Threats Tagged 'cve-2025-22869'

Red Hat OpenShift Container Platform 4. 19. 0 includes multiple security fixes addressing vulnerabilities in various Golang libraries and the Bare Metal Operator. These issues range from authorization bypass, denial of service, to secret exposure across namespaces. Users of OpenShift Container Platform 4. 19 are advised to upgrade to the updated packages and container images as soon as they are available through official release channels.

Multiple vulnerabilities have been identified in Red Hat AI Inference Server 3. 2. 5 (ROCm), collectively tracked under CVE-2025-9230 and related CVEs. These issues involve a range of weaknesses as indicated by associated CWEs such as buffer overflows, improper input validation, and code injection risks. The vendor has issued an advisory (RHSA-2025:23449) announcing the availability of Red Hat AI Inference Server 3. 2. 5 (ROCm) but does not explicitly state that these vulnerabilities have been fixed in this release. No direct patch or remediation details are provided in the advisory content. There are no known exploits in the wild at this time. The severity is assessed as high based on the vendor's classification and the nature of the vulnerabilities.

This advisory concerns the Red Hat Trusted Artifact Signer (RHTAS) Operator versions compatible with OpenShift Container Platform 4. 14 through 4. 18. It references three CVEs (CVE-2025-22868, CVE-2025-22869, CVE-2025-30204) categorized as high severity. The advisory does not provide specific technical details about the vulnerabilities or fixes, and explicitly states that there are no fixes included in this release. The RHTAS Operator is a self-managed on-premise deployment of the Sigstore project used for cryptographic signing and verification of software artifacts to ensure software supply chain integrity. Patch or remediation status is not confirmed in the advisory, and no known exploits are reported in the wild.

Red Hat has issued a security advisory for podman, a tool managing pods, container images, and containers, addressing two denial of service vulnerabilities: CVE-2025-22869 in golang. org/x/crypto/ssh's key exchange and CVE-2025-27144 in Go JOSE's parsing. These vulnerabilities could allow denial of service conditions. The advisory rates the impact as Important (high severity). Updates are available for Red Hat Enterprise Linux 10 and related products to remediate these issues.

CVE-2024-9042 is a medium severity vulnerability affecting Red Hat OpenShift for Windows Containers, specifically the Windows Machine Config Operator component. This product enables deployment of Windows container workloads on Windows Server containers. The vulnerability is associated with CWE-78 (Improper Neutralization of Special Elements used in an OS Command) and CWE-770 (Allocation of Resources Without Limits or Throttling). Red Hat has released the OpenShift for Windows Containers 10. 16. 2 product release addressing this issue. No known exploits are reported in the wild. The vendor advisory provides upgrade guidance and references for remediation.

Red Hat OpenShift Pipelines Operator version 1. 15. 4 addresses multiple security vulnerabilities identified under CVE-2024-24790 and related CVEs. The advisory references several CWEs including improper handling of certain conditions and resource management issues. No explicit fixes or patches are detailed in the advisory content. The vulnerabilities are rated with high severity but no CVSS score is provided. The advisory does not indicate any known exploits in the wild or specific affected regions.

Red Hat OpenShift Container Platform 4. 19. 0 includes security updates addressing four vulnerabilities in golang. org libraries. These issues involve an authorization bypass due to misuse of ServerConfig. PublicKeyCallback (CVE-2024-45337), non-linear parsing of case-insensitive content (CVE-2024-45338), unexpected memory consumption during token parsing (CVE-2025-22868), and a denial of service in the SSH key exchange (CVE-2025-22869). The update is rated as important by Red Hat Product Security. Users of OpenShift Container Platform 4. 19 are advised to upgrade to the updated packages and container images when available. Detailed upgrade instructions are provided by Red Hat.

Red Hat has released a security and bug fix update for OpenShift API for Data Protection (OADP) version 1. 4. 5 addressing multiple vulnerabilities in underlying Go libraries and components. These issues include authorization bypass, denial of service, request smuggling, argument injection, and excessive memory consumption. The update is rated as having an Important security impact by Red Hat Product Security. The vulnerabilities affect various architectures supported by OADP on RHEL 9. No known exploits in the wild have been reported. Users are advised to apply this update after ensuring all prior relevant errata are installed.

Red Hat OpenShift Container Platform 4. 19. 9 includes security updates addressing two vulnerabilities: a denial of service in the golang. org/x/crypto/ssh package (CVE-2025-22869) and a vulnerability related to log file creation in github. com/golang/glog (CVE-2024-45339). These issues affect the container images and packages used in OpenShift 4. 19 deployments. Red Hat rates the security impact as Important and advises all users to upgrade to the updated packages and images via the appropriate release channels. Detailed upgrade instructions are available from Red Hat's official documentation. No known exploits in the wild have been reported at this time.

Red Hat OpenShift for Windows Containers 10. 19. 0 includes security fixes addressing vulnerabilities identified as CVE-2025-22869 and CVE-2025-30204. These issues relate to Windows Server container workloads managed via OpenShift. The advisory details multiple bug fixes and improvements in the Windows Machine Config Operator and kubelet handling on Windows nodes. No known exploits are reported in the wild. The update is classified as important with a high severity level by Red Hat.