256:3248d1c8a0e5944e571be24d3aa0c188478fa7c8ce1049247e047c2bfbd0ce4a_ppc64le as a component of Red Hat Ceph Storage 7",
"product_id": "Red Hat Ceph Storage 7:registry.redhat.io/rhceph/grafana-rhel9@sha256:3248d1c8a0e5944e571be24d3aa0c188478fa7c8ce1049247e047c2bfbd0ce4a_ppc64le"
},
"product_reference": "registry.redhat.io/rhceph/grafana-rhel9@sha256:3248d1c8a0e5944e571be24d3aa0c188478fa7c8ce1049247e047c2bfbd0ce4a_ppc64le",
"relates_to_product_reference": "Red Hat Ceph Storage 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhceph/grafana-rhel9@sha256:422ff213185d6d7828217266262f78f32d7d4910783916e8ed1a203062cbcaeb_amd64 as a component of Red Hat Ceph Storage 7",
"product_id": "Red Hat Ceph Storage 7:registry.redhat.io/rhceph/grafana-rhel9@sha256:422ff213185d6d7828217266262f78f32d7d4910783916e8ed1a203062cbcaeb_amd64"
},
"product_reference": "registry.redhat.io/rhceph/grafana-rhel9@sha256:422ff213185d6d7828217266262f78f32d7d4910783916e8ed1a203062cbcaeb_amd64",
"relates_to_product_reference": "Red Hat Ceph Storage 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhceph/grafana-rhel9@sha256:e468d68b98ee628b68580ab65223a7b09c54e463cc07f030b087af64aa430f2e_arm64 as a component of Red Hat Ceph Storage 7",
"product_id": "Red Hat Ceph Storage 7:registry.redhat.io/rhceph/grafana-rhel9@sha256:e468d68b98ee628b68580ab65223a7b09c54e463cc07f030b087af64aa430f2e_arm64"
},
"product_reference": "registry.redhat.io/rhceph/grafana-rhel9@sha256:e468d68b98ee628b68580ab65223a7b09c54e463cc07f030b087af64aa430f2e_arm64",
"relates_to_product_reference": "Red Hat Ceph Storage 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhceph/keepalived-rhel9@sha256:06442a924c3efff1c077ff316661ef4133f351f72ca60ccf1eeec45deacebede_s390x as a component of Red Hat Ceph Storage 7",
"product_id": "Red Hat Ceph Storage 7:registry.redhat.io/rhceph/keepalived-rhel9@sha256:06442a924c3efff1c077ff316661ef4133f351f72ca60ccf1eeec45deacebede_s390x"
},
"product_reference": "registry.redhat.io/rhceph/keepalived-rhel9@sha256:06442a924c3efff1c077ff316661ef4133f351f72ca60ccf1eeec45deacebede_s390x",
"relates_to_product_reference": "Red Hat Ceph Storage 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhceph/keepalived-rhel9@sha256:10bb1bf6e58604488998652bf8a9ab81ed9373030bed5e95572145716e71e4a3_ppc64le as a component of Red Hat Ceph Storage 7",
"product_id": "Red Hat Ceph Storage 7:registry.redhat.io/rhceph/keepalived-rhel9@sha256:10bb1bf6e58604488998652bf8a9ab81ed9373030bed5e95572145716e71e4a3_ppc64le"
},
"product_reference": "registry.redhat.io/rhceph/keepalived-rhel9@sha256:10bb1bf6e58604488998652bf8a9ab81ed9373030bed5e95572145716e71e4a3_ppc64le",
"relates_to_product_reference": "Red Hat Ceph Storage 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhceph/keepalived-rhel9@sha256:9ba6f61f42066f946b761360d08b8f8114d8bed87364c206f5ce4df63a03f592_amd64 as a component of Red Hat Ceph Storage 7",
"product_id": "Red Hat Ceph Storage 7:registry.redhat.io/rhceph/keepalived-rhel9@sha256:9ba6f61f42066f946b761360d08b8f8114d8bed87364c206f5ce4df63a03f592_amd64"
},
"product_reference": "registry.redhat.io/rhceph/keepalived-rhel9@sha256:9ba6f61f42066f946b761360d08b8f8114d8bed87364c206f5ce4df63a03f592_amd64",
"relates_to_product_reference": "Red Hat Ceph Storage 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:7ba9953f452becf20f89c2782fb5bf408bc96219ace5764943b78e07963cabf0_s390x as a component of Red Hat Ceph Storage 7",
"product_id": "Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:7ba9953f452becf20f89c2782fb5bf408bc96219ace5764943b78e07963cabf0_s390x"
},
"product_reference": "registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:7ba9953f452becf20f89c2782fb5bf408bc96219ace5764943b78e07963cabf0_s390x",
"relates_to_product_reference": "Red Hat Ceph Storage 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:ccaca0c393ff2ec3f4177fd5627fc55fbe1cb8706fbfc96b7bddb02de80a1ade_amd64 as a component of Red Hat Ceph Storage 7",
"product_id": "Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:ccaca0c393ff2ec3f4177fd5627fc55fbe1cb8706fbfc96b7bddb02de80a1ade_amd64"
},
"product_reference": "registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:ccaca0c393ff2ec3f4177fd5627fc55fbe1cb8706fbfc96b7bddb02de80a1ade_amd64",
"relates_to_product_reference": "Red Hat Ceph Storage 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:cfaf2a3c9513bd280265b0e2ca5f7d60022a2e362027becfeb2c133179925523_ppc64le as a component of Red Hat Ceph Storage 7",
"product_id": "Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:cfaf2a3c9513bd280265b0e2ca5f7d60022a2e362027becfeb2c133179925523_ppc64le"
},
"product_reference": "registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:cfaf2a3c9513bd280265b0e2ca5f7d60022a2e362027becfeb2c133179925523_ppc64le",
"relates_to_product_reference": "Red Hat Ceph Storage 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:1fda63e06ffffe25eae770f98f9db3a628627a81c7a830064ac8ac0256fe4d97_s390x as a component of Red Hat Ceph Storage 7",
"product_id": "Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:1fda63e06ffffe25eae770f98f9db3a628627a81c7a830064ac8ac0256fe4d97_s390x"
},
"product_reference": "registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:1fda63e06ffffe25eae770f98f9db3a628627a81c7a830064ac8ac0256fe4d97_s390x",
"relates_to_product_reference": "Red Hat Ceph Storage 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:2aaf7260c5a04318f176fd0bbfb278f11ea0dae523a775ba596ca87096169771_ppc64le as a component of Red Hat Ceph Storage 7",
"product_id": "Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:2aaf7260c5a04318f176fd0bbfb278f11ea0dae523a775ba596ca87096169771_ppc64le"
},
"product_reference": "registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:2aaf7260c5a04318f176fd0bbfb278f11ea0dae523a775ba596ca87096169771_ppc64le",
"relates_to_product_reference": "Red Hat Ceph Storage 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:d9d045f74a6602f6536642511880eb3819056412c9ec7195537d04ff2192ac99_amd64 as a component of Red Hat Ceph Storage 7",
"product_id": "Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:d9d045f74a6602f6536642511880eb3819056412c9ec7195537d04ff2192ac99_amd64"
},
"product_reference": "registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:d9d045f74a6602f6536642511880eb3819056412c9ec7195537d04ff2192ac99_amd64",
"relates_to_product_reference": "Red Hat Ceph Storage 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:36cc9fde56dd1fd380b5c9f5bdd4e837980eeeb26bbcc776b05be748e23bd2bf_ppc64le as a component of Red Hat Ceph Storage 7",
"product_id": "Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:36cc9fde56dd1fd380b5c9f5bdd4e837980eeeb26bbcc776b05be748e23bd2bf_ppc64le"
},
"product_reference": "registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:36cc9fde56dd1fd380b5c9f5bdd4e837980eeeb26bbcc776b05be748e23bd2bf_ppc64le",
"relates_to_product_reference": "Red Hat Ceph Storage 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:59232f6b74da7b47602f8d800bdaff4019431e0672b848f382bf0b07c639dc0c_s390x as a component of Red Hat Ceph Storage 7",
"product_id": "Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:59232f6b74da7b47602f8d800bdaff4019431e0672b848f382bf0b07c639dc0c_s390x"
},
"product_reference": "registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:59232f6b74da7b47602f8d800bdaff4019431e0672b848f382bf0b07c639dc0c_s390x",
"relates_to_product_reference": "Red Hat Ceph Storage 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:c746dede748b7fed2dc144b481a2338448fed9a885d2add3dd8c56bd81dc4930_amd64 as a component of Red Hat Ceph Storage 7",
"product_id": "Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:c746dede748b7fed2dc144b481a2338448fed9a885d2add3dd8c56bd81dc4930_amd64"
},
"product_reference": "registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:c746dede748b7fed2dc144b481a2338448fed9a885d2add3dd8c56bd81dc4930_amd64",
"relates_to_product_reference": "Red Hat Ceph Storage 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:1e41b14d3d94ba1f2a7b2350d31ce55fad9cba15fbc4addb2249029e5d05ad2d_amd64 as a component of Red Hat Ceph Storage 7",
"product_id": "Red Hat Ceph Storage 7:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:1e41b14d3d94ba1f2a7b2350d31ce55fad9cba15fbc4addb2249029e5d05ad2d_amd64"
},
"product_reference": "registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:1e41b14d3d94ba1f2a7b2350d31ce55fad9cba15fbc4addb2249029e5d05ad2d_amd64",
"relates_to_product_reference": "Red Hat Ceph Storage 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:22549436a7705ad158bad40441d6d8fb29466fffd9efb2832febdeb4e5c21412_s390x as a component of Red Hat Ceph Storage 7",
"product_id": "Red Hat Ceph Storage 7:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:22549436a7705ad158bad40441d6d8fb29466fffd9efb2832febdeb4e5c21412_s390x"
},
"product_reference": "registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:22549436a7705ad158bad40441d6d8fb29466fffd9efb2832febdeb4e5c21412_s390x",
"relates_to_product_reference": "Red Hat Ceph Storage 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:f4efe2a624caaf3f01c5c1638158ade6dfc3bff384796a7b73a41fa6ce9e8976_ppc64le as a component of Red Hat Ceph Storage 7",
"product_id": "Red Hat Ceph Storage 7:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:f4efe2a624caaf3f01c5c1638158ade6dfc3bff384796a7b73a41fa6ce9e8976_ppc64le"
},
"product_reference": "registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:f4efe2a624caaf3f01c5c1638158ade6dfc3bff384796a7b73a41fa6ce9e8976_ppc64le",
"relates_to_product_reference": "Red Hat Ceph Storage 7"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-4598",
"cwe": {
"id": "CWE-364",
"name": "Signal Handler Race Condition"
},
"discovery_date": "2025-05-29T19:04:54.578000+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/grafana-rhel9@sha256:2948da59e125936f88275352373396b5e8fe8552c2fccb4eef0122b329e8fd86_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/grafana-rhel9@sha256:3248d1c8a0e5944e571be24d3aa0c188478fa7c8ce1049247e047c2bfbd0ce4a_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/grafana-rhel9@sha256:422ff213185d6d7828217266262f78f32d7d4910783916e8ed1a203062cbcaeb_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/grafana-rhel9@sha256:e468d68b98ee628b68580ab65223a7b09c54e463cc07f030b087af64aa430f2e_arm64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/keepalived-rhel9@sha256:06442a924c3efff1c077ff316661ef4133f351f72ca60ccf1eeec45deacebede_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/keepalived-rhel9@sha256:10bb1bf6e58604488998652bf8a9ab81ed9373030bed5e95572145716e71e4a3_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/keepalived-rhel9@sha256:9ba6f61f42066f946b761360d08b8f8114d8bed87364c206f5ce4df63a03f592_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:1fda63e06ffffe25eae770f98f9db3a628627a81c7a830064ac8ac0256fe4d97_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:2aaf7260c5a04318f176fd0bbfb278f11ea0dae523a775ba596ca87096169771_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:d9d045f74a6602f6536642511880eb3819056412c9ec7195537d04ff2192ac99_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:36cc9fde56dd1fd380b5c9f5bdd4e837980eeeb26bbcc776b05be748e23bd2bf_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:59232f6b74da7b47602f8d800bdaff4019431e0672b848f382bf0b07c639dc0c_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:c746dede748b7fed2dc144b481a2338448fed9a885d2add3dd8c56bd81dc4930_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:1e41b14d3d94ba1f2a7b2350d31ce55fad9cba15fbc4addb2249029e5d05ad2d_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:22549436a7705ad158bad40441d6d8fb29466fffd9efb2832febdeb4e5c21412_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:f4efe2a624caaf3f01c5c1638158ade6dfc3bff384796a7b73a41fa6ce9e8976_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2369242"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original\u0027s privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process.\n\nA SUID binary or process has a special type of permission, which allows the process to run with the file owner\u0027s permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original\u0027s SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "systemd-coredump: race condition that allows a local attacker to crash a SUID program and gain read access to the resulting core dump",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw was rated as having a severity of Moderate due to the complexity to exploit this flaw. The attacker needs to setup a way to win the race condition and have an unprivileged local account to successfully exploit this vulnerability.\n\nBy default Red Hat Enterprise Linux 8 doesn\u0027t allow systemd-coredump to create dumps of SUID programs as the /proc/sys/fs/suid_dumpable is set to 0, disabling by default this capability.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:7ba9953f452becf20f89c2782fb5bf408bc96219ace5764943b78e07963cabf0_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:ccaca0c393ff2ec3f4177fd5627fc55fbe1cb8706fbfc96b7bddb02de80a1ade_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:cfaf2a3c9513bd280265b0e2ca5f7d60022a2e362027becfeb2c133179925523_ppc64le"
],
"known_not_affected": [
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/grafana-rhel9@sha256:2948da59e125936f88275352373396b5e8fe8552c2fccb4eef0122b329e8fd86_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/grafana-rhel9@sha256:3248d1c8a0e5944e571be24d3aa0c188478fa7c8ce1049247e047c2bfbd0ce4a_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/grafana-rhel9@sha256:422ff213185d6d7828217266262f78f32d7d4910783916e8ed1a203062cbcaeb_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/grafana-rhel9@sha256:e468d68b98ee628b68580ab65223a7b09c54e463cc07f030b087af64aa430f2e_arm64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/keepalived-rhel9@sha256:06442a924c3efff1c077ff316661ef4133f351f72ca60ccf1eeec45deacebede_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/keepalived-rhel9@sha256:10bb1bf6e58604488998652bf8a9ab81ed9373030bed5e95572145716e71e4a3_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/keepalived-rhel9@sha256:9ba6f61f42066f946b761360d08b8f8114d8bed87364c206f5ce4df63a03f592_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:1fda63e06ffffe25eae770f98f9db3a628627a81c7a830064ac8ac0256fe4d97_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:2aaf7260c5a04318f176fd0bbfb278f11ea0dae523a775ba596ca87096169771_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:d9d045f74a6602f6536642511880eb3819056412c9ec7195537d04ff2192ac99_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:36cc9fde56dd1fd380b5c9f5bdd4e837980eeeb26bbcc776b05be748e23bd2bf_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:59232f6b74da7b47602f8d800bdaff4019431e0672b848f382bf0b07c639dc0c_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:c746dede748b7fed2dc144b481a2338448fed9a885d2add3dd8c56bd81dc4930_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:1e41b14d3d94ba1f2a7b2350d31ce55fad9cba15fbc4addb2249029e5d05ad2d_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:22549436a7705ad158bad40441d6d8fb29466fffd9efb2832febdeb4e5c21412_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:f4efe2a624caaf3f01c5c1638158ade6dfc3bff384796a7b73a41fa6ce9e8976_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-4598"
},
{
"category": "external",
"summary": "RHBZ#2369242",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2369242"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-4598",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4598"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-4598",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-4598"
},
{
"category": "external",
"summary": "https://www.openwall.com/lists/oss-security/2025/05/29/3",
"url": "https://www.openwall.com/lists/oss-security/2025/05/29/3"
}
],
"release_date": "2025-05-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-12-16T00:56:50+00:00",
"details": "The container images provided by this update can be downloaded from the\nRed Hat container registry at registry.redhat.io using the \"podman pull\" command.",
"product_ids": [
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:7ba9953f452becf20f89c2782fb5bf408bc96219ace5764943b78e07963cabf0_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:ccaca0c393ff2ec3f4177fd5627fc55fbe1cb8706fbfc96b7bddb02de80a1ade_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:cfaf2a3c9513bd280265b0e2ca5f7d60022a2e362027becfeb2c133179925523_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:23234"
},
{
"category": "workaround",
"details": "This issue can be mitigated by disabling the capability of the system to generate a coredump for SUID binaries. The perform that, the following command can be ran as `root` user:\n\n~~~\necho 0 \u003e /proc/sys/fs/suid_dumpable\n~~~\n\nWhile this mitigates this vulnerability while it\u0027s not possible to update the systemd package, it disables the capability of analyzing crashes for such binaries.",
"product_ids": [
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/grafana-rhel9@sha256:2948da59e125936f88275352373396b5e8fe8552c2fccb4eef0122b329e8fd86_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/grafana-rhel9@sha256:3248d1c8a0e5944e571be24d3aa0c188478fa7c8ce1049247e047c2bfbd0ce4a_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/grafana-rhel9@sha256:422ff213185d6d7828217266262f78f32d7d4910783916e8ed1a203062cbcaeb_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/grafana-rhel9@sha256:e468d68b98ee628b68580ab65223a7b09c54e463cc07f030b087af64aa430f2e_arm64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/keepalived-rhel9@sha256:06442a924c3efff1c077ff316661ef4133f351f72ca60ccf1eeec45deacebede_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/keepalived-rhel9@sha256:10bb1bf6e58604488998652bf8a9ab81ed9373030bed5e95572145716e71e4a3_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/keepalived-rhel9@sha256:9ba6f61f42066f946b761360d08b8f8114d8bed87364c206f5ce4df63a03f592_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:7ba9953f452becf20f89c2782fb5bf408bc96219ace5764943b78e07963cabf0_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:ccaca0c393ff2ec3f4177fd5627fc55fbe1cb8706fbfc96b7bddb02de80a1ade_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:cfaf2a3c9513bd280265b0e2ca5f7d60022a2e362027becfeb2c133179925523_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:1fda63e06ffffe25eae770f98f9db3a628627a81c7a830064ac8ac0256fe4d97_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:2aaf7260c5a04318f176fd0bbfb278f11ea0dae523a775ba596ca87096169771_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:d9d045f74a6602f6536642511880eb3819056412c9ec7195537d04ff2192ac99_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:36cc9fde56dd1fd380b5c9f5bdd4e837980eeeb26bbcc776b05be748e23bd2bf_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:59232f6b74da7b47602f8d800bdaff4019431e0672b848f382bf0b07c639dc0c_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:c746dede748b7fed2dc144b481a2338448fed9a885d2add3dd8c56bd81dc4930_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:1e41b14d3d94ba1f2a7b2350d31ce55fad9cba15fbc4addb2249029e5d05ad2d_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:22549436a7705ad158bad40441d6d8fb29466fffd9efb2832febdeb4e5c21412_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:f4efe2a624caaf3f01c5c1638158ade6dfc3bff384796a7b73a41fa6ce9e8976_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/grafana-rhel9@sha256:2948da59e125936f88275352373396b5e8fe8552c2fccb4eef0122b329e8fd86_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/grafana-rhel9@sha256:3248d1c8a0e5944e571be24d3aa0c188478fa7c8ce1049247e047c2bfbd0ce4a_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/grafana-rhel9@sha256:422ff213185d6d7828217266262f78f32d7d4910783916e8ed1a203062cbcaeb_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/grafana-rhel9@sha256:e468d68b98ee628b68580ab65223a7b09c54e463cc07f030b087af64aa430f2e_arm64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/keepalived-rhel9@sha256:06442a924c3efff1c077ff316661ef4133f351f72ca60ccf1eeec45deacebede_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/keepalived-rhel9@sha256:10bb1bf6e58604488998652bf8a9ab81ed9373030bed5e95572145716e71e4a3_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/keepalived-rhel9@sha256:9ba6f61f42066f946b761360d08b8f8114d8bed87364c206f5ce4df63a03f592_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:7ba9953f452becf20f89c2782fb5bf408bc96219ace5764943b78e07963cabf0_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:ccaca0c393ff2ec3f4177fd5627fc55fbe1cb8706fbfc96b7bddb02de80a1ade_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:cfaf2a3c9513bd280265b0e2ca5f7d60022a2e362027becfeb2c133179925523_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:1fda63e06ffffe25eae770f98f9db3a628627a81c7a830064ac8ac0256fe4d97_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:2aaf7260c5a04318f176fd0bbfb278f11ea0dae523a775ba596ca87096169771_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:d9d045f74a6602f6536642511880eb3819056412c9ec7195537d04ff2192ac99_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:36cc9fde56dd1fd380b5c9f5bdd4e837980eeeb26bbcc776b05be748e23bd2bf_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:59232f6b74da7b47602f8d800bdaff4019431e0672b848f382bf0b07c639dc0c_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:c746dede748b7fed2dc144b481a2338448fed9a885d2add3dd8c56bd81dc4930_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:1e41b14d3d94ba1f2a7b2350d31ce55fad9cba15fbc4addb2249029e5d05ad2d_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:22549436a7705ad158bad40441d6d8fb29466fffd9efb2832febdeb4e5c21412_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:f4efe2a624caaf3f01c5c1638158ade6dfc3bff384796a7b73a41fa6ce9e8976_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "systemd-coredump: race condition that allows a local attacker to crash a SUID program and gain read access to the resulting core dump"
},
{
"cve": "CVE-2025-9714",
"cwe": {
"id": "CWE-606",
"name": "Unchecked Input for Loop Condition"
},
"discovery_date": "2025-09-02T13:03:56.452000+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/grafana-rhel9@sha256:2948da59e125936f88275352373396b5e8fe8552c2fccb4eef0122b329e8fd86_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/grafana-rhel9@sha256:3248d1c8a0e5944e571be24d3aa0c188478fa7c8ce1049247e047c2bfbd0ce4a_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/grafana-rhel9@sha256:422ff213185d6d7828217266262f78f32d7d4910783916e8ed1a203062cbcaeb_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/grafana-rhel9@sha256:e468d68b98ee628b68580ab65223a7b09c54e463cc07f030b087af64aa430f2e_arm64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/keepalived-rhel9@sha256:06442a924c3efff1c077ff316661ef4133f351f72ca60ccf1eeec45deacebede_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/keepalived-rhel9@sha256:10bb1bf6e58604488998652bf8a9ab81ed9373030bed5e95572145716e71e4a3_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/keepalived-rhel9@sha256:9ba6f61f42066f946b761360d08b8f8114d8bed87364c206f5ce4df63a03f592_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:1fda63e06ffffe25eae770f98f9db3a628627a81c7a830064ac8ac0256fe4d97_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:2aaf7260c5a04318f176fd0bbfb278f11ea0dae523a775ba596ca87096169771_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:d9d045f74a6602f6536642511880eb3819056412c9ec7195537d04ff2192ac99_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:36cc9fde56dd1fd380b5c9f5bdd4e837980eeeb26bbcc776b05be748e23bd2bf_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:59232f6b74da7b47602f8d800bdaff4019431e0672b848f382bf0b07c639dc0c_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:c746dede748b7fed2dc144b481a2338448fed9a885d2add3dd8c56bd81dc4930_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:1e41b14d3d94ba1f2a7b2350d31ce55fad9cba15fbc4addb2249029e5d05ad2d_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:22549436a7705ad158bad40441d6d8fb29466fffd9efb2832febdeb4e5c21412_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:f4efe2a624caaf3f01c5c1638158ade6dfc3bff384796a7b73a41fa6ce9e8976_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2392605"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in libxstl/libxml2. The \u0027exsltDynMapFunction\u0027 function in libexslt/dynamic.c does not contain a recursion depth check, which may cause an infinite loop via a specially crafted XSLT document while handling \u0027dyn:map()\u0027, leading to stack exhaustion and a local denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libxslt: libxml2: Inifinite recursion at exsltDynMapFunction function in libexslt/dynamic.c",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "No evidence was found for arbitrary memory corruption through this flaw, limiting its impact to Availability only, and reducing its severity to Moderate.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:7ba9953f452becf20f89c2782fb5bf408bc96219ace5764943b78e07963cabf0_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:ccaca0c393ff2ec3f4177fd5627fc55fbe1cb8706fbfc96b7bddb02de80a1ade_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:cfaf2a3c9513bd280265b0e2ca5f7d60022a2e362027becfeb2c133179925523_ppc64le"
],
"known_not_affected": [
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/grafana-rhel9@sha256:2948da59e125936f88275352373396b5e8fe8552c2fccb4eef0122b329e8fd86_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/grafana-rhel9@sha256:3248d1c8a0e5944e571be24d3aa0c188478fa7c8ce1049247e047c2bfbd0ce4a_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/grafana-rhel9@sha256:422ff213185d6d7828217266262f78f32d7d4910783916e8ed1a203062cbcaeb_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/grafana-rhel9@sha256:e468d68b98ee628b68580ab65223a7b09c54e463cc07f030b087af64aa430f2e_arm64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/keepalived-rhel9@sha256:06442a924c3efff1c077ff316661ef4133f351f72ca60ccf1eeec45deacebede_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/keepalived-rhel9@sha256:10bb1bf6e58604488998652bf8a9ab81ed9373030bed5e95572145716e71e4a3_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/keepalived-rhel9@sha256:9ba6f61f42066f946b761360d08b8f8114d8bed87364c206f5ce4df63a03f592_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:1fda63e06ffffe25eae770f98f9db3a628627a81c7a830064ac8ac0256fe4d97_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:2aaf7260c5a04318f176fd0bbfb278f11ea0dae523a775ba596ca87096169771_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:d9d045f74a6602f6536642511880eb3819056412c9ec7195537d04ff2192ac99_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:36cc9fde56dd1fd380b5c9f5bdd4e837980eeeb26bbcc776b05be748e23bd2bf_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:59232f6b74da7b47602f8d800bdaff4019431e0672b848f382bf0b07c639dc0c_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:c746dede748b7fed2dc144b481a2338448fed9a885d2add3dd8c56bd81dc4930_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:1e41b14d3d94ba1f2a7b2350d31ce55fad9cba15fbc4addb2249029e5d05ad2d_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:22549436a7705ad158bad40441d6d8fb29466fffd9efb2832febdeb4e5c21412_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:f4efe2a624caaf3f01c5c1638158ade6dfc3bff384796a7b73a41fa6ce9e8976_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-9714"
},
{
"category": "external",
"summary": "RHBZ#2392605",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2392605"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-9714",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9714"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-9714",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-9714"
},
{
"category": "external",
"summary": "https://gitlab.gnome.org/GNOME/libxml2/-/commit/677a42645ef22b5a50741bad5facf9d8a8bc6d21",
"url": "https://gitlab.gnome.org/GNOME/libxml2/-/commit/677a42645ef22b5a50741bad5facf9d8a8bc6d21"
},
{
"category": "external",
"summary": "https://gitlab.gnome.org/GNOME/libxslt/-/issues/148",
"url": "https://gitlab.gnome.org/GNOME/libxslt/-/issues/148"
}
],
"release_date": "2025-09-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-12-16T00:56:50+00:00",
"details": "The container images provided by this update can be downloaded from the\nRed Hat container registry at registry.redhat.io using the \"podman pull\" command.",
"product_ids": [
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:7ba9953f452becf20f89c2782fb5bf408bc96219ace5764943b78e07963cabf0_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:ccaca0c393ff2ec3f4177fd5627fc55fbe1cb8706fbfc96b7bddb02de80a1ade_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:cfaf2a3c9513bd280265b0e2ca5f7d60022a2e362027becfeb2c133179925523_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:23234"
},
{
"category": "workaround",
"details": "The impact of this flaw may be reduced by setting strict resource limits to the stack size of processes at the operational system level. This can be achieved either through the \u0027ulimit\u0027 shell built-in or the \u0027limits.conf\u0027 file.",
"product_ids": [
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/grafana-rhel9@sha256:2948da59e125936f88275352373396b5e8fe8552c2fccb4eef0122b329e8fd86_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/grafana-rhel9@sha256:3248d1c8a0e5944e571be24d3aa0c188478fa7c8ce1049247e047c2bfbd0ce4a_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/grafana-rhel9@sha256:422ff213185d6d7828217266262f78f32d7d4910783916e8ed1a203062cbcaeb_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/grafana-rhel9@sha256:e468d68b98ee628b68580ab65223a7b09c54e463cc07f030b087af64aa430f2e_arm64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/keepalived-rhel9@sha256:06442a924c3efff1c077ff316661ef4133f351f72ca60ccf1eeec45deacebede_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/keepalived-rhel9@sha256:10bb1bf6e58604488998652bf8a9ab81ed9373030bed5e95572145716e71e4a3_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/keepalived-rhel9@sha256:9ba6f61f42066f946b761360d08b8f8114d8bed87364c206f5ce4df63a03f592_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:7ba9953f452becf20f89c2782fb5bf408bc96219ace5764943b78e07963cabf0_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:ccaca0c393ff2ec3f4177fd5627fc55fbe1cb8706fbfc96b7bddb02de80a1ade_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:cfaf2a3c9513bd280265b0e2ca5f7d60022a2e362027becfeb2c133179925523_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:1fda63e06ffffe25eae770f98f9db3a628627a81c7a830064ac8ac0256fe4d97_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:2aaf7260c5a04318f176fd0bbfb278f11ea0dae523a775ba596ca87096169771_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:d9d045f74a6602f6536642511880eb3819056412c9ec7195537d04ff2192ac99_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:36cc9fde56dd1fd380b5c9f5bdd4e837980eeeb26bbcc776b05be748e23bd2bf_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:59232f6b74da7b47602f8d800bdaff4019431e0672b848f382bf0b07c639dc0c_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:c746dede748b7fed2dc144b481a2338448fed9a885d2add3dd8c56bd81dc4930_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:1e41b14d3d94ba1f2a7b2350d31ce55fad9cba15fbc4addb2249029e5d05ad2d_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:22549436a7705ad158bad40441d6d8fb29466fffd9efb2832febdeb4e5c21412_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:f4efe2a624caaf3f01c5c1638158ade6dfc3bff384796a7b73a41fa6ce9e8976_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/grafana-rhel9@sha256:2948da59e125936f88275352373396b5e8fe8552c2fccb4eef0122b329e8fd86_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/grafana-rhel9@sha256:3248d1c8a0e5944e571be24d3aa0c188478fa7c8ce1049247e047c2bfbd0ce4a_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/grafana-rhel9@sha256:422ff213185d6d7828217266262f78f32d7d4910783916e8ed1a203062cbcaeb_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/grafana-rhel9@sha256:e468d68b98ee628b68580ab65223a7b09c54e463cc07f030b087af64aa430f2e_arm64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/keepalived-rhel9@sha256:06442a924c3efff1c077ff316661ef4133f351f72ca60ccf1eeec45deacebede_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/keepalived-rhel9@sha256:10bb1bf6e58604488998652bf8a9ab81ed9373030bed5e95572145716e71e4a3_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/keepalived-rhel9@sha256:9ba6f61f42066f946b761360d08b8f8114d8bed87364c206f5ce4df63a03f592_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:7ba9953f452becf20f89c2782fb5bf408bc96219ace5764943b78e07963cabf0_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:ccaca0c393ff2ec3f4177fd5627fc55fbe1cb8706fbfc96b7bddb02de80a1ade_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:cfaf2a3c9513bd280265b0e2ca5f7d60022a2e362027becfeb2c133179925523_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:1fda63e06ffffe25eae770f98f9db3a628627a81c7a830064ac8ac0256fe4d97_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:2aaf7260c5a04318f176fd0bbfb278f11ea0dae523a775ba596ca87096169771_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:d9d045f74a6602f6536642511880eb3819056412c9ec7195537d04ff2192ac99_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:36cc9fde56dd1fd380b5c9f5bdd4e837980eeeb26bbcc776b05be748e23bd2bf_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:59232f6b74da7b47602f8d800bdaff4019431e0672b848f382bf0b07c639dc0c_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:c746dede748b7fed2dc144b481a2338448fed9a885d2add3dd8c56bd81dc4930_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:1e41b14d3d94ba1f2a7b2350d31ce55fad9cba15fbc4addb2249029e5d05ad2d_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:22549436a7705ad158bad40441d6d8fb29466fffd9efb2832febdeb4e5c21412_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:f4efe2a624caaf3f01c5c1638158ade6dfc3bff384796a7b73a41fa6ce9e8976_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "libxslt: libxml2: Inifinite recursion at exsltDynMapFunction function in libexslt/dynamic.c"
}
]
}
RHSA-2025:23449
Vulnerability from csaf_redhat - Published: 2025-12-17 08:22 - Updated: 2026-06-05 19:39Summary
Red Hat Security Advisory: Red Hat AI Inference Server 3.2.5 (ROCm)
Severity
Important
Notes
Topic: Red Hat AI Inference Server 3.2.5 (ROCm) is now available.
