WID-SEC-W-2025-0460
Vulnerability from csaf_certbund - Published: 2025-02-27 23:00 - Updated: 2025-12-16 23:00Summary
Red Hat Enterprise Linux (Quarkus): Mehrere Schwachstellen
Severity
Hoch
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: Red Hat Enterprise Linux (RHEL) ist eine populäre Linux-Distribution.
Angriff: Ein entfernter Angreifer kann mehrere Schwachstellen in Quarkus auf Red Hat Enterprise Linux ausnutzen, um Informationen offenzulegen, oder einen Denial of Service auszulösen.
Betroffene Betriebssysteme: - Linux
- UNIX
References
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Red Hat Enterprise Linux (RHEL) ist eine popul\u00e4re Linux-Distribution.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter Angreifer kann mehrere Schwachstellen in Quarkus auf Red Hat Enterprise Linux ausnutzen, um Informationen offenzulegen, oder einen Denial of Service auszul\u00f6sen.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux\n- UNIX",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2025-0460 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2025/wid-sec-w-2025-0460.json"
},
{
"category": "self",
"summary": "WID-SEC-2025-0460 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-0460"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:1884 vom 2025-02-27",
"url": "https://access.redhat.com/errata/RHSA-2025:1884"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:1885 vom 2025-02-27",
"url": "https://access.redhat.com/errata/RHSA-2025:1885"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:2067 vom 2025-03-03",
"url": "https://access.redhat.com/errata/RHSA-2025:2067"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:2663 vom 2025-03-11",
"url": "https://access.redhat.com/errata/RHSA-2025:2663"
},
{
"category": "external",
"summary": "Bamboo Data Center Advisory",
"url": "https://jira.atlassian.com/browse/BAM-26046"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:3358 vom 2025-03-27",
"url": "https://access.redhat.com/errata/RHSA-2025:3358"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:3357 vom 2025-03-27",
"url": "https://access.redhat.com/errata/RHSA-2025:3357"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7229750 vom 2025-04-01",
"url": "https://www.ibm.com/support/pages/node/7229750"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:3467 vom 2025-04-01",
"url": "https://access.redhat.com/errata/RHSA-2025:3467"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:3465 vom 2025-04-01",
"url": "https://access.redhat.com/errata/RHSA-2025:3465"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:3540 vom 2025-04-02",
"url": "https://access.redhat.com/errata/RHSA-2025:3540"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7229901 vom 2025-04-02",
"url": "https://www.ibm.com/support/pages/node/7229901"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:3543 vom 2025-04-02",
"url": "https://access.redhat.com/errata/RHSA-2025:3543"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7232032 vom 2025-04-29",
"url": "https://www.ibm.com/support/pages/node/7232032"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:4550 vom 2025-05-06",
"url": "https://access.redhat.com/errata/RHSA-2025:4550"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:4549 vom 2025-05-06",
"url": "https://access.redhat.com/errata/RHSA-2025:4549"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:4552 vom 2025-05-06",
"url": "https://access.redhat.com/errata/RHSA-2025:4552"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:4548 vom 2025-05-06",
"url": "https://access.redhat.com/errata/RHSA-2025:4548"
},
{
"category": "external",
"summary": "IBM Security Bulletin",
"url": "https://www.ibm.com/support/pages/node/7234827"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:8258 vom 2025-06-03",
"url": "https://access.redhat.com/errata/RHSA-2025:8258"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:8761 vom 2025-06-10",
"url": "https://access.redhat.com/errata/RHSA-2025:8761"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7235497 vom 2025-06-21",
"url": "https://www.ibm.com/support/pages/node/7235497"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7237155 vom 2025-06-26",
