This advisory covers Red Hat OpenShift Container Platform 4.18.29, which fixes four security vulnerabilities: CVE-2025-11561 in sssd allows privilege escalation on Active Directory-joined Linux systems due to default Kerberos configuration; CVE-2025-31133, CVE-2025-52565, and CVE-2025-52881 are container escape vulnerabilities in runc caused by mount race conditions, malicious container configurations involving /dev/console mounts, and arbitrary write gadgets with procfs write redirects, respectively. These issues could allow attackers to escalate privileges or escape container isolation. The update provides patched container images and RPM packages. Users should upgrade their OpenShift clusters following Red Hat's documented procedures. The advisory does not provide CVSS scores but rates the impact as important.

The vulnerabilities fixed in this update could allow attackers to escalate privileges on Active Directory-joined Linux systems or escape container isolation in OpenShift environments. This could lead to unauthorized access or denial of service within affected systems. No known exploits in the wild have been reported. The security impact is rated as important by Red Hat, indicating a high risk if left unpatched.

Red Hat has released updated container images and RPM packages in OpenShift Container Platform 4.18.29 that address these vulnerabilities. Users should upgrade their OpenShift 4.18 clusters to this version using the OpenShift CLI (oc) or web console as soon as the updates are available in their release channel. Detailed upgrade instructions are provided by Red Hat at https://docs.redhat.com/en/documentation/openshift_container_platform/4.18/html-single/updating_clusters/index#updating-cluster-cli. No additional mitigation steps are indicated beyond applying these official updates.