Red Hat Security Advisory: Red Hat build of Cryostat security update
Red Hat has issued a security update for the Red Hat build of Cryostat 4 on RHEL 9 addressing two vulnerabilities: an information disclosure issue in lz4-java due to insufficient output buffer clearing (CVE-2025-66566) and a denial of service vulnerability in qs caused by improper input validation in array parsing (CVE-2025-15284). The update is rated as having an important security impact by Red Hat Product Security. No known exploits are reported in the wild. Users are advised to apply the update after ensuring all prior errata are installed.
AI Analysis
Technical Summary
This advisory covers two security vulnerabilities in the Red Hat build of Cryostat 4 on RHEL 9. The first vulnerability (CVE-2025-66566) involves information disclosure via insufficient clearing of output buffers in the lz4-java component. The second vulnerability (CVE-2025-15284) is a denial of service caused by improper input validation during array parsing in the qs component. Red Hat has released an update to address these issues, rated as important in severity. The advisory references the Red Hat Security Advisory RHSA-2026:0761 for detailed remediation instructions.
Potential Impact
The information disclosure vulnerability could potentially expose sensitive data due to insufficient buffer clearing. The denial of service vulnerability could allow an attacker to disrupt service availability by exploiting improper input validation. Both vulnerabilities are rated as important by Red Hat, indicating a high security impact but no known active exploitation in the wild at this time.
Mitigation Recommendations
Red Hat has released an official security update for Cryostat 4 on RHEL 9 that addresses these vulnerabilities. Users should apply this update promptly after ensuring all previously released errata relevant to their system have been applied. Detailed update instructions are available in the Red Hat advisory RHSA-2026:0761 and the referenced knowledge base article https://access.redhat.com/articles/11258. No additional mitigation steps are indicated by the vendor.
Red Hat Security Advisory: Red Hat build of Cryostat security update
Description
Red Hat has issued a security update for the Red Hat build of Cryostat 4 on RHEL 9 addressing two vulnerabilities: an information disclosure issue in lz4-java due to insufficient output buffer clearing (CVE-2025-66566) and a denial of service vulnerability in qs caused by improper input validation in array parsing (CVE-2025-15284). The update is rated as having an important security impact by Red Hat Product Security. No known exploits are reported in the wild. Users are advised to apply the update after ensuring all prior errata are installed.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
This advisory covers two security vulnerabilities in the Red Hat build of Cryostat 4 on RHEL 9. The first vulnerability (CVE-2025-66566) involves information disclosure via insufficient clearing of output buffers in the lz4-java component. The second vulnerability (CVE-2025-15284) is a denial of service caused by improper input validation during array parsing in the qs component. Red Hat has released an update to address these issues, rated as important in severity. The advisory references the Red Hat Security Advisory RHSA-2026:0761 for detailed remediation instructions.
Potential Impact
The information disclosure vulnerability could potentially expose sensitive data due to insufficient buffer clearing. The denial of service vulnerability could allow an attacker to disrupt service availability by exploiting improper input validation. Both vulnerabilities are rated as important by Red Hat, indicating a high security impact but no known active exploitation in the wild at this time.
Mitigation Recommendations
Red Hat has released an official security update for Cryostat 4 on RHEL 9 that addresses these vulnerabilities. Users should apply this update promptly after ensuring all previously released errata relevant to their system have been applied. Detailed update instructions are available in the Red Hat advisory RHSA-2026:0761 and the referenced knowledge base article https://access.redhat.com/articles/11258. No additional mitigation steps are indicated by the vendor.
Technical Details
- Gcve Source
- db.gcve.eu
- Csaf Category
- csaf_security_advisory
- Csaf Version
- 2.0
- Publisher
- Red Hat Product Security
- Advisory Id
- RHSA-2026:0761
- Cve Count
- 2
- Additional Cves
- ["CVE-2025-66566"]
- Cvss Version
- null
Threat ID: 6a160984e29bf47b50650c53
Added to database: 5/26/2026, 8:58:44 PM
Last enriched: 5/26/2026, 9:34:38 PM
Last updated: 5/27/2026, 4:48:44 AM
Views: 2
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.