This advisory covers Red Hat OpenShift Container Platform 4.14.58, which addresses six security vulnerabilities: CVE-2025-5914 (libarchive double free), CVE-2025-5994 (unbound cache poisoning), CVE-2025-6965 (SQLite integer truncation), CVE-2025-9566 (podman kube play command file overwrite), CVE-2025-49794 (libxml heap use after free causing denial of service), and CVE-2025-49796 (libxml type confusion causing denial of service). These issues affect container images and RPM packages associated with OpenShift 4.14. The update is classified as Important by Red Hat, and users should upgrade their clusters using the OpenShift CLI or web console following Red Hat's documented procedures. The advisory does not provide CVSS scores but references CVE pages for further details.

The vulnerabilities fixed in this release include memory corruption (double free, use after free), cache poisoning, integer truncation, and potential file overwrite issues, which could lead to denial of service or unauthorized file modification. The overall security impact is rated Important by Red Hat Product Security. There are no reports of known exploits in the wild at the time of this advisory. The affected product is widely used for on-premise or private cloud Kubernetes deployments, so unpatched systems may be at risk of these issues.

Red Hat has released updated container images and RPM packages for OpenShift Container Platform 4.14.58 that address these vulnerabilities. Users should upgrade their OpenShift clusters to this version using the OpenShift CLI (oc) or web console as soon as the updates are available in their release channels. Detailed upgrade instructions are provided by Red Hat at https://docs.redhat.com/en/documentation/openshift_container_platform/4.14/html-single/updating_clusters/index#updating-cluster-cli. No additional mitigations are specified or required beyond applying the official update.