Red Hat Security Advisory: RHSA: Submariner 0.20.1 - bug fix and enhancement update
Red Hat issued an important security advisory for Submariner 0. 20. 1, a tool enabling direct networking between Kubernetes clusters. The update addresses two vulnerabilities: CVE-2025-22871, a request smuggling issue in net/http due to acceptance of invalid chunked data, and CVE-2025-30204, an excessive memory allocation vulnerability during JWT header parsing in golang-jwt/jwt. These vulnerabilities affect Red Hat Advanced Cluster Management for Kubernetes 2. 13 on RHEL 9 and related container images. The advisory rates the security impact as Important (high severity). No CVSS scores are provided. No known exploits in the wild have been reported. The advisory includes bug fixes and enhancements to the Submariner container images.
AI Analysis
Technical Summary
This Red Hat security advisory (RHSA-2025:8691) addresses two vulnerabilities in Submariner 0.20.1 container images used in Red Hat Advanced Cluster Management for Kubernetes 2.13 on RHEL 9. The first vulnerability (CVE-2025-22871) involves HTTP request smuggling caused by acceptance of invalid chunked data in the net/http package. The second (CVE-2025-30204) involves excessive memory allocation during header parsing in the golang-jwt/jwt library. Both issues could potentially be exploited to disrupt service or cause resource exhaustion. The advisory rates the overall impact as Important and high severity but does not provide CVSS scores. The update includes bug fixes and enhancements to address these issues. The advisory does not explicitly confirm patch availability in the provided content; users should verify patch status via the official Red Hat advisory link.
Potential Impact
The vulnerabilities addressed have a high security impact rating by Red Hat. CVE-2025-22871 could allow HTTP request smuggling attacks due to improper handling of invalid chunked data, potentially leading to request manipulation or bypassing security controls. CVE-2025-30204 could allow excessive memory allocation during JWT header parsing, which may cause denial of service through resource exhaustion. No known exploits in the wild have been reported. The impact is primarily on the networking and authentication components of Submariner within Kubernetes cluster management environments.
Mitigation Recommendations
The advisory indicates that Submariner 0.20.1 includes fixes for these vulnerabilities. However, the provided content does not explicitly confirm patch availability or remediation instructions. Users should consult the official Red Hat advisory at https://access.redhat.com/errata/RHSA-2025:8691 for the latest patch status and apply updates accordingly. Since this is not a cloud service, remediation depends on applying updated container images or packages as provided by Red Hat. No vendor statement indicates that no action is required or that the issue is already mitigated without updates.
Red Hat Security Advisory: RHSA: Submariner 0.20.1 - bug fix and enhancement update
Description
Red Hat issued an important security advisory for Submariner 0. 20. 1, a tool enabling direct networking between Kubernetes clusters. The update addresses two vulnerabilities: CVE-2025-22871, a request smuggling issue in net/http due to acceptance of invalid chunked data, and CVE-2025-30204, an excessive memory allocation vulnerability during JWT header parsing in golang-jwt/jwt. These vulnerabilities affect Red Hat Advanced Cluster Management for Kubernetes 2. 13 on RHEL 9 and related container images. The advisory rates the security impact as Important (high severity). No CVSS scores are provided. No known exploits in the wild have been reported. The advisory includes bug fixes and enhancements to the Submariner container images.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
This Red Hat security advisory (RHSA-2025:8691) addresses two vulnerabilities in Submariner 0.20.1 container images used in Red Hat Advanced Cluster Management for Kubernetes 2.13 on RHEL 9. The first vulnerability (CVE-2025-22871) involves HTTP request smuggling caused by acceptance of invalid chunked data in the net/http package. The second (CVE-2025-30204) involves excessive memory allocation during header parsing in the golang-jwt/jwt library. Both issues could potentially be exploited to disrupt service or cause resource exhaustion. The advisory rates the overall impact as Important and high severity but does not provide CVSS scores. The update includes bug fixes and enhancements to address these issues. The advisory does not explicitly confirm patch availability in the provided content; users should verify patch status via the official Red Hat advisory link.
Potential Impact
The vulnerabilities addressed have a high security impact rating by Red Hat. CVE-2025-22871 could allow HTTP request smuggling attacks due to improper handling of invalid chunked data, potentially leading to request manipulation or bypassing security controls. CVE-2025-30204 could allow excessive memory allocation during JWT header parsing, which may cause denial of service through resource exhaustion. No known exploits in the wild have been reported. The impact is primarily on the networking and authentication components of Submariner within Kubernetes cluster management environments.
Mitigation Recommendations
The advisory indicates that Submariner 0.20.1 includes fixes for these vulnerabilities. However, the provided content does not explicitly confirm patch availability or remediation instructions. Users should consult the official Red Hat advisory at https://access.redhat.com/errata/RHSA-2025:8691 for the latest patch status and apply updates accordingly. Since this is not a cloud service, remediation depends on applying updated container images or packages as provided by Red Hat. No vendor statement indicates that no action is required or that the issue is already mitigated without updates.
Technical Details
- Gcve Source
- db.gcve.eu
- Csaf Category
- csaf_security_advisory
- Csaf Version
- 2.0
- Publisher
- Red Hat Product Security
- Advisory Id
- RHSA-2025:8691
- Cve Count
- 2
- Additional Cves
- ["CVE-2025-30204"]
- Cvss Version
- null
Threat ID: 6a160970e29bf47b5063857e
Added to database: 5/26/2026, 8:58:24 PM
Last enriched: 5/27/2026, 12:49:12 AM
Last updated: 5/27/2026, 4:53:25 AM
Views: 2
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.