Vulnerability-Lookup

RHSA-2025:22652

Vulnerability from csaf_redhat - Published: 2025-12-02 21:45 - Updated: 2026-01-21 23:29

Summary

Red Hat Security Advisory: Red Hat OpenShift Dev Spaces 3.23.1 Release.

Severity

Important

Notes

Topic: Red Hat OpenShift Dev Spaces 3.23.1 has been released.

Details: This release addresses CVE-2025-12548 'Eclipse Che — unauthenticated RCE and secret exfiltration via TCP/3333'.

Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

CVE-2025-12548

A flaw was found in Eclipse Che che-machine-exec. This vulnerability allows unauthenticated remote arbitrary command execution and secret exfiltration (SSH keys, tokens, etc.) from other users' Developer Workspace containers, via an unauthenticated JSON-RPC / websocket API exposed on TCP port 3333.

9.0 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

CWE-306 - Missing Authentication for Critical Function

Vendor Fix Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 https://access.redhat.com/errata/RHSA-2025:22652

Workaround Apply the security best practices from the Red Hat OpenShift Dev Spaces Administration Guide: https://docs.redhat.com/en/documentation/red_hat_openshift_dev_spaces/3.24/html/administration_guide/security-best-practices

References

URL

Category

	https://access.redhat.com/errata/RHSA-2025:22652	self
	https://access.redhat.com/documentation/en-us/red…	external
	https://access.redhat.com/security/cve/CVE-2025-12548	external
	https://access.redhat.com/security/updates/classi…	external
	https://security.access.redhat.com/data/csaf/v2/a…	self
	https://access.redhat.com/security/cve/CVE-2025-12548	self
	https://bugzilla.redhat.com/show_bug.cgi?id=2408850	external
	https://www.cve.org/CVERecord?id=CVE-2025-12548	external
	https://nvd.nist.gov/vuln/detail/CVE-2025-12548	external

