Vulnerability-Lookup

RHSA-2025:22623

Vulnerability from csaf_redhat - Published: 2025-12-02 15:28 - Updated: 2026-01-21 23:29

Summary

Red Hat Security Advisory: Red Hat OpenShift Dev Spaces 3.24.1 Release.

Severity

Important

Notes

Topic: Red Hat OpenShift Dev Spaces 3.24.1 has been released.

Details: This release addresses CVE-2025-12548 'Eclipse Che — unauthenticated RCE and secret exfiltration via TCP/3333'.

Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

CVE-2025-12548

A flaw was found in Eclipse Che che-machine-exec. This vulnerability allows unauthenticated remote arbitrary command execution and secret exfiltration (SSH keys, tokens, etc.) from other users' Developer Workspace containers, via an unauthenticated JSON-RPC / websocket API exposed on TCP port 3333.

9.0 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

CWE-306 - Missing Authentication for Critical Function

Vendor Fix Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 https://access.redhat.com/errata/RHSA-2025:22623

Workaround Apply the security best practices from the Red Hat OpenShift Dev Spaces Administration Guide: https://docs.redhat.com/en/documentation/red_hat_openshift_dev_spaces/3.24/html/administration_guide/security-best-practices

References

URL

Category

	https://access.redhat.com/errata/RHSA-2025:22623	self
	https://access.redhat.com/documentation/en-us/red…	external
	https://access.redhat.com/security/cve/CVE-2025-12548	external
	https://access.redhat.com/security/updates/classi…	external
	https://security.access.redhat.com/data/csaf/v2/a…	self
	https://access.redhat.com/security/cve/CVE-2025-12548	self
	https://bugzilla.redhat.com/show_bug.cgi?id=2408850	external
	https://www.cve.org/CVERecord?id=CVE-2025-12548	external
	https://nvd.nist.gov/vuln/detail/CVE-2025-12548	external

