Vulnerability-Lookup

CVE-2025-66031 (GCVE-0-2025-66031)

Vulnerability from cvelistv5 – Published: 2025-11-26 22:23 – Updated: 2025-11-28 18:27

Title

node-forge ASN.1 Unbounded Recursion

Summary

Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. An Uncontrolled Recursion vulnerability in node-forge versions 1.3.1 and below enables remote, unauthenticated attackers to craft deep ASN.1 structures that trigger unbounded recursive parsing. This leads to a Denial-of-Service (DoS) via stack exhaustion when parsing untrusted DER inputs. This issue has been patched in version 1.3.2.

Severity

8.7 (High)


                        
                          CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

SSVC

Exploitation: none Automatable: yes Technical Impact: partial

CISA Coordinator (v2.0.3)

CWE

CWE-674 - Uncontrolled Recursion

Assigner

GitHub_M

References

2 references

URL	Tags
https://github.com/digitalbazaar/forge/security/a…	x_refsource_CONFIRM
https://github.com/digitalbazaar/forge/commit/260…	x_refsource_MISC

Impacted products

1 product

Vendor	Product	Version
digitalbazaar	forge	Affected: < 1.3.2

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-66031",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-11-28T18:26:11.800439Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-11-28T18:27:06.242Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "forge",
          "vendor": "digitalbazaar",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 1.3.2"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. An Uncontrolled Recursion vulnerability in node-forge versions 1.3.1 and below enables remote, unauthenticated attackers to craft deep ASN.1 structures that trigger unbounded recursive parsing. This leads to a Denial-of-Service (DoS) via stack exhaustion when parsing untrusted DER inputs. This issue has been patched in version 1.3.2."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 8.7,
            "baseSeverity": "HIGH",
            "privilegesRequired": "NONE",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "NONE",
            "vulnIntegrityImpact": "NONE"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-674",
              "description": "CWE-674: Uncontrolled Recursion",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-11-26T22:23:26.013Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/digitalbazaar/forge/security/advisories/GHSA-554w-wpv2-vw27",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/digitalbazaar/forge/security/advisories/GHSA-554w-wpv2-vw27"
        },
        {
          "name": "https://github.com/digitalbazaar/forge/commit/260425c6167a38aae038697132483b5517b26451",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/digitalbazaar/forge/commit/260425c6167a38aae038697132483b5517b26451"
        }
      ],
      "source": {
        "advisory": "GHSA-554w-wpv2-vw27",
        "discovery": "UNKNOWN"
      },
      "title": "node-forge ASN.1 Unbounded Recursion"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2025-66031",
    "datePublished": "2025-11-26T22:23:26.013Z",
    "dateReserved": "2025-11-21T01:08:02.614Z",
    "dateUpdated": "2025-11-28T18:27:06.242Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2025-66031",
      "date": "2026-06-03",
      "epss": "0.00056",
      "percentile": "0.1787"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2025-66031\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2025-11-26T23:15:49.397\",\"lastModified\":\"2025-12-06T00:22:18.840\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. An Uncontrolled Recursion vulnerability in node-forge versions 1.3.1 and below enables remote, unauthenticated attackers to craft deep ASN.1 structures that trigger unbounded recursive parsing. This leads to a Denial-of-Service (DoS) via stack exhaustion when parsing untrusted DER inputs. This issue has been patched in version 1.3.2.