Skip to main content
Press slash or control plus K to focus the search. Use the arrow keys to navigate results and press enter to open a threat.
Reconnecting to live updates…
EPSS 1.1%top 37%

Red Hat Security Advisory: Submariner v0.21 security fixes and container updates

0
Medium
Published: 11/20/2025 (11/20/2025, 21:12:16 UTC)
Source: GCVE Database
Vendor/Project: Red Hat Product Security
Product: Red Hat

Description

Submariner is a Kubernetes operator that enables cross-cluster connectivity for services and pods, implementing KEP-1645 (Multi-Cluster Services API). After deploying the Submariner operator, it can enable direct networking between pods and services across different Kubernetes clusters. For more information about Submariner, see the Submariner open source community website at: https://submariner.io/.

Affected software

Affected versions
Red HatRed Hat Advanced Cluster Management for KubernetesRed Hat Advanced Cluster Management for Kubernetes 2.14amd64registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:14c65ee67fd7195517a3cf39fec0cddb0eaf9e5b65e6397bd503a0ea33754345_amd64

AI-Powered Analysis

Machine-generated threat intelligence

AILast updated: 06/27/2026, 22:12:59 UTC

Technical Analysis

Red Hat issued a security advisory (RHSA-2025:21892) for Submariner v0.21, which implements KEP-1645 to enable direct networking between pods and services across Kubernetes clusters. The advisory addresses multiple vulnerabilities including CVE-2025-47950 and CVE-2025-59530, with a moderate security impact rating. A notable fix is for a race condition in the RouteAgent component that could cause Submariner to become degraded. The advisory provides updated container images and references the upstream Submariner release notes for details. The fixes are delivered as part of Red Hat Advanced Cluster Management for Kubernetes v2.14. No CVSS base score is published for these vulnerabilities.

Potential Impact

The vulnerabilities addressed could lead to Submariner operator degradation due to a race condition in RouteAgent, potentially impacting cross-cluster connectivity for Kubernetes services and pods. The overall security impact is rated moderate by Red Hat. There is no indication of known exploits in the wild. The impact is limited to environments using Submariner v0.21 within Red Hat Advanced Cluster Management for Kubernetes.

Mitigation Recommendations

Red Hat has released updated container images and security fixes as part of Red Hat Advanced Cluster Management for Kubernetes v2.14, which includes the Submariner v0.21 updates. Users should apply this update to remediate the vulnerabilities. Since this is a traditional software product (not a cloud service), remediation requires deploying the updated versions as provided by Red Hat. Patch status is confirmed by the vendor advisory. No additional mitigation steps are specified beyond applying the official update.

Pro Console: star threats, build custom feeds, automate alerts via Slack, email & webhooks.Upgrade to Pro

Technical Details

Gcve Source
db.gcve.eu
Csaf Category
csaf_security_advisory
Csaf Version
2.0
Publisher
Red Hat Product Security
Advisory Id
RHSA-2025:21892
Cve Count
2
Additional Cves
["CVE-2025-59530"]
Cvss Version
null

Threat ID: 6a4049d127e9c7971982b922

Added to database: 06/27/2026, 22:08:17 UTC

Last enriched: 06/27/2026, 22:12:59 UTC

Last updated: 07/09/2026, 19:47:28 UTC

Views: 9

Community Reviews

0 reviews

Crowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.

Sort by
Loading community insights…

Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.

Actions

PRO

Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.

Please log in to the Console to use AI analysis features.

Need more coverage?

Upgrade to Pro Console for AI refresh and higher limits.

For incident response and remediation, OffSeq services can help resolve threats faster.

Latest Threats

Breach by OffSeqOFFSEQFRIENDS — 25% OFF

Check if your credentials are on the dark web

Instant breach scanning across billions of leaked records. Free tier available.

Scan now
OffSeq TrainingCredly Certified

Lead Pen Test Professional

Technical5-day eLearningPECB Accredited
View courses