Red Hat OpenShift Logging 5.9.12 contains a moderate severity vulnerability related to possible log injection in the logging-fluentd-container component, specifically in Rack::CommonLogger (CVE-2025-25184, also referenced as CVE-2024-12797). This vulnerability is categorized under CWE-295 and CWE-117, indicating issues with improper certificate validation and improper output neutralization for logs, respectively. The vulnerability affects multiple architectures of the logging subsystem for Red Hat OpenShift on RHEL 9. Red Hat has issued a security advisory (RHSA-2025:1985) detailing the issue and providing upgrade instructions to mitigate the vulnerability. The advisory references updated container images and documentation for applying the update. No direct patch files are linked, but the vendor guidance directs users to upgrade their clusters using official OpenShift documentation.

The vulnerability could allow an attacker to inject malicious content into logs, potentially compromising the integrity and reliability of log data. This may affect monitoring, auditing, and forensic analysis processes that rely on accurate logging. However, there are no known exploits in the wild, and the severity is rated as moderate by Red Hat.

Red Hat has provided official upgrade instructions to address this vulnerability. Users of Red Hat OpenShift Logging 5.9 should follow the guidance in the Red Hat advisory RHSA-2025:1985 and the linked OpenShift documentation to upgrade their clusters and apply the errata update. Since this is not a cloud service, remediation requires user action to upgrade the affected components. There are no indications that no action is required or that the issue is already mitigated without upgrade. Patch status is confirmed by the vendor advisory directing to upgrade procedures.