This advisory from Red Hat Product Security covers security vulnerabilities in Red Hat OpenShift Data Foundation 4.17, specifically CVE-2025-30204 and CVE-2025-47907. These vulnerabilities involve issues categorized under CWE-405 and CWE-362, indicating potential permission check flaws and race conditions. The update includes security improvements, enhancements, and bug fixes. Although no detailed patch information or CVSS scores are provided, the severity is rated high by Red Hat. The advisory recommends applying the update following prior errata to mitigate these vulnerabilities.

The vulnerabilities have been rated high severity by Red Hat, indicating a significant security risk if unpatched. CWE-405 suggests improper permission checks that could allow unauthorized actions, and CWE-362 indicates race conditions that might lead to inconsistent or unexpected behavior. No known exploits have been reported in the wild, reducing immediate risk. However, the presence of these vulnerabilities could potentially impact the security and stability of Red Hat OpenShift Data Foundation 4.17 deployments if left unaddressed.

Red Hat has released an update for OpenShift Data Foundation 4.17 that addresses these vulnerabilities. Users should apply this update after confirming that all previously released relevant errata have been installed. The vendor advisory does not indicate that no action is required or that the issue is already mitigated, so applying the official update is the recommended remediation. Detailed update instructions are available in Red Hat's documentation at https://docs.redhat.com/en/documentation/red_hat_openshift_data_foundation/4.17/html/updating_openshift_data_foundation/updating-ocs-to-odf_rhodf.