"url": "https://www.ibm.com/support/pages/node/7237155"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:9922 vom 2025-06-30",
"url": "https://access.redhat.com/errata/RHSA-2025:9922"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:12511 vom 2025-08-03",
"url": "https://access.redhat.com/errata/RHSA-2025:12511"
},
{
"category": "external",
"summary": "Hitachi Vulnerability Information HITACHI-SEC-2025-127 vom 2025-09-30",
"url": "https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2025-127/index.html"
},
{
"category": "external",
"summary": "Hitachi Vulnerability Information HITACHI-SEC-2025-126 vom 2025-09-30",
"url": "https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2025-126/index.html"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7248128 vom 2025-10-16",
"url": "https://www.ibm.com/support/pages/node/7248128"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:23417 vom 2025-12-17",
"url": "https://access.redhat.com/errata/RHSA-2025:23417"
}
],
"source_lang": "en-US",
"title": "Red Hat Enterprise Linux (Quarkus): Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2025-12-16T23:00:00.000+00:00",
"generator": {
"date": "2025-12-17T10:17:10.886+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.5.0"
}
},
"id": "WID-SEC-W-2025-0460",
"initial_release_date": "2025-02-27T23:00:00.000+00:00",
"revision_history": [
{
"date": "2025-02-27T23:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2025-03-03T23:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2025-03-11T23:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2025-03-18T23:00:00.000+00:00",
"number": "4",
"summary": "Neue Updates von Atlassian aufgenommen"
},
{
"date": "2025-03-27T23:00:00.000+00:00",
"number": "5",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2025-03-31T22:00:00.000+00:00",
"number": "6",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2025-04-01T22:00:00.000+00:00",
"number": "7",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2025-04-02T22:00:00.000+00:00",
"number": "8",
"summary": "Neue Updates von Red Hat und IBM aufgenommen"
},
{
"date": "2025-04-28T22:00:00.000+00:00",
"number": "9",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2025-05-06T22:00:00.000+00:00",
"number": "10",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2025-05-27T22:00:00.000+00:00",
"number": "11",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2025-06-02T22:00:00.000+00:00",
"number": "12",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2025-06-09T22:00:00.000+00:00",
"number": "13",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2025-06-22T22:00:00.000+00:00",
"number": "14",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2025-06-26T22:00:00.000+00:00",
"number": "15",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2025-06-30T22:00:00.000+00:00",
"number": "16",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2025-08-03T22:00:00.000+00:00",
"number": "17",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2025-09-29T22:00:00.000+00:00",
"number": "18",
"summary": "Neue Updates von HITACHI aufgenommen"
},
{
"date": "2025-10-16T22:00:00.000+00:00",
"number": "19",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2025-12-16T23:00:00.000+00:00",
"number": "20",
"summary": "Neue Updates von Red Hat aufgenommen"
}
],
"status": "final",
"version": "20"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c10.2.2",
"product": {
"name": "Atlassian Bamboo \u003c10.2.2",
"product_id": "T041966"
}
},
{
"category": "product_version",
"name": "10.2.2",
"product": {
"name": "Atlassian Bamboo 10.2.2",
"product_id": "T041966-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:atlassian:bamboo:10.2.2"
}
}
},
{
"category": "product_version_range",
"name": "\u003c9.6.11",
"product": {
"name": "Atlassian Bamboo \u003c9.6.11",
"product_id": "T041967"
}
},
{
"category": "product_version",
"name": "9.6.11",
"product": {
"name": "Atlassian Bamboo 9.6.11",
"product_id": "T041967-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:atlassian:bamboo:9.6.11"
}
}
}
],
"category": "product_name",
"name": "Bamboo"