\"}],\"metrics\":{\"cvssMetricV40\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"4.0\",\"vectorString\":\"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X\",\"baseScore\":8.7,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"attackRequirements\":\"NONE\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"vulnConfidentialityImpact\":\"NONE\",\"vulnIntegrityImpact\":\"NONE\",\"vulnAvailabilityImpact\":\"HIGH\",\"subConfidentialityImpact\":\"NONE\",\"subIntegrityImpact\":\"NONE\",\"subAvailabilityImpact\":\"NONE\",\"exploitMaturity\":\"NOT_DEFINED\",\"confidentialityRequirement\":\"NOT_DEFINED\",\"integrityRequirement\":\"NOT_DEFINED\",\"availabilityRequirement\":\"NOT_DEFINED\",\"modifiedAttackVector\":\"NOT_DEFINED\",\"modifiedAttackComplexity\":\"NOT_DEFINED\",\"modifiedAttackRequirements\":\"NOT_DEFINED\",\"modifiedPrivilegesRequired\":\"NOT_DEFINED\",\"modifiedUserInteraction\":\"NOT_DEFINED\",\"modifiedVulnConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedVulnIntegrityImpact\":\"NOT_DEFINED\",\"modifiedVulnAvailabilityImpact\":\"NOT_DEFINED\",\"modifiedSubConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedSubIntegrityImpact\":\"NOT_DEFINED\",\"modifiedSubAvailabilityImpact\":\"NOT_DEFINED\",\"Safety\":\"NOT_DEFINED\",\"Automatable\":\"NOT_DEFINED\",\"Recovery\":\"NOT_DEFINED\",\"valueDensity\":\"NOT_DEFINED\",\"vulnerabilityResponseEffort\":\"NOT_DEFINED\",\"providerUrgency\":\"NOT_DEFINED\"}}],\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-674\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:digitalbazaar:forge:*:*:*:*:*:node.js:*:*\",\"versionEndExcluding\":\"1.3.2\",\"matchCriteriaId\":\"FCE34820-051A-4D02-AB4B-DB03886D53CF\"}]}]}],\"references\":[{\"url\":\"https://github.com/digitalbazaar/forge/commit/260425c6167a38aae038697132483b5517b26451\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/digitalbazaar/forge/security/advisories/GHSA-554w-wpv2-vw27\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Vendor Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-66031\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-11-28T18:26:11.800439Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-11-28T18:26:46.170Z\"}}], \"cna\": {\"title\": \"node-forge ASN.1 Unbounded Recursion\", \"source\": {\"advisory\": \"GHSA-554w-wpv2-vw27\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"cvssV4_0\": {\"version\": \"4.0\", \"baseScore\": 8.7, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"attackRequirements\": \"NONE\", \"privilegesRequired\": \"NONE\", \"subIntegrityImpact\": \"NONE\", \"vulnIntegrityImpact\": \"NONE\", \"subAvailabilityImpact\": \"NONE\", \"vulnAvailabilityImpact\": \"HIGH\", \"subConfidentialityImpact\": \"NONE\", \"vulnConfidentialityImpact\": \"NONE\"}}], \"affected\": [{\"vendor\": \"digitalbazaar\", \"product\": \"forge\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003c 1.3.2\"}]}], \"references\": [{\"url\": \"https://github.com/digitalbazaar/forge/security/advisories/GHSA-554w-wpv2-vw27\", \"name\": \"https://github.com/digitalbazaar/forge/security/advisories/GHSA-554w-wpv2-vw27\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://github.com/digitalbazaar/forge/commit/260425c6167a38aae038697132483b5517b26451\", \"name\": \"https://github.com/digitalbazaar/forge/commit/260425c6167a38aae038697132483b5517b26451\", \"tags\": [\"x_refsource_MISC\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. An Uncontrolled Recursion vulnerability in node-forge versions 1.3.1 and below enables remote, unauthenticated attackers to craft deep ASN.1 structures that trigger unbounded recursive parsing. This leads to a Denial-of-Service (DoS) via stack exhaustion when parsing untrusted DER inputs. This issue has been patched in version 1.3.2.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-674\", \"description\": \"CWE-674: Uncontrolled Recursion\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2025-11-26T22:23:26.013Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2025-66031\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-11-28T18:27:06.242Z\", \"dateReserved\": \"2025-11-21T01:08:02.614Z\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"datePublished\": \"2025-11-26T22:23:26.013Z\", \"assignerShortName\": \"GitHub_M\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }
  }
}

MSRC_CVE-2025-66031

Vulnerability from csaf_microsoft - Published: 2025-11-02 00:00 - Updated: 2025-12-04 14:36

Summary

node-forge ASN.1 Unbounded Recursion

Notes

Additional Resources: To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle

Disclaimer: The information provided in the Microsoft Knowledge Base is provided \"as is\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.

