Vulnerability-Lookup

RHSA-2025:22620

Vulnerability from csaf_redhat - Published: 2025-12-02 15:22 - Updated: 2026-01-21 23:29

Summary

Red Hat Security Advisory: Red Hat OpenShift Dev Spaces 3.22.1 Release.

Severity

Important

Notes

Topic: Red Hat OpenShift Dev Spaces 3.22.1 has been released.

Details: This release addresses CVE-2025-12548 'Eclipse Che — unauthenticated RCE and secret exfiltration via TCP/3333'.

Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

CVE-2025-12548

A flaw was found in Eclipse Che che-machine-exec. This vulnerability allows unauthenticated remote arbitrary command execution and secret exfiltration (SSH keys, tokens, etc.) from other users' Developer Workspace containers, via an unauthenticated JSON-RPC / websocket API exposed on TCP port 3333.

9.0 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

CWE-306 - Missing Authentication for Critical Function

Vendor Fix Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 https://access.redhat.com/errata/RHSA-2025:22620

Workaround Apply the security best practices from the Red Hat OpenShift Dev Spaces Administration Guide: https://docs.redhat.com/en/documentation/red_hat_openshift_dev_spaces/3.24/html/administration_guide/security-best-practices

References

URL

Category

	https://access.redhat.com/errata/RHSA-2025:22620	self
	https://access.redhat.com/documentation/en-us/red…	external
	https://access.redhat.com/security/cve/CVE-2025-12548	external
	https://access.redhat.com/security/updates/classi…	external
	https://security.access.redhat.com/data/csaf/v2/a…	self
	https://access.redhat.com/security/cve/CVE-2025-12548	self
	https://bugzilla.redhat.com/show_bug.cgi?id=2408850	external
	https://www.cve.org/CVERecord?id=CVE-2025-12548	external
	https://nvd.nist.gov/vuln/detail/CVE-2025-12548	external