Details: Red Hat® AI Inference Server
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in the OpenSSL CMS implementation (RFC 3211 KEK Unwrap). This vulnerability allows memory corruption, an application level denial of service, or potential execution of attacker-supplied code via crafted CMS messages using password-based encryption (PWRI).
5.6 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:c5efe40fa2a6e98d7d3d6676befff0dbbd87b2887769bb7e5856c5b0b0ada125_amd64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in libxstl/libxml2. The 'exsltDynMapFunction' function in libexslt/dynamic.c does not contain a recursion depth check, which may cause an infinite loop via a specially crafted XSLT document while handling 'dyn:map()', leading to stack exhaustion and a local denial of service.
6.2 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:c5efe40fa2a6e98d7d3d6676befff0dbbd87b2887769bb7e5856c5b0b0ada125_amd64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in the `golang.org/x/oauth2/jws` package in the token parsing component. This vulnerability is made possible because of the use of `strings.Split(token, ".")` to split JWT tokens, which can lead to excessive memory consumption when processing maliciously crafted tokens with a large number of `.` characters. An attacker could exploit this functionality by sending numerous malformed tokens and can trigger memory exhaustion and a Denial of Service.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:c5efe40fa2a6e98d7d3d6676befff0dbbd87b2887769bb7e5856c5b0b0ada125_amd64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in the golang.org/x/crypto/ssh package. SSH clients and servers are vulnerable to increased resource consumption, possibly leading to memory exhaustion and a DoS. This can occur during key exchange when the other party is slow to respond during key exchange.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:c5efe40fa2a6e98d7d3d6676befff0dbbd87b2887769bb7e5856c5b0b0ada125_amd64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A path handling flaw has been discovered in the os/exec go package. If the PATH environment variable contains paths which are executables (rather than just directories), passing certain strings to LookPath ("", ".", and ".."), can result in the binaries listed in the PATH being unexpectedly returned.
6.5 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:c5efe40fa2a6e98d7d3d6676befff0dbbd87b2887769bb7e5856c5b0b0ada125_amd64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in runc. CVE-2025-52565 is very similar in concept and application toCVE-2025-31133, except that it exploits a flaw in /dev/console bind-mounts. When creating the /dev/console bind-mount (to /dev/pts/$n), if an attacker replaces /dev/pts/$n with a symlink then runc will bind-mount the symlink target over /dev/console.
8.2 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:c5efe40fa2a6e98d7d3d6676befff0dbbd87b2887769bb7e5856c5b0b0ada125_amd64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A memory amplification vulnerability in libexpat allows attackers to trigger excessive dynamic memory allocations by submitting specially crafted XML input. A small input (~250 KiB) can cause the parser to allocate hundreds of megabytes, leading to denial-of-service (DoS) through memory exhaustion.
5.3 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:c5efe40fa2a6e98d7d3d6676befff0dbbd87b2887769bb7e5856c5b0b0ada125_amd64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A vulnerability in vLLM allows attackers to supply malicious serialized prompt-embedding tensors that are deserialized using torch.load() without validation. Due to PyTorch 2.8.0 disabling sparse-tensor integrity checks by default, a crafted tensor can bypass bounds checks and cause an out-of-bounds write during to_dense(), leading to a crash (DoS) and potentially remote code execution on the vLLM server.
8.8 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:c5efe40fa2a6e98d7d3d6676befff0dbbd87b2887769bb7e5856c5b0b0ada125_amd64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A denial-of-service vulnerability in vLLM allows an attacker with API access to crash the engine by submitting multimodal embedding tensors that have the correct number of dimensions but an invalid internal shape. Because vLLM validates only the tensor’s ndim and not the full expected shape, malformed embeddings trigger shape mismatches or validation failures during processing, causing the inference engine to terminate.
6.5 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:c5efe40fa2a6e98d7d3d6676befff0dbbd87b2887769bb7e5856c5b0b0ada125_amd64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A remote code execution vulnerability has been identified in vLLM. An attacker can exploit a weakness in the model loading process to silently fetch and run unauthorized, malicious Python code on the host system. This happens because the engine mistakenly executes code from a remote repository referenced in a model's configuration, even when explicit security measures are set to prevent it.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:c5efe40fa2a6e98d7d3d6676befff0dbbd87b2887769bb7e5856c5b0b0ada125_amd64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in Fulcio, a free-to-use certificate authority. This vulnerability allows a denial of service (DoS) due to excessive memory allocation when processing a malicious OpenID Connect (OIDC) identity token containing numerous period characters.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:c5efe40fa2a6e98d7d3d6676befff0dbbd87b2887769bb7e5856c5b0b0ada125_amd64 | — |
Vendor Fix
fix
|
Threats
Impact
Important
References
84 references
Acknowledgments
jub0bs
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat AI Inference Server 3.2.5 (ROCm) is now available.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat\u00ae AI Inference Server",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:23449",
"url": "https://access.redhat.com/errata/RHSA-2025:23449"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-22868",
"url": "https://access.redhat.com/security/cve/CVE-2025-22868"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-22869",
"url": "https://access.redhat.com/security/cve/CVE-2025-22869"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-47906",
"url": "https://access.redhat.com/security/cve/CVE-2025-47906"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-52565",
"url": "https://access.redhat.com/security/cve/CVE-2025-52565"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-59375",
"url": "https://access.redhat.com/security/cve/CVE-2025-59375"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-62164",
"url": "https://access.redhat.com/security/cve/CVE-2025-62164"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-62372",
"url": "https://access.redhat.com/security/cve/CVE-2025-62372"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-66448",
"url": "https://access.redhat.com/security/cve/CVE-2025-66448"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-66506",
"url": "https://access.redhat.com/security/cve/CVE-2025-66506"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-9230",
"url": "https://access.redhat.com/security/cve/CVE-2025-9230"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-9714",
"url": "https://access.redhat.com/security/cve/CVE-2025-9714"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "external",
"summary": "https://www.redhat.com/en/products/ai/inference-server",
"url": "https://www.redhat.com/en/products/ai/inference-server"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_23449.json"
}
],
"title": "Red Hat Security Advisory: Red Hat AI Inference Server 3.2.5 (ROCm)",
"tracking": {
"current_release_date": "2026-06-05T19:39:37+00:00",
"generator": {
"date": "2026-06-05T19:39:37+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.2"
}
},
"id": "RHSA-2025:23449",
"initial_release_date": "2025-12-17T08:22:31+00:00",
"revision_history": [
{
"date": "2025-12-17T08:22:31+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-12-17T08:22:37+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-06-05T19:39:37+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat AI Inference Server 3.2",
"product": {
"name": "Red Hat AI Inference Server 3.2",
"product_id": "Red Hat AI Inference Server 3.2",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:ai_inference_server:3.2::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat AI Inference Server"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:c5efe40fa2a6e98d7d3d6676befff0dbbd87b2887769bb7e5856c5b0b0ada125_amd64",
"product": {
"name": "registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:c5efe40fa2a6e98d7d3d6676befff0dbbd87b2887769bb7e5856c5b0b0ada125_amd64",
"product_id": "registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:c5efe40fa2a6e98d7d3d6676befff0dbbd87b2887769bb7e5856c5b0b0ada125_amd64",
"product_identification_helper": {
"purl": "pkg:oci/vllm-rocm-rhel9@sha256%3Ac5efe40fa2a6e98d7d3d6676befff0dbbd87b2887769bb7e5856c5b0b0ada125?arch=amd64\u0026repository_url=registry.redhat.io/rhaiis\u0026tag=3.2.5-1765552603"
}
}
}
],
"category": "architecture",
"name": "amd64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:c5efe40fa2a6e98d7d3d6676befff0dbbd87b2887769bb7e5856c5b0b0ada125_amd64 as a component of Red Hat AI Inference Server 3.2",
"product_id": "Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:c5efe40fa2a6e98d7d3d6676befff0dbbd87b2887769bb7e5856c5b0b0ada125_amd64"
},
"product_reference": "registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:c5efe40fa2a6e98d7d3d6676befff0dbbd87b2887769bb7e5856c5b0b0ada125_amd64",
"relates_to_product_reference": "Red Hat AI Inference Server 3.2"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-9230",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2025-09-17T12:15:34.387000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2396054"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the OpenSSL CMS implementation (RFC 3211 KEK Unwrap). This vulnerability allows memory corruption, an application level denial of service, or potential execution of attacker-supplied code via crafted CMS messages using password-based encryption (PWRI).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openssl: Out-of-bounds read \u0026 write in RFC 3211 KEK Unwrap",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The vulnerability was rated as Moderate because, while the potential impact includes an application level denial of service and possible arbitrary code execution, successful exploitation is considered unlikely due to the high attack complexity and the fact that password-based CMS encryption (PWRI) is rarely used in real-world deployments.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:c5efe40fa2a6e98d7d3d6676befff0dbbd87b2887769bb7e5856c5b0b0ada125_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-9230"
},
{
"category": "external",
"summary": "RHBZ#2396054",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2396054"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-9230",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9230"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-9230",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-9230"
}
],
"release_date": "2025-09-30T23:59:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-12-17T08:22:31+00:00",
"details": "For more information visit https://access.redhat.com/errata/RHSA-2025:23449",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:c5efe40fa2a6e98d7d3d6676befff0dbbd87b2887769bb7e5856c5b0b0ada125_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:23449"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:c5efe40fa2a6e98d7d3d6676befff0dbbd87b2887769bb7e5856c5b0b0ada125_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:c5efe40fa2a6e98d7d3d6676befff0dbbd87b2887769bb7e5856c5b0b0ada125_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "openssl: Out-of-bounds read \u0026 write in RFC 3211 KEK Unwrap"
},
{
"cve": "CVE-2025-9714",
"cwe": {
"id": "CWE-606",
"name": "Unchecked Input for Loop Condition"
},
"discovery_date": "2025-09-02T13:03:56.452000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2392605"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in libxstl/libxml2. The \u0027exsltDynMapFunction\u0027 function in libexslt/dynamic.c does not contain a recursion depth check, which may cause an infinite loop via a specially crafted XSLT document while handling \u0027dyn:map()\u0027, leading to stack exhaustion and a local denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libxslt: libxml2: Inifinite recursion at exsltDynMapFunction function in libexslt/dynamic.c",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "No evidence was found for arbitrary memory corruption through this flaw, limiting its impact to Availability only, and reducing its severity to Moderate.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:c5efe40fa2a6e98d7d3d6676befff0dbbd87b2887769bb7e5856c5b0b0ada125_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-9714"
},
{
"category": "external",
"summary": "RHBZ#2392605",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2392605"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-9714",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9714"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-9714",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-9714"
},
{
"category": "external",
"summary": "https://gitlab.gnome.org/GNOME/libxml2/-/commit/677a42645ef22b5a50741bad5facf9d8a8bc6d21",
"url": "https://gitlab.gnome.org/GNOME/libxml2/-/commit/677a42645ef22b5a50741bad5facf9d8a8bc6d21"
},
{
"category": "external",
"summary": "https://gitlab.gnome.org/GNOME/libxslt/-/issues/148",
"url": "https://gitlab.gnome.org/GNOME/libxslt/-/issues/148"
}
],
"release_date": "2025-09-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-12-17T08:22:31+00:00",
"details": "For more information visit https://access.redhat.com/errata/RHSA-2025:23449",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:c5efe40fa2a6e98d7d3d6676befff0dbbd87b2887769bb7e5856c5b0b0ada125_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:23449"
},
{
"category": "workaround",
"details": "The impact of this flaw may be reduced by setting strict resource limits to the stack size of processes at the operational system level. This can be achieved either through the \u0027ulimit\u0027 shell built-in or the \u0027limits.conf\u0027 file.",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:c5efe40fa2a6e98d7d3d6676befff0dbbd87b2887769bb7e5856c5b0b0ada125_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:c5efe40fa2a6e98d7d3d6676befff0dbbd87b2887769bb7e5856c5b0b0ada125_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "libxslt: libxml2: Inifinite recursion at exsltDynMapFunction function in libexslt/dynamic.c"
},
{
"acknowledgments": [
{
"names": [
"jub0bs"
]
}
],
"cve": "CVE-2025-22868",
"cwe": {
"id": "CWE-1286",
"name": "Improper Validation of Syntactic Correctness of Input"
},
"discovery_date": "2025-02-26T04:00:44.350024+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2348366"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the `golang.org/x/oauth2/jws` package in the token parsing component. This vulnerability is made possible because of the use of `strings.Split(token, \".\")` to split JWT tokens, which can lead to excessive memory consumption when processing maliciously crafted tokens with a large number of `.` characters. An attacker could exploit this functionality by sending numerous malformed tokens and can trigger memory exhaustion and a Denial of Service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang.org/x/oauth2/jws: Unexpected memory consumption during token parsing in golang.org/x/oauth2/jws",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:c5efe40fa2a6e98d7d3d6676befff0dbbd87b2887769bb7e5856c5b0b0ada125_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-22868"
},
{
"category": "external",
"summary": "RHBZ#2348366",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2348366"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-22868",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22868"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-22868",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-22868"
},
{
"category": "external",
"summary": "https://go.dev/cl/652155",
"url": "https://go.dev/cl/652155"
},
{
"category": "external",
"summary": "https://go.dev/issue/71490",
"url": "https://go.dev/issue/71490"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-3488",
"url": "https://pkg.go.dev/vuln/GO-2025-3488"
}
],
"release_date": "2025-02-26T03:07:49.012000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-12-17T08:22:31+00:00",
"details": "For more information visit https://access.redhat.com/errata/RHSA-2025:23449",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:c5efe40fa2a6e98d7d3d6676befff0dbbd87b2887769bb7e5856c5b0b0ada125_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:23449"
},
{
"category": "workaround",
"details": "To mitigate this vulnerability, it is recommended to pre-validate any payloads passed to `go-jose` to check that they do not contain an excessive amount of `.` characters.",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:c5efe40fa2a6e98d7d3d6676befff0dbbd87b2887769bb7e5856c5b0b0ada125_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:c5efe40fa2a6e98d7d3d6676befff0dbbd87b2887769bb7e5856c5b0b0ada125_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang.org/x/oauth2/jws: Unexpected memory consumption during token parsing in golang.org/x/oauth2/jws"
},
{
"cve": "CVE-2025-22869",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2025-02-26T04:00:47.683125+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2348367"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the golang.org/x/crypto/ssh package. SSH clients and servers are vulnerable to increased resource consumption, possibly leading to memory exhaustion and a DoS. This can occur during key exchange when the other party is slow to respond during key exchange.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang.org/x/crypto/ssh: Denial of Service in the Key Exchange of golang.org/x/crypto/ssh",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "While this flaw affects both SSH clients and servers implemented with golang.org/x/crypto/ssh, realistically the flaw will only lead to a DoS when transferring large files, greatly reducing the likelihood of exploitation.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:c5efe40fa2a6e98d7d3d6676befff0dbbd87b2887769bb7e5856c5b0b0ada125_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-22869"
},
{
"category": "external",
"summary": "RHBZ#2348367",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2348367"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-22869",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22869"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-22869",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-22869"
},
{
"category": "external",
"summary": "https://go.dev/cl/652135",
"url": "https://go.dev/cl/652135"
},
{
"category": "external",
"summary": "https://go.dev/issue/71931",
"url": "https://go.dev/issue/71931"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-3487",
"url": "https://pkg.go.dev/vuln/GO-2025-3487"
}
],
"release_date": "2025-02-26T03:07:48.855000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-12-17T08:22:31+00:00",
"details": "For more information visit https://access.redhat.com/errata/RHSA-2025:23449",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:c5efe40fa2a6e98d7d3d6676befff0dbbd87b2887769bb7e5856c5b0b0ada125_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:23449"
},
{
"category": "workaround",
"details": "This flaw can be mitigated when using the client only connecting to trusted servers.",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:c5efe40fa2a6e98d7d3d6676befff0dbbd87b2887769bb7e5856c5b0b0ada125_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:c5efe40fa2a6e98d7d3d6676befff0dbbd87b2887769bb7e5856c5b0b0ada125_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang.org/x/crypto/ssh: Denial of Service in the Key Exchange of golang.org/x/crypto/ssh"
},
{
"cve": "CVE-2025-47906",
"cwe": {
"id": "CWE-440",
"name": "Expected Behavior Violation"
},
"discovery_date": "2025-09-18T19:00:47.541046+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2396546"
}
],
"notes": [
{
"category": "description",
"text": "A path handling flaw has been discovered in the os/exec go package. If the PATH environment variable contains paths which are executables (rather than just directories), passing certain strings to LookPath (\"\", \".\", and \"..\"), can result in the binaries listed in the PATH being unexpectedly returned.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "os/exec: Unexpected paths returned from LookPath in os/exec",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:c5efe40fa2a6e98d7d3d6676befff0dbbd87b2887769bb7e5856c5b0b0ada125_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-47906"
},
{
"category": "external",
"summary": "RHBZ#2396546",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2396546"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-47906",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47906"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-47906",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-47906"
},
{
"category": "external",
"summary": "https://go.dev/cl/691775",
"url": "https://go.dev/cl/691775"
},
{
"category": "external",
"summary": "https://go.dev/issue/74466",
"url": "https://go.dev/issue/74466"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/x5MKroML2yM",
"url": "https://groups.google.com/g/golang-announce/c/x5MKroML2yM"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-3956",
"url": "https://pkg.go.dev/vuln/GO-2025-3956"
}
],
"release_date": "2025-09-18T18:41:11.847000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-12-17T08:22:31+00:00",
"details": "For more information visit https://access.redhat.com/errata/RHSA-2025:23449",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:c5efe40fa2a6e98d7d3d6676befff0dbbd87b2887769bb7e5856c5b0b0ada125_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:23449"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:c5efe40fa2a6e98d7d3d6676befff0dbbd87b2887769bb7e5856c5b0b0ada125_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L",
"version": "3.1"
},
"products": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:c5efe40fa2a6e98d7d3d6676befff0dbbd87b2887769bb7e5856c5b0b0ada125_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "os/exec: Unexpected paths returned from LookPath in os/exec"
},
{
"cve": "CVE-2025-52565",
"cwe": {
"id": "CWE-59",
"name": "Improper Link Resolution Before File Access (\u0027Link Following\u0027)"
},
"discovery_date": "2025-10-17T14:19:18.653000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2404708"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in runc. CVE-2025-52565 is very similar in concept and application toCVE-2025-31133, except that it exploits a flaw in /dev/console\nbind-mounts. When creating the /dev/console bind-mount (to /dev/pts/$n), if an attacker replaces /dev/pts/$n with a symlink then runc will bind-mount the symlink target over /dev/console.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "runc: container escape with malicious config due to /dev/console mount and related races",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat considers this as an Important flaw since the impact is limited to local attack with minimal privileges in order to jeopardize the environment.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:c5efe40fa2a6e98d7d3d6676befff0dbbd87b2887769bb7e5856c5b0b0ada125_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-52565"
},
{
"category": "external",
"summary": "RHBZ#2404708",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2404708"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-52565",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-52565"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-52565",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-52565"
},
{
"category": "external",
"summary": "https://github.com/opencontainers/runc/security/advisories/GHSA-qw9x-cqr3-wc7r",
"url": "https://github.com/opencontainers/runc/security/advisories/GHSA-qw9x-cqr3-wc7r"
}
],
"release_date": "2025-11-05T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-12-17T08:22:31+00:00",
"details": "For more information visit https://access.redhat.com/errata/RHSA-2025:23449",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:c5efe40fa2a6e98d7d3d6676befff0dbbd87b2887769bb7e5856c5b0b0ada125_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:23449"
},
{
"category": "workaround",
"details": "Potential mitigations for this issue include:\n\n* Using user namespaces, with the host root user not mapped into the container\u0027s namespace. procfs file permissions are managed using Unix DAC and thus user namespaces stop a container process from being able to write to them.\n* Not running as a root user in the container (this includes disabling setuid binaries with noNewPrivileges). As above, procfs file permissions are managed using Unix DAC and thus non-root users cannot write to them.\n* The default SELinux policy should mitigate this issue, as the /dev/console bind-mount does not re-label the mount and so the container process should not be able to write to unsafe procfs files. However, CVE-2025-52881 allows an attacker to bypass LSM labels, and so this mitigation is not helpful when considered in combination with CVE-2025-52881.\n* The default AppArmor profile used by most runtimes will NOT help mitigate this issue, as /dev/console access is permitted. You could create a custom profile that blocks access to /dev/console, but such a profile might break regular containers. In addition, CVE-2025-52881 allows an attacker to bypass LSM labels, and so that mitigation is not helpful when considered in combination with CVE-2025-52881.",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:c5efe40fa2a6e98d7d3d6676befff0dbbd87b2887769bb7e5856c5b0b0ada125_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:c5efe40fa2a6e98d7d3d6676befff0dbbd87b2887769bb7e5856c5b0b0ada125_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "runc: container escape with malicious config due to /dev/console mount and related races"
},
{
"cve": "CVE-2025-59375",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2025-09-15T03:00:59.775098+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2395108"
}
],
"notes": [
{
"category": "description",
"text": "A memory amplification vulnerability in libexpat allows attackers to trigger excessive dynamic memory allocations by submitting specially crafted XML input. A small input (~250 KiB) can cause the parser to allocate hundreds of megabytes, leading to denial-of-service (DoS) through memory exhaustion.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "firefox: thunderbird: expat: libexpat in Expat allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue is Important rather than Critical because, while it allows for significant resource exhaustion leading to denial-of-service (DoS), it does not enable arbitrary code execution, data leakage, or privilege escalation. The vulnerability stems from an uncontrolled memory amplification behavior in libexpat\u2019s parser, where a relatively small XML payload can cause disproportionately large heap allocations. However, the flaw is limited in scope to service disruption and requires the attacker to submit a crafted XML document\u2014something that can be mitigated with proper input validation and memory usage limits. Therefore, while the exploitability is high, the impact is confined to availability, not confidentiality or integrity, making it a high-severity but not critical flaw.\n\nIn Firefox and Thunderbird, where libexpat is a transitive userspace dependency, exploitation usually just crashes the application (app-level DoS), so it is classified as Moderate instead of Important.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:c5efe40fa2a6e98d7d3d6676befff0dbbd87b2887769bb7e5856c5b0b0ada125_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-59375"
},
{
"category": "external",
"summary": "RHBZ#2395108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2395108"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-59375",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59375"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-59375",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-59375"
},
{
"category": "external",
"summary": "https://www.mozilla.org/security/advisories/mfsa2026-22/#CVE-2025-59375",
"url": "https://www.mozilla.org/security/advisories/mfsa2026-22/#CVE-2025-59375"
},
{
"category": "external",
"summary": "https://www.mozilla.org/security/advisories/mfsa2026-24/#CVE-2025-59375",
"url": "https://www.mozilla.org/security/advisories/mfsa2026-24/#CVE-2025-59375"
}
],
"release_date": "2025-09-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-12-17T08:22:31+00:00",
"details": "For more information visit https://access.redhat.com/errata/RHSA-2025:23449",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:c5efe40fa2a6e98d7d3d6676befff0dbbd87b2887769bb7e5856c5b0b0ada125_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:23449"
},
{
"category": "workaround",
"details": "To mitigate the issue, limit XML input size and complexity before parsing, and avoid accepting compressed or deeply nested XML. Use OS-level resource controls (like ulimit or setrlimit()) to cap memory usage, or run the parser in a sandboxed or isolated process with strict memory and CPU limits. This helps prevent denial-of-service by containing excessive resource consumption.",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:c5efe40fa2a6e98d7d3d6676befff0dbbd87b2887769bb7e5856c5b0b0ada125_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:c5efe40fa2a6e98d7d3d6676befff0dbbd87b2887769bb7e5856c5b0b0ada125_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "firefox: thunderbird: expat: libexpat in Expat allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing"
},
{
"cve": "CVE-2025-62164",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2025-11-21T02:01:11.280042+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2416282"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability in vLLM allows attackers to supply malicious serialized prompt-embedding tensors that are deserialized using torch.load() without validation. Due to PyTorch 2.8.0 disabling sparse-tensor integrity checks by default, a crafted tensor can bypass bounds checks and cause an out-of-bounds write during to_dense(), leading to a crash (DoS) and potentially remote code execution on the vLLM server.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "vllm: VLLM deserialization vulnerability leading to DoS and potential RCE",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is considered important rather than moderate because it involves unsafe deserialization leading to memory corruption in a network-reachable, unauthenticated API path. Unlike typical moderate flaws that may only allow limited DoS or require specific conditions, this issue allows an attacker to supply a crafted sparse tensor that triggers an out-of-bounds memory write during PyTorch\u2019s to_dense() conversion. Memory corruption in a server process handling untrusted input significantly elevates security risk because it can lead not only to a reliable crash but also to potential remote code execution, enabling full compromise of the vLLM service. Additionally, the affected code path is part of the standard Completions API workflow, making the attack surface broadly exposed in real deployments. The combination of remote exploitability, unauthenticated access, memory corruption, and potential RCE clearly positions this issue above a moderate classification and into an important severity level.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:c5efe40fa2a6e98d7d3d6676befff0dbbd87b2887769bb7e5856c5b0b0ada125_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-62164"
},
{
"category": "external",
"summary": "RHBZ#2416282",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2416282"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-62164",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-62164"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-62164",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-62164"
},
{
"category": "external",
"summary": "https://github.com/vllm-project/vllm/commit/58fab50d82838d5014f4a14d991fdb9352c9c84b",
"url": "https://github.com/vllm-project/vllm/commit/58fab50d82838d5014f4a14d991fdb9352c9c84b"
},
{
"category": "external",
"summary": "https://github.com/vllm-project/vllm/pull/27204",
"url": "https://github.com/vllm-project/vllm/pull/27204"
},
{
"category": "external",
"summary": "https://github.com/vllm-project/vllm/security/advisories/GHSA-mrw7-hf4f-83pf",
"url": "https://github.com/vllm-project/vllm/security/advisories/GHSA-mrw7-hf4f-83pf"
}
],
"release_date": "2025-11-21T01:18:38.803000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-12-17T08:22:31+00:00",
"details": "For more information visit https://access.redhat.com/errata/RHSA-2025:23449",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:c5efe40fa2a6e98d7d3d6676befff0dbbd87b2887769bb7e5856c5b0b0ada125_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:23449"
},
{
"category": "workaround",
"details": "No mitigation is currently available that meets Red Hat Product Security\u2019s standards for usability, deployment, applicability, or stability.",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:c5efe40fa2a6e98d7d3d6676befff0dbbd87b2887769bb7e5856c5b0b0ada125_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:c5efe40fa2a6e98d7d3d6676befff0dbbd87b2887769bb7e5856c5b0b0ada125_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "vllm: VLLM deserialization vulnerability leading to DoS and potential RCE"
},
{
"cve": "CVE-2025-62372",
"cwe": {
"id": "CWE-129",
"name": "Improper Validation of Array Index"
},
"discovery_date": "2025-11-21T02:00:57.180567+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2416280"
}
],
"notes": [
{
"category": "description",
"text": "A denial-of-service vulnerability in vLLM allows an attacker with API access to crash the engine by submitting multimodal embedding tensors that have the correct number of dimensions but an invalid internal shape. Because vLLM validates only the tensor\u2019s ndim and not the full expected shape, malformed embeddings trigger shape mismatches or validation failures during processing, causing the inference engine to terminate.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "vllm: vLLM vulnerable to DoS with incorrect shape of multimodal embedding inputs",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw is rated Moderate rather than Important because its impact is strictly limited to availability and requires low but existing privileges to exploit. The issue arises from incomplete shape validation of multimodal embedding tensors, which can cause deterministic crashes in the inference engine, but it does not enable memory corruption, data leakage, integrity compromise, or execution of arbitrary code. Exploitation requires an authenticated or API-key-holding user to submit malformed multimodal inputs, meaning it cannot be triggered by an unauthenticated attacker on an exposed endpoint. Additionally, the failure mode is a clean crash rather than undefined behavior, so the blast radius is constrained to service interruption rather than broader systemic compromise. These factors\u2014PR:L requirement, no confidentiality/integrity impact, deterministic failure mode, and scoped DoS only\u2014technically align the issue with Moderate severity instead of an Important flaw.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:c5efe40fa2a6e98d7d3d6676befff0dbbd87b2887769bb7e5856c5b0b0ada125_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-62372"
},
{
"category": "external",
"summary": "RHBZ#2416280",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2416280"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-62372",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-62372"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-62372",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-62372"
},
{
"category": "external",
"summary": "https://github.com/vllm-project/vllm/commit/58fab50d82838d5014f4a14d991fdb9352c9c84b",
"url": "https://github.com/vllm-project/vllm/commit/58fab50d82838d5014f4a14d991fdb9352c9c84b"
},
{
"category": "external",
"summary": "https://github.com/vllm-project/vllm/pull/27204",
"url": "https://github.com/vllm-project/vllm/pull/27204"
},
{
"category": "external",
"summary": "https://github.com/vllm-project/vllm/pull/6613",
"url": "https://github.com/vllm-project/vllm/pull/6613"
},
{
"category": "external",
"summary": "https://github.com/vllm-project/vllm/security/advisories/GHSA-pmqf-x6x8-p7qw",
"url": "https://github.com/vllm-project/vllm/security/advisories/GHSA-pmqf-x6x8-p7qw"
}
],
"release_date": "2025-11-21T01:22:37.121000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-12-17T08:22:31+00:00",
"details": "For more information visit https://access.redhat.com/errata/RHSA-2025:23449",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:c5efe40fa2a6e98d7d3d6676befff0dbbd87b2887769bb7e5856c5b0b0ada125_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:23449"
},
{
"category": "workaround",
"details": "No mitigation is currently available that meets Red Hat Product Security\u2019s standards for usability, deployment, applicability, or stability.",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:c5efe40fa2a6e98d7d3d6676befff0dbbd87b2887769bb7e5856c5b0b0ada125_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:c5efe40fa2a6e98d7d3d6676befff0dbbd87b2887769bb7e5856c5b0b0ada125_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "vllm: vLLM vulnerable to DoS with incorrect shape of multimodal embedding inputs"
},
{
"cve": "CVE-2025-66448",
"cwe": {
"id": "CWE-94",
"name": "Improper Control of Generation of Code (\u0027Code Injection\u0027)"
},
"discovery_date": "2025-12-01T23:01:07.198041+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2418152"
}
],
"notes": [
{
"category": "description",
"text": "A remote code execution vulnerability has been identified in vLLM. An attacker can exploit a weakness in the model loading process to silently fetch and run unauthorized, malicious Python code on the host system. This happens because the engine mistakenly executes code from a remote repository referenced in a model\u0027s configuration, even when explicit security measures are set to prevent it.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "vllm: vLLM: Remote Code Execution via malicious model configuration",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Important for Red Hat because vLLM, when deployed in a Red Hat environment, is susceptible to remote code execution. An attacker can craft a malicious model configuration that, when loaded, fetches and executes arbitrary Python code from a remote repository, even if `trust_remote_code` is explicitly set to `False`.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:c5efe40fa2a6e98d7d3d6676befff0dbbd87b2887769bb7e5856c5b0b0ada125_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-66448"
},
{
"category": "external",
"summary": "RHBZ#2418152",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2418152"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-66448",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66448"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-66448",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66448"
},
{
"category": "external",
"summary": "https://github.com/vllm-project/vllm/commit/ffb08379d8870a1a81ba82b72797f196838d0c86",
"url": "https://github.com/vllm-project/vllm/commit/ffb08379d8870a1a81ba82b72797f196838d0c86"
},
{
"category": "external",
"summary": "https://github.com/vllm-project/vllm/pull/28126",
"url": "https://github.com/vllm-project/vllm/pull/28126"
},
{
"category": "external",
"summary": "https://github.com/vllm-project/vllm/security/advisories/GHSA-8fr4-5q9j-m8gm",
"url": "https://github.com/vllm-project/vllm/security/advisories/GHSA-8fr4-5q9j-m8gm"
}
],
"release_date": "2025-12-01T22:45:42.566000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-12-17T08:22:31+00:00",
"details": "For more information visit https://access.redhat.com/errata/RHSA-2025:23449",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:c5efe40fa2a6e98d7d3d6676befff0dbbd87b2887769bb7e5856c5b0b0ada125_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:23449"
},
{
"category": "workaround",
"details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:c5efe40fa2a6e98d7d3d6676befff0dbbd87b2887769bb7e5856c5b0b0ada125_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:c5efe40fa2a6e98d7d3d6676befff0dbbd87b2887769bb7e5856c5b0b0ada125_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "vllm: vLLM: Remote Code Execution via malicious model configuration"
},
{
"cve": "CVE-2025-66506",
"cwe": {
"id": "CWE-405",
"name": "Asymmetric Resource Consumption (Amplification)"
},
"discovery_date": "2025-12-04T23:01:20.507333+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2419056"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Fulcio, a free-to-use certificate authority. This vulnerability allows a denial of service (DoS) due to excessive memory allocation when processing a malicious OpenID Connect (OIDC) identity token containing numerous period characters.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "github.com/sigstore/fulcio: Fulcio: Denial of Service via crafted OpenID Connect (OIDC) token",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Important for Red Hat as Fulcio, a certificate authority used for issuing code signing certificates, is susceptible to a denial of service when processing a specially crafted OpenID Connect (OIDC) token. This could lead to resource exhaustion and service unavailability in affected Red Hat products that utilize Fulcio.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:c5efe40fa2a6e98d7d3d6676befff0dbbd87b2887769bb7e5856c5b0b0ada125_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-66506"
},
{
"category": "external",
"summary": "RHBZ#2419056",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2419056"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-66506",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66506"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-66506",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66506"
},
{
"category": "external",
"summary": "https://github.com/sigstore/fulcio/commit/765a0e57608b9ef390e1eeeea8595b9054c63a5a",
"url": "https://github.com/sigstore/fulcio/commit/765a0e57608b9ef390e1eeeea8595b9054c63a5a"
},
{
"category": "external",
"summary": "https://github.com/sigstore/fulcio/security/advisories/GHSA-f83f-xpx7-ffpw",
"url": "https://github.com/sigstore/fulcio/security/advisories/GHSA-f83f-xpx7-ffpw"
}
],
"release_date": "2025-12-04T22:04:41.637000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-12-17T08:22:31+00:00",
"details": "For more information visit https://access.redhat.com/errata/RHSA-2025:23449",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:c5efe40fa2a6e98d7d3d6676befff0dbbd87b2887769bb7e5856c5b0b0ada125_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:23449"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:c5efe40fa2a6e98d7d3d6676befff0dbbd87b2887769bb7e5856c5b0b0ada125_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "github.com/sigstore/fulcio: Fulcio: Denial of Service via crafted OpenID Connect (OIDC) token"
}
]
}
RHSA-2026:0414
Vulnerability from csaf_redhat - Published: 2026-01-08 22:34 - Updated: 2026-06-05 19:42Summary
Red Hat Security Advisory: A Subscription Management tool for finding and reporting Red Hat product usage
Severity
Important
Notes
Topic: A Subscription Management tool for finding and reporting Red Hat product usage
Details: Red Hat Discovery, also known as Discovery, is an inspection and reporting tool that finds,
identifies, and reports environment data, or facts, such as the number of physical and virtual
systems on a network, their operating systems, and relevant configuration data stored within
them. Discovery also identifies and reports more detailed facts for some versions of key
Red Hat packages and products that it finds in the network.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A vulnerability was found in Python/CPython that does not disallow configuring an empty list ("[]") for SSLContext.set_npn_protocols(), which is an invalid value for the underlying OpenSSL API. This issue results in a buffer over-read when NPN is used. See CVE -2024-5535 for OpenSSL for more information.
