Threats Tagged 'cve-2025-13465'

Red Hat OpenShift Pipelines Operator version 1. 15. 4 addresses multiple security vulnerabilities identified by CVE-2024-37890 and ten additional CVEs. This release fixes issues including inconsistent ResourceIcon colors for CRDs and other security concerns affecting the OpenShift Pipelines CI/CD platform. The advisory indicates the release is an important security update but does not provide detailed technical exploit information or CVSS scores.

Red Hat OpenShift Pipelines Operator version 1. 15. 3 addresses multiple security vulnerabilities identified under CVE-2024-37890 and ten additional CVEs. This release fixes issues related to resource icon color consistency and other unspecified vulnerabilities affecting the OpenShift Pipelines CI/CD solution. The advisory does not provide detailed technical exploit information or confirm active exploitation in the wild. The vulnerabilities are rated as high severity by Red Hat Product Security. No CVSS score is provided for these vulnerabilities.

Red Hat OpenShift Pipelines Operator version 1. 20. 3 addresses multiple security vulnerabilities identified by CVE-2025-12816 and four additional CVEs. The release fixes issues including improper parsing of custom hub catalog references and incorrect catalog type handling. This update is classified as a high severity security advisory by Red Hat Product Security. The vulnerabilities affect Red Hat OpenShift Pipelines across multiple architectures including arm64 and ppc64le. No known exploits in the wild have been reported. The advisory does not provide a CVSS score but indicates the importance of the update. No explicit patch links are provided, but the release itself is the remediation. The vendor advisory is the authoritative source for this information.

Red Hat Advanced Cluster Management for Kubernetes version 2. 12. 8 includes a security update addressing multiple vulnerabilities. This advisory covers updated container images that provide new features, enhancements, and bug fixes. The vulnerabilities involve several CVEs, including CVE-2025-7195 and six others, with a high severity rating. No specific technical details or exploit information are provided in the advisory. There is no explicit mention of a patch or fix availability in the vendor advisory content. The advisory recommends applying all previously released relevant errata before updating to this release.

Red Hat OpenShift GitOps version 1. 17. 5 includes multiple security fixes addressing several vulnerabilities. These include cryptographic verification bypass due to an interpretation conflict in node-forge, prototype pollution in lodash functions, memory exhaustion issues in query parameter parsing, and resource exhaustion vulnerabilities related to urllib3 decompression handling. The update mitigates risks such as bypassing cryptographic checks, prototype pollution attacks, and denial-of-service conditions caused by resource exhaustion. The advisory covers multiple CVEs and affects various components within the OpenShift GitOps 1. 17 release. No known exploits in the wild have been reported. A security update is available and recommended to address these issues.

Red Hat OpenShift GitOps version 1. 18. 4 includes multiple security fixes addressing several vulnerabilities such as cryptographic verification bypass, prototype pollution, memory exhaustion, unbounded recursion, and decompression bomb issues. These vulnerabilities affect various components including console-plugin, argocd, argo-rollouts, dex, and gitops operators. The update resolves these issues to improve security and stability of the product.

Red Hat has issued a security advisory (RHSA-2026:3960) for Red Hat Ansible Automation Platform 2. 6 container release update addressing multiple vulnerabilities including CVE-2025-4565 and 16 others. The platform provides an enterprise framework for IT automation at scale. The advisory indicates an important security update is available to fix these issues. No known exploits are reported in the wild. The update requires applying all previously released errata before installation. No CVSS score is provided, but the severity is classified as high by Red Hat.

This Red Hat security advisory addresses multiple vulnerabilities in the linux-sgx package for Red Hat Enterprise Linux 10. The vulnerabilities include denial of service via improper input validation, arbitrary file overwrite and symlink poisoning, prototype pollution, and path traversal bypass issues. These flaws affect components such as qs, node-tar, and lodash libraries used within the Intel SGX SDK environment. The update is rated as important by Red Hat Product Security and addresses eight CVEs including CVE-2025-13465 and CVE-2025-15284. The advisory provides updated packages to remediate these issues. No known exploits in the wild have been reported at this time.

Red Hat OpenShift AI version 3. 3. 3 addresses multiple critical security vulnerabilities identified by CVE-2025-6242 and 45 additional CVEs. The advisory announces updated container images for Red Hat OpenShift AI to mitigate these issues. No specific technical details or fixes for individual CVEs are provided in the advisory content. There are no known exploits in the wild at the time of publication. The vendor has released updated images and documentation to guide users on upgrading their clusters to apply the errata update. Patch status is not explicitly confirmed in the advisory, and no direct patch links are provided. Users should consult the official Red Hat documentation for upgrade instructions and remediation details. The vulnerabilities collectively are rated critical in severity.