Acknowledgments

LME Richard Leach

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Red Hat OpenShift Dev Spaces 3.22.1 has been released.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "This release addresses CVE-2025-12548 \u0027Eclipse Che \u2014 unauthenticated RCE and secret exfiltration via TCP/3333\u0027.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2025:22620",
        "url": "https://access.redhat.com/errata/RHSA-2025:22620"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/documentation/en-us/red_hat_openshift_dev_spaces/3.22/html/administration_guide/installing-devspaces",
        "url": "https://access.redhat.com/documentation/en-us/red_hat_openshift_dev_spaces/3.22/html/administration_guide/installing-devspaces"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/CVE-2025-12548",
        "url": "https://access.redhat.com/security/cve/CVE-2025-12548"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/",
        "url": "https://access.redhat.com/security/updates/classification/"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_22620.json"
      }
    ],
    "title": "Red Hat Security Advisory: Red Hat OpenShift Dev Spaces 3.22.1 Release.",
    "tracking": {
      "current_release_date": "2026-01-21T23:29:03+00:00",
      "generator": {
        "date": "2026-01-21T23:29:03+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.6.15"
        }
      },
      "id": "RHSA-2025:22620",
      "initial_release_date": "2025-12-02T15:22:33+00:00",
      "revision_history": [
        {
          "date": "2025-12-02T15:22:33+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2025-12-02T15:22:36+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2026-01-21T23:29:03+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.22",
                "product": {
                  "name": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.22",
                  "product_id": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.22",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:openshift_devspaces:3.22::el9"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat OpenShift Dev Spaces (RHOSDS)"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "registry.redhat.io/devspaces/code-rhel9@sha256:e3945f59779f919af98216d0e8424a96a2c8b89bcce06c306adf2b491c061b15_amd64",
                "product": {
                  "name": "registry.redhat.io/devspaces/code-rhel9@sha256:e3945f59779f919af98216d0e8424a96a2c8b89bcce06c306adf2b491c061b15_amd64",
                  "product_id": "registry.redhat.io/devspaces/code-rhel9@sha256:e3945f59779f919af98216d0e8424a96a2c8b89bcce06c306adf2b491c061b15_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/code-rhel9@sha256%3Ae3945f59779f919af98216d0e8424a96a2c8b89bcce06c306adf2b491c061b15?arch=amd64\u0026repository_url=registry.redhat.io/devspaces\u0026tag=3.22.1-1763525702"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:5c9b486f75808ed8d4c75062d11eb3692a6e6c7b476ee47ab7c6cba943cd2596_amd64",
                "product": {
                  "name": "registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:5c9b486f75808ed8d4c75062d11eb3692a6e6c7b476ee47ab7c6cba943cd2596_amd64",
                  "product_id": "registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:5c9b486f75808ed8d4c75062d11eb3692a6e6c7b476ee47ab7c6cba943cd2596_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/devspaces-operator-bundle@sha256%3A5c9b486f75808ed8d4c75062d11eb3692a6e6c7b476ee47ab7c6cba943cd2596?arch=amd64\u0026repository_url=registry.redhat.io/devspaces\u0026tag=3.22.1-1763584491"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "amd64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "registry.redhat.io/devspaces/code-rhel9@sha256:e617fc6d1cf09cc3a27898b278ddb0c00f3e9d619f93c927e71c9b4a3a3cdf36_s390x",
                "product": {
                  "name": "registry.redhat.io/devspaces/code-rhel9@sha256:e617fc6d1cf09cc3a27898b278ddb0c00f3e9d619f93c927e71c9b4a3a3cdf36_s390x",
                  "product_id": "registry.redhat.io/devspaces/code-rhel9@sha256:e617fc6d1cf09cc3a27898b278ddb0c00f3e9d619f93c927e71c9b4a3a3cdf36_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/code-rhel9@sha256%3Ae617fc6d1cf09cc3a27898b278ddb0c00f3e9d619f93c927e71c9b4a3a3cdf36?arch=s390x\u0026repository_url=registry.redhat.io/devspaces\u0026tag=3.22.1-1763525702"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "registry.redhat.io/devspaces/code-rhel9@sha256:440ace081a499e93a4966ebfcf1e38302a66e32bea74876db994d71cd3c29572_ppc64le",
                "product": {
                  "name": "registry.redhat.io/devspaces/code-rhel9@sha256:440ace081a499e93a4966ebfcf1e38302a66e32bea74876db994d71cd3c29572_ppc64le",
                  "product_id": "registry.redhat.io/devspaces/code-rhel9@sha256:440ace081a499e93a4966ebfcf1e38302a66e32bea74876db994d71cd3c29572_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/code-rhel9@sha256%3A440ace081a499e93a4966ebfcf1e38302a66e32bea74876db994d71cd3c29572?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces\u0026tag=3.22.1-1763525702"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "registry.redhat.io/devspaces/code-rhel9@sha256:3de7dd8077a9201eb7ff56c340629184773d6c06de9d6e083e13c5b51a82009c_arm64",