CVE-2025-66031

CWE-674 - Uncontrolled Recursion

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Unresolved product id: 20124-17086		—

Known affected 1 product

Product	Identifier	Version	Remediation
Unresolved product id: 17086-1		—	Vendor Fix fix

Known not affected 1 product

Product	Identifier	Version	Remediation
Unresolved product id: 17084-2		—

References

4 references

URL	Category
https://msrc.microsoft.com/csaf/vex/2025/msrc_cve…	self
https://support.microsoft.com/lifecycle	external
https://www.first.org/cvss	external
https://msrc.microsoft.com/csaf/vex/2025/msrc_cve…	self

JSON

To clipboard

{
  "document": {
    "category": "csaf_vex",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Public",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en-US",
    "notes": [
      {
        "category": "general",
        "text": "To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle",
        "title": "Additional Resources"
      },
      {
        "category": "legal_disclaimer",
        "text": "The information provided in the Microsoft Knowledge Base is provided \\\"as is\\\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.",
        "title": "Disclaimer"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "secure@microsoft.com",
      "name": "Microsoft Security Response Center",
      "namespace": "https://msrc.microsoft.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "CVE-2025-66031 node-forge ASN.1 Unbounded Recursion - VEX",
        "url": "https://msrc.microsoft.com/csaf/vex/2025/msrc_cve-2025-66031.json"
      },
      {
        "category": "external",
        "summary": "Microsoft Support Lifecycle",
        "url": "https://support.microsoft.com/lifecycle"
      },
      {
        "category": "external",
        "summary": "Common Vulnerability Scoring System",
        "url": "https://www.first.org/cvss"
      }
    ],
    "title": "node-forge ASN.1 Unbounded Recursion",
    "tracking": {
      "current_release_date": "2025-12-04T14:36:01.000Z",
      "generator": {
        "date": "2025-12-04T20:04:19.042Z",
        "engine": {
          "name": "MSRC Generator",
          "version": "1.0"
        }
      },
      "id": "msrc_CVE-2025-66031",
      "initial_release_date": "2025-11-02T00:00:00.000Z",
      "revision_history": [
        {
          "date": "2025-11-29T01:03:13.000Z",
          "legacy_version": "1",
          "number": "1",
          "summary": "Information published."
        },
        {
          "date": "2025-12-02T01:35:26.000Z",
          "legacy_version": "2",
          "number": "2",
          "summary": "Information published."
        },
        {
          "date": "2025-12-04T14:36:01.000Z",
          "legacy_version": "3",
          "number": "3",
          "summary": "Information published."
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "3.0",
                "product": {
                  "name": "Azure Linux 3.0",
                  "product_id": "17084"
                }
              },
              {
                "category": "product_version",
                "name": "2.0",
                "product": {
                  "name": "CBL Mariner 2.0",
                  "product_id": "17086"
                }
              }
            ],
            "category": "product_name",
            "name": "Azure Linux"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003ccbl2 reaper 3.1.1-19",
                "product": {
                  "name": "\u003ccbl2 reaper 3.1.1-19",
                  "product_id": "1"
                }
              },
              {
                "category": "product_version",
                "name": "cbl2 reaper 3.1.1-19",
                "product": {
                  "name": "cbl2 reaper 3.1.1-19",
                  "product_id": "20124"
                }
              }
            ],
            "category": "product_name",
            "name": "reaper"
          },
          {
            "category": "product_name",
            "name": "azl3 python-tensorboard 2.16.2-6",
            "product": {
              "name": "azl3 python-tensorboard 2.16.2-6",
              "product_id": "2"
            }
          }
        ],
        "category": "vendor",
        "name": "Microsoft"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "azl3 python-tensorboard 2.16.2-6 as a component of Azure Linux 3.0",
          "product_id": "17084-2"
        },
        "product_reference": "2",
        "relates_to_product_reference": "17084"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "\u003ccbl2 reaper 3.1.1-19 as a component of CBL Mariner 2.0",
          "product_id": "17086-1"
        },
        "product_reference": "1",
        "relates_to_product_reference": "17086"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cbl2 reaper 3.1.1-19 as a component of CBL Mariner 2.0",
          "product_id": "20124-17086"
        },
        "product_reference": "20124",
        "relates_to_product_reference": "17086"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2025-66031",
      "cwe": {
        "id": "CWE-674",
        "name": "Uncontrolled Recursion"
      },
      "flags": [
        {
          "label": "component_not_present",
          "product_ids": [
            "17084-2"
          ]
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "GitHub_M",
          "title": "Assigning CNA"
        }
      ],
      "product_status": {
        "fixed": [
          "20124-17086"
        ],
        "known_affected": [
          "17086-1"
        ],
        "known_not_affected": [
          "17084-2"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-66031 node-forge ASN.1 Unbounded Recursion - VEX",
          "url": "https://msrc.microsoft.com/csaf/vex/2025/msrc_cve-2025-66031.json"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2025-11-29T01:03:13.000Z",
          "details": "3.1.1-21:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade",
          "product_ids": [
            "17086-1"
          ],
          "url": "https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade"
        }
      ],
      "title": "node-forge ASN.1 Unbounded Recursion"
    }
  ]
}

