Threats Tagged 'cve-2025-30204'

Red Hat OpenShift Container Platform 4. 14. 54 includes important security updates addressing multiple vulnerabilities in underlying Golang libraries. These include issues such as non-linear parsing of case-insensitive content, unexpected memory consumption during token parsing, excessive memory allocation during JWT header parsing, and potential leakage of sensitive information to log files. The update is rated with an important security impact by Red Hat Product Security. Users of OpenShift Container Platform 4. 14 are advised to upgrade to the updated packages and container images via the appropriate release channels using the OpenShift CLI or web console.

This advisory concerns the Red Hat Trusted Artifact Signer (RHTAS) Operator versions compatible with OpenShift Container Platform 4. 14 through 4. 18. It references three CVEs (CVE-2025-22868, CVE-2025-22869, CVE-2025-30204) categorized as high severity. The advisory does not provide specific technical details about the vulnerabilities or fixes, and explicitly states that there are no fixes included in this release. The RHTAS Operator is a self-managed on-premise deployment of the Sigstore project used for cryptographic signing and verification of software artifacts to ensure software supply chain integrity. Patch or remediation status is not confirmed in the advisory, and no known exploits are reported in the wild.

Multiple security vulnerabilities affecting the Red Hat build of OpenTelemetry Collector have been addressed in an important security update. These include denial of service and memory exhaustion issues in several components such as go-jose, golang. org/x/oauth2/jws, github. com/expr-lang/expr, and golang-jwt/jwt. The vulnerabilities can lead to excessive memory consumption or denial of service conditions during parsing operations. Red Hat has released updated packages for Red Hat Enterprise Linux 10 and related variants to remediate these issues. Users of affected versions are advised to apply the provided updates to mitigate these vulnerabilities.

Red Hat issued a security advisory for Multicluster Engine for Kubernetes version 2. 4. 9 addressing two vulnerabilities related to excessive memory consumption during token and header parsing in third-party Go libraries (golang. org/x/oauth2/jws and golang-jwt/jwt). These issues could lead to unexpected memory usage but have been rated by Red Hat as having a low security impact. The advisory includes updated container images with fixes and provides installation guidance. No known exploits are reported in the wild. The update is classified as important but not critical.

Red Hat OpenShift Data Foundation 4. 15. 14 includes a bug fix update addressing multiple security vulnerabilities across various components such as serialize-javascript, body-parser, http-proxy-middleware, and others. These vulnerabilities include cross-site scripting (XSS), denial of service (DoS), prototype pollution, and URL validation issues. The update is classified as important and targets Red Hat OpenShift Data Foundation running on Red Hat Enterprise Linux 9 across multiple architectures. The advisory references 12 CVEs fixed in this release, including CVE-2024-11831. No known exploits in the wild have been reported. Users are advised to apply this update after ensuring all previous errata are applied.

Red Hat OpenShift Data Foundation 4. 15 has a security advisory addressing multiple vulnerabilities, including CVE-2024-34155 and related CVEs. The advisory includes security, enhancement, and bug fix updates for the product. The update addresses issues such as persistent pod restarts and other security concerns. The advisory was published by Red Hat Product Security and is classified as high severity. No CVSS score is provided for these vulnerabilities. The vendor advisory recommends applying this update after ensuring all previous errata have been applied.

Red Hat OpenShift Pipelines Operator version 1. 15. 4 addresses multiple security vulnerabilities identified under CVE-2024-24790 and related CVEs. The advisory references several CWEs including improper handling of certain conditions and resource management issues. No explicit fixes or patches are detailed in the advisory content. The vulnerabilities are rated with high severity but no CVSS score is provided. The advisory does not indicate any known exploits in the wild or specific affected regions.

Red Hat has released a security and bug fix update for OpenShift API for Data Protection (OADP) version 1. 4. 5 addressing multiple vulnerabilities in underlying Go libraries and components. These issues include authorization bypass, denial of service, request smuggling, argument injection, and excessive memory consumption. The update is rated as having an Important security impact by Red Hat Product Security. The vulnerabilities affect various architectures supported by OADP on RHEL 9. No known exploits in the wild have been reported. Users are advised to apply this update after ensuring all prior relevant errata are installed.

Red Hat has released an updated container image for Red Hat Ceph Storage 8. 1 that includes multiple security and bug fixes addressing several vulnerabilities. The update covers Red Hat Enterprise Linux versions 8. 10, 9. 5, and 9. 6 and fixes seven CVEs related to issues such as cache poisoning, parsing vulnerabilities, memory consumption, DOM clobbering, and request smuggling. Users of Red Hat Ceph Storage are advised to pull the updated container images from the Red Hat Ecosystem Catalog to apply these fixes. The advisory emphasizes ensuring all previously released errata are applied before updating. No known exploits in the wild have been reported for these vulnerabilities at this time.

Red Hat OpenShift for Windows Containers 10. 19. 0 includes security fixes addressing vulnerabilities identified as CVE-2025-22869 and CVE-2025-30204. These issues relate to Windows Server container workloads managed via OpenShift. The advisory details multiple bug fixes and improvements in the Windows Machine Config Operator and kubelet handling on Windows nodes. No known exploits are reported in the wild. The update is classified as important with a high severity level by Red Hat.