Threats Tagged 'cve-2025-9288'

Red Hat Advanced Cluster Management for Kubernetes version 2. 13. 5 includes a security update addressing multiple vulnerabilities identified by CVE-2025-7195 and related CVEs. The update provides new features, enhancements, bug fixes, and updated container images. The advisory highlights fixes for issues such as operator installation UI problems, pod crashes, race conditions in metric collection, and other stability and security improvements. No known exploits are reported in the wild. The update is classified as a moderate security advisory by Red Hat with a high severity rating in this report. Patch status is not explicitly confirmed in the advisory content, but updated container images are provided, indicating remediation is available through updating to the 2. 13. 5 release.

Red Hat OpenShift Pipelines Operator version 1. 15. 4 addresses multiple security vulnerabilities identified by CVE-2024-37890 and ten additional CVEs. This release fixes issues including inconsistent ResourceIcon colors for CRDs and other security concerns affecting the OpenShift Pipelines CI/CD platform. The advisory indicates the release is an important security update but does not provide detailed technical exploit information or CVSS scores.

Red Hat OpenShift Pipelines Operator version 1. 19. 4 addresses multiple security issues identified in previous versions, including CVE-2025-6545 and related CVEs. The release fixes several bugs and vulnerabilities affecting pipeline execution, certificate handling, permission errors, and operator stability. These issues are categorized under CWE-20 (Improper Input Validation) and CWE-78 (OS Command Injection). The advisory does not provide a CVSS score but classifies the severity as high. No known exploits are reported in the wild. The patch status is indicated by the availability of the 1. 19. 4 release, which contains the fixes.

Red Hat Advanced Cluster Management for Kubernetes version 2. 13. 5 includes a security update addressing multiple vulnerabilities. The update provides new features, enhancements, bug fixes, and updated container images. The advisory references seven CVEs, including CVE-2025-7195 and others, affecting the product. No known exploits in the wild have been reported. The update is classified as high severity. The vendor advisory does not explicitly state the patch availability status but provides updated container images as part of the release. Users are advised to apply this update after ensuring previous relevant errata are applied.

Red Hat OpenShift Pipelines Operator version 1. 15. 3 addresses multiple security vulnerabilities identified under CVE-2024-37890 and ten additional CVEs. This release fixes issues related to resource icon color consistency and other unspecified vulnerabilities affecting the OpenShift Pipelines CI/CD solution. The advisory does not provide detailed technical exploit information or confirm active exploitation in the wild. The vulnerabilities are rated as high severity by Red Hat Product Security. No CVSS score is provided for these vulnerabilities.

Improper Input Validation vulnerability in sha.js allows Input Data Manipulation.This issue affects sha.js: through 2.4.11.

CriticalVulnerabilityGermanyFranceUnited Kingdom+4#cve#cve-2025-9288#cwe-20