Red Hat Security Advisory: Red Hat OpenShift GitOps v1.17.2 security update
An update is now available for Red Hat OpenShift GitOps. Bug Fix(es) and Enhancement(s): * GITOPS-7180: Redis HA Proxy pod fails to start with Security Context error * GITOPS-7331: operator controller logs error when console link is disabled * GITOPS-7461: Redis container fails with "runAsNonRoot and image will run as root" after upgrade to argocd-operator 0.14.1 * GITOPS-7564: OpenShift GitOps v1.17 must-gather images produce an empty must-gather * GITOPS-7606: ApplicationSet: Bitbucket SCM/PR generator leaks HTTP connections
AI Analysis
Technical Summary
This Red Hat security advisory (RHSA-2025:17731) announces an important update to Red Hat OpenShift GitOps v1.17.2 that addresses multiple vulnerabilities and bugs. The update resolves issues including a security context error preventing Redis HA Proxy pod startup (GITOPS-7180), operator controller logging errors (GITOPS-7331), Redis container running as root despite runAsNonRoot policies (GITOPS-7461), empty must-gather images (GITOPS-7564), and HTTP connection leaks in the ApplicationSet Bitbucket SCM/PR generator (GITOPS-7606). The advisory references six CVEs (CVE-2025-22874, CVE-2025-47907, CVE-2025-55191, CVE-2025-59531, CVE-2025-59537, CVE-2025-59538) and multiple CWEs including improper authentication and race conditions. No CVSS score is provided. The update is available from Red Hat and should be applied following prior errata.
Potential Impact
The vulnerabilities and bugs addressed can cause service disruptions such as failure of Redis HA Proxy pods to start, improper privilege escalation risks due to containers running as root, and resource leaks that may degrade system performance or stability. The issues collectively pose a high severity risk to the security and reliability of Red Hat OpenShift GitOps deployments. There are no known exploits in the wild at the time of this advisory.
Mitigation Recommendations
A security update to Red Hat OpenShift GitOps v1.17.2 is available and should be applied to remediate the identified issues. Before applying this update, ensure all previously released errata relevant to your system have been installed. Follow Red Hat's official guidance for applying the update as detailed in their documentation (https://access.redhat.com/articles/11258). No additional mitigation steps are indicated beyond applying the official update.
Red Hat Security Advisory: Red Hat OpenShift GitOps v1.17.2 security update
Description
An update is now available for Red Hat OpenShift GitOps. Bug Fix(es) and Enhancement(s): * GITOPS-7180: Redis HA Proxy pod fails to start with Security Context error * GITOPS-7331: operator controller logs error when console link is disabled * GITOPS-7461: Redis container fails with "runAsNonRoot and image will run as root" after upgrade to argocd-operator 0.14.1 * GITOPS-7564: OpenShift GitOps v1.17 must-gather images produce an empty must-gather * GITOPS-7606: ApplicationSet: Bitbucket SCM/PR generator leaks HTTP connections
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
This Red Hat security advisory (RHSA-2025:17731) announces an important update to Red Hat OpenShift GitOps v1.17.2 that addresses multiple vulnerabilities and bugs. The update resolves issues including a security context error preventing Redis HA Proxy pod startup (GITOPS-7180), operator controller logging errors (GITOPS-7331), Redis container running as root despite runAsNonRoot policies (GITOPS-7461), empty must-gather images (GITOPS-7564), and HTTP connection leaks in the ApplicationSet Bitbucket SCM/PR generator (GITOPS-7606). The advisory references six CVEs (CVE-2025-22874, CVE-2025-47907, CVE-2025-55191, CVE-2025-59531, CVE-2025-59537, CVE-2025-59538) and multiple CWEs including improper authentication and race conditions. No CVSS score is provided. The update is available from Red Hat and should be applied following prior errata.
Potential Impact
The vulnerabilities and bugs addressed can cause service disruptions such as failure of Redis HA Proxy pods to start, improper privilege escalation risks due to containers running as root, and resource leaks that may degrade system performance or stability. The issues collectively pose a high severity risk to the security and reliability of Red Hat OpenShift GitOps deployments. There are no known exploits in the wild at the time of this advisory.
Mitigation Recommendations
A security update to Red Hat OpenShift GitOps v1.17.2 is available and should be applied to remediate the identified issues. Before applying this update, ensure all previously released errata relevant to your system have been installed. Follow Red Hat's official guidance for applying the update as detailed in their documentation (https://access.redhat.com/articles/11258). No additional mitigation steps are indicated beyond applying the official update.
Technical Details
- Gcve Source
- db.gcve.eu
- Csaf Category
- csaf_security_advisory
- Csaf Version
- 2.0
- Publisher
- Red Hat Product Security
- Advisory Id
- RHSA-2025:17731
- Cve Count
- 6
- Additional Cves
- ["CVE-2025-47907","CVE-2025-55191","CVE-2025-59531","CVE-2025-59537","CVE-2025-59538"]
- Cvss Version
- null
Threat ID: 6a19febee29bf47b500fdab2
Added to database: 5/29/2026, 9:01:50 PM
Last enriched: 5/29/2026, 9:07:37 PM
Last updated: 5/31/2026, 4:58:29 AM
Views: 5
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.