Red Hat Security Advisory: Release of OpenShift Serverless Logic 1.36.0 security update & enhancements
Red Hat has released a security update for OpenShift Serverless Logic version 1. 36. 0 addressing multiple vulnerabilities including CVE-2025-22866 and CVE-2025-22871. The update includes bug fixes and enhancements rated with a moderate security impact. The vulnerabilities relate to information exposure (CWE-200) and improper control of resource identifiers (CWE-444). No specific exploit details or active exploitation in the wild have been reported. The update applies to Red Hat OpenShift Serverless on various architectures including x86_64, ppc64le, s390x, and aarch64. No CVSS score is provided for these vulnerabilities. Users are advised to apply this update after ensuring all previous errata are installed.
AI Analysis
Technical Summary
This advisory covers a moderate security update for Red Hat OpenShift Serverless Logic 1.36.0 that addresses multiple vulnerabilities including CVE-2025-22866 and CVE-2025-22871. The vulnerabilities involve information exposure (CWE-200) and improper control of resource identifiers (CWE-444). The update includes bug fixes and enhancements but does not specify detailed technical exploit methods or impacts. The vendor rates the update as having an Important security impact but does not provide a CVSS score. The update is applicable to several Red Hat OpenShift Serverless builds across multiple hardware architectures. No known exploits in the wild have been reported. The vendor advisory recommends applying this update after all prior relevant errata have been applied.
Potential Impact
The vulnerabilities addressed may allow unauthorized information disclosure or improper resource identifier control, potentially impacting confidentiality and system integrity. However, no active exploitation has been reported, and the vendor rates the security impact as Important (moderate severity). The lack of a CVSS score limits precise severity quantification. The update mitigates these issues through bug fixes and enhancements.
Mitigation Recommendations
A security update for OpenShift Serverless Logic 1.36.0 has been released by Red Hat and should be applied to affected systems. Before applying this update, ensure all previously released errata relevant to your system are installed. Follow Red Hat's official guidance for applying updates: https://access.redhat.com/articles/11258. There are no indications that additional mitigations beyond applying the update are required.
Red Hat Security Advisory: Release of OpenShift Serverless Logic 1.36.0 security update & enhancements
Description
Red Hat has released a security update for OpenShift Serverless Logic version 1. 36. 0 addressing multiple vulnerabilities including CVE-2025-22866 and CVE-2025-22871. The update includes bug fixes and enhancements rated with a moderate security impact. The vulnerabilities relate to information exposure (CWE-200) and improper control of resource identifiers (CWE-444). No specific exploit details or active exploitation in the wild have been reported. The update applies to Red Hat OpenShift Serverless on various architectures including x86_64, ppc64le, s390x, and aarch64. No CVSS score is provided for these vulnerabilities. Users are advised to apply this update after ensuring all previous errata are installed.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
This advisory covers a moderate security update for Red Hat OpenShift Serverless Logic 1.36.0 that addresses multiple vulnerabilities including CVE-2025-22866 and CVE-2025-22871. The vulnerabilities involve information exposure (CWE-200) and improper control of resource identifiers (CWE-444). The update includes bug fixes and enhancements but does not specify detailed technical exploit methods or impacts. The vendor rates the update as having an Important security impact but does not provide a CVSS score. The update is applicable to several Red Hat OpenShift Serverless builds across multiple hardware architectures. No known exploits in the wild have been reported. The vendor advisory recommends applying this update after all prior relevant errata have been applied.
Potential Impact
The vulnerabilities addressed may allow unauthorized information disclosure or improper resource identifier control, potentially impacting confidentiality and system integrity. However, no active exploitation has been reported, and the vendor rates the security impact as Important (moderate severity). The lack of a CVSS score limits precise severity quantification. The update mitigates these issues through bug fixes and enhancements.
Mitigation Recommendations
A security update for OpenShift Serverless Logic 1.36.0 has been released by Red Hat and should be applied to affected systems. Before applying this update, ensure all previously released errata relevant to your system are installed. Follow Red Hat's official guidance for applying updates: https://access.redhat.com/articles/11258. There are no indications that additional mitigations beyond applying the update are required.
Technical Details
- Gcve Source
- db.gcve.eu
- Csaf Category
- csaf_security_advisory
- Csaf Version
- 2.0
- Publisher
- Red Hat Product Security
- Advisory Id
- RHSA-2025:8670
- Cve Count
- 2
- Additional Cves
- ["CVE-2025-22871"]
- Cvss Version
- null
Threat ID: 6a18be67e29bf47b503872b3
Added to database: 5/28/2026, 10:15:03 PM
Last enriched: 5/28/2026, 10:34:41 PM
Last updated: 5/29/2026, 1:31:51 PM
Views: 5
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.