This advisory covers security fixes in Red Hat OpenShift Container Platform 4.18.23 for three vulnerabilities: CVE-2025-7425 is a heap use-after-free in libxslt caused by atype corruption in xmlAttrPtr; CVE-2025-32414 and CVE-2025-32415 are out-of-bounds read vulnerabilities in libxml2, including one in the xmlSchemaIDCFillNodeTables function. These issues could potentially lead to memory corruption or information disclosure. The advisory provides updated container images and RPM packages to address these vulnerabilities. Users of OpenShift Container Platform 4.18 are advised to upgrade using the OpenShift CLI or web console following Red Hat's documented procedures. No CVSS scores are provided in the advisory, but the update is rated as important by Red Hat.

The vulnerabilities include a heap use-after-free and out-of-bounds reads in widely used XML processing libraries (libxslt and libxml2) within OpenShift Container Platform 4.18. These flaws could lead to memory corruption or information disclosure if exploited. Red Hat rates the security impact as important, indicating a high severity but not critical. There are no known exploits in the wild at the time of this advisory. The issues affect on-premise or private cloud deployments of OpenShift Container Platform 4.18 across multiple architectures including x86_64, s390x, ppc64le, and aarch64.

Red Hat has released updated container images and RPM packages in OpenShift Container Platform 4.18.23 that fix these vulnerabilities. Users should upgrade to these updated packages and images as soon as they are available in their release channel. Upgrades can be performed using the OpenShift CLI (oc) or the web console. Detailed upgrade instructions are available in Red Hat's official documentation. Since this is an official fix, applying the update fully remediates the vulnerabilities. There is no indication that additional mitigation steps are required beyond upgrading.