Red Hat Security Advisory: Logging for Red Hat OpenShift - 5.8.19
A Local File Inclusion (LFI) vulnerability (CVE-2025-27610) exists in the logging-fluentd-container component of Red Hat OpenShift Logging 5.8.19, specifically in the Rack::Static module. This vulnerability is categorized under CWE-23. Red Hat has issued an important security advisory (RHSA-2025:3448) addressing this issue. Instructions for upgrading OpenShift Container Platform 4.13 and Red Hat OpenShift Logging 5.8 are provided to apply the update. No explicit patch details are given in the advisory content, but upgrade guidance is available. The vulnerability is rated as high severity by the source. There are no known exploits in the wild at this time.
AI Analysis
Technical Summary
CVE-2025-27610 is a Local File Inclusion vulnerability in the Rack::Static component used by the logging-fluentd-container in Red Hat OpenShift Logging 5.8.19. This flaw could allow an attacker to include local files on the system, potentially leading to information disclosure or other impacts. Red Hat has published an important security advisory (RHSA-2025:3448) with instructions to upgrade affected OpenShift Container Platform and Logging components. The advisory references OpenShift Container Platform 4.13 and Red Hat OpenShift Logging 5.8 upgrade documentation for remediation steps. No direct patch files or fixed versions are explicitly stated in the advisory content provided.
Potential Impact
The vulnerability allows local file inclusion via the Rack::Static component in the logging-fluentd-container, which could lead to unauthorized access to local files. This may result in information disclosure or other security impacts depending on the files accessed. The severity is assessed as high. There are no known exploits in the wild currently.
Mitigation Recommendations
Red Hat has issued an important security advisory (RHSA-2025:3448) with upgrade instructions for OpenShift Container Platform 4.13 and Red Hat OpenShift Logging 5.8 to address this vulnerability. Users should follow the official Red Hat documentation to upgrade their clusters and apply the errata update as soon as possible. Patch status is not explicitly confirmed in the advisory text, so users should rely on the vendor's upgrade instructions and check the Red Hat advisory for the latest remediation guidance.
Red Hat Security Advisory: Logging for Red Hat OpenShift - 5.8.19
Description
A Local File Inclusion (LFI) vulnerability (CVE-2025-27610) exists in the logging-fluentd-container component of Red Hat OpenShift Logging 5.8.19, specifically in the Rack::Static module. This vulnerability is categorized under CWE-23. Red Hat has issued an important security advisory (RHSA-2025:3448) addressing this issue. Instructions for upgrading OpenShift Container Platform 4.13 and Red Hat OpenShift Logging 5.8 are provided to apply the update. No explicit patch details are given in the advisory content, but upgrade guidance is available. The vulnerability is rated as high severity by the source. There are no known exploits in the wild at this time.
Weaknesses
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
CVE-2025-27610 is a Local File Inclusion vulnerability in the Rack::Static component used by the logging-fluentd-container in Red Hat OpenShift Logging 5.8.19. This flaw could allow an attacker to include local files on the system, potentially leading to information disclosure or other impacts. Red Hat has published an important security advisory (RHSA-2025:3448) with instructions to upgrade affected OpenShift Container Platform and Logging components. The advisory references OpenShift Container Platform 4.13 and Red Hat OpenShift Logging 5.8 upgrade documentation for remediation steps. No direct patch files or fixed versions are explicitly stated in the advisory content provided.
Potential Impact
The vulnerability allows local file inclusion via the Rack::Static component in the logging-fluentd-container, which could lead to unauthorized access to local files. This may result in information disclosure or other security impacts depending on the files accessed. The severity is assessed as high. There are no known exploits in the wild currently.
Mitigation Recommendations
Red Hat has issued an important security advisory (RHSA-2025:3448) with upgrade instructions for OpenShift Container Platform 4.13 and Red Hat OpenShift Logging 5.8 to address this vulnerability. Users should follow the official Red Hat documentation to upgrade their clusters and apply the errata update as soon as possible. Patch status is not explicitly confirmed in the advisory text, so users should rely on the vendor's upgrade instructions and check the Red Hat advisory for the latest remediation guidance.
Technical Details
- Gcve Source
- db.gcve.eu
- Csaf Category
- csaf_security_advisory
- Csaf Version
- 2.0
- Publisher
- Red Hat Product Security
- Advisory Id
- RHSA-2025:3448
- Cve Count
- 1
- Additional Cves
- []
- Cvss Version
- null
Threat ID: 6a535c0268715ace43ad582f
Added to database: 07/12/2026, 09:18:58 UTC
Last enriched: 07/12/2026, 09:22:43 UTC
Last updated: 07/12/2026, 09:50:19 UTC
Views: 3
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.