Threats Tagged 'cve-2025-64756'

Red Hat OpenShift Pipelines Operator version 1. 19. 4 addresses multiple security issues identified in previous versions, including CVE-2025-6545 and related CVEs. The release fixes several bugs and vulnerabilities affecting pipeline execution, certificate handling, permission errors, and operator stability. These issues are categorized under CWE-20 (Improper Input Validation) and CWE-78 (OS Command Injection). The advisory does not provide a CVSS score but classifies the severity as high. No known exploits are reported in the wild. The patch status is indicated by the availability of the 1. 19. 4 release, which contains the fixes.

Red Hat OpenShift Service Mesh 2. 6 includes Kiali 1. 73. 25, which addresses multiple security vulnerabilities. These include an unbounded recursion issue in node-forge's ASN. 1 processing (CVE-2025-66031) and a command injection vulnerability in the glob CLI via the -c/--cmd option (CVE-2025-64756). These vulnerabilities could potentially be exploited to cause denial of service or arbitrary command execution. The advisory does not explicitly state that a patch is available but references Kiali 1. 73. 25 as the fixed version.

Red Hat OpenShift Service Mesh 3. 1's Kiali component version 2. 11. 5 addresses multiple security vulnerabilities including an unbounded recursion issue in node-forge ASN. 1 processing (CVE-2025-66031) and a command injection vulnerability in the glob CLI via the -c/--cmd option (CVE-2025-64756). These vulnerabilities could potentially allow attackers to cause denial of service or execute arbitrary commands. The update to Kiali 2. 11. 5 includes fixes for these issues. The vendor advisory classifies the security impact as Moderate and does not indicate known exploits in the wild.

Red Hat OpenShift Service Mesh 3. 2 includes Kiali 2. 17. 2, which addresses multiple security vulnerabilities. These include an unbounded recursion issue in the node-forge ASN. 1 parser (CVE-2025-66031) and a command injection vulnerability in the glob CLI when using the -c/--cmd option with shell:true (CVE-2025-64756). These vulnerabilities are rated as high severity and could impact the security of the service mesh observability component. The advisory does not explicitly state that a patch is available but references Kiali 2. 17. 2 as the fixed version.

Red Hat has issued a security advisory for Kiali 2. 4. 11 used in Red Hat OpenShift Service Mesh 3. 0 addressing multiple vulnerabilities. These include an unbounded recursion issue in the node-forge ASN. 1 parser (CVE-2025-66031) and a command injection vulnerability in the glob CLI via the -c/--cmd option (CVE-2025-64756). The vulnerabilities affect the kiali-ossmc-rhel9 and kiali-rhel9 components. The advisory classifies the severity as high but does not provide a CVSS score or explicit patch details. No known exploits in the wild have been reported. The advisory references updated documentation for Kiali 2.

This advisory concerns the Red Hat Trusted Artifact Signer (RHTAS) Operator versions compatible with OpenShift Container Platform 4. 15 through 4. 19. It references multiple CVEs including CVE-2025-64756 and others, indicating several vulnerabilities related to this product. The advisory does not provide details on specific fixes or patches for these vulnerabilities. RHTAS is a self-managed on-premise deployment of the Sigstore project used to cryptographically sign and verify software artifacts to ensure supply chain integrity. No known exploits in the wild have been reported. The vendor advisory does not explicitly state that a patch or fix is available for these vulnerabilities.

The Red Hat Trusted Artifact Signer (RHTAS) Operator version 1. 3. 2 is associated with multiple security vulnerabilities identified by CVE-2025-61729 and 11 additional CVEs. It is designed for use with OpenShift Container Platform versions 4. 16 through 4. 20 and facilitates cryptographic signing and verification of software artifacts. The advisory does not specify any fixes or patches for these vulnerabilities. The product is a self-managed on-premise deployment of the Sigstore project, aimed at ensuring software supply chain integrity. No known exploits are reported in the wild at this time.

Red Hat Developer Hub (RHDH) version 1. 7. 4 addresses multiple security vulnerabilities identified under CVE-2025-12816 and related CVEs. RHDH is an enterprise-grade, self-managed developer portal based on Backstage. io, supporting Kubernetes clusters such as OpenShift, AKS, EKS, and GKE. The advisory indicates the release of RHDH 1. 7. 4 as a security update but does not specify individual vulnerability details or exploitation methods. No known exploits are reported in the wild. Patch status is not explicitly confirmed in the advisory, and no direct fixes are listed, suggesting users should consult the vendor advisory for current remediation guidance.

CVE-2024-5642 concerns Red Hat Discovery, a tool that inspects and reports environment data such as system counts, operating systems, and configuration details within a network. The advisory identifies this as a high-severity vulnerability affecting multiple Red Hat Discovery versions and related products. The vendor advisory does not indicate any available patches or fixes at this time. No known exploits are reported in the wild. The vulnerability is part of a broader advisory covering multiple CVEs related to Red Hat Discovery and subscription management tools.

Red Hat Developer Hub (RHDH) version 1. 8. 2 addresses multiple security vulnerabilities identified by CVE-2025-15284, CVE-2025-64756, and CVE-2025-65945. RHDH is an enterprise-grade, self-managed developer portal based on Backstage. io, supporting Kubernetes clusters such as OpenShift, AKS, EKS, and GKE. The advisory notes these vulnerabilities but does not provide details on fixes or patches in the published advisory. No known exploits are reported in the wild. The vulnerabilities relate to issues categorized under CWE-770 (Allocation of Resources Without Limits or Throttling), CWE-78 (OS Command Injection), and CWE-347 (Improper Verification of Cryptographic Signature).