Red Hat Security Advisory: Red Hat OpenShift Data Foundation 4.18.3 Bug Fix Update
Red Hat OpenShift Data Foundation 4. 18. 3 includes important bug fixes addressing two security vulnerabilities identified as CVE-2025-22868 and CVE-2025-22870. These vulnerabilities relate to unexpected memory consumption during token parsing and an HTTP proxy bypass using IPv6 Zone IDs in specific Go libraries used by the product. The update also includes an upgrade to the Ceph storage version to address critical bugs. This advisory applies to multiple architectures including x86_64, ppc64le, s390x, and aarch64 on Red Hat Enterprise Linux 9. The vendor has released updated container images that fix these issues. No known exploits are reported in the wild at this time.
AI Analysis
Technical Summary
Red Hat OpenShift Data Foundation 4.18.3 is a software-defined storage solution optimized for Red Hat OpenShift Container Platform. The security advisory RHSA-2025:7616 addresses two vulnerabilities: CVE-2025-22868, involving unexpected memory consumption during token parsing in the golang.org/x/oauth2/jws package, and CVE-2025-22870, involving an HTTP proxy bypass using IPv6 Zone IDs in golang.org/x/net/proxy and httpproxy packages. The update also upgrades the Ceph storage version to RHCEPH-8.0z3 to fix critical bugs. The advisory provides updated container images for multiple architectures and instructs users to apply all relevant previously released errata before updating. No CVSS score is provided for these vulnerabilities.
Potential Impact
The vulnerabilities could lead to resource exhaustion due to unexpected memory consumption and potential bypass of HTTP proxy controls, which may affect the security posture of Red Hat OpenShift Data Foundation deployments. The upgrade to Ceph addresses critical bugs that could impact storage reliability or security. There are no reports of active exploitation in the wild. The overall severity is rated as high by the vendor.
Mitigation Recommendations
Red Hat has released updated container images for Red Hat OpenShift Data Foundation 4.18.3 that fix the identified vulnerabilities. Users should apply this update after ensuring all previously released errata relevant to their systems have been applied. Detailed update instructions are available in the Red Hat knowledge base article https://access.redhat.com/articles/11258. No additional mitigation steps are indicated by the vendor advisory.
Red Hat Security Advisory: Red Hat OpenShift Data Foundation 4.18.3 Bug Fix Update
Description
Red Hat OpenShift Data Foundation 4. 18. 3 includes important bug fixes addressing two security vulnerabilities identified as CVE-2025-22868 and CVE-2025-22870. These vulnerabilities relate to unexpected memory consumption during token parsing and an HTTP proxy bypass using IPv6 Zone IDs in specific Go libraries used by the product. The update also includes an upgrade to the Ceph storage version to address critical bugs. This advisory applies to multiple architectures including x86_64, ppc64le, s390x, and aarch64 on Red Hat Enterprise Linux 9. The vendor has released updated container images that fix these issues. No known exploits are reported in the wild at this time.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
Red Hat OpenShift Data Foundation 4.18.3 is a software-defined storage solution optimized for Red Hat OpenShift Container Platform. The security advisory RHSA-2025:7616 addresses two vulnerabilities: CVE-2025-22868, involving unexpected memory consumption during token parsing in the golang.org/x/oauth2/jws package, and CVE-2025-22870, involving an HTTP proxy bypass using IPv6 Zone IDs in golang.org/x/net/proxy and httpproxy packages. The update also upgrades the Ceph storage version to RHCEPH-8.0z3 to fix critical bugs. The advisory provides updated container images for multiple architectures and instructs users to apply all relevant previously released errata before updating. No CVSS score is provided for these vulnerabilities.
Potential Impact
The vulnerabilities could lead to resource exhaustion due to unexpected memory consumption and potential bypass of HTTP proxy controls, which may affect the security posture of Red Hat OpenShift Data Foundation deployments. The upgrade to Ceph addresses critical bugs that could impact storage reliability or security. There are no reports of active exploitation in the wild. The overall severity is rated as high by the vendor.
Mitigation Recommendations
Red Hat has released updated container images for Red Hat OpenShift Data Foundation 4.18.3 that fix the identified vulnerabilities. Users should apply this update after ensuring all previously released errata relevant to their systems have been applied. Detailed update instructions are available in the Red Hat knowledge base article https://access.redhat.com/articles/11258. No additional mitigation steps are indicated by the vendor advisory.
Technical Details
- Gcve Source
- db.gcve.eu
- Csaf Category
- csaf_security_advisory
- Csaf Version
- 2.0
- Publisher
- Red Hat Product Security
- Advisory Id
- RHSA-2025:7616
- Cve Count
- 2
- Additional Cves
- ["CVE-2025-22870"]
- Cvss Version
- null
Threat ID: 6a160971e29bf47b506397d2
Added to database: 5/26/2026, 8:58:25 PM
Last enriched: 5/27/2026, 12:36:54 AM
Last updated: 5/27/2026, 4:49:43 AM
Views: 2
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.