Acknowledgments

LME Richard Leach

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Red Hat OpenShift Dev Spaces 3.23.1 has been released.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "This release addresses CVE-2025-12548 \u0027Eclipse Che \u2014 unauthenticated RCE and secret exfiltration via TCP/3333\u0027.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2025:22652",
        "url": "https://access.redhat.com/errata/RHSA-2025:22652"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/documentation/en-us/red_hat_openshift_dev_spaces/3.23/html/administration_guide/installing-devspaces",
        "url": "https://access.redhat.com/documentation/en-us/red_hat_openshift_dev_spaces/3.23/html/administration_guide/installing-devspaces"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/CVE-2025-12548",
        "url": "https://access.redhat.com/security/cve/CVE-2025-12548"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/",
        "url": "https://access.redhat.com/security/updates/classification/"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_22652.json"
      }
    ],
    "title": "Red Hat Security Advisory: Red Hat OpenShift Dev Spaces 3.23.1 Release.",
    "tracking": {
      "current_release_date": "2026-01-21T23:29:04+00:00",
      "generator": {
        "date": "2026-01-21T23:29:04+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.6.15"
        }
      },
      "id": "RHSA-2025:22652",
      "initial_release_date": "2025-12-02T21:45:24+00:00",
      "revision_history": [
        {
          "date": "2025-12-02T21:45:24+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2025-12-02T21:45:26+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2026-01-21T23:29:04+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.23",
                "product": {
                  "name": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.23",
                  "product_id": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.23",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:openshift_devspaces:3.23::el9"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat OpenShift Dev Spaces (RHOSDS)"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "registry.redhat.io/devspaces/code-rhel9@sha256:4b9159902333a82353bf91823c092e9e2508b17b92e8c6fe0295b5a6609f25f3_s390x",
                "product": {
                  "name": "registry.redhat.io/devspaces/code-rhel9@sha256:4b9159902333a82353bf91823c092e9e2508b17b92e8c6fe0295b5a6609f25f3_s390x",
                  "product_id": "registry.redhat.io/devspaces/code-rhel9@sha256:4b9159902333a82353bf91823c092e9e2508b17b92e8c6fe0295b5a6609f25f3_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/code-rhel9@sha256%3A4b9159902333a82353bf91823c092e9e2508b17b92e8c6fe0295b5a6609f25f3?arch=s390x\u0026repository_url=registry.redhat.io/devspaces\u0026tag=3.23.1-1763508770"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "registry.redhat.io/devspaces/code-rhel9@sha256:83bdc106e7049b40977f8407a1b305be91afdd555a08ab097e448205c9f24eac_ppc64le",
                "product": {
                  "name": "registry.redhat.io/devspaces/code-rhel9@sha256:83bdc106e7049b40977f8407a1b305be91afdd555a08ab097e448205c9f24eac_ppc64le",
                  "product_id": "registry.redhat.io/devspaces/code-rhel9@sha256:83bdc106e7049b40977f8407a1b305be91afdd555a08ab097e448205c9f24eac_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/code-rhel9@sha256%3A83bdc106e7049b40977f8407a1b305be91afdd555a08ab097e448205c9f24eac?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces\u0026tag=3.23.1-1763508770"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "registry.redhat.io/devspaces/code-rhel9@sha256:530cc2d4545285c5049faa1d379d57c1f0b00f34ec962fae78778893a7fdab50_arm64",
                "product": {
                  "name": "registry.redhat.io/devspaces/code-rhel9@sha256:530cc2d4545285c5049faa1d379d57c1f0b00f34ec962fae78778893a7fdab50_arm64",
                  "product_id": "registry.redhat.io/devspaces/code-rhel9@sha256:530cc2d4545285c5049faa1d379d57c1f0b00f34ec962fae78778893a7fdab50_arm64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/code-rhel9@sha256%3A530cc2d4545285c5049faa1d379d57c1f0b00f34ec962fae78778893a7fdab50?arch=arm64\u0026repository_url=registry.redhat.io/devspaces\u0026tag=3.23.1-1763508770"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "arm64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:48c3048fafcdcf5d50fb5a5760e21b9fe062ec791c6ca9f288a9bcc556677f25_amd64",
                "product": {
                  "name": "registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:48c3048fafcdcf5d50fb5a5760e21b9fe062ec791c6ca9f288a9bcc556677f25_amd64",