CWE-20 - Improper Input ValidationAffected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64 | — |
Vendor Fix
fix
|
Threats
Impact
Low
A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process. A SUID binary or process has a special type of permission, which allows the process to run with the file owner's permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original's SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality.
4.7 (Medium)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A denial-of-service (DoS) vulnerability has been discovered in Python's html.parser.HTMLParser class. When processing specially malformed HTML input, the parsing runtime can become quadratic with respect to the input size. This significantly increased processing time can lead to excessive resource consumption, ultimately causing a denial-of-service condition in applications that rely on this parser.
4.3 (Medium)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A vulnerability in Python’s os.path.expandvars() function that can cause performance degradation. When processing specially crafted, user-controlled input with nested environment variable patterns, the function exhibits quadratic time complexity, potentially leading to excessive CPU usage and denial of service (DoS) conditions. No code execution or data exposure occurs, so the impact is limited to performance slowdown.
4.0 (Medium)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Low
A zip file handling flaw has been discovered in the python standard library `zipfile` module. The 'zipfile' module would not check the validity of the ZIP64 End of Central Directory (EOCD) Locator record offset value would not be used to locate the ZIP64 EOCD record, instead the ZIP64 EOCD record would be assumed to be the previous record in the ZIP archive. This could be abused to create ZIP archives that are handled differently by the 'zipfile' module compared to other ZIP implementations.
4.3 (Medium)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in libxstl/libxml2. The 'exsltDynMapFunction' function in libexslt/dynamic.c does not contain a recursion depth check, which may cause an infinite loop via a specially crafted XSLT document while handling 'dyn:map()', leading to stack exhaustion and a local denial of service.
6.2 (Medium)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in node-forge. This vulnerability allows unauthenticated attackers to bypass downstream cryptographic verifications and security decisions via crafting ASN.1 (Abstract Syntax Notation One) structures to desynchronize schema validations, yielding a semantic divergence.
8.7 (High)
Affected products
Fixed
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64 | — |
Workaround
|
Threats
Impact
Important
A flaw was found in qs, a module used for parsing query strings. A remote attacker can exploit an improper input validation vulnerability by sending specially crafted HTTP requests that use bracket notation (e.g., `a[]=value`). This bypasses the `arrayLimit` option, which is designed to limit the size of parsed arrays and prevent resource exhaustion. Successful exploitation can lead to memory exhaustion, causing a Denial of Service (DoS) where the application crashes or becomes unresponsive, making the service unavailable to users.
7.5 (High)
Affected products
Fixed
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64 | — |
Workaround
|
Threats
Impact
Important
A relative path traversal flaw was found in the gnu tar utility. When archives with relative paths are extracted without the ‘--keep-old-files’ (‘-k’), the extraction process may overwrite existing files that the current user has access to. The server may be impacted if these files are critical to the operation of some service.
5.6 (Medium)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A memory amplification vulnerability in libexpat allows attackers to trigger excessive dynamic memory allocations by submitting specially crafted XML input. A small input (~250 KiB) can cause the parser to allocate hundreds of megabytes, leading to denial-of-service (DoS) through memory exhaustion.
5.3 (Medium)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in Django. The django.utils.archive.extract() function, used by startapp --templateand startproject --template, allowed partial directory-traversal via an archive with file paths sharing a common prefix with the target directory.
8.8 (High)
Affected products
Fixed
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64 | — |
Workaround
|
Threats
Impact
Important
A flaw was found in OpenSSH where control characters in usernames were not properly validated when sourced from untrusted inputs like the command line or configuration expansion. If a ProxyCommand is used, these control characters could modify command behavior, potentially leading to code execution.
5.3 (Medium)
Affected products
Fixed
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64 | — |
Vendor Fix
fix
|
Known not affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64 | — | ||
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64 | — |
Threats
Impact
Moderate
A flaw was found in OpenSSH where the SSH client accepted \0 (null) characters in ssh:// URIs. When a ProxyCommand is configured, these characters could alter how the command is parsed, potentially leading to code execution depending on how the proxy is set up.
5.3 (Medium)
Affected products
Fixed
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64 | — |
Vendor Fix
fix
|
Known not affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64 | — | ||
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64 | — |
Threats
Impact
Moderate
A flaw was found in Django. This vulnerability allows a remote attacker to cause a potential denial-of-service (DoS) attack triggering Central Processing Unit (CPU) and memory exhaustion via specially crafted Extensible Markup Language (XML) input processed by the XML Deserializer.
7.5 (High)
Affected products
Fixed
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64 | — |
Workaround
|
Threats
Impact
Important
A buffer overflow flaw has been discovered in libpng. An out-of-bounds read vulnerability exists in png_image_read_composite when processing palette images with PNG_FLAG_OPTIMIZE_ALPHA enabled. The palette compositing code in png_init_read_transformations incorrectly applies background compositing during premultiplication, violating the invariant component ≤ alpha × 257 required by the simplified PNG API.
7.1 (High)
Affected products
Fixed
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64 | — |
Workaround
|
Threats
Impact
Important
A flaw was found in glob. This vulnerability allows arbitrary command execution via processing files with malicious names when the glob command-line interface (CLI) is used with the -c/--cmd option, enabling shell metacharacters to trigger command injection.
7.5 (High)
Affected products
Fixed
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64 | — |
Workaround
|
Threats
Impact
Important
A buffer overflow flaw has been discovered in libpng. There is a heap buffer overflow vulnerability in the libpng simplified API function png_image_finish_read when processing 16-bit interlaced PNGs with 8-bit output format. Attacker-crafted interlaced PNG files cause heap writes beyond allocated buffer bounds.
7.1 (High)
Affected products
Fixed
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64 | — |
Workaround
|
Threats
Impact
Important
An ASN.1 Denial of Service (Dos) vulnerability exists in the node-forge asn1.fromDer function within forge/lib/asn1.js. The ASN.1 DER parser implementation (_fromDer) recurses for every constructed ASN.1 value (SEQUENCE, SET, etc.) and lacks a guard limiting recursion depth. An attacker can craft a small DER blob containing a very large nesting depth of constructed TLVs which causes the Node.js V8 engine to exhaust its call stack and throw RangeError: Maximum call stack size exceeded, crashing or incapacitating the process handling the parse. This is a remote, low-cost Denial-of-Service against applications that parse untrusted ASN.1 objects.
5.3 (Medium)
Affected products
Fixed
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64 | — |
Workaround
|
Threats
Impact
Moderate
An out of bounds read vulnerability has been discovered in libpng. This vulnerability is in libpng's simplified API allows reading up to 1012 bytes beyond the png_sRGB_base[512] array when processing valid palette PNG images with partial transparency and gamma correction. The PNG files that trigger this vulnerability are valid per the PNG specification; the bug is in libpng's internal state management.
7.1 (High)
Affected products
Fixed
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64 | — |
Workaround
|
Threats
Impact
Important
A flaw was found in urllib3 Python library that could lead to a Denial of Service condition. A remote, malicious server can exploit this flaw by responding to a client request with an HTTP message that uses an excessive number of chained compression algorithms. This unlimited decompression chain causes the client system to consume a virtually unbounded amount of CPU resources and memory. The high resource usage leads to service disruption, making the application unresponsive.
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64 | — |
Vendor Fix
fix
|
Threats
Impact
Important
References
157 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "A Subscription Management tool for finding and reporting Red Hat product usage",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat Discovery, also known as Discovery, is an inspection and reporting tool that finds,\nidentifies, and reports environment data, or facts, such as the number of physical and virtual\nsystems on a network, their operating systems, and relevant configuration data stored within\nthem. Discovery also identifies and reports more detailed facts for some versions of key\nRed Hat packages and products that it finds in the network.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:0414",
"url": "https://access.redhat.com/errata/RHSA-2026:0414"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2024-5642",
"url": "https://access.redhat.com/security/cve/CVE-2024-5642"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-12816",
"url": "https://access.redhat.com/security/cve/CVE-2025-12816"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-15284",
"url": "https://access.redhat.com/security/cve/CVE-2025-15284"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-45582",
"url": "https://access.redhat.com/security/cve/CVE-2025-45582"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-4598",
"url": "https://access.redhat.com/security/cve/CVE-2025-4598"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-59375",
"url": "https://access.redhat.com/security/cve/CVE-2025-59375"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-59682",
"url": "https://access.redhat.com/security/cve/CVE-2025-59682"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-6069",
"url": "https://access.redhat.com/security/cve/CVE-2025-6069"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-6075",
"url": "https://access.redhat.com/security/cve/CVE-2025-6075"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-61984",
"url": "https://access.redhat.com/security/cve/CVE-2025-61984"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-61985",
"url": "https://access.redhat.com/security/cve/CVE-2025-61985"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-64460",
"url": "https://access.redhat.com/security/cve/CVE-2025-64460"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-64720",
"url": "https://access.redhat.com/security/cve/CVE-2025-64720"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-64756",
"url": "https://access.redhat.com/security/cve/CVE-2025-64756"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-65018",
"url": "https://access.redhat.com/security/cve/CVE-2025-65018"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-66031",
"url": "https://access.redhat.com/security/cve/CVE-2025-66031"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-66293",
"url": "https://access.redhat.com/security/cve/CVE-2025-66293"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-66418",
"url": "https://access.redhat.com/security/cve/CVE-2025-66418"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-8291",
"url": "https://access.redhat.com/security/cve/CVE-2025-8291"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-9714",
"url": "https://access.redhat.com/security/cve/CVE-2025-9714"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "external",
"summary": "https://docs.redhat.com/en/documentation/subscription_central/1-latest/#Discovery",
"url": "https://docs.redhat.com/en/documentation/subscription_central/1-latest/#Discovery"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_0414.json"
}
],
"title": "Red Hat Security Advisory: A Subscription Management tool for finding and reporting Red Hat product usage",
"tracking": {
"current_release_date": "2026-06-05T19:42:51+00:00",
"generator": {
"date": "2026-06-05T19:42:51+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.2"
}
},
"id": "RHSA-2026:0414",
"initial_release_date": "2026-01-08T22:34:17+00:00",
"revision_history": [
{
"date": "2026-01-08T22:34:17+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-01-08T22:34:21+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-06-05T19:42:51+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Discovery 2",
"product": {
"name": "Red Hat Discovery 2",
"product_id": "Red Hat Discovery 2",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:discovery:2::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat Discovery"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64",
"product": {
"name": "registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64",
"product_id": "registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64",
"product_identification_helper": {
"purl": "pkg:oci/discovery-server-rhel9@sha256%3Ad4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf?arch=amd64\u0026repository_url=registry.redhat.io/discovery\u0026tag=1767888970"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"product": {
"name": "registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"product_id": "registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"product_identification_helper": {
"purl": "pkg:oci/discovery-ui-rhel9@sha256%3A899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee?arch=amd64\u0026repository_url=registry.redhat.io/discovery\u0026tag=1767904573"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"product": {
"name": "registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"product_id": "registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"product_identification_helper": {
"purl": "pkg:oci/discovery-server-rhel9@sha256%3A75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543?arch=arm64\u0026repository_url=registry.redhat.io/discovery\u0026tag=1767888970"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64",
"product": {
"name": "registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64",
"product_id": "registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64",
"product_identification_helper": {
"purl": "pkg:oci/discovery-ui-rhel9@sha256%3A8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e?arch=arm64\u0026repository_url=registry.redhat.io/discovery\u0026tag=1767904573"
}
}
}
],
"category": "architecture",
"name": "arm64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64 as a component of Red Hat Discovery 2",
"product_id": "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64"
},
"product_reference": "registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"relates_to_product_reference": "Red Hat Discovery 2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64 as a component of Red Hat Discovery 2",
"product_id": "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64"
},
"product_reference": "registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64",
"relates_to_product_reference": "Red Hat Discovery 2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64 as a component of Red Hat Discovery 2",
"product_id": "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64"
},
"product_reference": "registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"relates_to_product_reference": "Red Hat Discovery 2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64 as a component of Red Hat Discovery 2",
"product_id": "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
},
"product_reference": "registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64",
"relates_to_product_reference": "Red Hat Discovery 2"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-5642",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2024-06-28T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2294682"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in Python/CPython that does not disallow configuring an empty list (\"[]\") for SSLContext.set_npn_protocols(), which is an invalid value for the underlying OpenSSL API. This issue results in a buffer over-read when NPN is used. See CVE -2024-5535 for OpenSSL for more information.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "python: Invalid value for OpenSSL API may cause Buffer over-read when NPN is used",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated with a Low severity due to NPN not being widely used and specifying an empty list is likely uncommon in practice. Typically, a protocol name would be configured.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-5642"
},
{
"category": "external",
"summary": "RHBZ#2294682",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2294682"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-5642",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-5642"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-5642",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-5642"
},
{
"category": "external",
"summary": "https://mail.python.org/archives/list/security-announce@python.org/thread/PLP2JI3PJY33YG6P5BZYSSNU66HASXBQ/",
"url": "https://mail.python.org/archives/list/security-announce@python.org/thread/PLP2JI3PJY33YG6P5BZYSSNU66HASXBQ/"
}
],
"release_date": "2024-06-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-08T22:34:17+00:00",
"details": "The containers required to run Discovery can be installed through discovery-installer\nRPM. See the official documentation for more details.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:0414"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 2.7,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "python: Invalid value for OpenSSL API may cause Buffer over-read when NPN is used"
},
{
"cve": "CVE-2025-4598",
"cwe": {
"id": "CWE-364",
"name": "Signal Handler Race Condition"
},
"discovery_date": "2025-05-29T19:04:54.578000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2369242"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original\u0027s privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process.\n\nA SUID binary or process has a special type of permission, which allows the process to run with the file owner\u0027s permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original\u0027s SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "systemd-coredump: race condition that allows a local attacker to crash a SUID program and gain read access to the resulting core dump",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw was rated as having a severity of Moderate due to the complexity to exploit this flaw. The attacker needs to setup a way to win the race condition and have an unprivileged local account to successfully exploit this vulnerability.\n\nBy default Red Hat Enterprise Linux 8 doesn\u0027t allow systemd-coredump to create dumps of SUID programs as the /proc/sys/fs/suid_dumpable is set to 0, disabling by default this capability.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-4598"
},
{
"category": "external",
"summary": "RHBZ#2369242",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2369242"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-4598",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4598"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-4598",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-4598"
},
{
"category": "external",
"summary": "https://www.openwall.com/lists/oss-security/2025/05/29/3",
"url": "https://www.openwall.com/lists/oss-security/2025/05/29/3"
}
],
"release_date": "2025-05-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-08T22:34:17+00:00",
"details": "The containers required to run Discovery can be installed through discovery-installer\nRPM. See the official documentation for more details.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:0414"
},
{
"category": "workaround",
"details": "This issue can be mitigated by disabling the capability of the system to generate a coredump for SUID binaries. The perform that, the following command can be ran as `root` user:\n\n~~~\necho 0 \u003e /proc/sys/fs/suid_dumpable\n~~~\n\nWhile this mitigates this vulnerability while it\u0027s not possible to update the systemd package, it disables the capability of analyzing crashes for such binaries.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "systemd-coredump: race condition that allows a local attacker to crash a SUID program and gain read access to the resulting core dump"
},
{
"cve": "CVE-2025-6069",
"cwe": {
"id": "CWE-1333",
"name": "Inefficient Regular Expression Complexity"
},
"discovery_date": "2025-06-17T14:00:45.339399+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2373234"
}
],
"notes": [
{
"category": "description",
"text": "A denial-of-service (DoS) vulnerability has been discovered in Python\u0027s html.parser.HTMLParser class. When processing specially malformed HTML input, the parsing runtime can become quadratic with respect to the input size. This significantly increased processing time can lead to excessive resource consumption, ultimately causing a denial-of-service condition in applications that rely on this parser.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "cpython: Python HTMLParser quadratic complexity",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-6069"
},
{
"category": "external",
"summary": "RHBZ#2373234",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2373234"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-6069",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6069"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-6069",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-6069"
},
{
"category": "external",
"summary": "https://github.com/python/cpython/commit/4455cbabf991e202185a25a631af206f60bbc949",
"url": "https://github.com/python/cpython/commit/4455cbabf991e202185a25a631af206f60bbc949"
},
{
"category": "external",
"summary": "https://github.com/python/cpython/commit/6eb6c5dbfb528bd07d77b60fd71fd05d81d45c41",
"url": "https://github.com/python/cpython/commit/6eb6c5dbfb528bd07d77b60fd71fd05d81d45c41"
},
{
"category": "external",
"summary": "https://github.com/python/cpython/commit/d851f8e258c7328814943e923a7df81bca15df4b",
"url": "https://github.com/python/cpython/commit/d851f8e258c7328814943e923a7df81bca15df4b"
},
{
"category": "external",
"summary": "https://github.com/python/cpython/issues/135462",
"url": "https://github.com/python/cpython/issues/135462"
},
{
"category": "external",
"summary": "https://github.com/python/cpython/pull/135464",
"url": "https://github.com/python/cpython/pull/135464"
}
],
"release_date": "2025-06-17T13:39:46.058000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-08T22:34:17+00:00",
"details": "The containers required to run Discovery can be installed through discovery-installer\nRPM. See the official documentation for more details.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:0414"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "cpython: Python HTMLParser quadratic complexity"
},
{
"cve": "CVE-2025-6075",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2025-10-31T17:01:47.052517+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2408891"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability in Python\u2019s os.path.expandvars() function that can cause performance degradation. When processing specially crafted, user-controlled input with nested environment variable patterns, the function exhibits quadratic time complexity, potentially leading to excessive CPU usage and denial of service (DoS) conditions. No code execution or data exposure occurs, so the impact is limited to performance slowdown.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "python: Quadratic complexity in os.path.expandvars() with user-controlled template",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Low rather than Moderate because it only causes a performance inefficiency without affecting code execution, data integrity, or confidentiality. The flaw lies in the algorithmic complexity of os.path.expandvars(), which can become quadratic when processing crafted input containing repetitive or nested environment variable references. Exploitation requires the attacker to control the input string passed to this function, which is uncommon in secure applications. Moreover, the impact is limited to increased CPU utilization and potential slowdown, not system compromise or data manipulation. Since the issue does not introduce memory corruption, privilege escalation, or information disclosure risks, its overall impact scope and exploitability are minimal, justifying a Low severity rating.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-6075"
},
{
"category": "external",
"summary": "RHBZ#2408891",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2408891"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-6075",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6075"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-6075",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-6075"
},
{
"category": "external",
"summary": "https://github.com/python/cpython/issues/136065",
"url": "https://github.com/python/cpython/issues/136065"
},
{
"category": "external",
"summary": "https://mail.python.org/archives/list/security-announce@python.org/thread/IUP5QJ6D4KK6ULHOMPC7DPNKRYQTQNLA/",
"url": "https://mail.python.org/archives/list/security-announce@python.org/thread/IUP5QJ6D4KK6ULHOMPC7DPNKRYQTQNLA/"
}
],
"release_date": "2025-10-31T16:41:34.983000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-08T22:34:17+00:00",
"details": "The containers required to run Discovery can be installed through discovery-installer\nRPM. See the official documentation for more details.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:0414"
},
{
"category": "workaround",
"details": "No mitigation is currently available that meets Red Hat Product Security\u2019s standards for usability, deployment, applicability, or stability.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 4.0,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "python: Quadratic complexity in os.path.expandvars() with user-controlled template"
},
{
"cve": "CVE-2025-8291",
"cwe": {
"id": "CWE-130",
"name": "Improper Handling of Length Parameter Inconsistency"
},
"discovery_date": "2025-10-07T19:01:23.599055+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2402342"
}
],
"notes": [
{
"category": "description",
"text": "A zip file handling flaw has been discovered in the python standard library `zipfile` module. The \u0027zipfile\u0027 module would not check the validity of the ZIP64 End of Central Directory (EOCD) Locator record offset value would not be used to locate the ZIP64 EOCD record, instead the ZIP64 EOCD record would be assumed to be the previous record in the ZIP archive. This could be abused to create ZIP archives that are handled differently by the \u0027zipfile\u0027 module compared to other ZIP implementations.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "cpython: python: Python zipfile End of Central Directory (EOCD) Locator record offset not checked",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-8291"
},
{
"category": "external",
"summary": "RHBZ#2402342",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2402342"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-8291",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8291"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-8291",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-8291"
},
{
"category": "external",
"summary": "https://github.com/python/cpython/commit/162997bb70e067668c039700141770687bc8f267",
"url": "https://github.com/python/cpython/commit/162997bb70e067668c039700141770687bc8f267"
},
{
"category": "external",
"summary": "https://github.com/python/cpython/commit/333d4a6f4967d3ace91492a39ededbcf3faa76a6",
"url": "https://github.com/python/cpython/commit/333d4a6f4967d3ace91492a39ededbcf3faa76a6"
},
{
"category": "external",
"summary": "https://github.com/python/cpython/issues/139700",
"url": "https://github.com/python/cpython/issues/139700"
},
{
"category": "external",
"summary": "https://github.com/python/cpython/pull/139702",
"url": "https://github.com/python/cpython/pull/139702"
},
{
"category": "external",
"summary": "https://mail.python.org/archives/list/security-announce@python.org/thread/QECOPWMTH4VPPJAXAH2BGTA4XADOP62G/",
"url": "https://mail.python.org/archives/list/security-announce@python.org/thread/QECOPWMTH4VPPJAXAH2BGTA4XADOP62G/"
}
],
"release_date": "2025-10-07T18:10:05.908000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-08T22:34:17+00:00",
"details": "The containers required to run Discovery can be installed through discovery-installer\nRPM. See the official documentation for more details.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:0414"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "cpython: python: Python zipfile End of Central Directory (EOCD) Locator record offset not checked"
},
{
"cve": "CVE-2025-9714",
"cwe": {
"id": "CWE-606",
"name": "Unchecked Input for Loop Condition"
},
"discovery_date": "2025-09-02T13:03:56.452000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2392605"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in libxstl/libxml2. The \u0027exsltDynMapFunction\u0027 function in libexslt/dynamic.c does not contain a recursion depth check, which may cause an infinite loop via a specially crafted XSLT document while handling \u0027dyn:map()\u0027, leading to stack exhaustion and a local denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libxslt: libxml2: Inifinite recursion at exsltDynMapFunction function in libexslt/dynamic.c",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "No evidence was found for arbitrary memory corruption through this flaw, limiting its impact to Availability only, and reducing its severity to Moderate.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-9714"
},
{
"category": "external",
"summary": "RHBZ#2392605",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2392605"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-9714",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9714"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-9714",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-9714"
},
{
"category": "external",
"summary": "https://gitlab.gnome.org/GNOME/libxml2/-/commit/677a42645ef22b5a50741bad5facf9d8a8bc6d21",
"url": "https://gitlab.gnome.org/GNOME/libxml2/-/commit/677a42645ef22b5a50741bad5facf9d8a8bc6d21"
},
{
"category": "external",
"summary": "https://gitlab.gnome.org/GNOME/libxslt/-/issues/148",
"url": "https://gitlab.gnome.org/GNOME/libxslt/-/issues/148"
}
],
"release_date": "2025-09-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-08T22:34:17+00:00",
"details": "The containers required to run Discovery can be installed through discovery-installer\nRPM. See the official documentation for more details.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:0414"
},
{
"category": "workaround",
"details": "The impact of this flaw may be reduced by setting strict resource limits to the stack size of processes at the operational system level. This can be achieved either through the \u0027ulimit\u0027 shell built-in or the \u0027limits.conf\u0027 file.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "libxslt: libxml2: Inifinite recursion at exsltDynMapFunction function in libexslt/dynamic.c"
},
{
"cve": "CVE-2025-12816",
"cwe": {
"id": "CWE-179",
"name": "Incorrect Behavior Order: Early Validation"
},
"discovery_date": "2025-11-25T20:01:05.875196+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2417097"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in node-forge. This vulnerability allows unauthenticated attackers to bypass downstream cryptographic verifications and security decisions via crafting ASN.1 (Abstract Syntax Notation One) structures to desynchronize schema validations, yielding a semantic divergence.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "node-forge: node-forge: Interpretation conflict vulnerability allows bypassing cryptographic verifications",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Important for Red Hat products due to an interpretation conflict in the node-forge library. An unauthenticated attacker could exploit this flaw by crafting malicious ASN.1 structures, leading to a bypass of cryptographic verifications and security decisions in affected applications. This impacts various Red Hat products that utilize node-forge for cryptographic operations.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
],
"known_not_affected": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-12816"
},
{
"category": "external",
"summary": "RHBZ#2417097",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2417097"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-12816",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-12816"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-12816",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-12816"
},
{
"category": "external",
"summary": "https://github.com/digitalbazaar/forge",
"url": "https://github.com/digitalbazaar/forge"
},
{
"category": "external",
"summary": "https://github.com/digitalbazaar/forge/pull/1124",
"url": "https://github.com/digitalbazaar/forge/pull/1124"
},
{
"category": "external",
"summary": "https://github.com/digitalbazaar/forge/security/advisories/GHSA-5gfm-wpxj-wjgq",
"url": "https://github.com/digitalbazaar/forge/security/advisories/GHSA-5gfm-wpxj-wjgq"
},
{
"category": "external",
"summary": "https://kb.cert.org/vuls/id/521113",
"url": "https://kb.cert.org/vuls/id/521113"
},
{
"category": "external",
"summary": "https://www.npmjs.com/package/node-forge",
"url": "https://www.npmjs.com/package/node-forge"
}
],
"release_date": "2025-11-25T19:15:50.243000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-08T22:34:17+00:00",
"details": "The containers required to run Discovery can be installed through discovery-installer\nRPM. See the official documentation for more details.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:0414"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "node-forge: node-forge: Interpretation conflict vulnerability allows bypassing cryptographic verifications"
},
{
"cve": "CVE-2025-15284",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2025-12-29T23:00:58.541337+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2425946"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in qs, a module used for parsing query strings. A remote attacker can exploit an improper input validation vulnerability by sending specially crafted HTTP requests that use bracket notation (e.g., `a[]=value`). This bypasses the `arrayLimit` option, which is designed to limit the size of parsed arrays and prevent resource exhaustion. Successful exploitation can lead to memory exhaustion, causing a Denial of Service (DoS) where the application crashes or becomes unresponsive, making the service unavailable to users.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "qs: qs: Denial of Service via improper input validation in array parsing",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Important for Red Hat products that utilize the `qs` module for parsing query strings, particularly when processing user-controlled input with bracket notation. The `arrayLimit` option, intended to prevent resource exhaustion, is bypassed when bracket notation (`a[]=value`) is used, allowing a remote attacker to cause a denial of service through memory exhaustion. This can lead to application crashes or unresponsiveness, making the service unavailable.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
],
"known_not_affected": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-15284"
},
{
"category": "external",
"summary": "RHBZ#2425946",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2425946"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-15284",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-15284"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-15284",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-15284"
},
{
"category": "external",
"summary": "https://github.com/ljharb/qs/commit/3086902ecf7f088d0d1803887643ac6c03d415b9",
