This advisory covers security updates to Red Hat Lightspeed for Runtimes container images on RHEL 9, specifically addressing CVE-2025-11393, an improper proxy configuration vulnerability that permits unauthorized administrative commands. The update also includes backported patches for RHEL 8 container images. Users are recommended to upgrade to the new images and rebuild dependent containers. The vendor rates the impact as Important but does not provide a CVSS score. The advisory includes two CVEs (CVE-2025-11393 and CVE-2025-22874) but focuses on the former for the improper proxy configuration issue. The vendor advisory confirms the availability of updated container images in the Red Hat Container Catalog and recommends applying all prior errata before updating.

The vulnerability (CVE-2025-11393) allows unauthorized administrative commands due to improper proxy configuration in the runtimes-inventory-rhel8-operator container image. This could lead to unauthorized administrative access within affected container environments. The vendor rates the security impact as Important, indicating a significant but not critical risk. No known exploits in the wild have been reported at this time.

Red Hat has released updated container images for Red Hat Lightspeed for Runtimes on RHEL 9 that include patches for this vulnerability. Users of RHEL 8 container images should upgrade to these updated images containing backported fixes and rebuild all dependent container images. Before applying the update, ensure all previously released errata relevant to your system have been applied. Follow Red Hat's official guidance on applying these updates as detailed in their advisory. Patch status is confirmed by the vendor advisory as available.