Acknowledgments

LME Richard Leach

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Red Hat OpenShift Dev Spaces 3.24.1 has been released.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "This release addresses CVE-2025-12548 \u0027Eclipse Che \u2014 unauthenticated RCE and secret exfiltration via TCP/3333\u0027.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2025:22623",
        "url": "https://access.redhat.com/errata/RHSA-2025:22623"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/documentation/en-us/red_hat_openshift_dev_spaces/3.24/html/administration_guide/installing-devspaces",
        "url": "https://access.redhat.com/documentation/en-us/red_hat_openshift_dev_spaces/3.24/html/administration_guide/installing-devspaces"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/CVE-2025-12548",
        "url": "https://access.redhat.com/security/cve/CVE-2025-12548"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/",
        "url": "https://access.redhat.com/security/updates/classification/"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_22623.json"
      }
    ],
    "title": "Red Hat Security Advisory: Red Hat OpenShift Dev Spaces 3.24.1 Release.",
    "tracking": {
      "current_release_date": "2026-01-21T23:29:03+00:00",
      "generator": {
        "date": "2026-01-21T23:29:03+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.6.15"
        }
      },
      "id": "RHSA-2025:22623",
      "initial_release_date": "2025-12-02T15:28:44+00:00",
      "revision_history": [
        {
          "date": "2025-12-02T15:28:44+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2025-12-02T15:28:54+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2026-01-21T23:29:03+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.24",
                "product": {
                  "name": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.24",
                  "product_id": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.24",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:openshift_devspaces:3.24::el9"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat OpenShift Dev Spaces (RHOSDS)"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "registry.redhat.io/devspaces/code-rhel9@sha256:ced0e45c01cb5f473deb4fb137249b743b907d27172fbabd223024c4000ba56f_amd64",
                "product": {
                  "name": "registry.redhat.io/devspaces/code-rhel9@sha256:ced0e45c01cb5f473deb4fb137249b743b907d27172fbabd223024c4000ba56f_amd64",
                  "product_id": "registry.redhat.io/devspaces/code-rhel9@sha256:ced0e45c01cb5f473deb4fb137249b743b907d27172fbabd223024c4000ba56f_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/code-rhel9@sha256%3Aced0e45c01cb5f473deb4fb137249b743b907d27172fbabd223024c4000ba56f?arch=amd64\u0026repository_url=registry.redhat.io/devspaces\u0026tag=3.24.1-1763547630"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:69b9d5c8a2a342b223e21d7d40b179fde917e254193c709c34f9a11c24733391_amd64",
                "product": {
                  "name": "registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:69b9d5c8a2a342b223e21d7d40b179fde917e254193c709c34f9a11c24733391_amd64",
                  "product_id": "registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:69b9d5c8a2a342b223e21d7d40b179fde917e254193c709c34f9a11c24733391_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/devspaces-operator-bundle@sha256%3A69b9d5c8a2a342b223e21d7d40b179fde917e254193c709c34f9a11c24733391?arch=amd64\u0026repository_url=registry.redhat.io/devspaces\u0026tag=3.24.1-1763584739"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "amd64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "registry.redhat.io/devspaces/code-rhel9@sha256:55205f8b22e78021ebb4beff25c4d250a359629cf96bea4afb5b633f124d6d50_s390x",
                "product": {
                  "name": "registry.redhat.io/devspaces/code-rhel9@sha256:55205f8b22e78021ebb4beff25c4d250a359629cf96bea4afb5b633f124d6d50_s390x",
                  "product_id": "registry.redhat.io/devspaces/code-rhel9@sha256:55205f8b22e78021ebb4beff25c4d250a359629cf96bea4afb5b633f124d6d50_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/code-rhel9@sha256%3A55205f8b22e78021ebb4beff25c4d250a359629cf96bea4afb5b633f124d6d50?arch=s390x\u0026repository_url=registry.redhat.io/devspaces\u0026tag=3.24.1-1763547630"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "registry.redhat.io/devspaces/code-rhel9@sha256:18e08f6cf87349707efe99e95b1029ff084f0824ab16515aac98302dda906eea_ppc64le",
                "product": {
                  "name": "registry.redhat.io/devspaces/code-rhel9@sha256:18e08f6cf87349707efe99e95b1029ff084f0824ab16515aac98302dda906eea_ppc64le",
                  "product_id": "registry.redhat.io/devspaces/code-rhel9@sha256:18e08f6cf87349707efe99e95b1029ff084f0824ab16515aac98302dda906eea_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/code-rhel9@sha256%3A18e08f6cf87349707efe99e95b1029ff084f0824ab16515aac98302dda906eea?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces\u0026tag=3.24.1-1763547630"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "registry.redhat.io/devspaces/code-rhel9@sha256:9135e1c02a4f67bbd80fa6755cab3096aa5ecefabdc9af39c700f52ca24d2c6e_arm64",