"url": "https://github.com/ljharb/qs/commit/3086902ecf7f088d0d1803887643ac6c03d415b9"
},
{
"category": "external",
"summary": "https://github.com/ljharb/qs/security/advisories/GHSA-6rw7-vpxm-498p",
"url": "https://github.com/ljharb/qs/security/advisories/GHSA-6rw7-vpxm-498p"
}
],
"release_date": "2025-12-29T22:56:45.240000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-08T22:34:17+00:00",
"details": "The containers required to run Discovery can be installed through discovery-installer\nRPM. See the official documentation for more details.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:0414"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "qs: qs: Denial of Service via improper input validation in array parsing"
},
{
"cve": "CVE-2025-45582",
"cwe": {
"id": "CWE-24",
"name": "Path Traversal: \u0027../filedir\u0027"
},
"discovery_date": "2025-07-11T17:00:47.340822+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2379592"
}
],
"notes": [
{
"category": "description",
"text": "A relative path traversal flaw was found in the gnu tar utility. When archives with relative paths are extracted without the \u2018--keep-old-files\u2019 (\u2018-k\u2019), the extraction process may overwrite existing files that the current user has access to. The server may be impacted if these files are critical to the operation of some service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tar: Tar path traversal",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-45582"
},
{
"category": "external",
"summary": "RHBZ#2379592",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2379592"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-45582",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-45582"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-45582",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-45582"
},
{
"category": "external",
"summary": "https://github.com/i900008/vulndb/blob/main/Gnu_tar_vuln.md",
"url": "https://github.com/i900008/vulndb/blob/main/Gnu_tar_vuln.md"
},
{
"category": "external",
"summary": "https://www.gnu.org/software/tar/",
"url": "https://www.gnu.org/software/tar/"
},
{
"category": "external",
"summary": "https://www.gnu.org/software/tar/manual/html_node/Integrity.html#Integrity",
"url": "https://www.gnu.org/software/tar/manual/html_node/Integrity.html#Integrity"
}
],
"release_date": "2025-07-11T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-08T22:34:17+00:00",
"details": "The containers required to run Discovery can be installed through discovery-installer\nRPM. See the official documentation for more details.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:0414"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "tar: Tar path traversal"
},
{
"cve": "CVE-2025-59375",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2025-09-15T03:00:59.775098+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2395108"
}
],
"notes": [
{
"category": "description",
"text": "A memory amplification vulnerability in libexpat allows attackers to trigger excessive dynamic memory allocations by submitting specially crafted XML input. A small input (~250 KiB) can cause the parser to allocate hundreds of megabytes, leading to denial-of-service (DoS) through memory exhaustion.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "firefox: thunderbird: expat: libexpat in Expat allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue is Important rather than Critical because, while it allows for significant resource exhaustion leading to denial-of-service (DoS), it does not enable arbitrary code execution, data leakage, or privilege escalation. The vulnerability stems from an uncontrolled memory amplification behavior in libexpat\u2019s parser, where a relatively small XML payload can cause disproportionately large heap allocations. However, the flaw is limited in scope to service disruption and requires the attacker to submit a crafted XML document\u2014something that can be mitigated with proper input validation and memory usage limits. Therefore, while the exploitability is high, the impact is confined to availability, not confidentiality or integrity, making it a high-severity but not critical flaw.\n\nIn Firefox and Thunderbird, where libexpat is a transitive userspace dependency, exploitation usually just crashes the application (app-level DoS), so it is classified as Moderate instead of Important.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-59375"
},
{
"category": "external",
"summary": "RHBZ#2395108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2395108"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-59375",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59375"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-59375",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-59375"
},
{
"category": "external",
"summary": "https://www.mozilla.org/security/advisories/mfsa2026-22/#CVE-2025-59375",
"url": "https://www.mozilla.org/security/advisories/mfsa2026-22/#CVE-2025-59375"
},
{
"category": "external",
"summary": "https://www.mozilla.org/security/advisories/mfsa2026-24/#CVE-2025-59375",
"url": "https://www.mozilla.org/security/advisories/mfsa2026-24/#CVE-2025-59375"
}
],
"release_date": "2025-09-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-08T22:34:17+00:00",
"details": "The containers required to run Discovery can be installed through discovery-installer\nRPM. See the official documentation for more details.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:0414"
},
{
"category": "workaround",
"details": "To mitigate the issue, limit XML input size and complexity before parsing, and avoid accepting compressed or deeply nested XML. Use OS-level resource controls (like ulimit or setrlimit()) to cap memory usage, or run the parser in a sandboxed or isolated process with strict memory and CPU limits. This helps prevent denial-of-service by containing excessive resource consumption.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "firefox: thunderbird: expat: libexpat in Expat allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing"
},
{
"cve": "CVE-2025-59682",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2025-09-30T13:18:31.746000+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2400450"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Django. The django.utils.archive.extract() function, used by startapp --templateand startproject --template, allowed partial directory-traversal via an archive with file paths sharing a common prefix with the target directory.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "django: Potential partial directory-traversal via archive.extract()",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64"
],
"known_not_affected": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-59682"
},
{
"category": "external",
"summary": "RHBZ#2400450",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2400450"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-59682",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59682"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-59682",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-59682"
}
],
"release_date": "2025-10-01T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-08T22:34:17+00:00",
"details": "The containers required to run Discovery can be installed through discovery-installer\nRPM. See the official documentation for more details.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:0414"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "django: Potential partial directory-traversal via archive.extract()"
},
{
"cve": "CVE-2025-61984",
"cwe": {
"id": "CWE-159",
"name": "Improper Handling of Invalid Use of Special Elements"
},
"discovery_date": "2025-10-06T19:01:13.449665+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2401960"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in OpenSSH where control characters in usernames were not properly validated when sourced from untrusted inputs like the command line or configuration expansion. If a ProxyCommand is used, these control characters could modify command behavior, potentially leading to code execution.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openssh: OpenSSH: Control characters in usernames can lead to code execution via ProxyCommand",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The impact is MODERATE because it is a critical component used across many Red Hat products.\nThe issue occurs only when a ProxyCommand is configured and the SSH client handles a username containing control characters from an untrusted source, such as script-generated input or expanded configuration values.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64"
],
"known_not_affected": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61984"
},
{
"category": "external",
"summary": "RHBZ#2401960",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2401960"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61984",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61984"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61984",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61984"
},
{
"category": "external",
"summary": "https://marc.info/?l=openssh-unix-dev\u0026m=175974522032149\u0026w=2",
"url": "https://marc.info/?l=openssh-unix-dev\u0026m=175974522032149\u0026w=2"
},
{
"category": "external",
"summary": "https://www.openssh.com/releasenotes.html#10.1p1",
"url": "https://www.openssh.com/releasenotes.html#10.1p1"
},
{
"category": "external",
"summary": "https://www.openwall.com/lists/oss-security/2025/10/06/1",
"url": "https://www.openwall.com/lists/oss-security/2025/10/06/1"
}
],
"release_date": "2025-10-06T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-08T22:34:17+00:00",
"details": "The containers required to run Discovery can be installed through discovery-installer\nRPM. See the official documentation for more details.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:0414"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "openssh: OpenSSH: Control characters in usernames can lead to code execution via ProxyCommand"
},
{
"cve": "CVE-2025-61985",
"cwe": {
"id": "CWE-158",
"name": "Improper Neutralization of Null Byte or NUL Character"
},
"discovery_date": "2025-10-06T19:01:16.841946+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2401962"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in OpenSSH where the SSH client accepted \\0 (null) characters in ssh:// URIs. When a ProxyCommand is configured, these characters could alter how the command is parsed, potentially leading to code execution depending on how the proxy is set up.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openssh: OpenSSH: Null character in ssh:// URI can lead to code execution via ProxyCommand",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The impact is MODERATE because it is a critical component used across many Red Hat products.\nExploiting this vulnerability would require a specific configuration where ProxyCommand is enabled and the SSH client processes an untrusted ssh:// URI containing null bytes. Under these conditions, the command parser may misinterpret the URI and execute unintended shell commands.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64"
],
"known_not_affected": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61985"
},
{
"category": "external",
"summary": "RHBZ#2401962",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2401962"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61985",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61985"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61985",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61985"
},
{
"category": "external",
"summary": "https://marc.info/?l=openssh-unix-dev\u0026m=175974522032149\u0026w=2",
"url": "https://marc.info/?l=openssh-unix-dev\u0026m=175974522032149\u0026w=2"
},
{
"category": "external",
"summary": "https://www.openssh.com/releasenotes.html#10.1p1",
"url": "https://www.openssh.com/releasenotes.html#10.1p1"
},
{
"category": "external",
"summary": "https://www.openwall.com/lists/oss-security/2025/10/06/1",
"url": "https://www.openwall.com/lists/oss-security/2025/10/06/1"
}
],
"release_date": "2025-10-06T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-08T22:34:17+00:00",
"details": "The containers required to run Discovery can be installed through discovery-installer\nRPM. See the official documentation for more details.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:0414"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "openssh: OpenSSH: Null character in ssh:// URI can lead to code execution via ProxyCommand"
},
{
"cve": "CVE-2025-64460",
"cwe": {
"id": "CWE-407",
"name": "Inefficient Algorithmic Complexity"
},
"discovery_date": "2025-12-02T16:01:05.300335+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2418366"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Django. This vulnerability allows a remote attacker to cause a potential denial-of-service (DoS) attack triggering Central Processing Unit (CPU) and memory exhaustion via specially crafted Extensible Markup Language (XML) input processed by the XML Deserializer.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Django: Django: Algorithmic complexity in XML Deserializer leads to denial of service",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Important for Red Hat products that process XML input using Django\u0027s XML Deserializer, including Red Hat Ansible Automation Platform, Red Hat OpenStack Platform, and OpenShift Service Mesh. A remote attacker can exploit this flaw by providing specially crafted XML, leading to a denial-of-service due to CPU and memory exhaustion.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64"
],
"known_not_affected": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-64460"
},
{
"category": "external",
"summary": "RHBZ#2418366",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2418366"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-64460",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-64460"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-64460",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-64460"
},
{
"category": "external",
"summary": "https://docs.djangoproject.com/en/dev/releases/security/",
"url": "https://docs.djangoproject.com/en/dev/releases/security/"
},
{
"category": "external",
"summary": "https://groups.google.com/g/django-announce",
"url": "https://groups.google.com/g/django-announce"
},
{
"category": "external",
"summary": "https://www.djangoproject.com/weblog/2025/dec/02/security-releases/",
"url": "https://www.djangoproject.com/weblog/2025/dec/02/security-releases/"
}
],
"release_date": "2025-12-02T15:15:34.451000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-08T22:34:17+00:00",
"details": "The containers required to run Discovery can be installed through discovery-installer\nRPM. See the official documentation for more details.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:0414"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "Django: Django: Algorithmic complexity in XML Deserializer leads to denial of service"
},
{
"cve": "CVE-2025-64720",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2025-11-25T00:00:54.081073+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2416904"
}
],
"notes": [
{
"category": "description",
"text": "A buffer overflow flaw has been discovered in libpng. An out-of-bounds read vulnerability exists in png_image_read_composite when processing palette images with PNG_FLAG_OPTIMIZE_ALPHA enabled. The palette compositing code in png_init_read_transformations incorrectly applies background compositing during premultiplication, violating the invariant component \u2264 alpha \u00d7 257 required by the simplified PNG API.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libpng: LIBPNG buffer overflow",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Important for Red Hat products. An out-of-bounds read in libpng can occur when processing specially crafted palette images with `PNG_FLAG_OPTIMIZE_ALPHA` enabled. Successful exploitation requires a user to process a malicious PNG file, leading to potential application crash or information disclosure.\n\njava-*-openjdk-headless packages do not contain libsplashscreen.so, hence are not affected.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
],
"known_not_affected": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-64720"
},
{
"category": "external",
"summary": "RHBZ#2416904",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2416904"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-64720",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-64720"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-64720",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-64720"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/commit/08da33b4c88cfcd36e5a706558a8d7e0e4773643",
"url": "https://github.com/pnggroup/libpng/commit/08da33b4c88cfcd36e5a706558a8d7e0e4773643"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/issues/686",
"url": "https://github.com/pnggroup/libpng/issues/686"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/pull/751",
"url": "https://github.com/pnggroup/libpng/pull/751"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/security/advisories/GHSA-hfc7-ph9c-wcww",
"url": "https://github.com/pnggroup/libpng/security/advisories/GHSA-hfc7-ph9c-wcww"
}
],
"release_date": "2025-11-24T23:45:38.315000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-08T22:34:17+00:00",
"details": "The containers required to run Discovery can be installed through discovery-installer\nRPM. See the official documentation for more details.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:0414"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "libpng: LIBPNG buffer overflow"
},
{
"cve": "CVE-2025-64756",
"cwe": {
"id": "CWE-78",
"name": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)"
},
"discovery_date": "2025-11-17T18:01:28.077927+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2415451"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in glob. This vulnerability allows arbitrary command execution via processing files with malicious names when the glob command-line interface (CLI) is used with the -c/--cmd option, enabling shell metacharacters to trigger command injection.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "glob: glob: Command Injection Vulnerability via Malicious Filenames",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw in glob allows arbitrary command execution when the `glob` command-line interface is used with the `-c/--cmd` option to process files with malicious names. The vulnerability is triggered by shell metacharacters in filenames, leading to command injection. The glob CLI tool utilizes the -c option to execute shell commands over the files which matched the searched pattern by using the shell:true parameter when creating the subprocess which will further execute the command informed via \u0027-c\u0027 option, this parameter allows the shell meta characters to be used and processed when executing the command. Given that information glob misses to sanitize the file name to eliminate such characters and expressions from the filename, leading to code execution as when performing the shell expansion such characters will be interpreted as shell commands.\n\nTo exploit this vulnerability the targeted system should run the glob CLI over a file with a maliciously crafted filename, additionally the attacker needs to have enough permission to create such file or trick the user to download and process the required file with the glob CLI.\n\nThis flaw is present in the command line interface of the nodejs-glob package. When the package is used by npm, the command line interface is not used at all, so it cannot be triggered. However, the command line interface implementation is still present on the system, but not directly exposed to the user\u0027s $PATH. To reflect this condition, nodejs packages have been rated with a low severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
],
"known_not_affected": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-64756"
},
{
"category": "external",
"summary": "RHBZ#2415451",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2415451"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-64756",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-64756"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-64756",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-64756"
},
{
"category": "external",
"summary": "https://github.com/isaacs/node-glob/commit/47473c046b91c67269df7a66eab782a6c2716146",
"url": "https://github.com/isaacs/node-glob/commit/47473c046b91c67269df7a66eab782a6c2716146"
},
{
"category": "external",
"summary": "https://github.com/isaacs/node-glob/security/advisories/GHSA-5j98-mcp5-4vw2",
"url": "https://github.com/isaacs/node-glob/security/advisories/GHSA-5j98-mcp5-4vw2"
}
],
"release_date": "2025-11-17T17:29:08.029000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-08T22:34:17+00:00",
"details": "The containers required to run Discovery can be installed through discovery-installer\nRPM. See the official documentation for more details.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:0414"
},
{
"category": "workaround",
"details": "To mitigate this issue, avoid using the `glob` command-line interface with the `-c` or `--cmd` option when processing filenames from untrusted sources. If programmatic use of `glob` is necessary, ensure that filenames are thoroughly sanitized before being passed to commands executed with shell interpretation enabled.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "glob: glob: Command Injection Vulnerability via Malicious Filenames"
},
{
"cve": "CVE-2025-65018",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2025-11-25T00:01:05.570152+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2416907"
}
],
"notes": [
{
"category": "description",
"text": "A buffer overflow flaw has been discovered in libpng. There is a heap buffer overflow vulnerability in the libpng simplified API function png_image_finish_read when processing 16-bit interlaced PNGs with 8-bit output format. Attacker-crafted interlaced PNG files cause heap writes beyond allocated buffer bounds.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libpng: LIBPNG heap buffer overflow",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Important for Red Hat products. A heap buffer overflow exists in the libpng library\u0027s png_image_finish_read function when processing specially crafted 16-bit interlaced PNG images with an 8-bit output format. Successful exploitation requires a user or an automated system to process a malicious PNG file, which could lead to application crashes or arbitrary code execution.\n\njava-*-openjdk-headless packages do not contain libsplashscreen.so, hence are not affected.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
],
"known_not_affected": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-65018"
},
{
"category": "external",
"summary": "RHBZ#2416907",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2416907"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-65018",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-65018"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-65018",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-65018"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/commit/16b5e3823918840aae65c0a6da57c78a5a496a4d",
"url": "https://github.com/pnggroup/libpng/commit/16b5e3823918840aae65c0a6da57c78a5a496a4d"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/commit/218612ddd6b17944e21eda56caf8b4bf7779d1ea",
"url": "https://github.com/pnggroup/libpng/commit/218612ddd6b17944e21eda56caf8b4bf7779d1ea"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/issues/755",
"url": "https://github.com/pnggroup/libpng/issues/755"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/pull/757",
"url": "https://github.com/pnggroup/libpng/pull/757"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/security/advisories/GHSA-7wv6-48j4-hj3g",
"url": "https://github.com/pnggroup/libpng/security/advisories/GHSA-7wv6-48j4-hj3g"
}
],
"release_date": "2025-11-24T23:50:18.294000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-08T22:34:17+00:00",
"details": "The containers required to run Discovery can be installed through discovery-installer\nRPM. See the official documentation for more details.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:0414"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "libpng: LIBPNG heap buffer overflow"
},
{
"cve": "CVE-2025-66031",
"cwe": {
"id": "CWE-674",
"name": "Uncontrolled Recursion"
},
"discovery_date": "2025-11-26T23:01:36.363253+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2417397"
}
],
"notes": [
{
"category": "description",
"text": "An ASN.1 Denial of Service (Dos) vulnerability exists in the node-forge asn1.fromDer function within forge/lib/asn1.js. The ASN.1 DER parser implementation (_fromDer) recurses for every constructed ASN.1 value (SEQUENCE, SET, etc.) and lacks a guard limiting recursion depth. An attacker can craft a small DER blob containing a very large nesting depth of constructed TLVs which causes the Node.js V8 engine to exhaust its call stack and throw RangeError: Maximum call stack size exceeded, crashing or incapacitating the process handling the parse. This is a remote, low-cost Denial-of-Service against applications that parse untrusted ASN.1 objects.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "node-forge: node-forge ASN.1 Unbounded Recursion",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
],
"known_not_affected": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-66031"
},
{
"category": "external",
"summary": "RHBZ#2417397",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2417397"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-66031",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66031"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-66031",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66031"
},
{
"category": "external",
"summary": "https://github.com/digitalbazaar/forge/commit/260425c6167a38aae038697132483b5517b26451",
"url": "https://github.com/digitalbazaar/forge/commit/260425c6167a38aae038697132483b5517b26451"
},
{
"category": "external",
"summary": "https://github.com/digitalbazaar/forge/security/advisories/GHSA-554w-wpv2-vw27",
"url": "https://github.com/digitalbazaar/forge/security/advisories/GHSA-554w-wpv2-vw27"
}
],
"release_date": "2025-11-26T22:23:26.013000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-08T22:34:17+00:00",
"details": "The containers required to run Discovery can be installed through discovery-installer\nRPM. See the official documentation for more details.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:0414"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "node-forge: node-forge ASN.1 Unbounded Recursion"
},
{
"cve": "CVE-2025-66293",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2025-12-03T21:00:59.956903+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2418711"
}
],
"notes": [
{
"category": "description",
"text": "An out of bounds read vulnerability has been discovered in libpng. This vulnerability is in libpng\u0027s simplified API allows reading up to 1012 bytes beyond the png_sRGB_base[512] array when processing valid palette PNG images with partial transparency and gamma correction. The PNG files that trigger this vulnerability are valid per the PNG specification; the bug is in libpng\u0027s internal state management.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libpng: LIBPNG out-of-bounds read in png_image_read_composite",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The Red Hat Product Security team has rated this vulnerability as Important as it affects libpng, a widely used library for PNG image processing. The flaw is due to an out-of-bounds read in libpng\u2019s simplified API when handling specially crafted PNG images containing partial transparency and gamma correction data. Successful exploitation could result in information disclosure or cause application crashes in applications processing untrusted PNG content.\n\nFor `java-17-openjdk-headless` and `java-21-openjdk-headless`, while the affected code is present in the bundled sources, it is not exercised by these headless packages.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
],
"known_not_affected": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-66293"
},
{
"category": "external",
"summary": "RHBZ#2418711",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2418711"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-66293",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66293"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-66293",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66293"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/commit/788a624d7387a758ffd5c7ab010f1870dea753a1",
"url": "https://github.com/pnggroup/libpng/commit/788a624d7387a758ffd5c7ab010f1870dea753a1"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/commit/a05a48b756de63e3234ea6b3b938b8f5f862484a",
"url": "https://github.com/pnggroup/libpng/commit/a05a48b756de63e3234ea6b3b938b8f5f862484a"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/issues/764",
"url": "https://github.com/pnggroup/libpng/issues/764"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/security/advisories/GHSA-9mpm-9pxh-mg4f",
"url": "https://github.com/pnggroup/libpng/security/advisories/GHSA-9mpm-9pxh-mg4f"
}
],
"release_date": "2025-12-03T20:33:57.086000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-08T22:34:17+00:00",
"details": "The containers required to run Discovery can be installed through discovery-installer\nRPM. See the official documentation for more details.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:0414"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "libpng: LIBPNG out-of-bounds read in png_image_read_composite"
},
{
"cve": "CVE-2025-66418",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2025-12-05T17:01:20.277857+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2419455"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in urllib3 Python library that could lead to a Denial of Service condition. A remote, malicious server can exploit this flaw by responding to a client request with an HTTP message that uses an excessive number of chained compression algorithms. This unlimited decompression chain causes the client system to consume a virtually unbounded amount of CPU resources and memory. The high resource usage leads to service disruption, making the application unresponsive.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "urllib3: urllib3: Unbounded decompression chain leads to resource exhaustion",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-66418"
},
{
"category": "external",
"summary": "RHBZ#2419455",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2419455"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-66418",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66418"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-66418",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66418"
},
{
"category": "external",
"summary": "https://github.com/urllib3/urllib3/commit/24d7b67eac89f94e11003424bcf0d8f7b72222a8",
"url": "https://github.com/urllib3/urllib3/commit/24d7b67eac89f94e11003424bcf0d8f7b72222a8"
},
{
"category": "external",
"summary": "https://github.com/urllib3/urllib3/security/advisories/GHSA-gm62-xv2j-4w53",
"url": "https://github.com/urllib3/urllib3/security/advisories/GHSA-gm62-xv2j-4w53"
}
],
"release_date": "2025-12-05T16:02:15.271000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-08T22:34:17+00:00",
"details": "The containers required to run Discovery can be installed through discovery-installer\nRPM. See the official documentation for more details.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:0414"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "urllib3: urllib3: Unbounded decompression chain leads to resource exhaustion"
}
]
}
RHSA-2026:0677
Vulnerability from csaf_redhat - Published: 2026-01-22 20:18 - Updated: 2026-06-05 00:23Summary
Red Hat Security Advisory: OpenShift Container Platform 4.13.63 bug fix and security update
Severity
Important
Notes
Topic: Red Hat OpenShift Container Platform release 4.13.63 is now available with updates to packages and images that fix several bugs and add enhancements.
This release includes a security update for Red Hat OpenShift Container Platform 4.13.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.
This advisory contains the container images for Red Hat OpenShift Container Platform 4.13.63. See the following advisory for the RPM packages for this release:
https://access.redhat.com/errata/RHSA-2026:0676
Space precludes documenting all of the container images in this advisory. See the following Release Notes documentation, which will be updated shortly for this release, for details about these changes:
https://docs.redhat.com/en/documentation/openshift_container_platform/4.13/html/release_notes
Security Fix(es):
* libxslt: libxml2: Inifinite recursion at exsltDynMapFunction function in libexslt/dynamic.c (CVE-2025-9714)
* expat: libexpat in Expat allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing (CVE-2025-59375)
* sssd: SSSD default Kerberos configuration allows privilege escalation on AD-joined Linux systems (CVE-2025-11561)
* bind: Cache poisoning attacks with unsolicited RRs (CVE-2025-40778)
* bind: Cache poisoning due to weak PRNG (CVE-2025-40780)
* bind: Resource exhaustion via malformed DNSKEY handling (CVE-2025-8677)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
All OpenShift Container Platform 4.13 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift CLI (oc) or web console. Instructions for upgrading a cluster are available at https://docs.redhat.com/en/documentation/openshift_container_platform/4.13/html-single/updating_clusters/index#updating-cluster-within-minor.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A vulnerability was found in BIND 9 resolvers, where processing malformed DNSKEY records from a specially crafted zone can lead to resource exhaustion, primarily causing excessive CPU utilization. This issue enables a remote, unauthenticated attacker to degrade resolver performance and potentially cause a denial of service (DoS) for legitimate DNS clients.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-RHOSE-4.13:rhcos-x86_64-413.92.202601130113-0 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in libxstl/libxml2. The 'exsltDynMapFunction' function in libexslt/dynamic.c does not contain a recursion depth check, which may cause an infinite loop via a specially crafted XSLT document while handling 'dyn:map()', leading to stack exhaustion and a local denial of service.
6.2 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-RHOSE-4.13:rhcos-x86_64-413.92.202601130113-0 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in the integration of Active Directory and the System Security Services Daemon (SSSD) on Linux systems. In default configurations, the Kerberos local authentication plugin (sssd_krb5_localauth_plugin) is enabled, but a fallback to the an2ln plugin is possible. This fallback allows an attacker with permission to modify certain AD attributes (such as userPrincipalName or samAccountName) to impersonate privileged users, potentially resulting in unauthorized access or privilege escalation on domain-joined Linux hosts.
8.8 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-RHOSE-4.13:rhcos-x86_64-413.92.202601130113-0 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A vulnerability exists in BIND’s DNS resolver logic that makes it overly permissive when accepting resource records (RRs) in responses. Under certain conditions, this flaw allows attackers to inject unsolicited or forged DNS records into the cache. This can be exploited to poison the resolver cache, redirecting clients to malicious domains or unauthorized servers.
8.6 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-RHOSE-4.13:rhcos-x86_64-413.92.202601130113-0 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A vulnerability was found in BIND resolvers caused by a weakness in the Pseudo Random Number Generator (PRNG). This weakness allows an attacker to potentially predict the source port and query ID used by BIND, enabling cache poisoning attacks. If successful, the attacker can inject malicious DNS responses into the resolver’s cache, causing clients to receive spoofed DNS data. Authoritative servers are generally unaffected, but recursive resolvers are exposed to this risk. Exploitation is remote and does not require user interaction.
8.6 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-RHOSE-4.13:rhcos-x86_64-413.92.202601130113-0 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A memory amplification vulnerability in libexpat allows attackers to trigger excessive dynamic memory allocations by submitting specially crafted XML input. A small input (~250 KiB) can cause the parser to allocate hundreds of megabytes, leading to denial-of-service (DoS) through memory exhaustion.
