The buildah package in Red Hat Enterprise Linux 9.2 has been updated to address four security vulnerabilities: CVE-2025-52881 involves container escape and denial of service via arbitrary write gadgets and procfs write redirects in runc; CVE-2025-58183 is an unbounded allocation vulnerability in golang's archive/tar when parsing GNU sparse maps; CVE-2025-47913 causes an SSH client panic due to unexpected SSH_AGENT_SUCCESS messages in golang.org/x/crypto/ssh/agent; and CVE-2025-65637 is a denial-of-service vulnerability in github.com/sirupsen/logrus triggered by large single-line payloads. These vulnerabilities affect container image building and related components. Red Hat has issued an important security advisory (RHSA-2026:4532) with updated packages to remediate these issues across multiple supported architectures and product variants.

Successful exploitation of these vulnerabilities could lead to container escapes, denial of service conditions, and application crashes in environments using buildah and its dependencies. Specifically, CVE-2025-52881 could allow an attacker to escape container isolation or cause denial of service. CVE-2025-58183 may cause excessive memory consumption leading to denial of service. CVE-2025-47913 can cause SSH client panics disrupting operations. CVE-2025-65637 may cause denial of service due to processing large payloads. No known exploits in the wild have been reported so far.

Red Hat has released updated buildah packages addressing these vulnerabilities. Users should apply the security update RHSA-2026:4532 promptly to affected Red Hat Enterprise Linux 9.2 systems. Detailed update instructions are available at https://access.redhat.com/articles/11258. Since this is an on-premises product, remediation requires applying the vendor-provided patches. No additional vendor mitigation guidance indicates that no further action beyond patching is required.