The Red Hat Trusted Artifact Signer (RHTAS) Model Transparency CLI image (version 1.3.2 Tech Preview) enables signing and verification of AI/ML workloads against a private RHTAS instance, supporting enterprise trust frameworks like Fulcio/Rekor. The advisory lists multiple CVEs including CVE-2025-12638 but provides no detailed vulnerability descriptions or fixes. It is a containerized command-line tool intended for artifact signature creation and validation. The vendor advisory does not mention any patches or remediation measures for the listed CVEs, nor does it report active exploitation. The advisory primarily serves as an announcement of the Tech Preview release with references to product documentation and release notes.

The impact is classified as high severity by the source, but no specific exploitation details or consequences are provided. The vulnerabilities affect the RHTAS Model Transparency CLI image and related components used for signing and verifying AI/ML workloads. Without detailed technical information or known exploits, the precise impact on confidentiality, integrity, or availability cannot be fully assessed. The lack of available fixes suggests potential exposure if these vulnerabilities are exploited, but no active exploitation is currently reported.

No official fixes or patches are currently available for the listed vulnerabilities as per the vendor advisory. Users should monitor Red Hat's official channels for updates and apply patches once released. Refer to the product documentation for secure usage guidance of the Model Transparency CLI image. Since this is a Tech Preview release, consider limiting its use to testing environments until stable, patched versions are available.