5.3 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-RHOSE-4.13:rhcos-x86_64-413.92.202601130113-0 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
References
40 references
Acknowledgments
Zavier Lee
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat OpenShift Container Platform release 4.13.63 is now available with updates to packages and images that fix several bugs and add enhancements.\n\nThis release includes a security update for Red Hat OpenShift Container Platform 4.13.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat OpenShift Container Platform is Red Hat\u0027s cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.\n\nThis advisory contains the container images for Red Hat OpenShift Container Platform 4.13.63. See the following advisory for the RPM packages for this release:\n\nhttps://access.redhat.com/errata/RHSA-2026:0676\n\nSpace precludes documenting all of the container images in this advisory. See the following Release Notes documentation, which will be updated shortly for this release, for details about these changes:\n\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.13/html/release_notes\n\nSecurity Fix(es):\n\n* libxslt: libxml2: Inifinite recursion at exsltDynMapFunction function in libexslt/dynamic.c (CVE-2025-9714)\n* expat: libexpat in Expat allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing (CVE-2025-59375)\n* sssd: SSSD default Kerberos configuration allows privilege escalation on AD-joined Linux systems (CVE-2025-11561)\n* bind: Cache poisoning attacks with unsolicited RRs (CVE-2025-40778)\n* bind: Cache poisoning due to weak PRNG (CVE-2025-40780)\n* bind: Resource exhaustion via malformed DNSKEY handling (CVE-2025-8677)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAll OpenShift Container Platform 4.13 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift CLI (oc) or web console. Instructions for upgrading a cluster are available at https://docs.redhat.com/en/documentation/openshift_container_platform/4.13/html-single/updating_clusters/index#updating-cluster-within-minor.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:0677",
"url": "https://access.redhat.com/errata/RHSA-2026:0677"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "https://docs.redhat.com/en/documentation/openshift_container_platform/4.13/html/release_notes",
"url": "https://docs.redhat.com/en/documentation/openshift_container_platform/4.13/html/release_notes"
},
{
"category": "external",
"summary": "2392605",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2392605"
},
{
"category": "external",
"summary": "2395108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2395108"
},
{
"category": "external",
"summary": "2402727",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2402727"
},
{
"category": "external",
"summary": "2405827",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2405827"
},
{
"category": "external",
"summary": "2405829",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2405829"
},
{
"category": "external",
"summary": "2405830",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2405830"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_0677.json"
}
],
"title": "Red Hat Security Advisory: OpenShift Container Platform 4.13.63 bug fix and security update",
"tracking": {
"current_release_date": "2026-06-05T00:23:48+00:00",
"generator": {
"date": "2026-06-05T00:23:48+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.1"
}
},
"id": "RHSA-2026:0677",
"initial_release_date": "2026-01-22T20:18:18+00:00",
"revision_history": [
{
"date": "2026-01-22T20:18:18+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-01-22T20:18:18+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-06-05T00:23:48+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat OpenShift Container Platform 4.13",
"product": {
"name": "Red Hat OpenShift Container Platform 4.13",
"product_id": "9Base-RHOSE-4.13",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:4.13::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenShift Enterprise"
},
{
"branches": [
{
"category": "product_version",
"name": "rhcos-x86_64-413.92.202601130113-0",
"product": {
"name": "rhcos-x86_64-413.92.202601130113-0",
"product_id": "rhcos-x86_64-413.92.202601130113-0",
"product_identification_helper": {
"purl": "pkg:generic/redhat/rhcos@413.92.202601130113?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "rhcos-x86_64-413.92.202601130113-0 as a component of Red Hat OpenShift Container Platform 4.13",
"product_id": "9Base-RHOSE-4.13:rhcos-x86_64-413.92.202601130113-0"
},
"product_reference": "rhcos-x86_64-413.92.202601130113-0",
"relates_to_product_reference": "9Base-RHOSE-4.13"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-8677",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2025-10-22T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2405830"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in BIND 9 resolvers, where processing malformed DNSKEY records from a specially crafted zone can lead to resource exhaustion, primarily causing excessive CPU utilization. This issue enables a remote, unauthenticated attacker to degrade resolver performance and potentially cause a denial of service (DoS) for legitimate DNS clients.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "bind: Resource exhaustion via malformed DNSKEY handling",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is considered Important because it allows a remote, unauthenticated attacker to cause significant CPU exhaustion on vulnerable BIND resolvers by serving zones containing malformed DNSKEY records. The flaw triggers excessive computational effort during DNSKEY validation, leading to degraded performance and potential denial of service for legitimate clients. However, the issue affects availability only\u2014it does not enable code execution, data exposure, or privilege escalation\u2014so it is not classified as critical. Furthermore, authoritative servers are not impacted, limiting the scope of exposure to recursive resolvers. While the attack is easy to launch and can disrupt DNS operations, its effect ceases once the malicious traffic stops, making prompt patching and recursive access control effective mitigations.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHOSE-4.13:rhcos-x86_64-413.92.202601130113-0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-8677"
},
{
"category": "external",
"summary": "RHBZ#2405830",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2405830"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-8677",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8677"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-8677",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-8677"
}
],
"release_date": "2025-10-22T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-22T20:18:18+00:00",
"details": "For OpenShift Container Platform 4.13 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.13/html/release_notes\n\nYou may download the oc tool and use it to inspect release image metadata for x86_64 architecture. The image digest may be found at https://quay.io/repository/openshift-release-dev/ocp-release?tab=tags.\n\n The sha value for the release is as follows:\n\n (For x86_64 architecture)\n The image digest is sha256:b373f9055bf22079e7baf0c7b3ea21067248932bb0ec57fa0af30c51810bbe91\n\nAll OpenShift Container Platform 4.13 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift CLI (oc) or web console. Instructions for upgrading a cluster are available at https://docs.redhat.com/en/documentation/openshift_container_platform/4.13/html-single/updating_clusters/index#updating-cluster-within-minor.",
"product_ids": [
"9Base-RHOSE-4.13:rhcos-x86_64-413.92.202601130113-0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:0677"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.\n\nTo reduce risk, restrict recursive queries to trusted or internal networks only, and apply rate limiting or firewall rules to prevent excessive or repetitive requests. Enabling DNSSEC validation helps reject forged records, while isolating recursive resolvers from authoritative servers limits the impact of potential cache poisoning. Active monitoring of CPU usage, query volume, and cache anomalies can provide early warning of abuse or attacks.",
"product_ids": [
"9Base-RHOSE-4.13:rhcos-x86_64-413.92.202601130113-0"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"9Base-RHOSE-4.13:rhcos-x86_64-413.92.202601130113-0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "bind: Resource exhaustion via malformed DNSKEY handling"
},
{
"cve": "CVE-2025-9714",
"cwe": {
"id": "CWE-606",
"name": "Unchecked Input for Loop Condition"
},
"discovery_date": "2025-09-02T13:03:56.452000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2392605"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in libxstl/libxml2. The \u0027exsltDynMapFunction\u0027 function in libexslt/dynamic.c does not contain a recursion depth check, which may cause an infinite loop via a specially crafted XSLT document while handling \u0027dyn:map()\u0027, leading to stack exhaustion and a local denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libxslt: libxml2: Inifinite recursion at exsltDynMapFunction function in libexslt/dynamic.c",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "No evidence was found for arbitrary memory corruption through this flaw, limiting its impact to Availability only, and reducing its severity to Moderate.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHOSE-4.13:rhcos-x86_64-413.92.202601130113-0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-9714"
},
{
"category": "external",
"summary": "RHBZ#2392605",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2392605"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-9714",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9714"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-9714",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-9714"
},
{
"category": "external",
"summary": "https://gitlab.gnome.org/GNOME/libxml2/-/commit/677a42645ef22b5a50741bad5facf9d8a8bc6d21",
"url": "https://gitlab.gnome.org/GNOME/libxml2/-/commit/677a42645ef22b5a50741bad5facf9d8a8bc6d21"
},
{
"category": "external",
"summary": "https://gitlab.gnome.org/GNOME/libxslt/-/issues/148",
"url": "https://gitlab.gnome.org/GNOME/libxslt/-/issues/148"
}
],
"release_date": "2025-09-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-22T20:18:18+00:00",
"details": "For OpenShift Container Platform 4.13 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.13/html/release_notes\n\nYou may download the oc tool and use it to inspect release image metadata for x86_64 architecture. The image digest may be found at https://quay.io/repository/openshift-release-dev/ocp-release?tab=tags.\n\n The sha value for the release is as follows:\n\n (For x86_64 architecture)\n The image digest is sha256:b373f9055bf22079e7baf0c7b3ea21067248932bb0ec57fa0af30c51810bbe91\n\nAll OpenShift Container Platform 4.13 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift CLI (oc) or web console. Instructions for upgrading a cluster are available at https://docs.redhat.com/en/documentation/openshift_container_platform/4.13/html-single/updating_clusters/index#updating-cluster-within-minor.",
"product_ids": [
"9Base-RHOSE-4.13:rhcos-x86_64-413.92.202601130113-0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:0677"
},
{
"category": "workaround",
"details": "The impact of this flaw may be reduced by setting strict resource limits to the stack size of processes at the operational system level. This can be achieved either through the \u0027ulimit\u0027 shell built-in or the \u0027limits.conf\u0027 file.",
"product_ids": [
"9Base-RHOSE-4.13:rhcos-x86_64-413.92.202601130113-0"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"9Base-RHOSE-4.13:rhcos-x86_64-413.92.202601130113-0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "libxslt: libxml2: Inifinite recursion at exsltDynMapFunction function in libexslt/dynamic.c"
},
{
"acknowledgments": [
{
"names": [
"Zavier Lee"
]
}
],
"cve": "CVE-2025-11561",
"cwe": {
"id": "CWE-269",
"name": "Improper Privilege Management"
},
"discovery_date": "2025-10-09T12:57:29.851000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2402727"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the integration of Active Directory and the System Security Services Daemon (SSSD) on Linux systems. In default configurations, the Kerberos local authentication plugin (sssd_krb5_localauth_plugin) is enabled, but a fallback to the an2ln plugin is possible. This fallback allows an attacker with permission to modify certain AD attributes (such as userPrincipalName or samAccountName) to impersonate privileged users, potentially resulting in unauthorized access or privilege escalation on domain-joined Linux hosts.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "sssd: SSSD default Kerberos configuration allows privilege escalation on AD-joined Linux systems",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The Red Hat Product Security team has assessed this issue as High severity for domain-joined Linux systems using default SSSD configurations. While the Kerberos local authentication plugin (sssd_krb5_localauth_plugin) is enabled by default, fallback to the an2ln plugin can occur, allowing a domain user who can modify certain Active Directory attributes (such as userPrincipalName or samAccountName) to map to privileged local accounts. This could lead to unauthorized access or elevated privileges on affected Linux hosts. Administrators are advised to review and apply recommended hardening configurations to mitigate this behavior.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHOSE-4.13:rhcos-x86_64-413.92.202601130113-0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-11561"
},
{
"category": "external",
"summary": "RHBZ#2402727",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2402727"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-11561",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-11561"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-11561",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-11561"
},
{
"category": "external",
"summary": "https://blog.async.sg/kerberos-ldr",
"url": "https://blog.async.sg/kerberos-ldr"
},
{
"category": "external",
"summary": "https://github.com/SSSD/sssd/issues/8021",
"url": "https://github.com/SSSD/sssd/issues/8021"
}
],
"release_date": "2025-10-09T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-22T20:18:18+00:00",
"details": "For OpenShift Container Platform 4.13 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.13/html/release_notes\n\nYou may download the oc tool and use it to inspect release image metadata for x86_64 architecture. The image digest may be found at https://quay.io/repository/openshift-release-dev/ocp-release?tab=tags.\n\n The sha value for the release is as follows:\n\n (For x86_64 architecture)\n The image digest is sha256:b373f9055bf22079e7baf0c7b3ea21067248932bb0ec57fa0af30c51810bbe91\n\nAll OpenShift Container Platform 4.13 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift CLI (oc) or web console. Instructions for upgrading a cluster are available at https://docs.redhat.com/en/documentation/openshift_container_platform/4.13/html-single/updating_clusters/index#updating-cluster-within-minor.",
"product_ids": [
"9Base-RHOSE-4.13:rhcos-x86_64-413.92.202601130113-0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:0677"
},
{
"category": "workaround",
"details": "To mitigate this issue, ensure the SSSD Kerberos local authentication plugin (sssd_krb5_localauth_plugin) is configured and the an2ln plugin is disabled by adding \"disable = an2ln\" in a krb5 include file, for example /var/lib/sss/pubconf/krb5.include.d/localauth_plugin and make sure it is included in the Kerberos configuration. Apply vendor updates and follow Red Hat guidance for SSSD hardening.",
"product_ids": [
"9Base-RHOSE-4.13:rhcos-x86_64-413.92.202601130113-0"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"9Base-RHOSE-4.13:rhcos-x86_64-413.92.202601130113-0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "sssd: SSSD default Kerberos configuration allows privilege escalation on AD-joined Linux systems"
},
{
"cve": "CVE-2025-40778",
"cwe": {
"id": "CWE-347",
"name": "Improper Verification of Cryptographic Signature"
},
"discovery_date": "2025-10-22T15:07:23.729000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2405827"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability exists in BIND\u2019s DNS resolver logic that makes it overly permissive when accepting resource records (RRs) in responses. Under certain conditions, this flaw allows attackers to inject unsolicited or forged DNS records into the cache. This can be exploited to poison the resolver cache, redirecting clients to malicious domains or unauthorized servers.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "bind: Cache poisoning attacks with unsolicited RRs",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "It is classified as Important rather than Critical because its impact is limited to cache poisoning within recursive resolvers and does not allow direct code execution, privilege escalation, or service disruption. The vulnerability affects the accuracy of DNS responses, but not the availability or confidentiality of systems. Additionally, DNSSEC-enabled deployments and restricted recursive access can significantly mitigate exploitation risks. Therefore, while the flaw can misdirect network traffic and compromise trust in name resolution, it does not directly compromise the underlying server or client systems, justifying an Important \u2014 but not Critical \u2014 severity rating.\n\nTechnical Analysis:\nThe issue arises because BIND fails to strictly validate unsolicited resource records accompanying legitimate DNS responses. This gap allows forged recursive resolvers to be cached as valid entries. Since the attack is remote, requires no authentication, and exploits a low-complexity vector, it is highly impactful in recursive resolver environments\u2014especially those exposed to untrusted clients or open resolvers.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHOSE-4.13:rhcos-x86_64-413.92.202601130113-0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-40778"
},
{
"category": "external",
"summary": "RHBZ#2405827",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2405827"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-40778",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40778"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-40778",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-40778"
}
],
"release_date": "2025-10-22T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-22T20:18:18+00:00",
"details": "For OpenShift Container Platform 4.13 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.13/html/release_notes\n\nYou may download the oc tool and use it to inspect release image metadata for x86_64 architecture. The image digest may be found at https://quay.io/repository/openshift-release-dev/ocp-release?tab=tags.\n\n The sha value for the release is as follows:\n\n (For x86_64 architecture)\n The image digest is sha256:b373f9055bf22079e7baf0c7b3ea21067248932bb0ec57fa0af30c51810bbe91\n\nAll OpenShift Container Platform 4.13 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift CLI (oc) or web console. Instructions for upgrading a cluster are available at https://docs.redhat.com/en/documentation/openshift_container_platform/4.13/html-single/updating_clusters/index#updating-cluster-within-minor.",
"product_ids": [
"9Base-RHOSE-4.13:rhcos-x86_64-413.92.202601130113-0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:0677"
},
{
"category": "workaround",
"details": "While it is not possible to eliminate risk from this vulnerability, there are several options for reducing the risk. These include restricting recursive queries to trusted or internal networks only, and apply rate limiting or firewall rules to prevent excessive or repetitive requests. Enabling DNSSEC validation helps reject forged records, while isolating recursive resolvers from authoritative servers limits the impact of potential cache poisoning. Active monitoring of CPU usage, query volume, and cache anomalies can provide early warning of abuse or attacks.",
"product_ids": [
"9Base-RHOSE-4.13:rhcos-x86_64-413.92.202601130113-0"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"9Base-RHOSE-4.13:rhcos-x86_64-413.92.202601130113-0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "bind: Cache poisoning attacks with unsolicited RRs"
},
{
"cve": "CVE-2025-40780",
"cwe": {
"id": "CWE-338",
"name": "Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)"
},
"discovery_date": "2025-10-22T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2405829"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in BIND resolvers caused by a weakness in the Pseudo Random Number Generator (PRNG). This weakness allows an attacker to potentially predict the source port and query ID used by BIND, enabling cache poisoning attacks. If successful, the attacker can inject malicious DNS responses into the resolver\u2019s cache, causing clients to receive spoofed DNS data. Authoritative servers are generally unaffected, but recursive resolvers are exposed to this risk. Exploitation is remote and does not require user interaction.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "bind: Cache poisoning due to weak PRNG",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability in BIND 9 resolvers caused by a weakness in the Pseudo Random Number Generator (PRNG) used to select the UDP source port and DNS query (transaction) ID. Exploitation requires an attacker to correctly predict both values and race the legitimate authoritative response with a spoofed packet to perform cache poisoning. While the PRNG weakness reduces entropy and makes prediction feasible under certain conditions, this still requires precise timing, on-path or spoofing capabilities, and targeting of recursive resolvers.\n\nThe impact is limited to resolver cache integrity; it does not allow remote code execution, privilege escalation, or direct compromise of the BIND server itself. Authoritative servers are not affected. Additionally, operational mitigations such as DNSSEC validation, access control restricting recursion, and network-level packet filtering reduce real-world exploitability. No active exploits have been observed in the wild.\n\nBecause exploitation is non-trivial, requires network-level spoofing and precise timing, and only affects cache integrity without server compromise, the vulnerability is considered Important rather than Critical.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHOSE-4.13:rhcos-x86_64-413.92.202601130113-0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-40780"
},
{
"category": "external",
"summary": "RHBZ#2405829",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2405829"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-40780",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40780"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-40780",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-40780"
}
],
"release_date": "2025-10-22T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-22T20:18:18+00:00",
"details": "For OpenShift Container Platform 4.13 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.13/html/release_notes\n\nYou may download the oc tool and use it to inspect release image metadata for x86_64 architecture. The image digest may be found at https://quay.io/repository/openshift-release-dev/ocp-release?tab=tags.\n\n The sha value for the release is as follows:\n\n (For x86_64 architecture)\n The image digest is sha256:b373f9055bf22079e7baf0c7b3ea21067248932bb0ec57fa0af30c51810bbe91\n\nAll OpenShift Container Platform 4.13 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift CLI (oc) or web console. Instructions for upgrading a cluster are available at https://docs.redhat.com/en/documentation/openshift_container_platform/4.13/html-single/updating_clusters/index#updating-cluster-within-minor.",
"product_ids": [
"9Base-RHOSE-4.13:rhcos-x86_64-413.92.202601130113-0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:0677"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.\n\nTo reduce risk, restrict recursive queries to trusted or internal networks only, and apply rate limiting or firewall rules to prevent excessive or repetitive requests. Enabling DNSSEC validation helps reject forged records, while isolating recursive resolvers from authoritative servers limits the impact of potential cache poisoning. Active monitoring of CPU usage, query volume, and cache anomalies can provide early warning of abuse or attacks.",
"product_ids": [
"9Base-RHOSE-4.13:rhcos-x86_64-413.92.202601130113-0"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"9Base-RHOSE-4.13:rhcos-x86_64-413.92.202601130113-0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "bind: Cache poisoning due to weak PRNG"
},
{
"cve": "CVE-2025-59375",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2025-09-15T03:00:59.775098+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2395108"
}
],
"notes": [
{
"category": "description",
"text": "A memory amplification vulnerability in libexpat allows attackers to trigger excessive dynamic memory allocations by submitting specially crafted XML input. A small input (~250 KiB) can cause the parser to allocate hundreds of megabytes, leading to denial-of-service (DoS) through memory exhaustion.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "firefox: thunderbird: expat: libexpat in Expat allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue is Important rather than Critical because, while it allows for significant resource exhaustion leading to denial-of-service (DoS), it does not enable arbitrary code execution, data leakage, or privilege escalation. The vulnerability stems from an uncontrolled memory amplification behavior in libexpat\u2019s parser, where a relatively small XML payload can cause disproportionately large heap allocations. However, the flaw is limited in scope to service disruption and requires the attacker to submit a crafted XML document\u2014something that can be mitigated with proper input validation and memory usage limits. Therefore, while the exploitability is high, the impact is confined to availability, not confidentiality or integrity, making it a high-severity but not critical flaw.\n\nIn Firefox and Thunderbird, where libexpat is a transitive userspace dependency, exploitation usually just crashes the application (app-level DoS), so it is classified as Moderate instead of Important.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHOSE-4.13:rhcos-x86_64-413.92.202601130113-0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-59375"
},
{
"category": "external",
"summary": "RHBZ#2395108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2395108"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-59375",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59375"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-59375",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-59375"
},
{
"category": "external",
"summary": "https://www.mozilla.org/security/advisories/mfsa2026-22/#CVE-2025-59375",
"url": "https://www.mozilla.org/security/advisories/mfsa2026-22/#CVE-2025-59375"
},
{
"category": "external",
"summary": "https://www.mozilla.org/security/advisories/mfsa2026-24/#CVE-2025-59375",
"url": "https://www.mozilla.org/security/advisories/mfsa2026-24/#CVE-2025-59375"
}
],
"release_date": "2025-09-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-22T20:18:18+00:00",
"details": "For OpenShift Container Platform 4.13 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.13/html/release_notes\n\nYou may download the oc tool and use it to inspect release image metadata for x86_64 architecture. The image digest may be found at https://quay.io/repository/openshift-release-dev/ocp-release?tab=tags.\n\n The sha value for the release is as follows:\n\n (For x86_64 architecture)\n The image digest is sha256:b373f9055bf22079e7baf0c7b3ea21067248932bb0ec57fa0af30c51810bbe91\n\nAll OpenShift Container Platform 4.13 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift CLI (oc) or web console. Instructions for upgrading a cluster are available at https://docs.redhat.com/en/documentation/openshift_container_platform/4.13/html-single/updating_clusters/index#updating-cluster-within-minor.",
"product_ids": [
"9Base-RHOSE-4.13:rhcos-x86_64-413.92.202601130113-0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:0677"
},
{
"category": "workaround",
"details": "To mitigate the issue, limit XML input size and complexity before parsing, and avoid accepting compressed or deeply nested XML. Use OS-level resource controls (like ulimit or setrlimit()) to cap memory usage, or run the parser in a sandboxed or isolated process with strict memory and CPU limits. This helps prevent denial-of-service by containing excessive resource consumption.",
"product_ids": [
"9Base-RHOSE-4.13:rhcos-x86_64-413.92.202601130113-0"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"9Base-RHOSE-4.13:rhcos-x86_64-413.92.202601130113-0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "firefox: thunderbird: expat: libexpat in Expat allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing"
}
]
}
RHSA-2026:0702
Vulnerability from csaf_redhat - Published: 2026-01-22 19:09 - Updated: 2026-06-05 00:24Summary
Red Hat Security Advisory: OpenShift Container Platform 4.17.47 bug fix and security update
Severity
Important
Notes
Topic: Red Hat OpenShift Container Platform release 4.17.47 is now available with
updates to packages and images that fix several bugs and add enhancements.
This release includes a security update for Red Hat OpenShift Container
Platform 4.17.
Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.
Details: Red Hat OpenShift Container Platform is Red Hat's cloud computing
Kubernetes application platform solution designed for on-premise or private
cloud deployments.
This advisory contains the container images for Red Hat OpenShift Container
Platform 4.17.47. See the following advisory for the RPM packages for this
release:
https://access.redhat.com/errata/RHSA-2026:0701
Space precludes documenting all of the container images in this advisory.
See the following Release Notes documentation, which will be updated
shortly for this release, for details about these changes:
https://docs.redhat.com/en/documentation/openshift_container_platform/4.17/html/release_notes/
Security Fix(es):
* bind: Resource exhaustion via malformed DNSKEY handling (CVE-2025-8677)
* bind: Cache poisoning attacks with unsolicited RRs (CVE-2025-40778)
* bind: Cache poisoning due to weak PRNG (CVE-2025-40780)
* expat: libexpat in Expat allows attackers to trigger large dynamic memory
allocations via a small document that is submitted for parsing
(CVE-2025-59375)
* libssh: Invalid return code for chacha20 poly1305 with OpenSSL backend
(CVE-2025-5987)
* openssl: Out-of-bounds read & write in RFC 3211 KEK Unwrap
(CVE-2025-9230)
* libxslt: libxml2: Inifinite recursion at exsltDynMapFunction function in
libexslt/dynamic.c (CVE-2025-9714)
* qemu-kvm: VNC WebSocket handshake use-after-free (CVE-2025-11234)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
All OpenShift Container Platform 4.17 users are advised to upgrade to these
updated packages and images when they are available in the appropriate
release channel. To check for available updates, use the OpenShift CLI (oc)
or web console. Instructions for upgrading a cluster are available at
https://docs.redhat.com/en/documentation/openshift_container_platform/4.17/html-single/updating_clusters/index#updating-cluster-cli.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in libssh when using the ChaCha20 cipher with the OpenSSL library. If an attacker manages to exhaust the heap space, this error is not detected and may lead to libssh using a partially initialized cipher context. This occurs because the OpenSSL error code returned aliases with the SSH_OK code, resulting in libssh not properly detecting the error returned by the OpenSSL library. This issue can lead to undefined behavior, including compromised data confidentiality and integrity or crashes.
8.1 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-RHOSE-4.17:rhcos-aarch64-417.94.202601120213-0 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-RHOSE-4.17:rhcos-ppc64le-417.94.202601120213-0 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-RHOSE-4.17:rhcos-s390x-417.94.202601120213-0 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-RHOSE-4.17:rhcos-x86_64-417.94.202601120213-0 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A vulnerability was found in BIND 9 resolvers, where processing malformed DNSKEY records from a specially crafted zone can lead to resource exhaustion, primarily causing excessive CPU utilization. This issue enables a remote, unauthenticated attacker to degrade resolver performance and potentially cause a denial of service (DoS) for legitimate DNS clients.
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-RHOSE-4.17:rhcos-aarch64-417.94.202601120213-0 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOSE-4.17:rhcos-ppc64le-417.94.202601120213-0 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOSE-4.17:rhcos-s390x-417.94.202601120213-0 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOSE-4.17:rhcos-x86_64-417.94.202601120213-0 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in the OpenSSL CMS implementation (RFC 3211 KEK Unwrap). This vulnerability allows memory corruption, an application level denial of service, or potential execution of attacker-supplied code via crafted CMS messages using password-based encryption (PWRI).
5.6 (Medium)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-RHOSE-4.17:rhcos-aarch64-417.94.202601120213-0 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOSE-4.17:rhcos-ppc64le-417.94.202601120213-0 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOSE-4.17:rhcos-s390x-417.94.202601120213-0 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOSE-4.17:rhcos-x86_64-417.94.202601120213-0 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in libxstl/libxml2. The 'exsltDynMapFunction' function in libexslt/dynamic.c does not contain a recursion depth check, which may cause an infinite loop via a specially crafted XSLT document while handling 'dyn:map()', leading to stack exhaustion and a local denial of service.
6.2 (Medium)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-RHOSE-4.17:rhcos-aarch64-417.94.202601120213-0 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOSE-4.17:rhcos-ppc64le-417.94.202601120213-0 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOSE-4.17:rhcos-s390x-417.94.202601120213-0 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOSE-4.17:rhcos-x86_64-417.94.202601120213-0 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in QEMU. If the QIOChannelWebsock object is freed while it is waiting to complete a handshake, a GSource is leaked. This can lead to the callback firing later on and triggering a use-after-free in the use of the channel. This can be abused by a malicious client with network access to the VNC WebSocket port to cause a denial of service during the WebSocket handshake prior to the VNC client authentication.
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-RHOSE-4.17:rhcos-aarch64-417.94.202601120213-0 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-RHOSE-4.17:rhcos-ppc64le-417.94.202601120213-0 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-RHOSE-4.17:rhcos-s390x-417.94.202601120213-0 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-RHOSE-4.17:rhcos-x86_64-417.94.202601120213-0 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A vulnerability exists in BIND’s DNS resolver logic that makes it overly permissive when accepting resource records (RRs) in responses. Under certain conditions, this flaw allows attackers to inject unsolicited or forged DNS records into the cache. This can be exploited to poison the resolver cache, redirecting clients to malicious domains or unauthorized servers.
8.6 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-RHOSE-4.17:rhcos-aarch64-417.94.202601120213-0 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOSE-4.17:rhcos-ppc64le-417.94.202601120213-0 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOSE-4.17:rhcos-s390x-417.94.202601120213-0 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOSE-4.17:rhcos-x86_64-417.94.202601120213-0 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A vulnerability was found in BIND resolvers caused by a weakness in the Pseudo Random Number Generator (PRNG). This weakness allows an attacker to potentially predict the source port and query ID used by BIND, enabling cache poisoning attacks. If successful, the attacker can inject malicious DNS responses into the resolver’s cache, causing clients to receive spoofed DNS data. Authoritative servers are generally unaffected, but recursive resolvers are exposed to this risk. Exploitation is remote and does not require user interaction.
8.6 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-RHOSE-4.17:rhcos-aarch64-417.94.202601120213-0 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOSE-4.17:rhcos-ppc64le-417.94.202601120213-0 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOSE-4.17:rhcos-s390x-417.94.202601120213-0 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOSE-4.17:rhcos-x86_64-417.94.202601120213-0 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A memory amplification vulnerability in libexpat allows attackers to trigger excessive dynamic memory allocations by submitting specially crafted XML input. A small input (~250 KiB) can cause the parser to allocate hundreds of megabytes, leading to denial-of-service (DoS) through memory exhaustion.