                  "product_id": "registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:48c3048fafcdcf5d50fb5a5760e21b9fe062ec791c6ca9f288a9bcc556677f25_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/devspaces-operator-bundle@sha256%3A48c3048fafcdcf5d50fb5a5760e21b9fe062ec791c6ca9f288a9bcc556677f25?arch=amd64\u0026repository_url=registry.redhat.io/devspaces\u0026tag=3.23.1-1763584215"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "registry.redhat.io/devspaces/code-rhel9@sha256:a6fe7e233fa23e1fff9c74c5d4cbe800534561131b5be59533e88ede24452e3a_amd64",
                "product": {
                  "name": "registry.redhat.io/devspaces/code-rhel9@sha256:a6fe7e233fa23e1fff9c74c5d4cbe800534561131b5be59533e88ede24452e3a_amd64",
                  "product_id": "registry.redhat.io/devspaces/code-rhel9@sha256:a6fe7e233fa23e1fff9c74c5d4cbe800534561131b5be59533e88ede24452e3a_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/code-rhel9@sha256%3Aa6fe7e233fa23e1fff9c74c5d4cbe800534561131b5be59533e88ede24452e3a?arch=amd64\u0026repository_url=registry.redhat.io/devspaces\u0026tag=3.23.1-1763508770"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "amd64"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "registry.redhat.io/devspaces/code-rhel9@sha256:4b9159902333a82353bf91823c092e9e2508b17b92e8c6fe0295b5a6609f25f3_s390x as a component of Red Hat OpenShift Dev Spaces (RHOSDS) 3.23",
          "product_id": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/code-rhel9@sha256:4b9159902333a82353bf91823c092e9e2508b17b92e8c6fe0295b5a6609f25f3_s390x"
        },
        "product_reference": "registry.redhat.io/devspaces/code-rhel9@sha256:4b9159902333a82353bf91823c092e9e2508b17b92e8c6fe0295b5a6609f25f3_s390x",
        "relates_to_product_reference": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.23"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "registry.redhat.io/devspaces/code-rhel9@sha256:530cc2d4545285c5049faa1d379d57c1f0b00f34ec962fae78778893a7fdab50_arm64 as a component of Red Hat OpenShift Dev Spaces (RHOSDS) 3.23",
          "product_id": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/code-rhel9@sha256:530cc2d4545285c5049faa1d379d57c1f0b00f34ec962fae78778893a7fdab50_arm64"
        },
        "product_reference": "registry.redhat.io/devspaces/code-rhel9@sha256:530cc2d4545285c5049faa1d379d57c1f0b00f34ec962fae78778893a7fdab50_arm64",
        "relates_to_product_reference": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.23"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "registry.redhat.io/devspaces/code-rhel9@sha256:83bdc106e7049b40977f8407a1b305be91afdd555a08ab097e448205c9f24eac_ppc64le as a component of Red Hat OpenShift Dev Spaces (RHOSDS) 3.23",
          "product_id": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/code-rhel9@sha256:83bdc106e7049b40977f8407a1b305be91afdd555a08ab097e448205c9f24eac_ppc64le"
        },
        "product_reference": "registry.redhat.io/devspaces/code-rhel9@sha256:83bdc106e7049b40977f8407a1b305be91afdd555a08ab097e448205c9f24eac_ppc64le",
        "relates_to_product_reference": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.23"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "registry.redhat.io/devspaces/code-rhel9@sha256:a6fe7e233fa23e1fff9c74c5d4cbe800534561131b5be59533e88ede24452e3a_amd64 as a component of Red Hat OpenShift Dev Spaces (RHOSDS) 3.23",
          "product_id": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/code-rhel9@sha256:a6fe7e233fa23e1fff9c74c5d4cbe800534561131b5be59533e88ede24452e3a_amd64"
        },
        "product_reference": "registry.redhat.io/devspaces/code-rhel9@sha256:a6fe7e233fa23e1fff9c74c5d4cbe800534561131b5be59533e88ede24452e3a_amd64",
        "relates_to_product_reference": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.23"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:48c3048fafcdcf5d50fb5a5760e21b9fe062ec791c6ca9f288a9bcc556677f25_amd64 as a component of Red Hat OpenShift Dev Spaces (RHOSDS) 3.23",
          "product_id": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:48c3048fafcdcf5d50fb5a5760e21b9fe062ec791c6ca9f288a9bcc556677f25_amd64"
        },
        "product_reference": "registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:48c3048fafcdcf5d50fb5a5760e21b9fe062ec791c6ca9f288a9bcc556677f25_amd64",
        "relates_to_product_reference": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.23"
      }
    ]
  },
  "vulnerabilities": [
    {
      "acknowledgments": [
        {
          "names": [
            "Richard Leach"
          ],
          "organization": "LME"
        }
      ],
      "cve": "CVE-2025-12548",
      "cwe": {
        "id": "CWE-306",
        "name": "Missing Authentication for Critical Function"
      },
