Threats Tagged 'cve-2025-62718'

Red Hat Developer Hub (RHDH) version 1. 9. 4 addresses multiple critical security vulnerabilities affecting its enterprise-grade developer portal platform. RHDH is a self-managed, customizable portal based on Backstage. io, supporting major Kubernetes clusters. The advisory references 25 CVEs including CVE-2025-62718 and others, indicating a broad set of security issues. The vendor has released RHDH 1. 9. 4 to fix these vulnerabilities. No known exploits are reported in the wild at this time.

Multiple security vulnerabilities have been identified in Red Hat's Network Observability 1. 11. 2 for OpenShift, a network flows collector and monitoring solution. The advisory references 13 CVEs including CVE-2025-62718 and others, with a high severity rating. No known exploits are reported in the wild. The vendor advisory does not explicitly state that a fix is available and does not list any patches. The advisory provides guidance on applying updates but does not confirm remediation status. The product is not a cloud service, so remediation depends on user action. The vulnerabilities involve a range of CWEs indicating issues such as improper input validation and potential code execution risks. No specific affected countries are identified.

Red Hat Advanced Cluster Security for Kubernetes (RHACS) version 4. 9. 7 includes multiple security and bug fixes addressing a set of vulnerabilities identified by CVE-2025-62718 and nine additional CVEs. The advisory highlights an important security update that resolves inconsistencies in CVE severity and fixes several security issues across components. Users of earlier RHACS versions are advised to upgrade to 4. 9. 7 to benefit from these patches. No known exploits in the wild have been reported for these vulnerabilities at this time.

Red Hat Streams for Apache Kafka, based on the Apache Kafka project, offers a distributed backbone that allows microservices and other applications to share data with extremely high throughput and extremely low latency. This release of Red Hat Streams for Apache Kafka 3.2.0 serves as a replacement for Red Hat Streams for Apache Kafka 3.1.0, and includes security and bug fixes, and enhancements. Security Fix(es): * Drain Cleaner, Kafks Exporter - Eclipse Vert.x Web static handler file access denial [amq-st-3.2]"(CVE-2026-1002)" * Drain Cleaner, Kroxylicous - Netty denial of service[amqst-3.2]"(CVE-2026-33871)" * Drain Cleaner, Kroxylicous - Netty request smuggling attacks[amqst-3.2]"(CVE-2026-33870)" * Cruise Control - jose4j denial of service [amqst-3.2]"(CVE-2024-29371)" * Kafka Exporter - golang-github-danielqsj-kafka_exporter: Memory exhaustion in query parameter parsing in net/url [amq-st-3.2]"(CVE-2025-61726)" * Kafka Exporter - golang-github-danielqsj-kafka_exporter: golang: Denial of Service due to excessive resource consumption via crafted certificate [amq-st-3.2]"(CVE-2025-61729)" * Kafka Exporter - golang-github-danielqsj-kafka_exporter: Unexpected session resumption in crypto/tls [amqst-3.2]"(CVE-2025-68121)" * console UI - Next.js Server-Side Request Forgery in Server Actions [amqst-3.2]"(CVE-2024-34351)" * console UI - com.github.streamshub-console: Next.js: Unbounded next/image disk cache growth can exhaust storage[amqst-3.2]"(CVE-2026-27980)" * console UI - Axios: Server-Side Request Forgery and proxy bypass due to improper hostname normalization [amqst-3.2]"(CVE-2025-62718)" * console UI - React Server Components: Denial of Service via specially crafted HTTP requests [amqst-3.2]"(CVE-2026-23864)" * console UI - Axios: Remote Code Execution via Prototype Pollution escalation [amqst-3.2]"(CVE-2026-40175)" * console UI - lodash: Arbitrary code execution via untrusted input in template imports [amqst-3.2]"(CVE-2026-4800)"

Red Hat Discovery is a tool used to inspect and report environment data such as system counts, operating systems, and configuration details within a network. The advisory references multiple CVEs including CVE-2025-62718 affecting Red Hat Discovery and related products. The vendor advisory does not indicate any available fixes or patches for these vulnerabilities as of the publication date. No known exploits are reported in the wild. The severity is assessed as high based on the advisory metadata, but detailed impact specifics are not provided. The advisory suggests installing containers via discovery-installer RPM but does not explicitly state this as a remediation for the vulnerabilities. No geographic targeting is indicated. Patch status is not confirmed; users should consult the official Red Hat advisory for updates.

Red Hat OpenShift Dev Spaces 3. 27. 1 is a cloud developer workspace server and browser-based IDE designed for container-based development on OpenShift. The 3. 27 release introduces support for devfile v2. 1 and v2. 2 standards, urging users to migrate from the deprecated v1 standard. This advisory references multiple CVEs, including CVE-2025-61728, indicating a collection of vulnerabilities affecting this product version. No specific fixes or patches are detailed in the advisory, and users are encouraged to update to supported OpenShift releases (v4. 16 and higher) to continue receiving updates.

Red Hat OpenShift AI version 3. 3. 3 addresses multiple critical security vulnerabilities identified by CVE-2025-6242 and 45 additional CVEs. The advisory announces updated container images for Red Hat OpenShift AI to mitigate these issues. No specific technical details or fixes for individual CVEs are provided in the advisory content. There are no known exploits in the wild at the time of publication. The vendor has released updated images and documentation to guide users on upgrading their clusters to apply the errata update. Patch status is not explicitly confirmed in the advisory, and no direct patch links are provided. Users should consult the official Red Hat documentation for upgrade instructions and remediation details. The vulnerabilities collectively are rated critical in severity.

Red Hat OpenShift Service Mesh 3. 1's Kiali component version 2. 11. 9 addresses multiple critical security vulnerabilities affecting various third-party libraries and components. These include server-side request forgery and proxy bypass, denial of service, prototype pollution leading to remote code execution, authorization bypass, and arbitrary code execution. The advisory covers eight CVEs impacting dependencies such as Axios, lodash, gRPC-Go, Immutable. js, SVGO, Go JOSE, and net/url parsing. Red Hat has released this updated Kiali version to remediate these issues. No known exploits in the wild have been reported at this time.