                "product": {
                  "name": "registry.redhat.io/devspaces/code-rhel9@sha256:9135e1c02a4f67bbd80fa6755cab3096aa5ecefabdc9af39c700f52ca24d2c6e_arm64",
                  "product_id": "registry.redhat.io/devspaces/code-rhel9@sha256:9135e1c02a4f67bbd80fa6755cab3096aa5ecefabdc9af39c700f52ca24d2c6e_arm64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/code-rhel9@sha256%3A9135e1c02a4f67bbd80fa6755cab3096aa5ecefabdc9af39c700f52ca24d2c6e?arch=arm64\u0026repository_url=registry.redhat.io/devspaces\u0026tag=3.24.1-1763547630"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "arm64"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "registry.redhat.io/devspaces/code-rhel9@sha256:18e08f6cf87349707efe99e95b1029ff084f0824ab16515aac98302dda906eea_ppc64le as a component of Red Hat OpenShift Dev Spaces (RHOSDS) 3.24",
          "product_id": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.24:registry.redhat.io/devspaces/code-rhel9@sha256:18e08f6cf87349707efe99e95b1029ff084f0824ab16515aac98302dda906eea_ppc64le"
        },
        "product_reference": "registry.redhat.io/devspaces/code-rhel9@sha256:18e08f6cf87349707efe99e95b1029ff084f0824ab16515aac98302dda906eea_ppc64le",
        "relates_to_product_reference": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.24"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "registry.redhat.io/devspaces/code-rhel9@sha256:55205f8b22e78021ebb4beff25c4d250a359629cf96bea4afb5b633f124d6d50_s390x as a component of Red Hat OpenShift Dev Spaces (RHOSDS) 3.24",
          "product_id": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.24:registry.redhat.io/devspaces/code-rhel9@sha256:55205f8b22e78021ebb4beff25c4d250a359629cf96bea4afb5b633f124d6d50_s390x"
        },
        "product_reference": "registry.redhat.io/devspaces/code-rhel9@sha256:55205f8b22e78021ebb4beff25c4d250a359629cf96bea4afb5b633f124d6d50_s390x",
        "relates_to_product_reference": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.24"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "registry.redhat.io/devspaces/code-rhel9@sha256:9135e1c02a4f67bbd80fa6755cab3096aa5ecefabdc9af39c700f52ca24d2c6e_arm64 as a component of Red Hat OpenShift Dev Spaces (RHOSDS) 3.24",
          "product_id": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.24:registry.redhat.io/devspaces/code-rhel9@sha256:9135e1c02a4f67bbd80fa6755cab3096aa5ecefabdc9af39c700f52ca24d2c6e_arm64"
        },
        "product_reference": "registry.redhat.io/devspaces/code-rhel9@sha256:9135e1c02a4f67bbd80fa6755cab3096aa5ecefabdc9af39c700f52ca24d2c6e_arm64",
        "relates_to_product_reference": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.24"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "registry.redhat.io/devspaces/code-rhel9@sha256:ced0e45c01cb5f473deb4fb137249b743b907d27172fbabd223024c4000ba56f_amd64 as a component of Red Hat OpenShift Dev Spaces (RHOSDS) 3.24",
          "product_id": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.24:registry.redhat.io/devspaces/code-rhel9@sha256:ced0e45c01cb5f473deb4fb137249b743b907d27172fbabd223024c4000ba56f_amd64"
        },
        "product_reference": "registry.redhat.io/devspaces/code-rhel9@sha256:ced0e45c01cb5f473deb4fb137249b743b907d27172fbabd223024c4000ba56f_amd64",
        "relates_to_product_reference": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.24"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:69b9d5c8a2a342b223e21d7d40b179fde917e254193c709c34f9a11c24733391_amd64 as a component of Red Hat OpenShift Dev Spaces (RHOSDS) 3.24",
          "product_id": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.24:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:69b9d5c8a2a342b223e21d7d40b179fde917e254193c709c34f9a11c24733391_amd64"
        },
        "product_reference": "registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:69b9d5c8a2a342b223e21d7d40b179fde917e254193c709c34f9a11c24733391_amd64",
        "relates_to_product_reference": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.24"
      }
    ]
  },
  "vulnerabilities": [
    {
      "acknowledgments": [
        {
          "names": [
            "Richard Leach"
          ],
          "organization": "LME"
        }
      ],
      "cve": "CVE-2025-12548",
      "cwe": {
        "id": "CWE-306",
        "name": "Missing Authentication for Critical Function"
      },
      "discovery_date": "2025-10-31T13:31:49.219000+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "Red Hat OpenShift Dev Spaces (RHOSDS) 3.24:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:69b9d5c8a2a342b223e21d7d40b179fde917e254193c709c34f9a11c24733391_amd64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2408850"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Eclipse Che che-machine-exec. This vulnerability allows unauthenticated remote arbitrary command execution and secret exfiltration (SSH keys, tokens, etc.) from other users\u0027 Developer Workspace containers, via an unauthenticated JSON-RPC / websocket API exposed on TCP port 3333.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "github.com/che-incubator/che-code: Eclipse Che \u2014 unauthenticated RCE and secret exfiltration via TCP/3333",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat OpenShift Dev Spaces (RHOSDS) 3.24:registry.redhat.io/devspaces/code-rhel9@sha256:18e08f6cf87349707efe99e95b1029ff084f0824ab16515aac98302dda906eea_ppc64le",
