Red Hat Security Advisory: buildah security update
A security update for the buildah package in Red Hat Enterprise Linux 10 addresses two vulnerabilities: CVE-2025-52881, a container escape and denial of service issue in runc due to arbitrary write gadgets and procfs write redirects; and CVE-2025-58183, an unbounded allocation vulnerability in golang's archive/tar when parsing GNU sparse maps. These vulnerabilities could allow an attacker to escape container isolation or cause denial of service and memory exhaustion. Red Hat has released updated buildah packages to fix these issues.
AI Analysis
Technical Summary
The buildah package, used for building OCI and Docker container images, was found vulnerable to two security issues. CVE-2025-52881 involves runc, where arbitrary write gadgets and procfs write redirects can lead to container escape and denial of service. CVE-2025-58183 involves golang's archive/tar package, which can perform unbounded memory allocation when parsing GNU sparse maps, potentially causing resource exhaustion. These vulnerabilities affect multiple architectures of Red Hat Enterprise Linux 10. Red Hat has issued an important security advisory (RHSA-2025:22012) with updated buildah packages that address these flaws.
Potential Impact
Successful exploitation of CVE-2025-52881 could allow an attacker to escape container isolation and cause denial of service on the host system. CVE-2025-58183 could lead to unbounded memory allocation, potentially causing denial of service through resource exhaustion. Both vulnerabilities impact container security and system stability on affected Red Hat Enterprise Linux 10 systems using buildah.
Mitigation Recommendations
Red Hat has released updated buildah packages that fix these vulnerabilities. Users of Red Hat Enterprise Linux 10 should apply the security update as described in Red Hat advisory RHSA-2025:22012. Detailed update instructions are available at https://access.redhat.com/articles/11258. No additional mitigations are indicated by the vendor advisory beyond applying the official patch.
Red Hat Security Advisory: buildah security update
Description
A security update for the buildah package in Red Hat Enterprise Linux 10 addresses two vulnerabilities: CVE-2025-52881, a container escape and denial of service issue in runc due to arbitrary write gadgets and procfs write redirects; and CVE-2025-58183, an unbounded allocation vulnerability in golang's archive/tar when parsing GNU sparse maps. These vulnerabilities could allow an attacker to escape container isolation or cause denial of service and memory exhaustion. Red Hat has released updated buildah packages to fix these issues.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
The buildah package, used for building OCI and Docker container images, was found vulnerable to two security issues. CVE-2025-52881 involves runc, where arbitrary write gadgets and procfs write redirects can lead to container escape and denial of service. CVE-2025-58183 involves golang's archive/tar package, which can perform unbounded memory allocation when parsing GNU sparse maps, potentially causing resource exhaustion. These vulnerabilities affect multiple architectures of Red Hat Enterprise Linux 10. Red Hat has issued an important security advisory (RHSA-2025:22012) with updated buildah packages that address these flaws.
Potential Impact
Successful exploitation of CVE-2025-52881 could allow an attacker to escape container isolation and cause denial of service on the host system. CVE-2025-58183 could lead to unbounded memory allocation, potentially causing denial of service through resource exhaustion. Both vulnerabilities impact container security and system stability on affected Red Hat Enterprise Linux 10 systems using buildah.
Mitigation Recommendations
Red Hat has released updated buildah packages that fix these vulnerabilities. Users of Red Hat Enterprise Linux 10 should apply the security update as described in Red Hat advisory RHSA-2025:22012. Detailed update instructions are available at https://access.redhat.com/articles/11258. No additional mitigations are indicated by the vendor advisory beyond applying the official patch.
Technical Details
- Gcve Source
- db.gcve.eu
- Csaf Category
- csaf_security_advisory
- Csaf Version
- 2.0
- Publisher
- Red Hat Product Security
- Advisory Id
- RHSA-2025:22012
- Cve Count
- 2
- Additional Cves
- ["CVE-2025-58183"]
- Cvss Version
- null
Threat ID: 6a16097ae29bf47b50646d11
Added to database: 5/26/2026, 8:58:34 PM
Last enriched: 5/26/2026, 10:20:44 PM
Last updated: 5/27/2026, 4:51:31 AM
Views: 2
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.