                "product": {
                  "name": "registry.redhat.io/devspaces/code-rhel9@sha256:3de7dd8077a9201eb7ff56c340629184773d6c06de9d6e083e13c5b51a82009c_arm64",
                  "product_id": "registry.redhat.io/devspaces/code-rhel9@sha256:3de7dd8077a9201eb7ff56c340629184773d6c06de9d6e083e13c5b51a82009c_arm64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/code-rhel9@sha256%3A3de7dd8077a9201eb7ff56c340629184773d6c06de9d6e083e13c5b51a82009c?arch=arm64\u0026repository_url=registry.redhat.io/devspaces\u0026tag=3.22.1-1763525702"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "arm64"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "registry.redhat.io/devspaces/code-rhel9@sha256:3de7dd8077a9201eb7ff56c340629184773d6c06de9d6e083e13c5b51a82009c_arm64 as a component of Red Hat OpenShift Dev Spaces (RHOSDS) 3.22",
          "product_id": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.22:registry.redhat.io/devspaces/code-rhel9@sha256:3de7dd8077a9201eb7ff56c340629184773d6c06de9d6e083e13c5b51a82009c_arm64"
        },
        "product_reference": "registry.redhat.io/devspaces/code-rhel9@sha256:3de7dd8077a9201eb7ff56c340629184773d6c06de9d6e083e13c5b51a82009c_arm64",
        "relates_to_product_reference": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.22"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "registry.redhat.io/devspaces/code-rhel9@sha256:440ace081a499e93a4966ebfcf1e38302a66e32bea74876db994d71cd3c29572_ppc64le as a component of Red Hat OpenShift Dev Spaces (RHOSDS) 3.22",
          "product_id": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.22:registry.redhat.io/devspaces/code-rhel9@sha256:440ace081a499e93a4966ebfcf1e38302a66e32bea74876db994d71cd3c29572_ppc64le"
        },
        "product_reference": "registry.redhat.io/devspaces/code-rhel9@sha256:440ace081a499e93a4966ebfcf1e38302a66e32bea74876db994d71cd3c29572_ppc64le",
        "relates_to_product_reference": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.22"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "registry.redhat.io/devspaces/code-rhel9@sha256:e3945f59779f919af98216d0e8424a96a2c8b89bcce06c306adf2b491c061b15_amd64 as a component of Red Hat OpenShift Dev Spaces (RHOSDS) 3.22",
          "product_id": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.22:registry.redhat.io/devspaces/code-rhel9@sha256:e3945f59779f919af98216d0e8424a96a2c8b89bcce06c306adf2b491c061b15_amd64"
        },
        "product_reference": "registry.redhat.io/devspaces/code-rhel9@sha256:e3945f59779f919af98216d0e8424a96a2c8b89bcce06c306adf2b491c061b15_amd64",
        "relates_to_product_reference": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.22"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "registry.redhat.io/devspaces/code-rhel9@sha256:e617fc6d1cf09cc3a27898b278ddb0c00f3e9d619f93c927e71c9b4a3a3cdf36_s390x as a component of Red Hat OpenShift Dev Spaces (RHOSDS) 3.22",
          "product_id": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.22:registry.redhat.io/devspaces/code-rhel9@sha256:e617fc6d1cf09cc3a27898b278ddb0c00f3e9d619f93c927e71c9b4a3a3cdf36_s390x"
        },
        "product_reference": "registry.redhat.io/devspaces/code-rhel9@sha256:e617fc6d1cf09cc3a27898b278ddb0c00f3e9d619f93c927e71c9b4a3a3cdf36_s390x",
        "relates_to_product_reference": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.22"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:5c9b486f75808ed8d4c75062d11eb3692a6e6c7b476ee47ab7c6cba943cd2596_amd64 as a component of Red Hat OpenShift Dev Spaces (RHOSDS) 3.22",
          "product_id": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.22:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:5c9b486f75808ed8d4c75062d11eb3692a6e6c7b476ee47ab7c6cba943cd2596_amd64"
        },
        "product_reference": "registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:5c9b486f75808ed8d4c75062d11eb3692a6e6c7b476ee47ab7c6cba943cd2596_amd64",
        "relates_to_product_reference": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.22"
      }
    ]
  },
  "vulnerabilities": [
    {
      "acknowledgments": [
        {
          "names": [
            "Richard Leach"
          ],
          "organization": "LME"
        }
      ],
      "cve": "CVE-2025-12548",
      "cwe": {
        "id": "CWE-306",
        "name": "Missing Authentication for Critical Function"
      },
      "discovery_date": "2025-10-31T13:31:49.219000+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "Red Hat OpenShift Dev Spaces (RHOSDS) 3.22:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:5c9b486f75808ed8d4c75062d11eb3692a6e6c7b476ee47ab7c6cba943cd2596_amd64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2408850"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Eclipse Che che-machine-exec. This vulnerability allows unauthenticated remote arbitrary command execution and secret exfiltration (SSH keys, tokens, etc.) from other users\u0027 Developer Workspace containers, via an unauthenticated JSON-RPC / websocket API exposed on TCP port 3333.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "github.com/che-incubator/che-code: Eclipse Che \u2014 unauthenticated RCE and secret exfiltration via TCP/3333",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat OpenShift Dev Spaces (RHOSDS) 3.22:registry.redhat.io/devspaces/code-rhel9@sha256:3de7dd8077a9201eb7ff56c340629184773d6c06de9d6e083e13c5b51a82009c_arm64",