          "Red Hat OpenShift Dev Spaces (RHOSDS) 3.24:registry.redhat.io/devspaces/code-rhel9@sha256:55205f8b22e78021ebb4beff25c4d250a359629cf96bea4afb5b633f124d6d50_s390x",
          "Red Hat OpenShift Dev Spaces (RHOSDS) 3.24:registry.redhat.io/devspaces/code-rhel9@sha256:9135e1c02a4f67bbd80fa6755cab3096aa5ecefabdc9af39c700f52ca24d2c6e_arm64",
          "Red Hat OpenShift Dev Spaces (RHOSDS) 3.24:registry.redhat.io/devspaces/code-rhel9@sha256:ced0e45c01cb5f473deb4fb137249b743b907d27172fbabd223024c4000ba56f_amd64"
        ],
        "known_not_affected": [
          "Red Hat OpenShift Dev Spaces (RHOSDS) 3.24:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:69b9d5c8a2a342b223e21d7d40b179fde917e254193c709c34f9a11c24733391_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2025-12548"
        },
        {
          "category": "external",
          "summary": "RHBZ#2408850",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2408850"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2025-12548",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-12548"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-12548",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-12548"
        }
      ],
      "release_date": "2025-12-02T07:07:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2025-12-02T15:28:44+00:00",
          "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\nFor details on how to apply this update, refer to:\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "Red Hat OpenShift Dev Spaces (RHOSDS) 3.24:registry.redhat.io/devspaces/code-rhel9@sha256:18e08f6cf87349707efe99e95b1029ff084f0824ab16515aac98302dda906eea_ppc64le",
            "Red Hat OpenShift Dev Spaces (RHOSDS) 3.24:registry.redhat.io/devspaces/code-rhel9@sha256:55205f8b22e78021ebb4beff25c4d250a359629cf96bea4afb5b633f124d6d50_s390x",
            "Red Hat OpenShift Dev Spaces (RHOSDS) 3.24:registry.redhat.io/devspaces/code-rhel9@sha256:9135e1c02a4f67bbd80fa6755cab3096aa5ecefabdc9af39c700f52ca24d2c6e_arm64",
            "Red Hat OpenShift Dev Spaces (RHOSDS) 3.24:registry.redhat.io/devspaces/code-rhel9@sha256:ced0e45c01cb5f473deb4fb137249b743b907d27172fbabd223024c4000ba56f_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2025:22623"
        },
        {
          "category": "workaround",
          "details": "Apply the security best practices from the Red Hat OpenShift Dev Spaces Administration Guide:\nhttps://docs.redhat.com/en/documentation/red_hat_openshift_dev_spaces/3.24/html/administration_guide/security-best-practices",
          "product_ids": [
            "Red Hat OpenShift Dev Spaces (RHOSDS) 3.24:registry.redhat.io/devspaces/code-rhel9@sha256:18e08f6cf87349707efe99e95b1029ff084f0824ab16515aac98302dda906eea_ppc64le",
            "Red Hat OpenShift Dev Spaces (RHOSDS) 3.24:registry.redhat.io/devspaces/code-rhel9@sha256:55205f8b22e78021ebb4beff25c4d250a359629cf96bea4afb5b633f124d6d50_s390x",
            "Red Hat OpenShift Dev Spaces (RHOSDS) 3.24:registry.redhat.io/devspaces/code-rhel9@sha256:9135e1c02a4f67bbd80fa6755cab3096aa5ecefabdc9af39c700f52ca24d2c6e_arm64",
            "Red Hat OpenShift Dev Spaces (RHOSDS) 3.24:registry.redhat.io/devspaces/code-rhel9@sha256:ced0e45c01cb5f473deb4fb137249b743b907d27172fbabd223024c4000ba56f_amd64",
            "Red Hat OpenShift Dev Spaces (RHOSDS) 3.24:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:69b9d5c8a2a342b223e21d7d40b179fde917e254193c709c34f9a11c24733391_amd64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.0,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "Red Hat OpenShift Dev Spaces (RHOSDS) 3.24:registry.redhat.io/devspaces/code-rhel9@sha256:18e08f6cf87349707efe99e95b1029ff084f0824ab16515aac98302dda906eea_ppc64le",
            "Red Hat OpenShift Dev Spaces (RHOSDS) 3.24:registry.redhat.io/devspaces/code-rhel9@sha256:55205f8b22e78021ebb4beff25c4d250a359629cf96bea4afb5b633f124d6d50_s390x",
            "Red Hat OpenShift Dev Spaces (RHOSDS) 3.24:registry.redhat.io/devspaces/code-rhel9@sha256:9135e1c02a4f67bbd80fa6755cab3096aa5ecefabdc9af39c700f52ca24d2c6e_arm64",
            "Red Hat OpenShift Dev Spaces (RHOSDS) 3.24:registry.redhat.io/devspaces/code-rhel9@sha256:ced0e45c01cb5f473deb4fb137249b743b907d27172fbabd223024c4000ba56f_amd64",
            "Red Hat OpenShift Dev Spaces (RHOSDS) 3.24:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:69b9d5c8a2a342b223e21d7d40b179fde917e254193c709c34f9a11c24733391_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "github.com/che-incubator/che-code: Eclipse Che \u2014 unauthenticated RCE and secret exfiltration via TCP/3333"
    }
  ]
}