NCSC-2026-0079

Vulnerability from csaf_ncscnl - Published: 2026-03-10 12:39 - Updated: 2026-03-10 12:39

Summary

Kwetsbaarheden verholpen in Siemens producten

Notes

The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions: NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein. NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory. This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings.

Feiten: Siemens heeft kwetsbaarheden verholpen in diverse producten als Heliox, Ruggedcom, SICAM, SIDIS en SIMATIC.

Interpretaties: De kwetsbaarheden stellen een kwaadwillende mogelijk in staat aanvallen uit te voeren die kunnen leiden tot de volgende categorieën schade: - Denial-of-Service (DoS) - Manipulatie van gegevens - Omzeilen van een beveiligingsmaatregel - (Remote) code execution (root/admin rechten) - Toegang tot systeemgegevens - Verhogen van rechten Voor succesvol misbruik van de genoemde kwetsbaarheden moet de kwaadwillende toegang hebben tot de productie-omgeving. Het is goed gebruik een dergelijke omgeving niet publiek toegankelijk te hebben.

Oplossingen: Siemens heeft beveiligingsupdates uitgebracht om de kwetsbaarheden te verhelpen. Voor de kwetsbaarheden waar nog geen updates voor zijn, heeft Siemens mitigerende maatregelen gepubliceerd om de risico's zoveel als mogelijk te beperken. Zie de bijgevoegde referenties voor meer informatie.

Kans: medium

Schade: high

CWE-20: Improper Input Validation

CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CWE-23: Relative Path Traversal

CWE-73: External Control of File Name or Path

CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CWE-121: Stack-based Buffer Overflow

CWE-125: Out-of-bounds Read

CWE-130: Improper Handling of Length Parameter Inconsistency

CWE-134: Use of Externally-Controlled Format String

CWE-179: Incorrect Behavior Order: Early Validation

CWE-184: Incomplete List of Disallowed Inputs

CWE-190: Integer Overflow or Wraparound

CWE-197: Numeric Truncation Error

CWE-200: Exposure of Sensitive Information to an Unauthorized Actor

CWE-201: Insertion of Sensitive Information Into Sent Data

CWE-203: Observable Discrepancy

CWE-208: Observable Timing Discrepancy

CWE-284: Improper Access Control

CWE-288: Authentication Bypass Using an Alternate Path or Channel

CWE-295: Improper Certificate Validation

CWE-330: Use of Insufficiently Random Values

CWE-359: Exposure of Private Personal Information to an Unauthorized Actor

CWE-400: Uncontrolled Resource Consumption

CWE-404: Improper Resource Shutdown or Release

CWE-436: Interpretation Conflict

CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')