}
],
"category": "vendor",
"name": "Atlassian"
},
{
"branches": [
{
"category": "product_name",
"name": "Hitachi Ops Center",
"product": {
"name": "Hitachi Ops Center",
"product_id": "T038840",
"product_identification_helper": {
"cpe": "cpe:/a:hitachi:ops_center:-"
}
}
}
],
"category": "vendor",
"name": "Hitachi"
},
{
"branches": [
{
"category": "product_name",
"name": "IBM FlashSystem",
"product": {
"name": "IBM FlashSystem",
"product_id": "T025159",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:flashsystem:-"
}
}
},
{
"branches": [
{
"category": "product_version",
"name": "11.7",
"product": {
"name": "IBM InfoSphere Information Server 11.7",
"product_id": "444803",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:infosphere_information_server:11.7"
}
}
}
],
"category": "product_name",
"name": "InfoSphere Information Server"
},
{
"branches": [
{
"category": "product_version",
"name": "7.6.1",
"product": {
"name": "IBM Maximo Asset Management 7.6.1",
"product_id": "389168",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:maximo_asset_management:7.6.1"
}
}
}
],
"category": "product_name",
"name": "Maximo Asset Management"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cV8.11.0.1 Interim fix 042",
"product": {
"name": "IBM Operational Decision Manager \u003cV8.11.0.1 Interim fix 042",
"product_id": "T043174"
}
},
{
"category": "product_version",
"name": "V8.11.0.1 Interim fix 042",
"product": {
"name": "IBM Operational Decision Manager V8.11.0.1 Interim fix 042",
"product_id": "T043174-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:operational_decision_manager:v8.11.0.1_interim_fix_042"
}
}
},
{
"category": "product_version_range",
"name": "\u003cV8.11.1.0: Interim fix 039",
"product": {
"name": "IBM Operational Decision Manager \u003cV8.11.1.0: Interim fix 039",
"product_id": "T043175"
}
},
{
"category": "product_version",
"name": "V8.11.1.0: Interim fix 039",
"product": {
"name": "IBM Operational Decision Manager V8.11.1.0: Interim fix 039",
"product_id": "T043175-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:operational_decision_manager:v8.11.1.0_interim_fix_039"
}
}
},
{
"category": "product_version_range",
"name": "\u003cV8.12.0.1: Interim fix 024",
"product": {
"name": "IBM Operational Decision Manager \u003cV8.12.0.1: Interim fix 024",
"product_id": "T043176"
}
},
{
"category": "product_version",
"name": "V8.12.0.1: Interim fix 024",
"product": {
"name": "IBM Operational Decision Manager V8.12.0.1: Interim fix 024",
"product_id": "T043176-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:operational_decision_manager:v8.12.0.1_interim_fix_024"
}
}
},
{
"category": "product_version_range",
"name": "\u003cV9.0.0.1: Interim fix 007",
"product": {
"name": "IBM Operational Decision Manager \u003cV9.0.0.1: Interim fix 007",
"product_id": "T043177"
}
},
{
"category": "product_version",
"name": "V9.0.0.1: Interim fix 007",
"product": {
"name": "IBM Operational Decision Manager V9.0.0.1: Interim fix 007",
"product_id": "T043177-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:operational_decision_manager:v9.0.0.1_interim_fix_007"
}
}
}
],
"category": "product_name",
"name": "Operational Decision Manager"
},
{
"category": "product_name",
"name": "IBM QRadar SIEM",
"product": {
"name": "IBM QRadar SIEM",
"product_id": "T021415",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:qradar_siem:-"
}
}
},
{
"category": "product_name",
"name": "IBM SAN Volume Controller",
"product": {
"name": "IBM SAN Volume Controller",
"product_id": "T020642",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:san_volume_controller:-"
}
}
},
{
"branches": [
{
"category": "product_version",
"name": "Analytic Server",
"product": {
"name": "IBM SPSS Analytic Server",
"product_id": "T011789",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:spss:analytic_server"
}
}
}
],
"category": "product_name",
"name": "SPSS"
},
{
"branches": [
{
"category": "product_version",
"name": "12",
"product": {
"name": "IBM Security Guardium 12",
"product_id": "T043916",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:security_guardium:sqlguard_12.0p35_bundle_jan-28-2025"