      "discovery_date": "2025-10-31T13:31:49.219000+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:48c3048fafcdcf5d50fb5a5760e21b9fe062ec791c6ca9f288a9bcc556677f25_amd64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2408850"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Eclipse Che che-machine-exec. This vulnerability allows unauthenticated remote arbitrary command execution and secret exfiltration (SSH keys, tokens, etc.) from other users\u0027 Developer Workspace containers, via an unauthenticated JSON-RPC / websocket API exposed on TCP port 3333.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "github.com/che-incubator/che-code: Eclipse Che \u2014 unauthenticated RCE and secret exfiltration via TCP/3333",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/code-rhel9@sha256:4b9159902333a82353bf91823c092e9e2508b17b92e8c6fe0295b5a6609f25f3_s390x",
          "Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/code-rhel9@sha256:530cc2d4545285c5049faa1d379d57c1f0b00f34ec962fae78778893a7fdab50_arm64",
          "Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/code-rhel9@sha256:83bdc106e7049b40977f8407a1b305be91afdd555a08ab097e448205c9f24eac_ppc64le",
          "Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/code-rhel9@sha256:a6fe7e233fa23e1fff9c74c5d4cbe800534561131b5be59533e88ede24452e3a_amd64"
        ],
        "known_not_affected": [
          "Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:48c3048fafcdcf5d50fb5a5760e21b9fe062ec791c6ca9f288a9bcc556677f25_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2025-12548"
        },
        {
          "category": "external",
          "summary": "RHBZ#2408850",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2408850"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2025-12548",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-12548"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-12548",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-12548"
        }
      ],
      "release_date": "2025-12-02T07:07:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2025-12-02T21:45:24+00:00",
          "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\nFor details on how to apply this update, refer to:\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/code-rhel9@sha256:4b9159902333a82353bf91823c092e9e2508b17b92e8c6fe0295b5a6609f25f3_s390x",
            "Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/code-rhel9@sha256:530cc2d4545285c5049faa1d379d57c1f0b00f34ec962fae78778893a7fdab50_arm64",
            "Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/code-rhel9@sha256:83bdc106e7049b40977f8407a1b305be91afdd555a08ab097e448205c9f24eac_ppc64le",
            "Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/code-rhel9@sha256:a6fe7e233fa23e1fff9c74c5d4cbe800534561131b5be59533e88ede24452e3a_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2025:22652"
        },
        {
          "category": "workaround",
          "details": "Apply the security best practices from the Red Hat OpenShift Dev Spaces Administration Guide:\nhttps://docs.redhat.com/en/documentation/red_hat_openshift_dev_spaces/3.24/html/administration_guide/security-best-practices",
          "product_ids": [
            "Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/code-rhel9@sha256:4b9159902333a82353bf91823c092e9e2508b17b92e8c6fe0295b5a6609f25f3_s390x",
            "Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/code-rhel9@sha256:530cc2d4545285c5049faa1d379d57c1f0b00f34ec962fae78778893a7fdab50_arm64",
            "Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/code-rhel9@sha256:83bdc106e7049b40977f8407a1b305be91afdd555a08ab097e448205c9f24eac_ppc64le",
            "Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/code-rhel9@sha256:a6fe7e233fa23e1fff9c74c5d4cbe800534561131b5be59533e88ede24452e3a_amd64",
            "Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:48c3048fafcdcf5d50fb5a5760e21b9fe062ec791c6ca9f288a9bcc556677f25_amd64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.0,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/code-rhel9@sha256:4b9159902333a82353bf91823c092e9e2508b17b92e8c6fe0295b5a6609f25f3_s390x",
            "Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/code-rhel9@sha256:530cc2d4545285c5049faa1d379d57c1f0b00f34ec962fae78778893a7fdab50_arm64",
            "Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/code-rhel9@sha256:83bdc106e7049b40977f8407a1b305be91afdd555a08ab097e448205c9f24eac_ppc64le",
            "Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/code-rhel9@sha256:a6fe7e233fa23e1fff9c74c5d4cbe800534561131b5be59533e88ede24452e3a_amd64",
            "Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:48c3048fafcdcf5d50fb5a5760e21b9fe062ec791c6ca9f288a9bcc556677f25_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "github.com/che-incubator/che-code: Eclipse Che \u2014 unauthenticated RCE and secret exfiltration via TCP/3333"
    }
  ]
}