          "Red Hat OpenShift Dev Spaces (RHOSDS) 3.22:registry.redhat.io/devspaces/code-rhel9@sha256:440ace081a499e93a4966ebfcf1e38302a66e32bea74876db994d71cd3c29572_ppc64le",
          "Red Hat OpenShift Dev Spaces (RHOSDS) 3.22:registry.redhat.io/devspaces/code-rhel9@sha256:e3945f59779f919af98216d0e8424a96a2c8b89bcce06c306adf2b491c061b15_amd64",
          "Red Hat OpenShift Dev Spaces (RHOSDS) 3.22:registry.redhat.io/devspaces/code-rhel9@sha256:e617fc6d1cf09cc3a27898b278ddb0c00f3e9d619f93c927e71c9b4a3a3cdf36_s390x"
        ],
        "known_not_affected": [
          "Red Hat OpenShift Dev Spaces (RHOSDS) 3.22:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:5c9b486f75808ed8d4c75062d11eb3692a6e6c7b476ee47ab7c6cba943cd2596_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2025-12548"
        },
        {
          "category": "external",
          "summary": "RHBZ#2408850",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2408850"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2025-12548",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-12548"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-12548",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-12548"
        }
      ],
      "release_date": "2025-12-02T07:07:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2025-12-02T15:22:33+00:00",
          "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\nFor details on how to apply this update, refer to:\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "Red Hat OpenShift Dev Spaces (RHOSDS) 3.22:registry.redhat.io/devspaces/code-rhel9@sha256:3de7dd8077a9201eb7ff56c340629184773d6c06de9d6e083e13c5b51a82009c_arm64",
            "Red Hat OpenShift Dev Spaces (RHOSDS) 3.22:registry.redhat.io/devspaces/code-rhel9@sha256:440ace081a499e93a4966ebfcf1e38302a66e32bea74876db994d71cd3c29572_ppc64le",
            "Red Hat OpenShift Dev Spaces (RHOSDS) 3.22:registry.redhat.io/devspaces/code-rhel9@sha256:e3945f59779f919af98216d0e8424a96a2c8b89bcce06c306adf2b491c061b15_amd64",
            "Red Hat OpenShift Dev Spaces (RHOSDS) 3.22:registry.redhat.io/devspaces/code-rhel9@sha256:e617fc6d1cf09cc3a27898b278ddb0c00f3e9d619f93c927e71c9b4a3a3cdf36_s390x"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2025:22620"
        },
        {
          "category": "workaround",
          "details": "Apply the security best practices from the Red Hat OpenShift Dev Spaces Administration Guide:\nhttps://docs.redhat.com/en/documentation/red_hat_openshift_dev_spaces/3.24/html/administration_guide/security-best-practices",
          "product_ids": [
            "Red Hat OpenShift Dev Spaces (RHOSDS) 3.22:registry.redhat.io/devspaces/code-rhel9@sha256:3de7dd8077a9201eb7ff56c340629184773d6c06de9d6e083e13c5b51a82009c_arm64",
            "Red Hat OpenShift Dev Spaces (RHOSDS) 3.22:registry.redhat.io/devspaces/code-rhel9@sha256:440ace081a499e93a4966ebfcf1e38302a66e32bea74876db994d71cd3c29572_ppc64le",
            "Red Hat OpenShift Dev Spaces (RHOSDS) 3.22:registry.redhat.io/devspaces/code-rhel9@sha256:e3945f59779f919af98216d0e8424a96a2c8b89bcce06c306adf2b491c061b15_amd64",
            "Red Hat OpenShift Dev Spaces (RHOSDS) 3.22:registry.redhat.io/devspaces/code-rhel9@sha256:e617fc6d1cf09cc3a27898b278ddb0c00f3e9d619f93c927e71c9b4a3a3cdf36_s390x",
            "Red Hat OpenShift Dev Spaces (RHOSDS) 3.22:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:5c9b486f75808ed8d4c75062d11eb3692a6e6c7b476ee47ab7c6cba943cd2596_amd64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.0,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "Red Hat OpenShift Dev Spaces (RHOSDS) 3.22:registry.redhat.io/devspaces/code-rhel9@sha256:3de7dd8077a9201eb7ff56c340629184773d6c06de9d6e083e13c5b51a82009c_arm64",
            "Red Hat OpenShift Dev Spaces (RHOSDS) 3.22:registry.redhat.io/devspaces/code-rhel9@sha256:440ace081a499e93a4966ebfcf1e38302a66e32bea74876db994d71cd3c29572_ppc64le",
            "Red Hat OpenShift Dev Spaces (RHOSDS) 3.22:registry.redhat.io/devspaces/code-rhel9@sha256:e3945f59779f919af98216d0e8424a96a2c8b89bcce06c306adf2b491c061b15_amd64",
            "Red Hat OpenShift Dev Spaces (RHOSDS) 3.22:registry.redhat.io/devspaces/code-rhel9@sha256:e617fc6d1cf09cc3a27898b278ddb0c00f3e9d619f93c927e71c9b4a3a3cdf36_s390x",
            "Red Hat OpenShift Dev Spaces (RHOSDS) 3.22:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:5c9b486f75808ed8d4c75062d11eb3692a6e6c7b476ee47ab7c6cba943cd2596_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "github.com/che-incubator/che-code: Eclipse Che \u2014 unauthenticated RCE and secret exfiltration via TCP/3333"
    }
  ]
}

