The advisory covers four distinct vulnerabilities in the logging subsystem of Red Hat OpenShift 5.9.13. CVE-2025-25186 involves Net::IMAP being vulnerable to a potential denial of service through memory exhaustion. CVE-2025-27610 is a local file inclusion vulnerability in the Rack::Static component. CVE-2025-27144 and CVE-2025-30204 affect the lokistack-gateway container, where Go JOSE's parsing and jwt-go's header parsing can lead to denial of service conditions due to excessive memory allocation. The issues span multiple architectures and components within the OpenShift logging stack. The vendor advisory (RHSA-2025:3906) includes instructions for upgrading and applying the errata to mitigate these vulnerabilities.

Successful exploitation of these vulnerabilities could result in denial of service conditions through memory exhaustion or excessive memory allocation, potentially disrupting logging services within Red Hat OpenShift environments. The local file inclusion vulnerability could allow unauthorized local file access within the Rack::Static component, which may lead to information disclosure or other impacts depending on the environment. No evidence of active exploitation is reported.

Red Hat has issued an official security advisory (RHSA-2025:3906) with updated images and instructions to upgrade Red Hat OpenShift Logging to version 5.9.13. Users should follow the provided upgrade documentation for OpenShift Container Platform 4.14 and Red Hat OpenShift Logging 5.9 to fully apply this errata update. Applying these updates will remediate the identified vulnerabilities. No additional mitigation steps are indicated beyond applying the official patches and updates.