Red Hat Security Advisory: Submariner 0.17.6 bug fixes and container updates
Red Hat has issued a security advisory for Submariner 0. 17. 6, which includes bug fixes and container image updates addressing two vulnerabilities related to excessive memory consumption during token and header parsing in golang. org/x/oauth2/jws (CVE-2025-22868) and golang-jwt/jwt (CVE-2025-30204). These vulnerabilities could lead to unexpected or excessive memory allocation. The advisory rates the update as having an Important security impact and affects Red Hat Advanced Cluster Management for Kubernetes 2. 10 on RHEL 9 across multiple architectures. No CVSS scores are provided. The advisory recommends applying this update after all previous errata have been applied. No known exploits are reported in the wild.
AI Analysis
Technical Summary
This Red Hat security advisory (RHSA-2025:9541) addresses two vulnerabilities in Submariner 0.17.6 container images used in Red Hat Advanced Cluster Management for Kubernetes 2.10 on RHEL 9. The first vulnerability (CVE-2025-22868) involves unexpected memory consumption during token parsing in the golang.org/x/oauth2/jws package. The second (CVE-2025-30204) involves excessive memory allocation during header parsing in the golang-jwt/jwt package. These issues could potentially lead to resource exhaustion but no exploitation details are provided. The advisory provides updated container images with bug fixes and enhancements. Red Hat classifies the security impact as Important and recommends applying the update after prior errata. No CVSS scores are available, and no known exploits have been reported.
Potential Impact
The vulnerabilities cause unexpected or excessive memory consumption during parsing operations in critical JWT-related Go libraries used by Submariner. This could lead to denial of service or resource exhaustion conditions in affected environments. The advisory does not describe any active exploitation or additional impact such as privilege escalation or data disclosure. The overall security impact is rated Important by Red Hat.
Mitigation Recommendations
Red Hat has released updated Submariner 0.17.6 container images that fix these vulnerabilities. Users should apply this update after ensuring all previously released errata relevant to their system have been applied. Since this is not a cloud service, remediation requires updating the affected container images and components as per the advisory. There are no indications that additional mitigations or workarounds are necessary.
Red Hat Security Advisory: Submariner 0.17.6 bug fixes and container updates
Description
Red Hat has issued a security advisory for Submariner 0. 17. 6, which includes bug fixes and container image updates addressing two vulnerabilities related to excessive memory consumption during token and header parsing in golang. org/x/oauth2/jws (CVE-2025-22868) and golang-jwt/jwt (CVE-2025-30204). These vulnerabilities could lead to unexpected or excessive memory allocation. The advisory rates the update as having an Important security impact and affects Red Hat Advanced Cluster Management for Kubernetes 2. 10 on RHEL 9 across multiple architectures. No CVSS scores are provided. The advisory recommends applying this update after all previous errata have been applied. No known exploits are reported in the wild.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
This Red Hat security advisory (RHSA-2025:9541) addresses two vulnerabilities in Submariner 0.17.6 container images used in Red Hat Advanced Cluster Management for Kubernetes 2.10 on RHEL 9. The first vulnerability (CVE-2025-22868) involves unexpected memory consumption during token parsing in the golang.org/x/oauth2/jws package. The second (CVE-2025-30204) involves excessive memory allocation during header parsing in the golang-jwt/jwt package. These issues could potentially lead to resource exhaustion but no exploitation details are provided. The advisory provides updated container images with bug fixes and enhancements. Red Hat classifies the security impact as Important and recommends applying the update after prior errata. No CVSS scores are available, and no known exploits have been reported.
Potential Impact
The vulnerabilities cause unexpected or excessive memory consumption during parsing operations in critical JWT-related Go libraries used by Submariner. This could lead to denial of service or resource exhaustion conditions in affected environments. The advisory does not describe any active exploitation or additional impact such as privilege escalation or data disclosure. The overall security impact is rated Important by Red Hat.
Mitigation Recommendations
Red Hat has released updated Submariner 0.17.6 container images that fix these vulnerabilities. Users should apply this update after ensuring all previously released errata relevant to their system have been applied. Since this is not a cloud service, remediation requires updating the affected container images and components as per the advisory. There are no indications that additional mitigations or workarounds are necessary.
Technical Details
- Gcve Source
- db.gcve.eu
- Csaf Category
- csaf_security_advisory
- Csaf Version
- 2.0
- Publisher
- Red Hat Product Security
- Advisory Id
- RHSA-2025:9541
- Cve Count
- 2
- Additional Cves
- ["CVE-2025-30204"]
- Cvss Version
- null
Threat ID: 6a160970e29bf47b50638546
Added to database: 5/26/2026, 8:58:24 PM
Last enriched: 5/27/2026, 12:49:53 AM
Last updated: 5/27/2026, 4:50:48 AM
Views: 2
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.