Red Hat Security Advisory: Submariner v0.21 security fixes and container updates
Submariner is a Kubernetes operator that enables cross-cluster connectivity for services and pods, implementing KEP-1645 (Multi-Cluster Services API). After deploying the Submariner operator, it can enable direct networking between pods and services across different Kubernetes clusters. For more information about Submariner, see the Submariner open source community website at: https://submariner.io/.
AI Analysis
Technical Summary
Red Hat issued a security advisory (RHSA-2025:21892) for Submariner v0.21, which implements KEP-1645 to enable direct networking between pods and services across Kubernetes clusters. The advisory addresses multiple vulnerabilities including CVE-2025-47950 and CVE-2025-59530, with a moderate security impact rating. A notable fix is for a race condition in the RouteAgent component that could cause Submariner to become degraded. The advisory provides updated container images and references the upstream Submariner release notes for details. The fixes are delivered as part of Red Hat Advanced Cluster Management for Kubernetes v2.14. No CVSS base score is published for these vulnerabilities.
Potential Impact
The vulnerabilities addressed could lead to Submariner operator degradation due to a race condition in RouteAgent, potentially impacting cross-cluster connectivity for Kubernetes services and pods. The overall security impact is rated moderate by Red Hat. There is no indication of known exploits in the wild. The impact is limited to environments using Submariner v0.21 within Red Hat Advanced Cluster Management for Kubernetes.
Mitigation Recommendations
Red Hat has released updated container images and security fixes as part of Red Hat Advanced Cluster Management for Kubernetes v2.14, which includes the Submariner v0.21 updates. Users should apply this update to remediate the vulnerabilities. Since this is a traditional software product (not a cloud service), remediation requires deploying the updated versions as provided by Red Hat. Patch status is confirmed by the vendor advisory. No additional mitigation steps are specified beyond applying the official update.
Red Hat Security Advisory: Submariner v0.21 security fixes and container updates
Description
Submariner is a Kubernetes operator that enables cross-cluster connectivity for services and pods, implementing KEP-1645 (Multi-Cluster Services API). After deploying the Submariner operator, it can enable direct networking between pods and services across different Kubernetes clusters. For more information about Submariner, see the Submariner open source community website at: https://submariner.io/.
Affected software
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
Red Hat issued a security advisory (RHSA-2025:21892) for Submariner v0.21, which implements KEP-1645 to enable direct networking between pods and services across Kubernetes clusters. The advisory addresses multiple vulnerabilities including CVE-2025-47950 and CVE-2025-59530, with a moderate security impact rating. A notable fix is for a race condition in the RouteAgent component that could cause Submariner to become degraded. The advisory provides updated container images and references the upstream Submariner release notes for details. The fixes are delivered as part of Red Hat Advanced Cluster Management for Kubernetes v2.14. No CVSS base score is published for these vulnerabilities.
Potential Impact
The vulnerabilities addressed could lead to Submariner operator degradation due to a race condition in RouteAgent, potentially impacting cross-cluster connectivity for Kubernetes services and pods. The overall security impact is rated moderate by Red Hat. There is no indication of known exploits in the wild. The impact is limited to environments using Submariner v0.21 within Red Hat Advanced Cluster Management for Kubernetes.
Mitigation Recommendations
Red Hat has released updated container images and security fixes as part of Red Hat Advanced Cluster Management for Kubernetes v2.14, which includes the Submariner v0.21 updates. Users should apply this update to remediate the vulnerabilities. Since this is a traditional software product (not a cloud service), remediation requires deploying the updated versions as provided by Red Hat. Patch status is confirmed by the vendor advisory. No additional mitigation steps are specified beyond applying the official update.
Technical Details
- Gcve Source
- db.gcve.eu
- Csaf Category
- csaf_security_advisory
- Csaf Version
- 2.0
- Publisher
- Red Hat Product Security
- Advisory Id
- RHSA-2025:21892
- Cve Count
- 2
- Additional Cves
- ["CVE-2025-59530"]
- Cvss Version
- null
Threat ID: 6a4049d127e9c7971982b922
Added to database: 06/27/2026, 22:08:17 UTC
Last enriched: 06/27/2026, 22:12:59 UTC
Last updated: 07/09/2026, 19:47:28 UTC
Views: 9
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.