CVE-2025-12548 (GCVE-0-2025-12548)

Vulnerability from cvelistv5 – Published: 2026-01-13 15:35 – Updated: 2026-01-21 22:19

Title

Github.com/che-incubator/che-code: eclipse che — unauthenticated rce and secret exfiltration via tcp/3333

Summary

Severity ?

9 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

CWE

CWE-306 - Missing Authentication for Critical Function

Assigner

redhat

References

URL

Tags

	https://access.redhat.com/errata/RHSA-2025:22620	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2025:22623	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2025:22652	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/security/cve/CVE-2025-12548	vdb-entryx_refsource_REDHAT
	https://bugzilla.redhat.com/show_bug.cgi?id=2408850	issue-trackingx_refsource_REDHAT

Impacted products

Vendor

Product

Version

Red Hat

Red Hat OpenShift Dev Spaces (RHOSDS) 3.22

Unaffected: sha256:3de7dd8077a9201eb7ff56c340629184773d6c06de9d6e083e13c5b51a82009c , < * (rpm)
cpe:/a:redhat:openshift_devspaces:3.22::el9

	Red Hat	Red Hat OpenShift Dev Spaces (RHOSDS) 3.23	Unaffected: sha256:a6fe7e233fa23e1fff9c74c5d4cbe800534561131b5be59533e88ede24452e3a , < * (rpm) cpe:/a:redhat:openshift_devspaces:3.23::el9
	Red Hat	Red Hat OpenShift Dev Spaces (RHOSDS) 3.24	Unaffected: sha256:ced0e45c01cb5f473deb4fb137249b743b907d27172fbabd223024c4000ba56f , < * (rpm) cpe:/a:redhat:openshift_devspaces:3.24::el9

Date Public ?

2025-12-02 07:07

Credits

Red Hat would like to thank Richard Leach (LME) for reporting this issue.

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-12548",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-01-13T15:51:02.077067Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-01-13T15:51:21.791Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:openshift_devspaces:3.22::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "devspaces/code-rhel9",
          "product": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.22",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "sha256:3de7dd8077a9201eb7ff56c340629184773d6c06de9d6e083e13c5b51a82009c",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:openshift_devspaces:3.23::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "devspaces/code-rhel9",
          "product": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.23",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "sha256:a6fe7e233fa23e1fff9c74c5d4cbe800534561131b5be59533e88ede24452e3a",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:openshift_devspaces:3.24::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "devspaces/code-rhel9",
          "product": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.24",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "sha256:ced0e45c01cb5f473deb4fb137249b743b907d27172fbabd223024c4000ba56f",
              "versionType": "rpm"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Red Hat would like to thank Richard Leach (LME) for reporting this issue."
        }
      ],
      "datePublic": "2025-12-02T07:07:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A flaw was found in Eclipse Che che-machine-exec. This vulnerability allows unauthenticated remote arbitrary command execution and secret exfiltration (SSH keys, tokens, etc.) from other users\u0027 Developer Workspace containers, via an unauthenticated JSON-RPC / websocket API exposed on TCP port 3333."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "namespace": "https://access.redhat.com/security/updates/classification/",
              "value": "Important"
            },
            "type": "Red Hat severity rating"
          }
        },
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-306",
              "description": "Missing Authentication for Critical Function",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-01-21T22:19:04.636Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "RHSA-2025:22620",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:22620"
        },
        {
          "name": "RHSA-2025:22623",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:22623"
        },
        {
          "name": "RHSA-2025:22652",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:22652"
        },
        {
          "tags": [
            "vdb-entry",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/security/cve/CVE-2025-12548"
        },
        {
          "name": "RHBZ#2408850",
          "tags": [
            "issue-tracking",
            "x_refsource_REDHAT"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2408850"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2025-10-31T13:31:49.219Z",
          "value": "Reported to Red Hat."
        },
        {
          "lang": "en",
          "time": "2025-12-02T07:07:00.000Z",
          "value": "Made public."
        }
      ],
      "title": "Github.com/che-incubator/che-code: eclipse che \u2014 unauthenticated rce and secret exfiltration via tcp/3333",
      "workarounds": [
        {
          "lang": "en",
          "value": "Apply the security best practices from the Red Hat OpenShift Dev Spaces Administration Guide:\nhttps://docs.redhat.com/en/documentation/red_hat_openshift_dev_spaces/3.24/html/administration_guide/security-best-practices"
        }
      ],
      "x_generator": {
        "engine": "cvelib 1.8.0"
      },
      "x_redhatCweChain": "CWE-306: Missing Authentication for Critical Function"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2025-12548",
    "datePublished": "2026-01-13T15:35:01.329Z",
    "dateReserved": "2025-10-31T14:14:59.157Z",
    "dateUpdated": "2026-01-21T22:19:04.636Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

RHSA-2025:22652

CVE-2025-12548 (GCVE-0-2025-12548)

Tags

Sightings

Nomenclature