This advisory covers Red Hat OpenShift Container Platform 4.13.61, which contains fixes for five security vulnerabilities: CVE-2025-49794 and CVE-2025-49796 in libxml causing denial of service via heap use-after-free and type confusion; CVE-2025-6965 in SQLite involving integer truncation; CVE-2025-5994 in unbound related to cache poisoning; and CVE-2025-9566 in podman where the 'podman kube play' command may overwrite host files. The update includes container image and package fixes for multiple architectures and is intended for on-premise or private cloud deployments. Red Hat classifies the update as having an Important security impact and recommends upgrading to the fixed versions as soon as they are available.

The vulnerabilities fixed in this update can lead to denial of service conditions (libxml issues), potential cache poisoning attacks (unbound), integer truncation issues (SQLite), and unauthorized file overwrites on the host system (podman). These issues collectively pose a high risk to the confidentiality, integrity, and availability of affected OpenShift Container Platform deployments if left unpatched. No known exploits in the wild have been reported at the time of this advisory.

Red Hat has released updated container images and RPM packages for OpenShift Container Platform 4.13.61 that address these vulnerabilities. Users should upgrade their clusters using the OpenShift CLI (oc) or web console following the official upgrade instructions provided by Red Hat. Since this is an on-premise/private cloud product, remediation is managed by the user applying these updates. Patch status is confirmed by the vendor advisory. No additional mitigation steps beyond applying the update are indicated.