CWE-674: Uncontrolled Recursion

CWE-770: Allocation of Resources Without Limits or Throttling

CWE-787: Out-of-bounds Write

CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop')

CWE-923: Improper Restriction of Communication Channel to Intended Endpoints

CWE-937: CWE-937

CWE-940: Improper Verification of Source of a Communication Channel

CWE-1035: CWE-1035

CWE-1321: Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

CWE-1333: Inefficient Regular Expression Complexity

CVE-2024-29857

Multiple vulnerabilities across Oracle products, including Utilities Application Framework, Fusion Middleware, and WebLogic Server, allow unauthenticated attackers to execute denial of service attacks, with CVSS scores of 7.5 and varying damage ratings.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-20 - Improper Input Validation

Affected products

Known affected 126 products

Product	Identifier	Version	Remediation
vers:unknown/* Siemens / Heliox Flex 180 kW EV Charging Station		vers:unknown/*
vers:unknown/* Siemens / Heliox Mobile DC 40 kW EV Charging Station		vers:unknown/*
vers:unknown/* Siemens / RUGGEDCOM APE1808		vers:unknown/*
vers:unknown/* Siemens / SICAM SIAPP SDK		vers:unknown/*
vers:unknown/* Siemens / SIDIS Prime		vers:unknown/*
vers:unknown/* Siemens / SIMATIC Drive Controller CPU 1504D TF (6ES7615-4DF10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC Drive Controller CPU 1507D TF (6ES7615-7DF10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1510SP F-1 PN (6ES7510-1SJ01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1510SP F-1 PN (6ES7510-1SK03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1510SP-1 PN (6ES7510-1DJ01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1510SP-1 PN (6ES7510-1DK03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1512SP F-1 PN (6ES7512-1SK01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1512SP F-1 PN (6ES7512-1SM03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1512SP-1 PN (6ES7512-1DK01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1512SP-1 PN (6ES7512-1DM03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1514SP F-2 PN (6ES7514-2SN03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1514SP-2 PN (6ES7514-2DN03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1514SPT F-2 PN (6ES7514-2WN03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1514SPT-2 PN (6ES7514-2VN03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) V2 CPUs - Windows OS		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) V3 CPUs - Industrial OS		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) V3 CPUs - Windows OS		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP Open Controller CPU 1515SP PC3 (incl. SIPLUS variants) V2 CPUs - Windows OS		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP Open Controller CPU 1515SP PC3 (incl. SIPLUS variants) V3 CPUs - Industrial OS		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP Open Controller CPU 1515SP PC3 (incl. SIPLUS variants) V3 CPUs - Windows OS		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511-1 PN (6ES7511-1AK00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511-1 PN (6ES7511-1AK01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511-1 PN (6ES7511-1AK02-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511-1 PN (6ES7511-1AL03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511C-1 PN (6ES7511-1CK00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511C-1 PN (6ES7511-1CK01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511C-1 PN (6ES7511-1CL03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511F-1 PN (6ES7511-1FK01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511F-1 PN (6ES7511-1FK02-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511F-1 PN (6ES7511-1FL03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511T-1 PN (6ES7511-1TK01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511T-1 PN (6ES7511-1TL03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511TF-1 PN (6ES7511-1UK01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511TF-1 PN (6ES7511-1UL03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1512C-1 PN (6ES7512-1CK00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1512C-1 PN (6ES7512-1CK01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1512C-1 PN (6ES7512-1CM03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1513-1 PN (6ES7513-1AL01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1513-1 PN (6ES7513-1AL02-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1513-1 PN (6ES7513-1AM03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1513F-1 PN (6ES7513-1FL01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1513F-1 PN (6ES7513-1FL02-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1513F-1 PN (6ES7513-1FM03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1513R-1 PN (6ES7513-1RL00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1513R-1 PN (6ES7513-1RM03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1513pro F-2 PN (6ES7513-2GM03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1513pro-2 PN (6ES7513-2PM03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515-2 PN (6ES7515-2AM01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515-2 PN (6ES7515-2AM02-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515-2 PN (6ES7515-2AN03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515F-2 