5.3 (Medium)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-RHOSE-4.17:rhcos-aarch64-417.94.202601120213-0 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOSE-4.17:rhcos-ppc64le-417.94.202601120213-0 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOSE-4.17:rhcos-s390x-417.94.202601120213-0 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOSE-4.17:rhcos-x86_64-417.94.202601120213-0 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
References
48 references
Acknowledgments
Cylo
Grant Millar
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat OpenShift Container Platform release 4.17.47 is now available with\nupdates to packages and images that fix several bugs and add enhancements.\n\n This release includes a security update for Red Hat OpenShift Container\nPlatform 4.17.\n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat OpenShift Container Platform is Red Hat\u0027s cloud computing\nKubernetes application platform solution designed for on-premise or private\ncloud deployments.\n\nThis advisory contains the container images for Red Hat OpenShift Container\nPlatform 4.17.47. See the following advisory for the RPM packages for this\nrelease:\n\nhttps://access.redhat.com/errata/RHSA-2026:0701\n\nSpace precludes documenting all of the container images in this advisory.\nSee the following Release Notes documentation, which will be updated\nshortly for this release, for details about these changes:\n\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.17/html/release_notes/\n\nSecurity Fix(es):\n\n* bind: Resource exhaustion via malformed DNSKEY handling (CVE-2025-8677)\n* bind: Cache poisoning attacks with unsolicited RRs (CVE-2025-40778)\n* bind: Cache poisoning due to weak PRNG (CVE-2025-40780)\n* expat: libexpat in Expat allows attackers to trigger large dynamic memory\nallocations via a small document that is submitted for parsing\n(CVE-2025-59375)\n* libssh: Invalid return code for chacha20 poly1305 with OpenSSL backend\n(CVE-2025-5987)\n* openssl: Out-of-bounds read \u0026 write in RFC 3211 KEK Unwrap\n(CVE-2025-9230)\n* libxslt: libxml2: Inifinite recursion at exsltDynMapFunction function in\nlibexslt/dynamic.c (CVE-2025-9714)\n* qemu-kvm: VNC WebSocket handshake use-after-free (CVE-2025-11234)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section.\n\nAll OpenShift Container Platform 4.17 users are advised to upgrade to these\nupdated packages and images when they are available in the appropriate\nrelease channel. To check for available updates, use the OpenShift CLI (oc)\nor web console. Instructions for upgrading a cluster are available at\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.17/html-single/updating_clusters/index#updating-cluster-cli.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:0702",
"url": "https://access.redhat.com/errata/RHSA-2026:0702"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2376219",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2376219"
},
{
"category": "external",
"summary": "2392605",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2392605"
},
{
"category": "external",
"summary": "2395108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2395108"
},
{
"category": "external",
"summary": "2396054",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2396054"
},
{
"category": "external",
"summary": "2401209",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2401209"
},
{
"category": "external",
"summary": "2405827",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2405827"
},
{
"category": "external",
"summary": "2405829",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2405829"
},
{
"category": "external",
"summary": "2405830",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2405830"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_0702.json"
}
],
"title": "Red Hat Security Advisory: OpenShift Container Platform 4.17.47 bug fix and security update",
"tracking": {
"current_release_date": "2026-06-05T00:24:00+00:00",
"generator": {
"date": "2026-06-05T00:24:00+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.1"
}
},
"id": "RHSA-2026:0702",
"initial_release_date": "2026-01-22T19:09:07+00:00",
"revision_history": [
{
"date": "2026-01-22T19:09:07+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-01-22T19:09:07+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-06-05T00:24:00+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat OpenShift Container Platform 4.17",
"product": {
"name": "Red Hat OpenShift Container Platform 4.17",
"product_id": "9Base-RHOSE-4.17",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:4.17::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenShift Enterprise"
},
{
"branches": [
{
"category": "product_version",
"name": "rhcos-aarch64-417.94.202601120213-0",
"product": {
"name": "rhcos-aarch64-417.94.202601120213-0",
"product_id": "rhcos-aarch64-417.94.202601120213-0",
"product_identification_helper": {
"purl": "pkg:generic/redhat/rhcos@417.94.202601120213?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "rhcos-ppc64le-417.94.202601120213-0",
"product": {
"name": "rhcos-ppc64le-417.94.202601120213-0",
"product_id": "rhcos-ppc64le-417.94.202601120213-0",
"product_identification_helper": {
"purl": "pkg:generic/redhat/rhcos@417.94.202601120213?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "rhcos-s390x-417.94.202601120213-0",
"product": {
"name": "rhcos-s390x-417.94.202601120213-0",
"product_id": "rhcos-s390x-417.94.202601120213-0",
"product_identification_helper": {
"purl": "pkg:generic/redhat/rhcos@417.94.202601120213?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "rhcos-x86_64-417.94.202601120213-0",
"product": {
"name": "rhcos-x86_64-417.94.202601120213-0",
"product_id": "rhcos-x86_64-417.94.202601120213-0",
"product_identification_helper": {
"purl": "pkg:generic/redhat/rhcos@417.94.202601120213?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "rhcos-aarch64-417.94.202601120213-0 as a component of Red Hat OpenShift Container Platform 4.17",
"product_id": "9Base-RHOSE-4.17:rhcos-aarch64-417.94.202601120213-0"
},
"product_reference": "rhcos-aarch64-417.94.202601120213-0",
"relates_to_product_reference": "9Base-RHOSE-4.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhcos-ppc64le-417.94.202601120213-0 as a component of Red Hat OpenShift Container Platform 4.17",
"product_id": "9Base-RHOSE-4.17:rhcos-ppc64le-417.94.202601120213-0"
},
"product_reference": "rhcos-ppc64le-417.94.202601120213-0",
"relates_to_product_reference": "9Base-RHOSE-4.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhcos-s390x-417.94.202601120213-0 as a component of Red Hat OpenShift Container Platform 4.17",
"product_id": "9Base-RHOSE-4.17:rhcos-s390x-417.94.202601120213-0"
},
"product_reference": "rhcos-s390x-417.94.202601120213-0",
"relates_to_product_reference": "9Base-RHOSE-4.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhcos-x86_64-417.94.202601120213-0 as a component of Red Hat OpenShift Container Platform 4.17",
"product_id": "9Base-RHOSE-4.17:rhcos-x86_64-417.94.202601120213-0"
},
"product_reference": "rhcos-x86_64-417.94.202601120213-0",
"relates_to_product_reference": "9Base-RHOSE-4.17"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-5987",
"cwe": {
"id": "CWE-393",
"name": "Return of Wrong Status Code"
},
"discovery_date": "2025-07-03T21:55:26.394000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2376219"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in libssh when using the ChaCha20 cipher with the OpenSSL library. If an attacker manages to exhaust the heap space, this error is not detected and may lead to libssh using a partially initialized cipher context. This occurs because the OpenSSL error code returned aliases with the SSH_OK code, resulting in libssh not properly detecting the error returned by the OpenSSL library. This issue can lead to undefined behavior, including compromised data confidentiality and integrity or crashes.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libssh: Invalid return code for chacha20 poly1305 with OpenSSL backend",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Product Security Team has rated this vulnerability as having a Moderate security impact. This is due to the high complexity in exploiting this flaw. For a successful attack to take place an attacker needs to manage to exhaust the heap space to for the OpenSSL library to return the error code which wrongly match the SSH_OK return code.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHOSE-4.17:rhcos-aarch64-417.94.202601120213-0",
"9Base-RHOSE-4.17:rhcos-ppc64le-417.94.202601120213-0",
"9Base-RHOSE-4.17:rhcos-s390x-417.94.202601120213-0",
"9Base-RHOSE-4.17:rhcos-x86_64-417.94.202601120213-0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-5987"
},
{
"category": "external",
"summary": "RHBZ#2376219",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2376219"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-5987",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5987"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-5987",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-5987"
},
{
"category": "external",
"summary": "https://www.libssh.org/security/advisories/CVE-2025-5987.txt",
"url": "https://www.libssh.org/security/advisories/CVE-2025-5987.txt"
}
],
"release_date": "2025-04-26T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-22T19:09:07+00:00",
"details": "For OpenShift Container Platform 4.17 see the following documentation,\nwhich will be updated shortly for this release, for important instructions\non how to upgrade your cluster and fully apply this asynchronous errata\nupdate:\n\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.17/html/release_notes/\n\nYou may download the oc tool and use it to inspect release image metadata\nfor x86_64, s390x, ppc64le, and aarch64 architectures. The image digests\nmay be found at\nhttps://quay.io/repository/openshift-release-dev/ocp-release?tab=tags.\n\nThe sha values for the release are as follows:\n\n (For x86_64 architecture)\n The image digest is sha256:d49a4f1a4532e3822e8769a97d87f538f9101701d3997e6e883c8abff7b58a43\n\n (For s390x architecture)\n The image digest is sha256:baded7c05358eda3d7bc20efdc3d2b963ba80f1639c2c80b2c58bc216a1375d1\n\n (For ppc64le architecture)\n The image digest is sha256:4714f7f59793e8f77cc5a95eb918bd43f9a6ff31de1b35fb59b45a07f7a3f118\n\n (For aarch64 architecture)\n The image digest is sha256:73e2429c13a91ea4e5031c61f94c57884a7251ece3e1bbb338523e7bf8246903\n\nAll OpenShift Container Platform 4.17 users are advised to upgrade to these\nupdated packages and images when they are available in the appropriate\nrelease channel. To check for available updates, use the OpenShift CLI (oc)\nor web console. Instructions for upgrading a cluster are available at\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.17/html-single/updating_clusters/index#updating-cluster-cli.",
"product_ids": [
"9Base-RHOSE-4.17:rhcos-aarch64-417.94.202601120213-0",
"9Base-RHOSE-4.17:rhcos-ppc64le-417.94.202601120213-0",
"9Base-RHOSE-4.17:rhcos-s390x-417.94.202601120213-0",
"9Base-RHOSE-4.17:rhcos-x86_64-417.94.202601120213-0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:0702"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"9Base-RHOSE-4.17:rhcos-aarch64-417.94.202601120213-0",
"9Base-RHOSE-4.17:rhcos-ppc64le-417.94.202601120213-0",
"9Base-RHOSE-4.17:rhcos-s390x-417.94.202601120213-0",
"9Base-RHOSE-4.17:rhcos-x86_64-417.94.202601120213-0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "libssh: Invalid return code for chacha20 poly1305 with OpenSSL backend"
},
{
"cve": "CVE-2025-8677",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2025-10-22T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2405830"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in BIND 9 resolvers, where processing malformed DNSKEY records from a specially crafted zone can lead to resource exhaustion, primarily causing excessive CPU utilization. This issue enables a remote, unauthenticated attacker to degrade resolver performance and potentially cause a denial of service (DoS) for legitimate DNS clients.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "bind: Resource exhaustion via malformed DNSKEY handling",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is considered Important because it allows a remote, unauthenticated attacker to cause significant CPU exhaustion on vulnerable BIND resolvers by serving zones containing malformed DNSKEY records. The flaw triggers excessive computational effort during DNSKEY validation, leading to degraded performance and potential denial of service for legitimate clients. However, the issue affects availability only\u2014it does not enable code execution, data exposure, or privilege escalation\u2014so it is not classified as critical. Furthermore, authoritative servers are not impacted, limiting the scope of exposure to recursive resolvers. While the attack is easy to launch and can disrupt DNS operations, its effect ceases once the malicious traffic stops, making prompt patching and recursive access control effective mitigations.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHOSE-4.17:rhcos-aarch64-417.94.202601120213-0",
"9Base-RHOSE-4.17:rhcos-ppc64le-417.94.202601120213-0",
"9Base-RHOSE-4.17:rhcos-s390x-417.94.202601120213-0",
"9Base-RHOSE-4.17:rhcos-x86_64-417.94.202601120213-0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-8677"
},
{
"category": "external",
"summary": "RHBZ#2405830",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2405830"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-8677",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8677"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-8677",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-8677"
}
],
"release_date": "2025-10-22T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-22T19:09:07+00:00",
"details": "For OpenShift Container Platform 4.17 see the following documentation,\nwhich will be updated shortly for this release, for important instructions\non how to upgrade your cluster and fully apply this asynchronous errata\nupdate:\n\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.17/html/release_notes/\n\nYou may download the oc tool and use it to inspect release image metadata\nfor x86_64, s390x, ppc64le, and aarch64 architectures. The image digests\nmay be found at\nhttps://quay.io/repository/openshift-release-dev/ocp-release?tab=tags.\n\nThe sha values for the release are as follows:\n\n (For x86_64 architecture)\n The image digest is sha256:d49a4f1a4532e3822e8769a97d87f538f9101701d3997e6e883c8abff7b58a43\n\n (For s390x architecture)\n The image digest is sha256:baded7c05358eda3d7bc20efdc3d2b963ba80f1639c2c80b2c58bc216a1375d1\n\n (For ppc64le architecture)\n The image digest is sha256:4714f7f59793e8f77cc5a95eb918bd43f9a6ff31de1b35fb59b45a07f7a3f118\n\n (For aarch64 architecture)\n The image digest is sha256:73e2429c13a91ea4e5031c61f94c57884a7251ece3e1bbb338523e7bf8246903\n\nAll OpenShift Container Platform 4.17 users are advised to upgrade to these\nupdated packages and images when they are available in the appropriate\nrelease channel. To check for available updates, use the OpenShift CLI (oc)\nor web console. Instructions for upgrading a cluster are available at\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.17/html-single/updating_clusters/index#updating-cluster-cli.",
"product_ids": [
"9Base-RHOSE-4.17:rhcos-aarch64-417.94.202601120213-0",
"9Base-RHOSE-4.17:rhcos-ppc64le-417.94.202601120213-0",
"9Base-RHOSE-4.17:rhcos-s390x-417.94.202601120213-0",
"9Base-RHOSE-4.17:rhcos-x86_64-417.94.202601120213-0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:0702"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.\n\nTo reduce risk, restrict recursive queries to trusted or internal networks only, and apply rate limiting or firewall rules to prevent excessive or repetitive requests. Enabling DNSSEC validation helps reject forged records, while isolating recursive resolvers from authoritative servers limits the impact of potential cache poisoning. Active monitoring of CPU usage, query volume, and cache anomalies can provide early warning of abuse or attacks.",
"product_ids": [
"9Base-RHOSE-4.17:rhcos-aarch64-417.94.202601120213-0",
"9Base-RHOSE-4.17:rhcos-ppc64le-417.94.202601120213-0",
"9Base-RHOSE-4.17:rhcos-s390x-417.94.202601120213-0",
"9Base-RHOSE-4.17:rhcos-x86_64-417.94.202601120213-0"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"9Base-RHOSE-4.17:rhcos-aarch64-417.94.202601120213-0",
"9Base-RHOSE-4.17:rhcos-ppc64le-417.94.202601120213-0",
"9Base-RHOSE-4.17:rhcos-s390x-417.94.202601120213-0",
"9Base-RHOSE-4.17:rhcos-x86_64-417.94.202601120213-0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "bind: Resource exhaustion via malformed DNSKEY handling"
},
{
"cve": "CVE-2025-9230",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2025-09-17T12:15:34.387000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2396054"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the OpenSSL CMS implementation (RFC 3211 KEK Unwrap). This vulnerability allows memory corruption, an application level denial of service, or potential execution of attacker-supplied code via crafted CMS messages using password-based encryption (PWRI).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openssl: Out-of-bounds read \u0026 write in RFC 3211 KEK Unwrap",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The vulnerability was rated as Moderate because, while the potential impact includes an application level denial of service and possible arbitrary code execution, successful exploitation is considered unlikely due to the high attack complexity and the fact that password-based CMS encryption (PWRI) is rarely used in real-world deployments.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHOSE-4.17:rhcos-aarch64-417.94.202601120213-0",
"9Base-RHOSE-4.17:rhcos-ppc64le-417.94.202601120213-0",
"9Base-RHOSE-4.17:rhcos-s390x-417.94.202601120213-0",
"9Base-RHOSE-4.17:rhcos-x86_64-417.94.202601120213-0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-9230"
},
{
"category": "external",
"summary": "RHBZ#2396054",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2396054"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-9230",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9230"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-9230",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-9230"
}
],
"release_date": "2025-09-30T23:59:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-22T19:09:07+00:00",
"details": "For OpenShift Container Platform 4.17 see the following documentation,\nwhich will be updated shortly for this release, for important instructions\non how to upgrade your cluster and fully apply this asynchronous errata\nupdate:\n\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.17/html/release_notes/\n\nYou may download the oc tool and use it to inspect release image metadata\nfor x86_64, s390x, ppc64le, and aarch64 architectures. The image digests\nmay be found at\nhttps://quay.io/repository/openshift-release-dev/ocp-release?tab=tags.\n\nThe sha values for the release are as follows:\n\n (For x86_64 architecture)\n The image digest is sha256:d49a4f1a4532e3822e8769a97d87f538f9101701d3997e6e883c8abff7b58a43\n\n (For s390x architecture)\n The image digest is sha256:baded7c05358eda3d7bc20efdc3d2b963ba80f1639c2c80b2c58bc216a1375d1\n\n (For ppc64le architecture)\n The image digest is sha256:4714f7f59793e8f77cc5a95eb918bd43f9a6ff31de1b35fb59b45a07f7a3f118\n\n (For aarch64 architecture)\n The image digest is sha256:73e2429c13a91ea4e5031c61f94c57884a7251ece3e1bbb338523e7bf8246903\n\nAll OpenShift Container Platform 4.17 users are advised to upgrade to these\nupdated packages and images when they are available in the appropriate\nrelease channel. To check for available updates, use the OpenShift CLI (oc)\nor web console. Instructions for upgrading a cluster are available at\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.17/html-single/updating_clusters/index#updating-cluster-cli.",
"product_ids": [
"9Base-RHOSE-4.17:rhcos-aarch64-417.94.202601120213-0",
"9Base-RHOSE-4.17:rhcos-ppc64le-417.94.202601120213-0",
"9Base-RHOSE-4.17:rhcos-s390x-417.94.202601120213-0",
"9Base-RHOSE-4.17:rhcos-x86_64-417.94.202601120213-0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:0702"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"9Base-RHOSE-4.17:rhcos-aarch64-417.94.202601120213-0",
"9Base-RHOSE-4.17:rhcos-ppc64le-417.94.202601120213-0",
"9Base-RHOSE-4.17:rhcos-s390x-417.94.202601120213-0",
"9Base-RHOSE-4.17:rhcos-x86_64-417.94.202601120213-0"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"9Base-RHOSE-4.17:rhcos-aarch64-417.94.202601120213-0",
"9Base-RHOSE-4.17:rhcos-ppc64le-417.94.202601120213-0",
"9Base-RHOSE-4.17:rhcos-s390x-417.94.202601120213-0",
"9Base-RHOSE-4.17:rhcos-x86_64-417.94.202601120213-0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "openssl: Out-of-bounds read \u0026 write in RFC 3211 KEK Unwrap"
},
{
"cve": "CVE-2025-9714",
"cwe": {
"id": "CWE-606",
"name": "Unchecked Input for Loop Condition"
},
"discovery_date": "2025-09-02T13:03:56.452000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2392605"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in libxstl/libxml2. The \u0027exsltDynMapFunction\u0027 function in libexslt/dynamic.c does not contain a recursion depth check, which may cause an infinite loop via a specially crafted XSLT document while handling \u0027dyn:map()\u0027, leading to stack exhaustion and a local denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libxslt: libxml2: Inifinite recursion at exsltDynMapFunction function in libexslt/dynamic.c",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "No evidence was found for arbitrary memory corruption through this flaw, limiting its impact to Availability only, and reducing its severity to Moderate.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHOSE-4.17:rhcos-aarch64-417.94.202601120213-0",
"9Base-RHOSE-4.17:rhcos-ppc64le-417.94.202601120213-0",
"9Base-RHOSE-4.17:rhcos-s390x-417.94.202601120213-0",
"9Base-RHOSE-4.17:rhcos-x86_64-417.94.202601120213-0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-9714"
},
{
"category": "external",
"summary": "RHBZ#2392605",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2392605"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-9714",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9714"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-9714",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-9714"
},
{
"category": "external",
"summary": "https://gitlab.gnome.org/GNOME/libxml2/-/commit/677a42645ef22b5a50741bad5facf9d8a8bc6d21",
"url": "https://gitlab.gnome.org/GNOME/libxml2/-/commit/677a42645ef22b5a50741bad5facf9d8a8bc6d21"
},
{
"category": "external",
"summary": "https://gitlab.gnome.org/GNOME/libxslt/-/issues/148",
"url": "https://gitlab.gnome.org/GNOME/libxslt/-/issues/148"
}
],
"release_date": "2025-09-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-22T19:09:07+00:00",
"details": "For OpenShift Container Platform 4.17 see the following documentation,\nwhich will be updated shortly for this release, for important instructions\non how to upgrade your cluster and fully apply this asynchronous errata\nupdate:\n\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.17/html/release_notes/\n\nYou may download the oc tool and use it to inspect release image metadata\nfor x86_64, s390x, ppc64le, and aarch64 architectures. The image digests\nmay be found at\nhttps://quay.io/repository/openshift-release-dev/ocp-release?tab=tags.\n\nThe sha values for the release are as follows:\n\n (For x86_64 architecture)\n The image digest is sha256:d49a4f1a4532e3822e8769a97d87f538f9101701d3997e6e883c8abff7b58a43\n\n (For s390x architecture)\n The image digest is sha256:baded7c05358eda3d7bc20efdc3d2b963ba80f1639c2c80b2c58bc216a1375d1\n\n (For ppc64le architecture)\n The image digest is sha256:4714f7f59793e8f77cc5a95eb918bd43f9a6ff31de1b35fb59b45a07f7a3f118\n\n (For aarch64 architecture)\n The image digest is sha256:73e2429c13a91ea4e5031c61f94c57884a7251ece3e1bbb338523e7bf8246903\n\nAll OpenShift Container Platform 4.17 users are advised to upgrade to these\nupdated packages and images when they are available in the appropriate\nrelease channel. To check for available updates, use the OpenShift CLI (oc)\nor web console. Instructions for upgrading a cluster are available at\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.17/html-single/updating_clusters/index#updating-cluster-cli.",
"product_ids": [
"9Base-RHOSE-4.17:rhcos-aarch64-417.94.202601120213-0",
"9Base-RHOSE-4.17:rhcos-ppc64le-417.94.202601120213-0",
"9Base-RHOSE-4.17:rhcos-s390x-417.94.202601120213-0",
"9Base-RHOSE-4.17:rhcos-x86_64-417.94.202601120213-0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:0702"
},
{
"category": "workaround",
"details": "The impact of this flaw may be reduced by setting strict resource limits to the stack size of processes at the operational system level. This can be achieved either through the \u0027ulimit\u0027 shell built-in or the \u0027limits.conf\u0027 file.",
"product_ids": [
"9Base-RHOSE-4.17:rhcos-aarch64-417.94.202601120213-0",
"9Base-RHOSE-4.17:rhcos-ppc64le-417.94.202601120213-0",
"9Base-RHOSE-4.17:rhcos-s390x-417.94.202601120213-0",
"9Base-RHOSE-4.17:rhcos-x86_64-417.94.202601120213-0"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"9Base-RHOSE-4.17:rhcos-aarch64-417.94.202601120213-0",
"9Base-RHOSE-4.17:rhcos-ppc64le-417.94.202601120213-0",
"9Base-RHOSE-4.17:rhcos-s390x-417.94.202601120213-0",
"9Base-RHOSE-4.17:rhcos-x86_64-417.94.202601120213-0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "libxslt: libxml2: Inifinite recursion at exsltDynMapFunction function in libexslt/dynamic.c"
},
{
"acknowledgments": [
{
"names": [
"Grant Millar"
],
"organization": "Cylo"
}
],
"cve": "CVE-2025-11234",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2025-09-30T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2401209"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in QEMU. If the QIOChannelWebsock object is freed while it is waiting to complete a handshake, a GSource is leaked. This can lead to the callback firing later on and triggering a use-after-free in the use of the channel. This can be abused by a malicious client with network access to the VNC WebSocket port to cause a denial of service during the WebSocket handshake prior to the VNC client authentication.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "qemu-kvm: VNC WebSocket handshake use-after-free",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This CVE has been rated as Moderate because it only affects the WebSocket protocol for communication (the VNC raw TCP socket is not affected) and the use of QEMU\u0027s in-process WebSocket feature is fairly niche.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHOSE-4.17:rhcos-aarch64-417.94.202601120213-0",
"9Base-RHOSE-4.17:rhcos-ppc64le-417.94.202601120213-0",
"9Base-RHOSE-4.17:rhcos-s390x-417.94.202601120213-0",
"9Base-RHOSE-4.17:rhcos-x86_64-417.94.202601120213-0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-11234"
},
{
"category": "external",
"summary": "RHBZ#2401209",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2401209"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-11234",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-11234"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-11234",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-11234"
}
],
"release_date": "2025-09-30T12:18:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-22T19:09:07+00:00",
"details": "For OpenShift Container Platform 4.17 see the following documentation,\nwhich will be updated shortly for this release, for important instructions\non how to upgrade your cluster and fully apply this asynchronous errata\nupdate:\n\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.17/html/release_notes/\n\nYou may download the oc tool and use it to inspect release image metadata\nfor x86_64, s390x, ppc64le, and aarch64 architectures. The image digests\nmay be found at\nhttps://quay.io/repository/openshift-release-dev/ocp-release?tab=tags.\n\nThe sha values for the release are as follows:\n\n (For x86_64 architecture)\n The image digest is sha256:d49a4f1a4532e3822e8769a97d87f538f9101701d3997e6e883c8abff7b58a43\n\n (For s390x architecture)\n The image digest is sha256:baded7c05358eda3d7bc20efdc3d2b963ba80f1639c2c80b2c58bc216a1375d1\n\n (For ppc64le architecture)\n The image digest is sha256:4714f7f59793e8f77cc5a95eb918bd43f9a6ff31de1b35fb59b45a07f7a3f118\n\n (For aarch64 architecture)\n The image digest is sha256:73e2429c13a91ea4e5031c61f94c57884a7251ece3e1bbb338523e7bf8246903\n\nAll OpenShift Container Platform 4.17 users are advised to upgrade to these\nupdated packages and images when they are available in the appropriate\nrelease channel. To check for available updates, use the OpenShift CLI (oc)\nor web console. Instructions for upgrading a cluster are available at\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.17/html-single/updating_clusters/index#updating-cluster-cli.",
"product_ids": [
"9Base-RHOSE-4.17:rhcos-aarch64-417.94.202601120213-0",
"9Base-RHOSE-4.17:rhcos-ppc64le-417.94.202601120213-0",
"9Base-RHOSE-4.17:rhcos-s390x-417.94.202601120213-0",
"9Base-RHOSE-4.17:rhcos-x86_64-417.94.202601120213-0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:0702"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"9Base-RHOSE-4.17:rhcos-aarch64-417.94.202601120213-0",
"9Base-RHOSE-4.17:rhcos-ppc64le-417.94.202601120213-0",
"9Base-RHOSE-4.17:rhcos-s390x-417.94.202601120213-0",
"9Base-RHOSE-4.17:rhcos-x86_64-417.94.202601120213-0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "qemu-kvm: VNC WebSocket handshake use-after-free"
},
{
"cve": "CVE-2025-40778",
"cwe": {
"id": "CWE-347",
"name": "Improper Verification of Cryptographic Signature"
},
"discovery_date": "2025-10-22T15:07:23.729000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2405827"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability exists in BIND\u2019s DNS resolver logic that makes it overly permissive when accepting resource records (RRs) in responses. Under certain conditions, this flaw allows attackers to inject unsolicited or forged DNS records into the cache. This can be exploited to poison the resolver cache, redirecting clients to malicious domains or unauthorized servers.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "bind: Cache poisoning attacks with unsolicited RRs",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "It is classified as Important rather than Critical because its impact is limited to cache poisoning within recursive resolvers and does not allow direct code execution, privilege escalation, or service disruption. The vulnerability affects the accuracy of DNS responses, but not the availability or confidentiality of systems. Additionally, DNSSEC-enabled deployments and restricted recursive access can significantly mitigate exploitation risks. Therefore, while the flaw can misdirect network traffic and compromise trust in name resolution, it does not directly compromise the underlying server or client systems, justifying an Important \u2014 but not Critical \u2014 severity rating.\n\nTechnical Analysis:\nThe issue arises because BIND fails to strictly validate unsolicited resource records accompanying legitimate DNS responses. This gap allows forged recursive resolvers to be cached as valid entries. Since the attack is remote, requires no authentication, and exploits a low-complexity vector, it is highly impactful in recursive resolver environments\u2014especially those exposed to untrusted clients or open resolvers.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHOSE-4.17:rhcos-aarch64-417.94.202601120213-0",
"9Base-RHOSE-4.17:rhcos-ppc64le-417.94.202601120213-0",
"9Base-RHOSE-4.17:rhcos-s390x-417.94.202601120213-0",
"9Base-RHOSE-4.17:rhcos-x86_64-417.94.202601120213-0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-40778"
},
{
"category": "external",
"summary": "RHBZ#2405827",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2405827"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-40778",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40778"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-40778",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-40778"
}
],
"release_date": "2025-10-22T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-22T19:09:07+00:00",
"details": "For OpenShift Container Platform 4.17 see the following documentation,\nwhich will be updated shortly for this release, for important instructions\non how to upgrade your cluster and fully apply this asynchronous errata\nupdate:\n\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.17/html/release_notes/\n\nYou may download the oc tool and use it to inspect release image metadata\nfor x86_64, s390x, ppc64le, and aarch64 architectures. The image digests\nmay be found at\nhttps://quay.io/repository/openshift-release-dev/ocp-release?tab=tags.\n\nThe sha values for the release are as follows:\n\n (For x86_64 architecture)\n The image digest is sha256:d49a4f1a4532e3822e8769a97d87f538f9101701d3997e6e883c8abff7b58a43\n\n (For s390x architecture)\n The image digest is sha256:baded7c05358eda3d7bc20efdc3d2b963ba80f1639c2c80b2c58bc216a1375d1\n\n (For ppc64le architecture)\n The image digest is sha256:4714f7f59793e8f77cc5a95eb918bd43f9a6ff31de1b35fb59b45a07f7a3f118\n\n (For aarch64 architecture)\n The image digest is sha256:73e2429c13a91ea4e5031c61f94c57884a7251ece3e1bbb338523e7bf8246903\n\nAll OpenShift Container Platform 4.17 users are advised to upgrade to these\nupdated packages and images when they are available in the appropriate\nrelease channel. To check for available updates, use the OpenShift CLI (oc)\nor web console. Instructions for upgrading a cluster are available at\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.17/html-single/updating_clusters/index#updating-cluster-cli.",
"product_ids": [
"9Base-RHOSE-4.17:rhcos-aarch64-417.94.202601120213-0",
"9Base-RHOSE-4.17:rhcos-ppc64le-417.94.202601120213-0",
"9Base-RHOSE-4.17:rhcos-s390x-417.94.202601120213-0",
"9Base-RHOSE-4.17:rhcos-x86_64-417.94.202601120213-0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:0702"
},
{
"category": "workaround",
"details": "While it is not possible to eliminate risk from this vulnerability, there are several options for reducing the risk. These include restricting recursive queries to trusted or internal networks only, and apply rate limiting or firewall rules to prevent excessive or repetitive requests. Enabling DNSSEC validation helps reject forged records, while isolating recursive resolvers from authoritative servers limits the impact of potential cache poisoning. Active monitoring of CPU usage, query volume, and cache anomalies can provide early warning of abuse or attacks.",
"product_ids": [
"9Base-RHOSE-4.17:rhcos-aarch64-417.94.202601120213-0",
"9Base-RHOSE-4.17:rhcos-ppc64le-417.94.202601120213-0",
"9Base-RHOSE-4.17:rhcos-s390x-417.94.202601120213-0",
"9Base-RHOSE-4.17:rhcos-x86_64-417.94.202601120213-0"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"9Base-RHOSE-4.17:rhcos-aarch64-417.94.202601120213-0",
"9Base-RHOSE-4.17:rhcos-ppc64le-417.94.202601120213-0",
"9Base-RHOSE-4.17:rhcos-s390x-417.94.202601120213-0",
"9Base-RHOSE-4.17:rhcos-x86_64-417.94.202601120213-0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "bind: Cache poisoning attacks with unsolicited RRs"
},
{
"cve": "CVE-2025-40780",
"cwe": {
"id": "CWE-338",
"name": "Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)"
},
"discovery_date": "2025-10-22T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2405829"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in BIND resolvers caused by a weakness in the Pseudo Random Number Generator (PRNG). This weakness allows an attacker to potentially predict the source port and query ID used by BIND, enabling cache poisoning attacks. If successful, the attacker can inject malicious DNS responses into the resolver\u2019s cache, causing clients to receive spoofed DNS data. Authoritative servers are generally unaffected, but recursive resolvers are exposed to this risk. Exploitation is remote and does not require user interaction.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "bind: Cache poisoning due to weak PRNG",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability in BIND 9 resolvers caused by a weakness in the Pseudo Random Number Generator (PRNG) used to select the UDP source port and DNS query (transaction) ID. Exploitation requires an attacker to correctly predict both values and race the legitimate authoritative response with a spoofed packet to perform cache poisoning. While the PRNG weakness reduces entropy and makes prediction feasible under certain conditions, this still requires precise timing, on-path or spoofing capabilities, and targeting of recursive resolvers.\n\nThe impact is limited to resolver cache integrity; it does not allow remote code execution, privilege escalation, or direct compromise of the BIND server itself. Authoritative servers are not affected. Additionally, operational mitigations such as DNSSEC validation, access control restricting recursion, and network-level packet filtering reduce real-world exploitability. No active exploits have been observed in the wild.\n\nBecause exploitation is non-trivial, requires network-level spoofing and precise timing, and only affects cache integrity without server compromise, the vulnerability is considered Important rather than Critical.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHOSE-4.17:rhcos-aarch64-417.94.202601120213-0",
"9Base-RHOSE-4.17:rhcos-ppc64le-417.94.202601120213-0",
"9Base-RHOSE-4.17:rhcos-s390x-417.94.202601120213-0",
"9Base-RHOSE-4.17:rhcos-x86_64-417.94.202601120213-0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-40780"
},
{
"category": "external",
"summary": "RHBZ#2405829",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2405829"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-40780",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40780"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-40780",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-40780"
}
],
"release_date": "2025-10-22T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-22T19:09:07+00:00",
"details": "For OpenShift Container Platform 4.17 see the following documentation,\nwhich will be updated shortly for this release, for important instructions\non how to upgrade your cluster and fully apply this asynchronous errata\nupdate:\n\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.17/html/release_notes/\n\nYou may download the oc tool and use it to inspect release image metadata\nfor x86_64, s390x, ppc64le, and aarch64 architectures. The image digests\nmay be found at\nhttps://quay.io/repository/openshift-release-dev/ocp-release?tab=tags.\n\nThe sha values for the release are as follows:\n\n (For x86_64 architecture)\n The image digest is sha256:d49a4f1a4532e3822e8769a97d87f538f9101701d3997e6e883c8abff7b58a43\n\n (For s390x architecture)\n The image digest is sha256:baded7c05358eda3d7bc20efdc3d2b963ba80f1639c2c80b2c58bc216a1375d1\n\n (For ppc64le architecture)\n The image digest is sha256:4714f7f59793e8f77cc5a95eb918bd43f9a6ff31de1b35fb59b45a07f7a3f118\n\n (For aarch64 architecture)\n The image digest is sha256:73e2429c13a91ea4e5031c61f94c57884a7251ece3e1bbb338523e7bf8246903\n\nAll OpenShift Container Platform 4.17 users are advised to upgrade to these\nupdated packages and images when they are available in the appropriate\nrelease channel. To check for available updates, use the OpenShift CLI (oc)\nor web console. Instructions for upgrading a cluster are available at\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.17/html-single/updating_clusters/index#updating-cluster-cli.",
"product_ids": [
"9Base-RHOSE-4.17:rhcos-aarch64-417.94.202601120213-0",
"9Base-RHOSE-4.17:rhcos-ppc64le-417.94.202601120213-0",
"9Base-RHOSE-4.17:rhcos-s390x-417.94.202601120213-0",
"9Base-RHOSE-4.17:rhcos-x86_64-417.94.202601120213-0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:0702"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.\n\nTo reduce risk, restrict recursive queries to trusted or internal networks only, and apply rate limiting or firewall rules to prevent excessive or repetitive requests. Enabling DNSSEC validation helps reject forged records, while isolating recursive resolvers from authoritative servers limits the impact of potential cache poisoning. Active monitoring of CPU usage, query volume, and cache anomalies can provide early warning of abuse or attacks.",
"product_ids": [
"9Base-RHOSE-4.17:rhcos-aarch64-417.94.202601120213-0",
"9Base-RHOSE-4.17:rhcos-ppc64le-417.94.202601120213-0",
"9Base-RHOSE-4.17:rhcos-s390x-417.94.202601120213-0",
"9Base-RHOSE-4.17:rhcos-x86_64-417.94.202601120213-0"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"9Base-RHOSE-4.17:rhcos-aarch64-417.94.202601120213-0",
"9Base-RHOSE-4.17:rhcos-ppc64le-417.94.202601120213-0",
"9Base-RHOSE-4.17:rhcos-s390x-417.94.202601120213-0",
"9Base-RHOSE-4.17:rhcos-x86_64-417.94.202601120213-0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "bind: Cache poisoning due to weak PRNG"
},
{
"cve": "CVE-2025-59375",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2025-09-15T03:00:59.775098+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2395108"
}
],
"notes": [
{
"category": "description",
"text": "A memory amplification vulnerability in libexpat allows attackers to trigger excessive dynamic memory allocations by submitting specially crafted XML input. A small input (~250 KiB) can cause the parser to allocate hundreds of megabytes, leading to denial-of-service (DoS) through memory exhaustion.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "firefox: thunderbird: expat: libexpat in Expat allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue is Important rather than Critical because, while it allows for significant resource exhaustion leading to denial-of-service (DoS), it does not enable arbitrary code execution, data leakage, or privilege escalation. The vulnerability stems from an uncontrolled memory amplification behavior in libexpat\u2019s parser, where a relatively small XML payload can cause disproportionately large heap allocations. However, the flaw is limited in scope to service disruption and requires the attacker to submit a crafted XML document\u2014something that can be mitigated with proper input validation and memory usage limits. Therefore, while the exploitability is high, the impact is confined to availability, not confidentiality or integrity, making it a high-severity but not critical flaw.\n\nIn Firefox and Thunderbird, where libexpat is a transitive userspace dependency, exploitation usually just crashes the application (app-level DoS), so it is classified as Moderate instead of Important.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHOSE-4.17:rhcos-aarch64-417.94.202601120213-0",
"9Base-RHOSE-4.17:rhcos-ppc64le-417.94.202601120213-0",
"9Base-RHOSE-4.17:rhcos-s390x-417.94.202601120213-0",
"9Base-RHOSE-4.17:rhcos-x86_64-417.94.202601120213-0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-59375"
},
{
"category": "external",
"summary": "RHBZ#2395108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2395108"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-59375",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59375"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-59375",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-59375"
},
{
"category": "external",
"summary": "https://www.mozilla.org/security/advisories/mfsa2026-22/#CVE-2025-59375",
"url": "https://www.mozilla.org/security/advisories/mfsa2026-22/#CVE-2025-59375"
},
{
"category": "external",
"summary": "https://www.mozilla.org/security/advisories/mfsa2026-24/#CVE-2025-59375",
"url": "https://www.mozilla.org/security/advisories/mfsa2026-24/#CVE-2025-59375"
}
],
"release_date": "2025-09-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-22T19:09:07+00:00",
"details": "For OpenShift Container Platform 4.17 see the following documentation,\nwhich will be updated shortly for this release, for important instructions\non how to upgrade your cluster and fully apply this asynchronous errata\nupdate:\n\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.17/html/release_notes/\n\nYou may download the oc tool and use it to inspect release image metadata\nfor x86_64, s390x, ppc64le, and aarch64 architectures. The image digests\nmay be found at\nhttps://quay.io/repository/openshift-release-dev/ocp-release?tab=tags.\n\nThe sha values for the release are as follows:\n\n (For x86_64 architecture)\n The image digest is sha256:d49a4f1a4532e3822e8769a97d87f538f9101701d3997e6e883c8abff7b58a43\n\n (For s390x architecture)\n The image digest is sha256:baded7c05358eda3d7bc20efdc3d2b963ba80f1639c2c80b2c58bc216a1375d1\n\n (For ppc64le architecture)\n The image digest is sha256:4714f7f59793e8f77cc5a95eb918bd43f9a6ff31de1b35fb59b45a07f7a3f118\n\n (For aarch64 architecture)\n The image digest is sha256:73e2429c13a91ea4e5031c61f94c57884a7251ece3e1bbb338523e7bf8246903\n\nAll OpenShift Container Platform 4.17 users are advised to upgrade to these\nupdated packages and images when they are available in the appropriate\nrelease channel. To check for available updates, use the OpenShift CLI (oc)\nor web console. Instructions for upgrading a cluster are available at\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.17/html-single/updating_clusters/index#updating-cluster-cli.",
"product_ids": [
"9Base-RHOSE-4.17:rhcos-aarch64-417.94.202601120213-0",
"9Base-RHOSE-4.17:rhcos-ppc64le-417.94.202601120213-0",
"9Base-RHOSE-4.17:rhcos-s390x-417.94.202601120213-0",
"9Base-RHOSE-4.17:rhcos-x86_64-417.94.202601120213-0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:0702"
},
{
"category": "workaround",
"details": "To mitigate the issue, limit XML input size and complexity before parsing, and avoid accepting compressed or deeply nested XML. Use OS-level resource controls (like ulimit or setrlimit()) to cap memory usage, or run the parser in a sandboxed or isolated process with strict memory and CPU limits. This helps prevent denial-of-service by containing excessive resource consumption.",
"product_ids": [
"9Base-RHOSE-4.17:rhcos-aarch64-417.94.202601120213-0",
"9Base-RHOSE-4.17:rhcos-ppc64le-417.94.202601120213-0",
"9Base-RHOSE-4.17:rhcos-s390x-417.94.202601120213-0",
"9Base-RHOSE-4.17:rhcos-x86_64-417.94.202601120213-0"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"9Base-RHOSE-4.17:rhcos-aarch64-417.94.202601120213-0",
"9Base-RHOSE-4.17:rhcos-ppc64le-417.94.202601120213-0",
"9Base-RHOSE-4.17:rhcos-s390x-417.94.202601120213-0",
"9Base-RHOSE-4.17:rhcos-x86_64-417.94.202601120213-0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "firefox: thunderbird: expat: libexpat in Expat allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing"
}
]
}
RHSA-2026:0978
Vulnerability from csaf_redhat - Published: 2026-01-27 17:40 - Updated: 2026-06-05 00:24Summary
Red Hat Security Advisory: OpenShift Container Platform 4.20.12 bug fix and security update
Severity
Moderate
Notes
Topic: Red Hat OpenShift Container Platform release 4.20.12 is now available with
updates to packages and images that fix several bugs and add enhancements.
