Threats Tagged 'cve-2025-22868'

Red Hat OpenShift Container Platform 4. 19. 0 includes multiple security fixes addressing vulnerabilities in various Golang libraries and the Bare Metal Operator. These issues range from authorization bypass, denial of service, to secret exposure across namespaces. Users of OpenShift Container Platform 4. 19 are advised to upgrade to the updated packages and container images as soon as they are available through official release channels.

Red Hat OpenShift Container Platform 4. 14. 54 includes important security updates addressing multiple vulnerabilities in underlying Golang libraries. These include issues such as non-linear parsing of case-insensitive content, unexpected memory consumption during token parsing, excessive memory allocation during JWT header parsing, and potential leakage of sensitive information to log files. The update is rated with an important security impact by Red Hat Product Security. Users of OpenShift Container Platform 4. 14 are advised to upgrade to the updated packages and container images via the appropriate release channels using the OpenShift CLI or web console.

Multiple vulnerabilities have been identified in Red Hat AI Inference Server 3. 2. 5 (ROCm), collectively tracked under CVE-2025-9230 and related CVEs. These issues involve a range of weaknesses as indicated by associated CWEs such as buffer overflows, improper input validation, and code injection risks. The vendor has issued an advisory (RHSA-2025:23449) announcing the availability of Red Hat AI Inference Server 3. 2. 5 (ROCm) but does not explicitly state that these vulnerabilities have been fixed in this release. No direct patch or remediation details are provided in the advisory content. There are no known exploits in the wild at this time. The severity is assessed as high based on the vendor's classification and the nature of the vulnerabilities.

This advisory concerns the Red Hat Trusted Artifact Signer (RHTAS) Operator versions compatible with OpenShift Container Platform 4. 14 through 4. 18. It references three CVEs (CVE-2025-22868, CVE-2025-22869, CVE-2025-30204) categorized as high severity. The advisory does not provide specific technical details about the vulnerabilities or fixes, and explicitly states that there are no fixes included in this release. The RHTAS Operator is a self-managed on-premise deployment of the Sigstore project used for cryptographic signing and verification of software artifacts to ensure software supply chain integrity. Patch or remediation status is not confirmed in the advisory, and no known exploits are reported in the wild.

Multiple security vulnerabilities affecting the Red Hat build of OpenTelemetry Collector have been addressed in an important security update. These include denial of service and memory exhaustion issues in several components such as go-jose, golang. org/x/oauth2/jws, github. com/expr-lang/expr, and golang-jwt/jwt. The vulnerabilities can lead to excessive memory consumption or denial of service conditions during parsing operations. Red Hat has released updated packages for Red Hat Enterprise Linux 10 and related variants to remediate these issues. Users of affected versions are advised to apply the provided updates to mitigate these vulnerabilities.

Red Hat issued a security advisory for Multicluster Engine for Kubernetes version 2. 4. 9 addressing two vulnerabilities related to excessive memory consumption during token and header parsing in third-party Go libraries (golang. org/x/oauth2/jws and golang-jwt/jwt). These issues could lead to unexpected memory usage but have been rated by Red Hat as having a low security impact. The advisory includes updated container images with fixes and provides installation guidance. No known exploits are reported in the wild. The update is classified as important but not critical.

Red Hat OpenShift Data Foundation 4. 15. 14 includes a bug fix update addressing multiple security vulnerabilities across various components such as serialize-javascript, body-parser, http-proxy-middleware, and others. These vulnerabilities include cross-site scripting (XSS), denial of service (DoS), prototype pollution, and URL validation issues. The update is classified as important and targets Red Hat OpenShift Data Foundation running on Red Hat Enterprise Linux 9 across multiple architectures. The advisory references 12 CVEs fixed in this release, including CVE-2024-11831. No known exploits in the wild have been reported. Users are advised to apply this update after ensuring all previous errata are applied.

Red Hat OpenShift Data Foundation 4. 15 has a security advisory addressing multiple vulnerabilities, including CVE-2024-34155 and related CVEs. The advisory includes security, enhancement, and bug fix updates for the product. The update addresses issues such as persistent pod restarts and other security concerns. The advisory was published by Red Hat Product Security and is classified as high severity. No CVSS score is provided for these vulnerabilities. The vendor advisory recommends applying this update after ensuring all previous errata have been applied.

Red Hat OpenShift Pipelines Operator version 1. 15. 4 addresses multiple security vulnerabilities identified under CVE-2024-24790 and related CVEs. The advisory references several CWEs including improper handling of certain conditions and resource management issues. No explicit fixes or patches are detailed in the advisory content. The vulnerabilities are rated with high severity but no CVSS score is provided. The advisory does not indicate any known exploits in the wild or specific affected regions.

Red Hat OpenShift Container Platform 4. 19. 0 includes security updates addressing four vulnerabilities in golang. org libraries. These issues involve an authorization bypass due to misuse of ServerConfig. PublicKeyCallback (CVE-2024-45337), non-linear parsing of case-insensitive content (CVE-2024-45338), unexpected memory consumption during token parsing (CVE-2025-22868), and a denial of service in the SSH key exchange (CVE-2025-22869). The update is rated as important by Red Hat Product Security. Users of OpenShift Container Platform 4. 19 are advised to upgrade to the updated packages and container images when available. Detailed upgrade instructions are provided by Red Hat.