CVE-2025-12548 (GCVE-0-2025-12548)

Vulnerability from cvelistv5 – Published: 2026-01-13 15:35 – Updated: 2026-01-21 22:19

Title

Github.com/che-incubator/che-code: eclipse che — unauthenticated rce and secret exfiltration via tcp/3333

Summary

Severity ?

9 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

CWE

CWE-306 - Missing Authentication for Critical Function

Assigner

redhat

References

URL

Tags

	https://access.redhat.com/errata/RHSA-2025:22620	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2025:22623	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2025:22652	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/security/cve/CVE-2025-12548	vdb-entryx_refsource_REDHAT
	https://bugzilla.redhat.com/show_bug.cgi?id=2408850	issue-trackingx_refsource_REDHAT

Impacted products

Vendor

Product

Version

Red Hat

Red Hat OpenShift Dev Spaces (RHOSDS) 3.22

Unaffected: sha256:3de7dd8077a9201eb7ff56c340629184773d6c06de9d6e083e13c5b51a82009c , < * (rpm)
cpe:/a:redhat:openshift_devspaces:3.22::el9

	Red Hat	Red Hat OpenShift Dev Spaces (RHOSDS) 3.23	Unaffected: sha256:a6fe7e233fa23e1fff9c74c5d4cbe800534561131b5be59533e88ede24452e3a , < * (rpm) cpe:/a:redhat:openshift_devspaces:3.23::el9
	Red Hat	Red Hat OpenShift Dev Spaces (RHOSDS) 3.24	Unaffected: sha256:ced0e45c01cb5f473deb4fb137249b743b907d27172fbabd223024c4000ba56f , < * (rpm) cpe:/a:redhat:openshift_devspaces:3.24::el9

Date Public ?

2025-12-02 07:07

Credits

Red Hat would like to thank Richard Leach (LME) for reporting this issue.

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-12548",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-01-13T15:51:02.077067Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-01-13T15:51:21.791Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:openshift_devspaces:3.22::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "devspaces/code-rhel9",
          "product": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.22",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "sha256:3de7dd8077a9201eb7ff56c340629184773d6c06de9d6e083e13c5b51a82009c",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:openshift_devspaces:3.23::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "devspaces/code-rhel9",
          "product": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.23",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "sha256:a6fe7e233fa23e1fff9c74c5d4cbe800534561131b5be59533e88ede24452e3a",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:openshift_devspaces:3.24::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "devspaces/code-rhel9",
          "product": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.24",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "sha256:ced0e45c01cb5f473deb4fb137249b743b907d27172fbabd223024c4000ba56f",
              "versionType": "rpm"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Red Hat would like to thank Richard Leach (LME) for reporting this issue."
        }
      ],
      "datePublic": "2025-12-02T07:07:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A flaw was found in Eclipse Che che-machine-exec. This vulnerability allows unauthenticated remote arbitrary command execution and secret exfiltration (SSH keys, tokens, etc.) from other users\u0027 Developer Workspace containers, via an unauthenticated JSON-RPC / websocket API exposed on TCP port 3333."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "namespace": "https://access.redhat.com/security/updates/classification/",
              "value": "Important"
            },
            "type": "Red Hat severity rating"
          }
        },
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-306",
              "description": "Missing Authentication for Critical Function",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-01-21T22:19:04.636Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "RHSA-2025:22620",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:22620"
        },
        {
          "name": "RHSA-2025:22623",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:22623"
        },
        {
          "name": "RHSA-2025:22652",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:22652"
        },
        {
          "tags": [
            "vdb-entry",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/security/cve/CVE-2025-12548"
        },
        {
          "name": "RHBZ#2408850",
          "tags": [
            "issue-tracking",
            "x_refsource_REDHAT"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2408850"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2025-10-31T13:31:49.219Z",
          "value": "Reported to Red Hat."
        },
        {
          "lang": "en",
          "time": "2025-12-02T07:07:00.000Z",
          "value": "Made public."
        }
      ],
      "title": "Github.com/che-incubator/che-code: eclipse che \u2014 unauthenticated rce and secret exfiltration via tcp/3333",
      "workarounds": [
        {
          "lang": "en",
          "value": "Apply the security best practices from the Red Hat OpenShift Dev Spaces Administration Guide:\nhttps://docs.redhat.com/en/documentation/red_hat_openshift_dev_spaces/3.24/html/administration_guide/security-best-practices"
        }
      ],
      "x_generator": {
        "engine": "cvelib 1.8.0"
      },
      "x_redhatCweChain": "CWE-306: Missing Authentication for Critical Function"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2025-12548",
    "datePublished": "2026-01-13T15:35:01.329Z",
    "dateReserved": "2025-10-31T14:14:59.157Z",
    "dateUpdated": "2026-01-21T22:19:04.636Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

RHSA-2025:22623

CVE-2025-12548 (GCVE-0-2025-12548)

Tags

Sightings

Nomenclature