This release includes a security update for Red Hat OpenShift Container
Platform 4.20.
Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.
Details: Red Hat OpenShift Container Platform is Red Hat's cloud computing
Kubernetes application platform solution designed for on-premise or private
cloud deployments.
This advisory contains the container images for Red Hat OpenShift Container
Platform 4.20.12. See the following advisory for the RPM packages for this
release:
https://access.redhat.com/errata/RHBA-2026:0977
Space precludes documenting all of the container images in this advisory.
See the following Release Notes documentation, which will be updated
shortly for this release, for details about these changes:
https://docs.redhat.com/en/documentation/openshift_container_platform/4.20/html/release_notes/
Security Fix(es):
* libssh: Invalid return code for chacha20 poly1305 with OpenSSL backend
(CVE-2025-5987)
* libxslt: libxml2: Inifinite recursion at exsltDynMapFunction function in
libexslt/dynamic.c (CVE-2025-9714)
* binutils: GNU Binutils Linker heap-based overflow (CVE-2025-11083)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
All OpenShift Container Platform 4.20 users are advised to upgrade to these
updated packages and images when they are available in the appropriate
release channel. To check for available updates, use the OpenShift CLI (oc)
or web console. Instructions for upgrading a cluster are available at
https://docs.redhat.com/en/documentation/openshift_container_platform/4.20/html-single/updating_clusters/index#updating-cluster-cli.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in libssh when using the ChaCha20 cipher with the OpenSSL library. If an attacker manages to exhaust the heap space, this error is not detected and may lead to libssh using a partially initialized cipher context. This occurs because the OpenSSL error code returned aliases with the SSH_OK code, resulting in libssh not properly detecting the error returned by the OpenSSL library. This issue can lead to undefined behavior, including compromised data confidentiality and integrity or crashes.
8.1 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-RHOSE-4.20:rhcos-aarch64-4.20.9.6.202601211057-0 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-RHOSE-4.20:rhcos-ppc64le-4.20.9.6.202601211057-0 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-RHOSE-4.20:rhcos-s390x-4.20.9.6.202601211057-0 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-RHOSE-4.20:rhcos-x86_64-4.20.9.6.202601211057-0 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in libxstl/libxml2. The 'exsltDynMapFunction' function in libexslt/dynamic.c does not contain a recursion depth check, which may cause an infinite loop via a specially crafted XSLT document while handling 'dyn:map()', leading to stack exhaustion and a local denial of service.
6.2 (Medium)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-RHOSE-4.20:rhcos-aarch64-4.20.9.6.202601211057-0 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOSE-4.20:rhcos-ppc64le-4.20.9.6.202601211057-0 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOSE-4.20:rhcos-s390x-4.20.9.6.202601211057-0 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOSE-4.20:rhcos-x86_64-4.20.9.6.202601211057-0 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A head based buffer overflow flaw has been discovered in GNU bin utilities. The affected element is the function elf_swap_shdr in the library bfd/elfcode.h of the component Linker. The manipulation leads to heap-based buffer overflow. The attack must be carried out locally.
5.3 (Medium)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-RHOSE-4.20:rhcos-aarch64-4.20.9.6.202601211057-0 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOSE-4.20:rhcos-ppc64le-4.20.9.6.202601211057-0 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOSE-4.20:rhcos-s390x-4.20.9.6.202601211057-0 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOSE-4.20:rhcos-x86_64-4.20.9.6.202601211057-0 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
References
29 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat OpenShift Container Platform release 4.20.12 is now available with\nupdates to packages and images that fix several bugs and add enhancements.\n\n This release includes a security update for Red Hat OpenShift Container\nPlatform 4.20.\n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat OpenShift Container Platform is Red Hat\u0027s cloud computing\nKubernetes application platform solution designed for on-premise or private\ncloud deployments.\n\nThis advisory contains the container images for Red Hat OpenShift Container\nPlatform 4.20.12. See the following advisory for the RPM packages for this\nrelease:\n\nhttps://access.redhat.com/errata/RHBA-2026:0977\n\nSpace precludes documenting all of the container images in this advisory.\nSee the following Release Notes documentation, which will be updated\nshortly for this release, for details about these changes:\n\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.20/html/release_notes/\n\nSecurity Fix(es):\n\n* libssh: Invalid return code for chacha20 poly1305 with OpenSSL backend\n(CVE-2025-5987)\n* libxslt: libxml2: Inifinite recursion at exsltDynMapFunction function in\nlibexslt/dynamic.c (CVE-2025-9714)\n* binutils: GNU Binutils Linker heap-based overflow (CVE-2025-11083)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section.\n\nAll OpenShift Container Platform 4.20 users are advised to upgrade to these\nupdated packages and images when they are available in the appropriate\nrelease channel. To check for available updates, use the OpenShift CLI (oc)\nor web console. Instructions for upgrading a cluster are available at\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.20/html-single/updating_clusters/index#updating-cluster-cli.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:0978",
"url": "https://access.redhat.com/errata/RHSA-2026:0978"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "2376219",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2376219"
},
{
"category": "external",
"summary": "2392605",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2392605"
},
{
"category": "external",
"summary": "2399948",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2399948"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_0978.json"
}
],
"title": "Red Hat Security Advisory: OpenShift Container Platform 4.20.12 bug fix and security update",
"tracking": {
"current_release_date": "2026-06-05T00:24:13+00:00",
"generator": {
"date": "2026-06-05T00:24:13+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.1"
}
},
"id": "RHSA-2026:0978",
"initial_release_date": "2026-01-27T17:40:19+00:00",
"revision_history": [
{
"date": "2026-01-27T17:40:19+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-01-27T17:40:19+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-06-05T00:24:13+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat OpenShift Container Platform 4.20",
"product": {
"name": "Red Hat OpenShift Container Platform 4.20",
"product_id": "9Base-RHOSE-4.20",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:4.20::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenShift Enterprise"
},
{
"branches": [
{
"category": "product_version",
"name": "rhcos-aarch64-4.20.9.6.202601211057-0",
"product": {
"name": "rhcos-aarch64-4.20.9.6.202601211057-0",
"product_id": "rhcos-aarch64-4.20.9.6.202601211057-0",
"product_identification_helper": {
"purl": "pkg:generic/redhat/rhcos@4.20.9.6.202601211057?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "rhcos-ppc64le-4.20.9.6.202601211057-0",
"product": {
"name": "rhcos-ppc64le-4.20.9.6.202601211057-0",
"product_id": "rhcos-ppc64le-4.20.9.6.202601211057-0",
"product_identification_helper": {
"purl": "pkg:generic/redhat/rhcos@4.20.9.6.202601211057?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "rhcos-s390x-4.20.9.6.202601211057-0",
"product": {
"name": "rhcos-s390x-4.20.9.6.202601211057-0",
"product_id": "rhcos-s390x-4.20.9.6.202601211057-0",
"product_identification_helper": {
"purl": "pkg:generic/redhat/rhcos@4.20.9.6.202601211057?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "rhcos-x86_64-4.20.9.6.202601211057-0",
"product": {
"name": "rhcos-x86_64-4.20.9.6.202601211057-0",
"product_id": "rhcos-x86_64-4.20.9.6.202601211057-0",
"product_identification_helper": {
"purl": "pkg:generic/redhat/rhcos@4.20.9.6.202601211057?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "rhcos-aarch64-4.20.9.6.202601211057-0 as a component of Red Hat OpenShift Container Platform 4.20",
"product_id": "9Base-RHOSE-4.20:rhcos-aarch64-4.20.9.6.202601211057-0"
},
"product_reference": "rhcos-aarch64-4.20.9.6.202601211057-0",
"relates_to_product_reference": "9Base-RHOSE-4.20"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhcos-ppc64le-4.20.9.6.202601211057-0 as a component of Red Hat OpenShift Container Platform 4.20",
"product_id": "9Base-RHOSE-4.20:rhcos-ppc64le-4.20.9.6.202601211057-0"
},
"product_reference": "rhcos-ppc64le-4.20.9.6.202601211057-0",
"relates_to_product_reference": "9Base-RHOSE-4.20"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhcos-s390x-4.20.9.6.202601211057-0 as a component of Red Hat OpenShift Container Platform 4.20",
"product_id": "9Base-RHOSE-4.20:rhcos-s390x-4.20.9.6.202601211057-0"
},
"product_reference": "rhcos-s390x-4.20.9.6.202601211057-0",
"relates_to_product_reference": "9Base-RHOSE-4.20"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhcos-x86_64-4.20.9.6.202601211057-0 as a component of Red Hat OpenShift Container Platform 4.20",
"product_id": "9Base-RHOSE-4.20:rhcos-x86_64-4.20.9.6.202601211057-0"
},
"product_reference": "rhcos-x86_64-4.20.9.6.202601211057-0",
"relates_to_product_reference": "9Base-RHOSE-4.20"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-5987",
"cwe": {
"id": "CWE-393",
"name": "Return of Wrong Status Code"
},
"discovery_date": "2025-07-03T21:55:26.394000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2376219"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in libssh when using the ChaCha20 cipher with the OpenSSL library. If an attacker manages to exhaust the heap space, this error is not detected and may lead to libssh using a partially initialized cipher context. This occurs because the OpenSSL error code returned aliases with the SSH_OK code, resulting in libssh not properly detecting the error returned by the OpenSSL library. This issue can lead to undefined behavior, including compromised data confidentiality and integrity or crashes.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libssh: Invalid return code for chacha20 poly1305 with OpenSSL backend",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Product Security Team has rated this vulnerability as having a Moderate security impact. This is due to the high complexity in exploiting this flaw. For a successful attack to take place an attacker needs to manage to exhaust the heap space to for the OpenSSL library to return the error code which wrongly match the SSH_OK return code.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHOSE-4.20:rhcos-aarch64-4.20.9.6.202601211057-0",
"9Base-RHOSE-4.20:rhcos-ppc64le-4.20.9.6.202601211057-0",
"9Base-RHOSE-4.20:rhcos-s390x-4.20.9.6.202601211057-0",
"9Base-RHOSE-4.20:rhcos-x86_64-4.20.9.6.202601211057-0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-5987"
},
{
"category": "external",
"summary": "RHBZ#2376219",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2376219"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-5987",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5987"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-5987",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-5987"
},
{
"category": "external",
"summary": "https://www.libssh.org/security/advisories/CVE-2025-5987.txt",
"url": "https://www.libssh.org/security/advisories/CVE-2025-5987.txt"
}
],
"release_date": "2025-04-26T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-27T17:40:19+00:00",
"details": "For OpenShift Container Platform 4.20 see the following documentation,\nwhich will be updated shortly for this release, for important instructions\non how to upgrade your cluster and fully apply this asynchronous errata\nupdate:\n\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.20/html/release_notes/\n\nYou may download the oc tool and use it to inspect release image metadata\nfor x86_64, s390x, ppc64le, and aarch64 architectures. The image digests\nmay be found at\nhttps://quay.io/repository/openshift-release-dev/ocp-release?tab=tags.\n\nThe sha values for the release are as follows:\n\n (For x86_64 architecture)\n The image digest is sha256:c9bae4933c711d664e15da5b98e6e057fda51697aef4f3ec8e932922aa969373\n\n (For s390x architecture)\n The image digest is sha256:24efd2a05ad0aaff7f303ec7aceef23fbf2495c5bb122a2a177d69d51a18376a\n\n (For ppc64le architecture)\n The image digest is sha256:aa79662c0220879c8cde3314199265de32d0b6c420377f7ba9ed322f4657ce1c\n\n (For aarch64 architecture)\n The image digest is sha256:be52c63b0a81cb4a29f40f1a4554e6f11874d929d5c1a5f6f5fbcb3869525bf2\n\nAll OpenShift Container Platform 4.20 users are advised to upgrade to these\nupdated packages and images when they are available in the appropriate\nrelease channel. To check for available updates, use the OpenShift CLI (oc)\nor web console. Instructions for upgrading a cluster are available at\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.20/html-single/updating_clusters/index#updating-cluster-cli.",
"product_ids": [
"9Base-RHOSE-4.20:rhcos-aarch64-4.20.9.6.202601211057-0",
"9Base-RHOSE-4.20:rhcos-ppc64le-4.20.9.6.202601211057-0",
"9Base-RHOSE-4.20:rhcos-s390x-4.20.9.6.202601211057-0",
"9Base-RHOSE-4.20:rhcos-x86_64-4.20.9.6.202601211057-0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:0978"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"9Base-RHOSE-4.20:rhcos-aarch64-4.20.9.6.202601211057-0",
"9Base-RHOSE-4.20:rhcos-ppc64le-4.20.9.6.202601211057-0",
"9Base-RHOSE-4.20:rhcos-s390x-4.20.9.6.202601211057-0",
"9Base-RHOSE-4.20:rhcos-x86_64-4.20.9.6.202601211057-0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "libssh: Invalid return code for chacha20 poly1305 with OpenSSL backend"
},
{
"cve": "CVE-2025-9714",
"cwe": {
"id": "CWE-606",
"name": "Unchecked Input for Loop Condition"
},
"discovery_date": "2025-09-02T13:03:56.452000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2392605"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in libxstl/libxml2. The \u0027exsltDynMapFunction\u0027 function in libexslt/dynamic.c does not contain a recursion depth check, which may cause an infinite loop via a specially crafted XSLT document while handling \u0027dyn:map()\u0027, leading to stack exhaustion and a local denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libxslt: libxml2: Inifinite recursion at exsltDynMapFunction function in libexslt/dynamic.c",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "No evidence was found for arbitrary memory corruption through this flaw, limiting its impact to Availability only, and reducing its severity to Moderate.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHOSE-4.20:rhcos-aarch64-4.20.9.6.202601211057-0",
"9Base-RHOSE-4.20:rhcos-ppc64le-4.20.9.6.202601211057-0",
"9Base-RHOSE-4.20:rhcos-s390x-4.20.9.6.202601211057-0",
"9Base-RHOSE-4.20:rhcos-x86_64-4.20.9.6.202601211057-0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-9714"
},
{
"category": "external",
"summary": "RHBZ#2392605",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2392605"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-9714",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9714"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-9714",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-9714"
},
{
"category": "external",
"summary": "https://gitlab.gnome.org/GNOME/libxml2/-/commit/677a42645ef22b5a50741bad5facf9d8a8bc6d21",
"url": "https://gitlab.gnome.org/GNOME/libxml2/-/commit/677a42645ef22b5a50741bad5facf9d8a8bc6d21"
},
{
"category": "external",
"summary": "https://gitlab.gnome.org/GNOME/libxslt/-/issues/148",
"url": "https://gitlab.gnome.org/GNOME/libxslt/-/issues/148"
}
],
"release_date": "2025-09-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-27T17:40:19+00:00",
"details": "For OpenShift Container Platform 4.20 see the following documentation,\nwhich will be updated shortly for this release, for important instructions\non how to upgrade your cluster and fully apply this asynchronous errata\nupdate:\n\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.20/html/release_notes/\n\nYou may download the oc tool and use it to inspect release image metadata\nfor x86_64, s390x, ppc64le, and aarch64 architectures. The image digests\nmay be found at\nhttps://quay.io/repository/openshift-release-dev/ocp-release?tab=tags.\n\nThe sha values for the release are as follows:\n\n (For x86_64 architecture)\n The image digest is sha256:c9bae4933c711d664e15da5b98e6e057fda51697aef4f3ec8e932922aa969373\n\n (For s390x architecture)\n The image digest is sha256:24efd2a05ad0aaff7f303ec7aceef23fbf2495c5bb122a2a177d69d51a18376a\n\n (For ppc64le architecture)\n The image digest is sha256:aa79662c0220879c8cde3314199265de32d0b6c420377f7ba9ed322f4657ce1c\n\n (For aarch64 architecture)\n The image digest is sha256:be52c63b0a81cb4a29f40f1a4554e6f11874d929d5c1a5f6f5fbcb3869525bf2\n\nAll OpenShift Container Platform 4.20 users are advised to upgrade to these\nupdated packages and images when they are available in the appropriate\nrelease channel. To check for available updates, use the OpenShift CLI (oc)\nor web console. Instructions for upgrading a cluster are available at\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.20/html-single/updating_clusters/index#updating-cluster-cli.",
"product_ids": [
"9Base-RHOSE-4.20:rhcos-aarch64-4.20.9.6.202601211057-0",
"9Base-RHOSE-4.20:rhcos-ppc64le-4.20.9.6.202601211057-0",
"9Base-RHOSE-4.20:rhcos-s390x-4.20.9.6.202601211057-0",
"9Base-RHOSE-4.20:rhcos-x86_64-4.20.9.6.202601211057-0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:0978"
},
{
"category": "workaround",
"details": "The impact of this flaw may be reduced by setting strict resource limits to the stack size of processes at the operational system level. This can be achieved either through the \u0027ulimit\u0027 shell built-in or the \u0027limits.conf\u0027 file.",
"product_ids": [
"9Base-RHOSE-4.20:rhcos-aarch64-4.20.9.6.202601211057-0",
"9Base-RHOSE-4.20:rhcos-ppc64le-4.20.9.6.202601211057-0",
"9Base-RHOSE-4.20:rhcos-s390x-4.20.9.6.202601211057-0",
"9Base-RHOSE-4.20:rhcos-x86_64-4.20.9.6.202601211057-0"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"9Base-RHOSE-4.20:rhcos-aarch64-4.20.9.6.202601211057-0",
"9Base-RHOSE-4.20:rhcos-ppc64le-4.20.9.6.202601211057-0",
"9Base-RHOSE-4.20:rhcos-s390x-4.20.9.6.202601211057-0",
"9Base-RHOSE-4.20:rhcos-x86_64-4.20.9.6.202601211057-0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "libxslt: libxml2: Inifinite recursion at exsltDynMapFunction function in libexslt/dynamic.c"
},
{
"cve": "CVE-2025-11083",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2025-09-28T00:01:07.638629+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2399948"
}
],
"notes": [
{
"category": "description",
"text": "A head based buffer overflow flaw has been discovered in GNU bin utilities. The affected element is the function elf_swap_shdr in the library bfd/elfcode.h of the component Linker. The manipulation leads to heap-based buffer overflow. The attack must be carried out locally.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "binutils: GNU Binutils Linker heap-based overflow",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat rates this vulnerability as Moderate as a result of how the GNU Binutils are configured to be used in Red Hat products. When running with default configurations the affected program will have limited privileges and thus the impact of this flaw will be restricted.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHOSE-4.20:rhcos-aarch64-4.20.9.6.202601211057-0",
"9Base-RHOSE-4.20:rhcos-ppc64le-4.20.9.6.202601211057-0",
"9Base-RHOSE-4.20:rhcos-s390x-4.20.9.6.202601211057-0",
"9Base-RHOSE-4.20:rhcos-x86_64-4.20.9.6.202601211057-0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-11083"
},
{
"category": "external",
"summary": "RHBZ#2399948",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2399948"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-11083",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-11083"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-11083",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-11083"
},
{
"category": "external",
"summary": "https://sourceware.org/bugzilla/attachment.cgi?id=16353",
"url": "https://sourceware.org/bugzilla/attachment.cgi?id=16353"
},
{
"category": "external",
"summary": "https://sourceware.org/bugzilla/show_bug.cgi?id=33457",
"url": "https://sourceware.org/bugzilla/show_bug.cgi?id=33457"
},
{
"category": "external",
"summary": "https://sourceware.org/bugzilla/show_bug.cgi?id=33457#c1",
"url": "https://sourceware.org/bugzilla/show_bug.cgi?id=33457#c1"
},
{
"category": "external",
"summary": "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=9ca499644a21ceb3f946d1c179c38a83be084490",
"url": "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=9ca499644a21ceb3f946d1c179c38a83be084490"
},
{
"category": "external",
"summary": "https://vuldb.com/?ctiid.326124",
"url": "https://vuldb.com/?ctiid.326124"
},
{
"category": "external",
"summary": "https://vuldb.com/?id.326124",
"url": "https://vuldb.com/?id.326124"
},
{
"category": "external",
"summary": "https://vuldb.com/?submit.661277",
"url": "https://vuldb.com/?submit.661277"
},
{
"category": "external",
"summary": "https://www.gnu.org/",
"url": "https://www.gnu.org/"
}
],
"release_date": "2025-09-27T23:02:08.428000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-27T17:40:19+00:00",
"details": "For OpenShift Container Platform 4.20 see the following documentation,\nwhich will be updated shortly for this release, for important instructions\non how to upgrade your cluster and fully apply this asynchronous errata\nupdate:\n\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.20/html/release_notes/\n\nYou may download the oc tool and use it to inspect release image metadata\nfor x86_64, s390x, ppc64le, and aarch64 architectures. The image digests\nmay be found at\nhttps://quay.io/repository/openshift-release-dev/ocp-release?tab=tags.\n\nThe sha values for the release are as follows:\n\n (For x86_64 architecture)\n The image digest is sha256:c9bae4933c711d664e15da5b98e6e057fda51697aef4f3ec8e932922aa969373\n\n (For s390x architecture)\n The image digest is sha256:24efd2a05ad0aaff7f303ec7aceef23fbf2495c5bb122a2a177d69d51a18376a\n\n (For ppc64le architecture)\n The image digest is sha256:aa79662c0220879c8cde3314199265de32d0b6c420377f7ba9ed322f4657ce1c\n\n (For aarch64 architecture)\n The image digest is sha256:be52c63b0a81cb4a29f40f1a4554e6f11874d929d5c1a5f6f5fbcb3869525bf2\n\nAll OpenShift Container Platform 4.20 users are advised to upgrade to these\nupdated packages and images when they are available in the appropriate\nrelease channel. To check for available updates, use the OpenShift CLI (oc)\nor web console. Instructions for upgrading a cluster are available at\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.20/html-single/updating_clusters/index#updating-cluster-cli.",
"product_ids": [
"9Base-RHOSE-4.20:rhcos-aarch64-4.20.9.6.202601211057-0",
"9Base-RHOSE-4.20:rhcos-ppc64le-4.20.9.6.202601211057-0",
"9Base-RHOSE-4.20:rhcos-s390x-4.20.9.6.202601211057-0",
"9Base-RHOSE-4.20:rhcos-x86_64-4.20.9.6.202601211057-0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:0978"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"9Base-RHOSE-4.20:rhcos-aarch64-4.20.9.6.202601211057-0",
"9Base-RHOSE-4.20:rhcos-ppc64le-4.20.9.6.202601211057-0",
"9Base-RHOSE-4.20:rhcos-s390x-4.20.9.6.202601211057-0",
"9Base-RHOSE-4.20:rhcos-x86_64-4.20.9.6.202601211057-0"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"9Base-RHOSE-4.20:rhcos-aarch64-4.20.9.6.202601211057-0",
"9Base-RHOSE-4.20:rhcos-ppc64le-4.20.9.6.202601211057-0",
"9Base-RHOSE-4.20:rhcos-s390x-4.20.9.6.202601211057-0",
"9Base-RHOSE-4.20:rhcos-x86_64-4.20.9.6.202601211057-0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "binutils: GNU Binutils Linker heap-based overflow"
}
]
}
RHSA-2026:0980
Vulnerability from csaf_redhat - Published: 2026-02-03 21:03 - Updated: 2026-06-05 00:24Summary
Red Hat Security Advisory: OpenShift Container Platform 4.18.32 bug fix and security update
Severity
Moderate
Notes
Topic: Red Hat OpenShift Container Platform release 4.18.32 is now available with updates to packages and images that fix several bugs and add enhancements.
This release includes a security update for Red Hat OpenShift Container Platform 4.18.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.