CVE-2025-12548 (GCVE-0-2025-12548)

Vulnerability from cvelistv5 – Published: 2026-01-13 15:35 – Updated: 2026-01-21 22:19

Title

Github.com/che-incubator/che-code: eclipse che — unauthenticated rce and secret exfiltration via tcp/3333

Summary

Severity ?

9 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

CWE

CWE-306 - Missing Authentication for Critical Function

Assigner

redhat

References

URL

Tags

	https://access.redhat.com/errata/RHSA-2025:22620	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2025:22623	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2025:22652	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/security/cve/CVE-2025-12548	vdb-entryx_refsource_REDHAT
	https://bugzilla.redhat.com/show_bug.cgi?id=2408850	issue-trackingx_refsource_REDHAT

Impacted products

Vendor

Product

Version

Red Hat

Red Hat OpenShift Dev Spaces (RHOSDS) 3.22

Unaffected: sha256:3de7dd8077a9201eb7ff56c340629184773d6c06de9d6e083e13c5b51a82009c , < * (rpm)
cpe:/a:redhat:openshift_devspaces:3.22::el9

	Red Hat	Red Hat OpenShift Dev Spaces (RHOSDS) 3.23	Unaffected: sha256:a6fe7e233fa23e1fff9c74c5d4cbe800534561131b5be59533e88ede24452e3a , < * (rpm) cpe:/a:redhat:openshift_devspaces:3.23::el9
	Red Hat	Red Hat OpenShift Dev Spaces (RHOSDS) 3.24	Unaffected: sha256:ced0e45c01cb5f473deb4fb137249b743b907d27172fbabd223024c4000ba56f , < * (rpm) cpe:/a:redhat:openshift_devspaces:3.24::el9

Date Public ?

2025-12-02 07:07

Credits

Red Hat would like to thank Richard Leach (LME) for reporting this issue.

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-12548",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-01-13T15:51:02.077067Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-01-13T15:51:21.791Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:openshift_devspaces:3.22::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "devspaces/code-rhel9",
          "product": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.22",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "sha256:3de7dd8077a9201eb7ff56c340629184773d6c06de9d6e083e13c5b51a82009c",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:openshift_devspaces:3.23::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "devspaces/code-rhel9",
          "product": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.23",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "sha256:a6fe7e233fa23e1fff9c74c5d4cbe800534561131b5be59533e88ede24452e3a",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:openshift_devspaces:3.24::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "devspaces/code-rhel9",
          "product": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.24",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "sha256:ced0e45c01cb5f473deb4fb137249b743b907d27172fbabd223024c4000ba56f",
              "versionType": "rpm"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Red Hat would like to thank Richard Leach (LME) for reporting this issue."
        }
      ],
      "datePublic": "2025-12-02T07:07:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A flaw was found in Eclipse Che che-machine-exec. This vulnerability allows unauthenticated remote arbitrary command execution and secret exfiltration (SSH keys, tokens, etc.) from other users\u0027 Developer Workspace containers, via an unauthenticated JSON-RPC / websocket API exposed on TCP port 3333."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "namespace": "https://access.redhat.com/security/updates/classification/",
              "value": "Important"
            },
            "type": "Red Hat severity rating"
          }
        },
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-306",
              "description": "Missing Authentication for Critical Function",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-01-21T22:19:04.636Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "RHSA-2025:22620",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:22620"
        },
        {
          "name": "RHSA-2025:22623",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:22623"
        },
        {
          "name": "RHSA-2025:22652",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:22652"
        },
        {
          "tags": [
            "vdb-entry",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/security/cve/CVE-2025-12548"
        },
        {
          "name": "RHBZ#2408850",
          "tags": [
            "issue-tracking",
            "x_refsource_REDHAT"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2408850"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2025-10-31T13:31:49.219Z",
          "value": "Reported to Red Hat."
        },
        {
          "lang": "en",
          "time": "2025-12-02T07:07:00.000Z",
          "value": "Made public."
        }
      ],
      "title": "Github.com/che-incubator/che-code: eclipse che \u2014 unauthenticated rce and secret exfiltration via tcp/3333",
      "workarounds": [
        {
          "lang": "en",
          "value": "Apply the security best practices from the Red Hat OpenShift Dev Spaces Administration Guide:\nhttps://docs.redhat.com/en/documentation/red_hat_openshift_dev_spaces/3.24/html/administration_guide/security-best-practices"
        }
      ],
      "x_generator": {
        "engine": "cvelib 1.8.0"
      },
      "x_redhatCweChain": "CWE-306: Missing Authentication for Critical Function"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2025-12548",
    "datePublished": "2026-01-13T15:35:01.329Z",
    "dateReserved": "2025-10-31T14:14:59.157Z",
    "dateUpdated": "2026-01-21T22:19:04.636Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

RHSA-2025:22620

CVE-2025-12548 (GCVE-0-2025-12548)

Tags

Sightings

Nomenclature