Skip to main content
Press slash or control plus K to focus the search. Use the arrow keys to navigate results and press enter to open a threat.
Reconnecting to live updates…

Red Hat Security Advisory: Logging for Red Hat OpenShift - 5.8.19

0
High
Published: 04/02/2025 (04/02/2025, 20:05:39 UTC)
Source: GCVE Database
Vendor/Project: Red Hat Product Security
Product: Red Hat

Description

A Local File Inclusion (LFI) vulnerability (CVE-2025-27610) exists in the logging-fluentd-container component of Red Hat OpenShift Logging 5.8.19, specifically in the Rack::Static module. This vulnerability is categorized under CWE-23. Red Hat has issued an important security advisory (RHSA-2025:3448) addressing this issue. Instructions for upgrading OpenShift Container Platform 4.13 and Red Hat OpenShift Logging 5.8 are provided to apply the update. No explicit patch details are given in the advisory content, but upgrade guidance is available. The vulnerability is rated as high severity by the source. There are no known exploits in the wild at this time.

AI-Powered Analysis

Machine-generated threat intelligence

AILast updated: 07/12/2026, 09:22:43 UTC

Technical Analysis

CVE-2025-27610 is a Local File Inclusion vulnerability in the Rack::Static component used by the logging-fluentd-container in Red Hat OpenShift Logging 5.8.19. This flaw could allow an attacker to include local files on the system, potentially leading to information disclosure or other impacts. Red Hat has published an important security advisory (RHSA-2025:3448) with instructions to upgrade affected OpenShift Container Platform and Logging components. The advisory references OpenShift Container Platform 4.13 and Red Hat OpenShift Logging 5.8 upgrade documentation for remediation steps. No direct patch files or fixed versions are explicitly stated in the advisory content provided.

Potential Impact

The vulnerability allows local file inclusion via the Rack::Static component in the logging-fluentd-container, which could lead to unauthorized access to local files. This may result in information disclosure or other security impacts depending on the files accessed. The severity is assessed as high. There are no known exploits in the wild currently.

Mitigation Recommendations

Red Hat has issued an important security advisory (RHSA-2025:3448) with upgrade instructions for OpenShift Container Platform 4.13 and Red Hat OpenShift Logging 5.8 to address this vulnerability. Users should follow the official Red Hat documentation to upgrade their clusters and apply the errata update as soon as possible. Patch status is not explicitly confirmed in the advisory text, so users should rely on the vendor's upgrade instructions and check the Red Hat advisory for the latest remediation guidance.

Pro Console: star threats, build custom feeds, automate alerts via Slack, email & webhooks.Upgrade to Pro

Technical Details

Gcve Source
db.gcve.eu
Csaf Category
csaf_security_advisory
Csaf Version
2.0
Publisher
Red Hat Product Security
Advisory Id
RHSA-2025:3448
Cve Count
1
Additional Cves
[]
Cvss Version
null

Threat ID: 6a535c0268715ace43ad582f

Added to database: 07/12/2026, 09:18:58 UTC

Last enriched: 07/12/2026, 09:22:43 UTC

Last updated: 07/12/2026, 09:50:19 UTC

Views: 3

Community Reviews

0 reviews

Crowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.

Sort by
Loading community insights…

Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.

Actions

PRO

Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.

Please log in to the Console to use AI analysis features.

Need more coverage?

Upgrade to Pro Console for AI refresh and higher limits.

For incident response and remediation, OffSeq services can help resolve threats faster.

Latest Threats

Breach by OffSeqOFFSEQFRIENDS — 25% OFF

Check if your credentials are on the dark web

Instant breach scanning across billions of leaked records. Free tier available.

Scan now
OffSeq TrainingCredly Certified

Lead Pen Test Professional

Technical5-day eLearningPECB Accredited
View courses