This advisory contains the container images for Red Hat OpenShift Container Platform 4.18.32. See the following advisory for the RPM packages for this release:
https://access.redhat.com/errata/RHBA-2026:0979
Space precludes documenting all of the container images in this advisory. See the following Release Notes documentation, which will be updated shortly for this release, for details about these changes:
https://docs.redhat.com/en/documentation/openshift_container_platform/4.18/html/release_notes/
Security Fix(es):
* libssh: Invalid return code for chacha20 poly1305 with OpenSSL backend (CVE-2025-5987)
* libxslt: libxml2: Inifinite recursion at exsltDynMapFunction function in libexslt/dynamic.c (CVE-2025-9714)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
All OpenShift Container Platform 4.18 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift CLI (oc) or web console. Instructions for upgrading a cluster are available at https://docs.redhat.com/en/documentation/openshift_container_platform/4.18/html-single/updating_clusters/index#updating-cluster-cli.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in libssh when using the ChaCha20 cipher with the OpenSSL library. If an attacker manages to exhaust the heap space, this error is not detected and may lead to libssh using a partially initialized cipher context. This occurs because the OpenSSL error code returned aliases with the SSH_OK code, resulting in libssh not properly detecting the error returned by the OpenSSL library. This issue can lead to undefined behavior, including compromised data confidentiality and integrity or crashes.
8.1 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-RHOSE-4.18:rhcos-aarch64-418.94.202601202224-0 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-RHOSE-4.18:rhcos-ppc64le-418.94.202601202224-0 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-RHOSE-4.18:rhcos-s390x-418.94.202601202224-0 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-RHOSE-4.18:rhcos-x86_64-418.94.202601202224-0 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in libxstl/libxml2. The 'exsltDynMapFunction' function in libexslt/dynamic.c does not contain a recursion depth check, which may cause an infinite loop via a specially crafted XSLT document while handling 'dyn:map()', leading to stack exhaustion and a local denial of service.
6.2 (Medium)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-RHOSE-4.18:rhcos-aarch64-418.94.202601202224-0 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOSE-4.18:rhcos-ppc64le-418.94.202601202224-0 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOSE-4.18:rhcos-s390x-418.94.202601202224-0 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOSE-4.18:rhcos-x86_64-418.94.202601202224-0 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
References
16 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat OpenShift Container Platform release 4.18.32 is now available with updates to packages and images that fix several bugs and add enhancements.\n\nThis release includes a security update for Red Hat OpenShift Container Platform 4.18.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat OpenShift Container Platform is Red Hat\u0027s cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.\n\nThis advisory contains the container images for Red Hat OpenShift Container Platform 4.18.32. See the following advisory for the RPM packages for this release:\n\nhttps://access.redhat.com/errata/RHBA-2026:0979\n\nSpace precludes documenting all of the container images in this advisory. See the following Release Notes documentation, which will be updated shortly for this release, for details about these changes:\n\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.18/html/release_notes/\n\nSecurity Fix(es):\n\n* libssh: Invalid return code for chacha20 poly1305 with OpenSSL backend (CVE-2025-5987)\n* libxslt: libxml2: Inifinite recursion at exsltDynMapFunction function in libexslt/dynamic.c (CVE-2025-9714)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAll OpenShift Container Platform 4.18 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift CLI (oc) or web console. Instructions for upgrading a cluster are available at https://docs.redhat.com/en/documentation/openshift_container_platform/4.18/html-single/updating_clusters/index#updating-cluster-cli.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:0980",
"url": "https://access.redhat.com/errata/RHSA-2026:0980"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "2376219",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2376219"
},
{
"category": "external",
"summary": "2392605",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2392605"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_0980.json"
}
],
"title": "Red Hat Security Advisory: OpenShift Container Platform 4.18.32 bug fix and security update",
"tracking": {
"current_release_date": "2026-06-05T00:24:13+00:00",
"generator": {
"date": "2026-06-05T00:24:13+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.1"
}
},
"id": "RHSA-2026:0980",
"initial_release_date": "2026-02-03T21:03:49+00:00",
"revision_history": [
{
"date": "2026-02-03T21:03:49+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-02-03T21:03:49+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-06-05T00:24:13+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat OpenShift Container Platform 4.18",
"product": {
"name": "Red Hat OpenShift Container Platform 4.18",
"product_id": "9Base-RHOSE-4.18",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:4.18::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenShift Enterprise"
},
{
"branches": [
{
"category": "product_version",
"name": "rhcos-aarch64-418.94.202601202224-0",
"product": {
"name": "rhcos-aarch64-418.94.202601202224-0",
"product_id": "rhcos-aarch64-418.94.202601202224-0",
"product_identification_helper": {
"purl": "pkg:generic/redhat/rhcos@418.94.202601202224?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "rhcos-ppc64le-418.94.202601202224-0",
"product": {
"name": "rhcos-ppc64le-418.94.202601202224-0",
"product_id": "rhcos-ppc64le-418.94.202601202224-0",
"product_identification_helper": {
"purl": "pkg:generic/redhat/rhcos@418.94.202601202224?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "rhcos-s390x-418.94.202601202224-0",
"product": {
"name": "rhcos-s390x-418.94.202601202224-0",
"product_id": "rhcos-s390x-418.94.202601202224-0",
"product_identification_helper": {
"purl": "pkg:generic/redhat/rhcos@418.94.202601202224?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "rhcos-x86_64-418.94.202601202224-0",
"product": {
"name": "rhcos-x86_64-418.94.202601202224-0",
"product_id": "rhcos-x86_64-418.94.202601202224-0",
"product_identification_helper": {
"purl": "pkg:generic/redhat/rhcos@418.94.202601202224?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "rhcos-aarch64-418.94.202601202224-0 as a component of Red Hat OpenShift Container Platform 4.18",
"product_id": "9Base-RHOSE-4.18:rhcos-aarch64-418.94.202601202224-0"
},
"product_reference": "rhcos-aarch64-418.94.202601202224-0",
"relates_to_product_reference": "9Base-RHOSE-4.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhcos-ppc64le-418.94.202601202224-0 as a component of Red Hat OpenShift Container Platform 4.18",
"product_id": "9Base-RHOSE-4.18:rhcos-ppc64le-418.94.202601202224-0"
},
"product_reference": "rhcos-ppc64le-418.94.202601202224-0",
"relates_to_product_reference": "9Base-RHOSE-4.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhcos-s390x-418.94.202601202224-0 as a component of Red Hat OpenShift Container Platform 4.18",
"product_id": "9Base-RHOSE-4.18:rhcos-s390x-418.94.202601202224-0"
},
"product_reference": "rhcos-s390x-418.94.202601202224-0",
"relates_to_product_reference": "9Base-RHOSE-4.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhcos-x86_64-418.94.202601202224-0 as a component of Red Hat OpenShift Container Platform 4.18",
"product_id": "9Base-RHOSE-4.18:rhcos-x86_64-418.94.202601202224-0"
},
"product_reference": "rhcos-x86_64-418.94.202601202224-0",
"relates_to_product_reference": "9Base-RHOSE-4.18"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-5987",
"cwe": {
"id": "CWE-393",
"name": "Return of Wrong Status Code"
},
"discovery_date": "2025-07-03T21:55:26.394000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2376219"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in libssh when using the ChaCha20 cipher with the OpenSSL library. If an attacker manages to exhaust the heap space, this error is not detected and may lead to libssh using a partially initialized cipher context. This occurs because the OpenSSL error code returned aliases with the SSH_OK code, resulting in libssh not properly detecting the error returned by the OpenSSL library. This issue can lead to undefined behavior, including compromised data confidentiality and integrity or crashes.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libssh: Invalid return code for chacha20 poly1305 with OpenSSL backend",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Product Security Team has rated this vulnerability as having a Moderate security impact. This is due to the high complexity in exploiting this flaw. For a successful attack to take place an attacker needs to manage to exhaust the heap space to for the OpenSSL library to return the error code which wrongly match the SSH_OK return code.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHOSE-4.18:rhcos-aarch64-418.94.202601202224-0",
"9Base-RHOSE-4.18:rhcos-ppc64le-418.94.202601202224-0",
"9Base-RHOSE-4.18:rhcos-s390x-418.94.202601202224-0",
"9Base-RHOSE-4.18:rhcos-x86_64-418.94.202601202224-0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-5987"
},
{
"category": "external",
"summary": "RHBZ#2376219",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2376219"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-5987",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5987"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-5987",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-5987"
},
{
"category": "external",
"summary": "https://www.libssh.org/security/advisories/CVE-2025-5987.txt",
"url": "https://www.libssh.org/security/advisories/CVE-2025-5987.txt"
}
],
"release_date": "2025-04-26T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-03T21:03:49+00:00",
"details": "For OpenShift Container Platform 4.18 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.18/html/release_notes/\n\nYou may download the oc tool and use it to inspect release image metadata\nfor x86_64, s390x, ppc64le, and aarch64 architectures. The image digests\nmay be found at\nhttps://quay.io/repository/openshift-release-dev/ocp-release?tab=tags.\n\nThe sha values for the release are as follows:\n\n (For x86_64 architecture)\n The image digest is sha256:6177c447b98c36a42fd45fa2ba413da73d14d0a7ad3aecfa977554f5ae9583cc\n\n (For s390x architecture)\n The image digest is sha256:b84aa7396941fa0af870b76d528da30613f54aff04d3c7b4a6a9fa20310aad03\n\n (For ppc64le architecture)\n The image digest is sha256:e5b841ed0aebf1920a2e0993839e46504d9d6ff363da0b5d2d2f1daea77fbfd0\n\n (For aarch64 architecture)\n The image digest is sha256:5a01f33ad1a21ab6bad55d866699be803d36309fe5b099782555169b1ac78be1\n\nAll OpenShift Container Platform 4.18 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift CLI (oc) or web console. Instructions for upgrading a cluster are available at\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.18/html-single/updating_clusters/index#updating-cluster-cli.",
"product_ids": [
"9Base-RHOSE-4.18:rhcos-aarch64-418.94.202601202224-0",
"9Base-RHOSE-4.18:rhcos-ppc64le-418.94.202601202224-0",
"9Base-RHOSE-4.18:rhcos-s390x-418.94.202601202224-0",
"9Base-RHOSE-4.18:rhcos-x86_64-418.94.202601202224-0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:0980"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"9Base-RHOSE-4.18:rhcos-aarch64-418.94.202601202224-0",
"9Base-RHOSE-4.18:rhcos-ppc64le-418.94.202601202224-0",
"9Base-RHOSE-4.18:rhcos-s390x-418.94.202601202224-0",
"9Base-RHOSE-4.18:rhcos-x86_64-418.94.202601202224-0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "libssh: Invalid return code for chacha20 poly1305 with OpenSSL backend"
},
{
"cve": "CVE-2025-9714",
"cwe": {
"id": "CWE-606",
"name": "Unchecked Input for Loop Condition"
},
"discovery_date": "2025-09-02T13:03:56.452000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2392605"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in libxstl/libxml2. The \u0027exsltDynMapFunction\u0027 function in libexslt/dynamic.c does not contain a recursion depth check, which may cause an infinite loop via a specially crafted XSLT document while handling \u0027dyn:map()\u0027, leading to stack exhaustion and a local denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libxslt: libxml2: Inifinite recursion at exsltDynMapFunction function in libexslt/dynamic.c",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "No evidence was found for arbitrary memory corruption through this flaw, limiting its impact to Availability only, and reducing its severity to Moderate.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHOSE-4.18:rhcos-aarch64-418.94.202601202224-0",
"9Base-RHOSE-4.18:rhcos-ppc64le-418.94.202601202224-0",
"9Base-RHOSE-4.18:rhcos-s390x-418.94.202601202224-0",
"9Base-RHOSE-4.18:rhcos-x86_64-418.94.202601202224-0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-9714"
},
{
"category": "external",
"summary": "RHBZ#2392605",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2392605"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-9714",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9714"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-9714",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-9714"
},
{
"category": "external",
"summary": "https://gitlab.gnome.org/GNOME/libxml2/-/commit/677a42645ef22b5a50741bad5facf9d8a8bc6d21",
"url": "https://gitlab.gnome.org/GNOME/libxml2/-/commit/677a42645ef22b5a50741bad5facf9d8a8bc6d21"
},
{
"category": "external",
"summary": "https://gitlab.gnome.org/GNOME/libxslt/-/issues/148",
"url": "https://gitlab.gnome.org/GNOME/libxslt/-/issues/148"
}
],
"release_date": "2025-09-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-03T21:03:49+00:00",
"details": "For OpenShift Container Platform 4.18 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.18/html/release_notes/\n\nYou may download the oc tool and use it to inspect release image metadata\nfor x86_64, s390x, ppc64le, and aarch64 architectures. The image digests\nmay be found at\nhttps://quay.io/repository/openshift-release-dev/ocp-release?tab=tags.\n\nThe sha values for the release are as follows:\n\n (For x86_64 architecture)\n The image digest is sha256:6177c447b98c36a42fd45fa2ba413da73d14d0a7ad3aecfa977554f5ae9583cc\n\n (For s390x architecture)\n The image digest is sha256:b84aa7396941fa0af870b76d528da30613f54aff04d3c7b4a6a9fa20310aad03\n\n (For ppc64le architecture)\n The image digest is sha256:e5b841ed0aebf1920a2e0993839e46504d9d6ff363da0b5d2d2f1daea77fbfd0\n\n (For aarch64 architecture)\n The image digest is sha256:5a01f33ad1a21ab6bad55d866699be803d36309fe5b099782555169b1ac78be1\n\nAll OpenShift Container Platform 4.18 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift CLI (oc) or web console. Instructions for upgrading a cluster are available at\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.18/html-single/updating_clusters/index#updating-cluster-cli.",
"product_ids": [
"9Base-RHOSE-4.18:rhcos-aarch64-418.94.202601202224-0",
"9Base-RHOSE-4.18:rhcos-ppc64le-418.94.202601202224-0",
"9Base-RHOSE-4.18:rhcos-s390x-418.94.202601202224-0",
"9Base-RHOSE-4.18:rhcos-x86_64-418.94.202601202224-0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:0980"
},
{
"category": "workaround",
"details": "The impact of this flaw may be reduced by setting strict resource limits to the stack size of processes at the operational system level. This can be achieved either through the \u0027ulimit\u0027 shell built-in or the \u0027limits.conf\u0027 file.",
"product_ids": [
"9Base-RHOSE-4.18:rhcos-aarch64-418.94.202601202224-0",
"9Base-RHOSE-4.18:rhcos-ppc64le-418.94.202601202224-0",
"9Base-RHOSE-4.18:rhcos-s390x-418.94.202601202224-0",
"9Base-RHOSE-4.18:rhcos-x86_64-418.94.202601202224-0"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"9Base-RHOSE-4.18:rhcos-aarch64-418.94.202601202224-0",
"9Base-RHOSE-4.18:rhcos-ppc64le-418.94.202601202224-0",
"9Base-RHOSE-4.18:rhcos-s390x-418.94.202601202224-0",
"9Base-RHOSE-4.18:rhcos-x86_64-418.94.202601202224-0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "libxslt: libxml2: Inifinite recursion at exsltDynMapFunction function in libexslt/dynamic.c"
}
]
}
RHSA-2026:0985
Vulnerability from csaf_redhat - Published: 2026-01-30 13:58 - Updated: 2026-06-05 00:24Summary
Red Hat Security Advisory: OpenShift Container Platform 4.16.56 bug fix and security update
Severity
Moderate
Notes
Topic: Red Hat OpenShift Container Platform release 4.16.56 is now available with
updates to packages and images that fix several bugs and add enhancements.
This release includes a security update for Red Hat OpenShift Container
Platform 4.16.
Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.
Details: Red Hat OpenShift Container Platform is Red Hat's cloud computing
Kubernetes application platform solution designed for on-premise or private
cloud deployments.
This advisory contains the container images for Red Hat OpenShift Container
Platform 4.16.56. See the following advisory for the RPM packages for this
release:
https://access.redhat.com/errata/RHBA-2026:0984
Space precludes documenting all of the container images in this advisory.
See the following Release Notes documentation, which will be updated
shortly for this release, for details about these changes:
https://docs.redhat.com/en/documentation/openshift_container_platform/4.16/html/release_notes/
Security Fix(es):
* libssh: Invalid return code for chacha20 poly1305 with OpenSSL backend
(CVE-2025-5987)
* libxslt: libxml2: Inifinite recursion at exsltDynMapFunction function in
libexslt/dynamic.c (CVE-2025-9714)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
All OpenShift Container Platform 4.16 users are advised to upgrade to these
updated packages and images when they are available in the appropriate
release channel. To check for available updates, use the OpenShift CLI (oc)
or web console. Instructions for upgrading a cluster are available at
https://docs.redhat.com/en/documentation/openshift_container_platform/4.16/html-single/updating_clusters/index#updating-cluster-cli.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in libssh when using the ChaCha20 cipher with the OpenSSL library. If an attacker manages to exhaust the heap space, this error is not detected and may lead to libssh using a partially initialized cipher context. This occurs because the OpenSSL error code returned aliases with the SSH_OK code, resulting in libssh not properly detecting the error returned by the OpenSSL library. This issue can lead to undefined behavior, including compromised data confidentiality and integrity or crashes.
8.1 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-RHOSE-4.16:rhcos-aarch64-416.94.202601160124-0 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-RHOSE-4.16:rhcos-ppc64le-416.94.202601160124-0 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-RHOSE-4.16:rhcos-s390x-416.94.202601160124-0 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-RHOSE-4.16:rhcos-x86_64-416.94.202601160124-0 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in libxstl/libxml2. The 'exsltDynMapFunction' function in libexslt/dynamic.c does not contain a recursion depth check, which may cause an infinite loop via a specially crafted XSLT document while handling 'dyn:map()', leading to stack exhaustion and a local denial of service.
6.2 (Medium)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-RHOSE-4.16:rhcos-aarch64-416.94.202601160124-0 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOSE-4.16:rhcos-ppc64le-416.94.202601160124-0 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOSE-4.16:rhcos-s390x-416.94.202601160124-0 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOSE-4.16:rhcos-x86_64-416.94.202601160124-0 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
References
16 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat OpenShift Container Platform release 4.16.56 is now available with\nupdates to packages and images that fix several bugs and add enhancements.\n\n This release includes a security update for Red Hat OpenShift Container\nPlatform 4.16.\n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat OpenShift Container Platform is Red Hat\u0027s cloud computing\nKubernetes application platform solution designed for on-premise or private\ncloud deployments.\n\nThis advisory contains the container images for Red Hat OpenShift Container\nPlatform 4.16.56. See the following advisory for the RPM packages for this\nrelease:\n\nhttps://access.redhat.com/errata/RHBA-2026:0984\n\nSpace precludes documenting all of the container images in this advisory.\nSee the following Release Notes documentation, which will be updated\nshortly for this release, for details about these changes:\n\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.16/html/release_notes/\n\nSecurity Fix(es):\n\n* libssh: Invalid return code for chacha20 poly1305 with OpenSSL backend\n(CVE-2025-5987)\n* libxslt: libxml2: Inifinite recursion at exsltDynMapFunction function in\nlibexslt/dynamic.c (CVE-2025-9714)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section.\n\nAll OpenShift Container Platform 4.16 users are advised to upgrade to these\nupdated packages and images when they are available in the appropriate\nrelease channel. To check for available updates, use the OpenShift CLI (oc)\nor web console. Instructions for upgrading a cluster are available at\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.16/html-single/updating_clusters/index#updating-cluster-cli.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:0985",
"url": "https://access.redhat.com/errata/RHSA-2026:0985"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "2376219",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2376219"
},
{
"category": "external",
"summary": "2392605",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2392605"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_0985.json"
}
],
"title": "Red Hat Security Advisory: OpenShift Container Platform 4.16.56 bug fix and security update",
"tracking": {
"current_release_date": "2026-06-05T00:24:13+00:00",
"generator": {
"date": "2026-06-05T00:24:13+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.1"
}
},
"id": "RHSA-2026:0985",
"initial_release_date": "2026-01-30T13:58:09+00:00",
"revision_history": [
{
"date": "2026-01-30T13:58:09+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-01-30T13:58:09+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-06-05T00:24:13+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat OpenShift Container Platform 4.16",
"product": {
"name": "Red Hat OpenShift Container Platform 4.16",
"product_id": "9Base-RHOSE-4.16",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:4.16::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenShift Enterprise"
},
{
"branches": [
{
"category": "product_version",
"name": "rhcos-aarch64-416.94.202601160124-0",
"product": {
"name": "rhcos-aarch64-416.94.202601160124-0",
"product_id": "rhcos-aarch64-416.94.202601160124-0",
"product_identification_helper": {
"purl": "pkg:generic/redhat/rhcos@416.94.202601160124?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "rhcos-ppc64le-416.94.202601160124-0",
"product": {
"name": "rhcos-ppc64le-416.94.202601160124-0",
"product_id": "rhcos-ppc64le-416.94.202601160124-0",
"product_identification_helper": {
"purl": "pkg:generic/redhat/rhcos@416.94.202601160124?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "rhcos-s390x-416.94.202601160124-0",
"product": {
"name": "rhcos-s390x-416.94.202601160124-0",
"product_id": "rhcos-s390x-416.94.202601160124-0",
"product_identification_helper": {
"purl": "pkg:generic/redhat/rhcos@416.94.202601160124?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "rhcos-x86_64-416.94.202601160124-0",
"product": {
"name": "rhcos-x86_64-416.94.202601160124-0",
"product_id": "rhcos-x86_64-416.94.202601160124-0",
"product_identification_helper": {
"purl": "pkg:generic/redhat/rhcos@416.94.202601160124?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "rhcos-aarch64-416.94.202601160124-0 as a component of Red Hat OpenShift Container Platform 4.16",
"product_id": "9Base-RHOSE-4.16:rhcos-aarch64-416.94.202601160124-0"
},
"product_reference": "rhcos-aarch64-416.94.202601160124-0",
"relates_to_product_reference": "9Base-RHOSE-4.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhcos-ppc64le-416.94.202601160124-0 as a component of Red Hat OpenShift Container Platform 4.16",
"product_id": "9Base-RHOSE-4.16:rhcos-ppc64le-416.94.202601160124-0"
},
"product_reference": "rhcos-ppc64le-416.94.202601160124-0",
"relates_to_product_reference": "9Base-RHOSE-4.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhcos-s390x-416.94.202601160124-0 as a component of Red Hat OpenShift Container Platform 4.16",
"product_id": "9Base-RHOSE-4.16:rhcos-s390x-416.94.202601160124-0"
},
"product_reference": "rhcos-s390x-416.94.202601160124-0",
"relates_to_product_reference": "9Base-RHOSE-4.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhcos-x86_64-416.94.202601160124-0 as a component of Red Hat OpenShift Container Platform 4.16",
"product_id": "9Base-RHOSE-4.16:rhcos-x86_64-416.94.202601160124-0"
},
"product_reference": "rhcos-x86_64-416.94.202601160124-0",
"relates_to_product_reference": "9Base-RHOSE-4.16"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-5987",
"cwe": {
"id": "CWE-393",
"name": "Return of Wrong Status Code"
},
"discovery_date": "2025-07-03T21:55:26.394000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2376219"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in libssh when using the ChaCha20 cipher with the OpenSSL library. If an attacker manages to exhaust the heap space, this error is not detected and may lead to libssh using a partially initialized cipher context. This occurs because the OpenSSL error code returned aliases with the SSH_OK code, resulting in libssh not properly detecting the error returned by the OpenSSL library. This issue can lead to undefined behavior, including compromised data confidentiality and integrity or crashes.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libssh: Invalid return code for chacha20 poly1305 with OpenSSL backend",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Product Security Team has rated this vulnerability as having a Moderate security impact. This is due to the high complexity in exploiting this flaw. For a successful attack to take place an attacker needs to manage to exhaust the heap space to for the OpenSSL library to return the error code which wrongly match the SSH_OK return code.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHOSE-4.16:rhcos-aarch64-416.94.202601160124-0",
"9Base-RHOSE-4.16:rhcos-ppc64le-416.94.202601160124-0",
"9Base-RHOSE-4.16:rhcos-s390x-416.94.202601160124-0",
"9Base-RHOSE-4.16:rhcos-x86_64-416.94.202601160124-0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-5987"
},
{
"category": "external",
"summary": "RHBZ#2376219",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2376219"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-5987",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5987"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-5987",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-5987"
},
{
"category": "external",
"summary": "https://www.libssh.org/security/advisories/CVE-2025-5987.txt",
"url": "https://www.libssh.org/security/advisories/CVE-2025-5987.txt"
}
],
"release_date": "2025-04-26T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-30T13:58:09+00:00",
"details": "For OpenShift Container Platform 4.16 see the following documentation,\nwhich will be updated shortly for this release, for important instructions\non how to upgrade your cluster and fully apply this asynchronous errata\nupdate:\n\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.16/html/release_notes/\n\nYou may download the oc tool and use it to inspect release image metadata\nfor x86_64, s390x, ppc64le, and aarch64 architectures. The image digests\nmay be found at\nhttps://quay.io/repository/openshift-release-dev/ocp-release?tab=tags.\n\nThe sha values for the release are as follows:\n\n (For x86_64 architecture)\n The image digest is sha256:c2684677867b7aa2270ae03d6b7a0f0a61e5b97d8567a986210f2b2971115d0d\n\n (For s390x architecture)\n The image digest is sha256:ca335903e10d59e71bf4f036702a4ffd93861915d7eb7c4f75973c9a4795cfd5\n\n (For ppc64le architecture)\n The image digest is sha256:adac35f7896b1f1dc9fa32fc080d05462695c7012a82cc2faf89d68dd9de3518\n\n (For aarch64 architecture)\n The image digest is sha256:4986b8a4f29546033253ea396ebcf34207eba4eb4225558accbf304945168434\n\nAll OpenShift Container Platform 4.16 users are advised to upgrade to these\nupdated packages and images when they are available in the appropriate\nrelease channel. To check for available updates, use the OpenShift CLI (oc)\nor web console. Instructions for upgrading a cluster are available at\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.16/html-single/updating_clusters/index#updating-cluster-cli.",
"product_ids": [
"9Base-RHOSE-4.16:rhcos-aarch64-416.94.202601160124-0",
"9Base-RHOSE-4.16:rhcos-ppc64le-416.94.202601160124-0",
"9Base-RHOSE-4.16:rhcos-s390x-416.94.202601160124-0",
"9Base-RHOSE-4.16:rhcos-x86_64-416.94.202601160124-0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:0985"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"9Base-RHOSE-4.16:rhcos-aarch64-416.94.202601160124-0",
"9Base-RHOSE-4.16:rhcos-ppc64le-416.94.202601160124-0",
"9Base-RHOSE-4.16:rhcos-s390x-416.94.202601160124-0",
"9Base-RHOSE-4.16:rhcos-x86_64-416.94.202601160124-0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "libssh: Invalid return code for chacha20 poly1305 with OpenSSL backend"
},
{
"cve": "CVE-2025-9714",
"cwe": {
"id": "CWE-606",
"name": "Unchecked Input for Loop Condition"
},
"discovery_date": "2025-09-02T13:03:56.452000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2392605"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in libxstl/libxml2. The \u0027exsltDynMapFunction\u0027 function in libexslt/dynamic.c does not contain a recursion depth check, which may cause an infinite loop via a specially crafted XSLT document while handling \u0027dyn:map()\u0027, leading to stack exhaustion and a local denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libxslt: libxml2: Inifinite recursion at exsltDynMapFunction function in libexslt/dynamic.c",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "No evidence was found for arbitrary memory corruption through this flaw, limiting its impact to Availability only, and reducing its severity to Moderate.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHOSE-4.16:rhcos-aarch64-416.94.202601160124-0",
"9Base-RHOSE-4.16:rhcos-ppc64le-416.94.202601160124-0",
"9Base-RHOSE-4.16:rhcos-s390x-416.94.202601160124-0",
"9Base-RHOSE-4.16:rhcos-x86_64-416.94.202601160124-0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-9714"
},
{
"category": "external",
"summary": "RHBZ#2392605",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2392605"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-9714",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9714"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-9714",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-9714"
},
{
"category": "external",
"summary": "https://gitlab.gnome.org/GNOME/libxml2/-/commit/677a42645ef22b5a50741bad5facf9d8a8bc6d21",
"url": "https://gitlab.gnome.org/GNOME/libxml2/-/commit/677a42645ef22b5a50741bad5facf9d8a8bc6d21"
},
{
"category": "external",
"summary": "https://gitlab.gnome.org/GNOME/libxslt/-/issues/148",
"url": "https://gitlab.gnome.org/GNOME/libxslt/-/issues/148"
}
],
"release_date": "2025-09-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-30T13:58:09+00:00",
"details": "For OpenShift Container Platform 4.16 see the following documentation,\nwhich will be updated shortly for this release, for important instructions\non how to upgrade your cluster and fully apply this asynchronous errata\nupdate:\n\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.16/html/release_notes/\n\nYou may download the oc tool and use it to inspect release image metadata\nfor x86_64, s390x, ppc64le, and aarch64 architectures. The image digests\nmay be found at\nhttps://quay.io/repository/openshift-release-dev/ocp-release?tab=tags.\n\nThe sha values for the release are as follows:\n\n (For x86_64 architecture)\n The image digest is sha256:c2684677867b7aa2270ae03d6b7a0f0a61e5b97d8567a986210f2b2971115d0d\n\n (For s390x architecture)\n The image digest is sha256:ca335903e10d59e71bf4f036702a4ffd93861915d7eb7c4f75973c9a4795cfd5\n\n (For ppc64le architecture)\n The image digest is sha256:adac35f7896b1f1dc9fa32fc080d05462695c7012a82cc2faf89d68dd9de3518\n\n (For aarch64 architecture)\n The image digest is sha256:4986b8a4f29546033253ea396ebcf34207eba4eb4225558accbf304945168434\n\nAll OpenShift Container Platform 4.16 users are advised to upgrade to these\nupdated packages and images when they are available in the appropriate\nrelease channel. To check for available updates, use the OpenShift CLI (oc)\nor web console. Instructions for upgrading a cluster are available at\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.16/html-single/updating_clusters/index#updating-cluster-cli.",
"product_ids": [
"9Base-RHOSE-4.16:rhcos-aarch64-416.94.202601160124-0",
"9Base-RHOSE-4.16:rhcos-ppc64le-416.94.202601160124-0",
"9Base-RHOSE-4.16:rhcos-s390x-416.94.202601160124-0",
"9Base-RHOSE-4.16:rhcos-x86_64-416.94.202601160124-0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:0985"
},
{
"category": "workaround",
"details": "The impact of this flaw may be reduced by setting strict resource limits to the stack size of processes at the operational system level. This can be achieved either through the \u0027ulimit\u0027 shell built-in or the \u0027limits.conf\u0027 file.",
"product_ids": [
"9Base-RHOSE-4.16:rhcos-aarch64-416.94.202601160124-0",
"9Base-RHOSE-4.16:rhcos-ppc64le-416.94.202601160124-0",
"9Base-RHOSE-4.16:rhcos-s390x-416.94.202601160124-0",
"9Base-RHOSE-4.16:rhcos-x86_64-416.94.202601160124-0"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"9Base-RHOSE-4.16:rhcos-aarch64-416.94.202601160124-0",
"9Base-RHOSE-4.16:rhcos-ppc64le-416.94.202601160124-0",
"9Base-RHOSE-4.16:rhcos-s390x-416.94.202601160124-0",
"9Base-RHOSE-4.16:rhcos-x86_64-416.94.202601160124-0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "libxslt: libxml2: Inifinite recursion at exsltDynMapFunction function in libexslt/dynamic.c"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…