Red Hat Security Advisory: Red Hat build of Cryostat 4.0.3: new RHEL 9 container image security update
Red Hat has issued a security advisory for Cryostat 4. 0. 3 container images on RHEL 9, addressing a symlink validation bypass vulnerability in the tar-fs component (CVE-2025-59343). This update includes backported patches fixing this and other bugs. Users are advised to upgrade to the updated container images and rebuild any dependent container images to ensure the fixes are applied.
AI Analysis
Technical Summary
The Cryostat 4 on RHEL 9 container images have been updated to fix multiple bugs, including a security vulnerability identified as CVE-2025-59343, which involves a symlink validation bypass in the tar-fs component. This vulnerability is categorized under CWE-22 (Path Traversal). The advisory recommends upgrading to the new container images available from the Red Hat Container Registry and rebuilding dependent images. The update is rated as having an Important security impact by Red Hat Product Security. No CVSS score is provided in the advisory.
Potential Impact
The vulnerability allows bypassing symlink validation in the tar-fs component, which could potentially lead to unauthorized file access or manipulation within container environments using Cryostat 4 on RHEL 9 images. The advisory rates the security impact as Important (high severity). There are no known exploits in the wild at the time of the advisory.
Mitigation Recommendations
Red Hat has released updated Cryostat 4.0.3 container images on RHEL 9 that include backported patches fixing the symlink validation bypass vulnerability. Users should upgrade to these updated images from the Red Hat Container Registry and rebuild all container images that depend on them. This is the official fix provided by Red Hat. Patch status is confirmed as available and remediation is through upgrading to the updated container images.
Red Hat Security Advisory: Red Hat build of Cryostat 4.0.3: new RHEL 9 container image security update
Description
Red Hat has issued a security advisory for Cryostat 4. 0. 3 container images on RHEL 9, addressing a symlink validation bypass vulnerability in the tar-fs component (CVE-2025-59343). This update includes backported patches fixing this and other bugs. Users are advised to upgrade to the updated container images and rebuild any dependent container images to ensure the fixes are applied.
Weaknesses
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
The Cryostat 4 on RHEL 9 container images have been updated to fix multiple bugs, including a security vulnerability identified as CVE-2025-59343, which involves a symlink validation bypass in the tar-fs component. This vulnerability is categorized under CWE-22 (Path Traversal). The advisory recommends upgrading to the new container images available from the Red Hat Container Registry and rebuilding dependent images. The update is rated as having an Important security impact by Red Hat Product Security. No CVSS score is provided in the advisory.
Potential Impact
The vulnerability allows bypassing symlink validation in the tar-fs component, which could potentially lead to unauthorized file access or manipulation within container environments using Cryostat 4 on RHEL 9 images. The advisory rates the security impact as Important (high severity). There are no known exploits in the wild at the time of the advisory.
Mitigation Recommendations
Red Hat has released updated Cryostat 4.0.3 container images on RHEL 9 that include backported patches fixing the symlink validation bypass vulnerability. Users should upgrade to these updated images from the Red Hat Container Registry and rebuild all container images that depend on them. This is the official fix provided by Red Hat. Patch status is confirmed as available and remediation is through upgrading to the updated container images.
Technical Details
- Gcve Source
- db.gcve.eu
- Csaf Category
- csaf_security_advisory
- Csaf Version
- 2.0
- Publisher
- Red Hat Product Security
- Advisory Id
- RHSA-2025:17376
- Cve Count
- 1
- Additional Cves
- []
- Cvss Version
- null
Threat ID: 6a1f4e87e29bf47b5008129b
Added to database: 6/2/2026, 9:43:35 PM
Last enriched: 6/2/2026, 10:10:10 PM
Last updated: 6/3/2026, 5:09:11 AM
Views: 2
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.