}
}
}
],
"category": "product_name",
"name": "Security Guardium"
}
],
"category": "vendor",
"name": "IBM"
},
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux",
"product": {
"name": "Red Hat Enterprise Linux",
"product_id": "67646",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:-"
}
}
},
{
"category": "product_version_range",
"name": "Quarkus \u003c3.8.6.SP3",
"product": {
"name": "Red Hat Enterprise Linux Quarkus \u003c3.8.6.SP3",
"product_id": "T041477"
}
},
{
"category": "product_version",
"name": "Quarkus 3.8.6.SP3",
"product": {
"name": "Red Hat Enterprise Linux Quarkus 3.8.6.SP3",
"product_id": "T041477-fixed",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:quarkus__3.8.6.sp3"
}
}
},
{
"category": "product_version_range",
"name": "Quarkus \u003c3.15.3.SP1",
"product": {
"name": "Red Hat Enterprise Linux Quarkus \u003c3.15.3.SP1",
"product_id": "T041478"
}
},
{
"category": "product_version",
"name": "Quarkus 3.15.3.SP1",
"product": {
"name": "Red Hat Enterprise Linux Quarkus 3.15.3.SP1",
"product_id": "T041478-fixed",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:quarkus__3.15.3.sp1"
}
}
},
{
"category": "product_version_range",
"name": "Quarkus \u003c3.20.1",
"product": {
"name": "Red Hat Enterprise Linux Quarkus \u003c3.20.1",
"product_id": "T044254"
}
},
{
"category": "product_version",
"name": "Quarkus 3.20.1",
"product": {
"name": "Red Hat Enterprise Linux Quarkus 3.20.1",
"product_id": "T044254-fixed",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:quarkus__3.20.1"
}
}
},
{
"category": "product_version",
"name": "Apache Camel 1",
"product": {
"name": "Red Hat Enterprise Linux Apache Camel 1",
"product_id": "T044468",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:apache_camel_1"
}
}
}
],
"category": "product_name",
"name": "Enterprise Linux"
},
{
"category": "product_name",
"name": "Red Hat Integration",
"product": {
"name": "Red Hat Integration",
"product_id": "T033960",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:integration:-"
}
}
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c8.5.3",
"product": {
"name": "Red Hat JBoss Data Grid \u003c8.5.3",
"product_id": "T041746"
}
},
{
"category": "product_version",
"name": "8.5.3",
"product": {
"name": "Red Hat JBoss Data Grid 8.5.3",
"product_id": "T041746-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_data_grid:8.5.3"
}
}
}
],
"category": "product_name",
"name": "JBoss Data Grid"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c7.4.21",
"product": {
"name": "Red Hat JBoss Enterprise Application Platform \u003c7.4.21",
"product_id": "T042265"
}
},
{
"category": "product_version",
"name": "7.4.21",
"product": {
"name": "Red Hat JBoss Enterprise Application Platform 7.4.21",
"product_id": "T042265-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4.21"
}
}
}
],
"category": "product_name",
"name": "JBoss Enterprise Application Platform"
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-1247",
"product_status": {
"known_affected": [
"T011789",
"67646",
"T041967",
"T041746",
"T041966",
"389168",
"T043916",
"T033960",
"T038840",
"T020642",
"T044468",
"444803",
"T021415",
"T025159",
"T041478",
"T043174",
"T041477",
"T043175",
"T044254",
"T043176",
"T043177",
"T042265"
]
},
"release_date": "2025-02-27T23:00:00.000+00:00",
"title": "CVE-2025-1247"
},
{
"cve": "CVE-2025-1634",
"product_status": {
"known_affected": [
"T011789",
"67646",
"T041967",
"T041746",
"T041966",
"389168",
"T043916",
"T033960",
"T038840",
"T020642",
"T044468",
"444803",
"T021415",
"T025159",
"T041478",
"T043174",
"T041477",
"T043175",
"T044254",
"T043176",
"T043177",
"T042265"
]
},
"release_date": "2025-02-27T23:00:00.000+00:00",
"title": "CVE-2025-1634"
},
{
"cve": "CVE-2025-24970",
"product_status": {
"known_affected": [
"T011789",
"67646",
"T041967",
"T041746",
"T041966",
"389168",
"T043916",
"T033960",
"T038840",
"T020642",
"T044468",
"444803",
"T021415",
"T025159",
"T041478",
"T043174",
"T041477",
"T043175",
"T044254",
"T043176",
"T043177",
"T042265"
]
},
"release_date": "2025-02-27T23:00:00.000+00:00",
"title": "CVE-2025-24970"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…