Red Hat Security Advisory: Red Hat build of OpenTelemetry 3.6.0 release
Red Hat has released version 3. 6. 0 of its build of OpenTelemetry, addressing multiple security vulnerabilities identified by CVE-2025-22868 and related CVEs. The update includes enhancements such as support for TPM 2. 0 TLS certificates and automatic upgrades of OpenTelemetryCollector custom resources by the Operator. There are no breaking changes or deprecations in this release. Known issues exist with certain AWS exporters related to endpoint protocol specification, with a documented workaround. No explicit bug fixes are detailed beyond the security updates. Patch status is not explicitly stated in the advisory, so users should consult the vendor documentation for upgrade procedures and confirmation. The severity of the vulnerabilities addressed is classified as high by Red Hat Product Security.
AI Analysis
Technical Summary
This Red Hat security advisory covers the release of Red Hat build of OpenTelemetry 3.6.0, which addresses multiple security vulnerabilities including CVE-2025-22868, CVE-2025-27144, CVE-2025-29786, and CVE-2025-30204. The update introduces enhancements such as support for TLS certificates in the TPM Software Stack (TSS) 2.0 format and automatic reconciliation and upgrade of OpenTelemetryCollector custom resources by the Operator. No breaking changes or deprecations are introduced. Known issues with AWS CloudWatch Logs, EMF, and X-Ray exporters remain, specifically related to endpoint protocol specification errors, with a workaround to include the protocol in endpoint URLs. The advisory does not explicitly confirm patch availability but provides upgrade instructions and references for applying the update. The vulnerabilities involve weaknesses categorized under CWEs 1286, 770, and 405, indicating issues related to improper access control and resource management.
Potential Impact
The vulnerabilities addressed in this advisory are rated high severity by Red Hat Product Security. They potentially affect Red Hat OpenShift distributed tracing components and related OpenTelemetry builds. The impact involves security weaknesses that could affect the integrity and reliability of telemetry data collection and processing. No known exploits in the wild have been reported. The advisory does not specify detailed exploitation scenarios or direct impact outcomes beyond the classification of severity and the affected components.
Mitigation Recommendations
Users should apply the Red Hat build of OpenTelemetry 3.6.0 update following the official upgrade instructions provided by Red Hat, available at https://docs.redhat.com/en/documentation/openshift_container_platform/latest/html/operators/administrator-tasks#olm-upgrading-operators. The Operator included in this release automatically upgrades OpenTelemetryCollector custom resources and retries upgrades on failure with exponential backoff. There are no explicit bug fixes beyond the security updates, and no breaking changes to consider. For deployments using AWS exporters, ensure the endpoint configuration includes the protocol (e.g., https://) to avoid unsupported protocol scheme errors. Patch status is not explicitly confirmed in the advisory; therefore, users should verify the current remediation status via the vendor advisory link https://access.redhat.com/errata/RHSA-2025:9167.
Red Hat Security Advisory: Red Hat build of OpenTelemetry 3.6.0 release
Description
Red Hat has released version 3. 6. 0 of its build of OpenTelemetry, addressing multiple security vulnerabilities identified by CVE-2025-22868 and related CVEs. The update includes enhancements such as support for TPM 2. 0 TLS certificates and automatic upgrades of OpenTelemetryCollector custom resources by the Operator. There are no breaking changes or deprecations in this release. Known issues exist with certain AWS exporters related to endpoint protocol specification, with a documented workaround. No explicit bug fixes are detailed beyond the security updates. Patch status is not explicitly stated in the advisory, so users should consult the vendor documentation for upgrade procedures and confirmation. The severity of the vulnerabilities addressed is classified as high by Red Hat Product Security.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
This Red Hat security advisory covers the release of Red Hat build of OpenTelemetry 3.6.0, which addresses multiple security vulnerabilities including CVE-2025-22868, CVE-2025-27144, CVE-2025-29786, and CVE-2025-30204. The update introduces enhancements such as support for TLS certificates in the TPM Software Stack (TSS) 2.0 format and automatic reconciliation and upgrade of OpenTelemetryCollector custom resources by the Operator. No breaking changes or deprecations are introduced. Known issues with AWS CloudWatch Logs, EMF, and X-Ray exporters remain, specifically related to endpoint protocol specification errors, with a workaround to include the protocol in endpoint URLs. The advisory does not explicitly confirm patch availability but provides upgrade instructions and references for applying the update. The vulnerabilities involve weaknesses categorized under CWEs 1286, 770, and 405, indicating issues related to improper access control and resource management.
Potential Impact
The vulnerabilities addressed in this advisory are rated high severity by Red Hat Product Security. They potentially affect Red Hat OpenShift distributed tracing components and related OpenTelemetry builds. The impact involves security weaknesses that could affect the integrity and reliability of telemetry data collection and processing. No known exploits in the wild have been reported. The advisory does not specify detailed exploitation scenarios or direct impact outcomes beyond the classification of severity and the affected components.
Mitigation Recommendations
Users should apply the Red Hat build of OpenTelemetry 3.6.0 update following the official upgrade instructions provided by Red Hat, available at https://docs.redhat.com/en/documentation/openshift_container_platform/latest/html/operators/administrator-tasks#olm-upgrading-operators. The Operator included in this release automatically upgrades OpenTelemetryCollector custom resources and retries upgrades on failure with exponential backoff. There are no explicit bug fixes beyond the security updates, and no breaking changes to consider. For deployments using AWS exporters, ensure the endpoint configuration includes the protocol (e.g., https://) to avoid unsupported protocol scheme errors. Patch status is not explicitly confirmed in the advisory; therefore, users should verify the current remediation status via the vendor advisory link https://access.redhat.com/errata/RHSA-2025:9167.
Technical Details
- Gcve Source
- db.gcve.eu
- Csaf Category
- csaf_security_advisory
- Csaf Version
- 2.0
- Publisher
- Red Hat Product Security
- Advisory Id
- RHSA-2025:9167
- Cve Count
- 4
- Additional Cves
- ["CVE-2025-27144","CVE-2025-29786","CVE-2025-30204"]
- Cvss Version
- null
Threat ID: 6a160970e29bf47b50638563
Added to database: 5/26/2026, 8:58:24 PM
Last enriched: 5/27/2026, 12:49:30 AM
Last updated: 5/27/2026, 4:48:43 AM
Views: 2
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.