PN (6ES7515-2FM01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515F-2 PN (6ES7515-2FM02-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515F-2 PN (6ES7515-2FN03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515R-2 PN (6ES7515-2RM00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515R-2 PN (6ES7515-2RN03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515T-2 PN (6ES7515-2TM01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515T-2 PN (6ES7515-2TN03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515TF-2 PN (6ES7515-2UM01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515TF-2 PN (6ES7515-2UN03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516-3 PN/DP (6ES7516-3AN01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516-3 PN/DP (6ES7516-3AN02-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516-3 PN/DP (6ES7516-3AP03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516F-3 PN/DP (6ES7516-3FN01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516F-3 PN/DP (6ES7516-3FN02-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516F-3 PN/DP (6ES7516-3FP03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516T-3 PN (6ES7516-3TP10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516T-3 PN/DP (6ES7516-3TN00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516TF-3 PN (6ES7516-3UP10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516TF-3 PN/DP (6ES7516-3UN00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516pro F-2 PN (6ES7516-2GP03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516pro-2 PN (6ES7516-2PP03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517-3 PN (6ES7517-3AQ10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517-3 PN/DP (6ES7517-3AP00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517F-3 PN (6ES7517-3FQ10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517F-3 PN/DP (6ES7517-3FP00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517F-3 PN/DP (6ES7517-3FP01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517H-3 PN (6ES7517-3HP00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517H-4 PN (6ES7517-4HQ10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517T-3 PN (6ES7517-3TQ10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517T-3 PN/DP (6ES7517-3TP00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517TF-3 PN (6ES7517-3UQ10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517TF-3 PN/DP (6ES7517-3UP00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518-3 PN (6ES7518-3AT10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP (6ES7518-4AP00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518F-3 PN (6ES7518-3FT10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP (6ES7518-4FP00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518HF-4 PN (6ES7518-4JP00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518HF-4 PN (6ES7518-4JT10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518T-3 PN (6ES7518-3TT10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518T-4 PN/DP (6ES7518-4TP00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518TF-3 PN (6ES7518-3UT10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518TF-4 PN/DP (6ES7518-4UP00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU S7-1518-4 PN/DP ODK (6ES7518-4AP00-3AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU S7-1518F-4 PN/DP ODK (6ES7518-4FP00-3AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 ET 200pro: CPU 1513PRO F-2 PN (6ES7513-2GL00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 ET 200pro: CPU 1513PRO-2 PN (6ES7513-2PL00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 ET 200pro: CPU 1516PRO F-2 PN (6ES7516-2GN00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 ET 200pro: CPU 1516PRO-2 PN (6ES7516-2PN00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1507S F V2		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1507S F V3		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1507S F V4		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1507S V2		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1507S V3		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1507S V4		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1508S F V2		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1508S F V3		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1508S F V4		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1508S T V3		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1508S TF V3		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1508S V2		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1508S V3		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1508S V4		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller Linux V2		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller Linux V3		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-PLCSIM Advanced		vers:unknown/*

CVE-2024-30171

Multiple vulnerabilities across Oracle Utilities, WebLogic Server, and Bouncy Castle libraries allow for denial of service attacks and sensitive data leakage through timing side-channel exploits.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-208 - Observable Timing Discrepancy

Affected products

Known affected 126 products

Product	Identifier	Version	Remediation
vers:unknown/* Siemens / Heliox Flex 180 kW EV Charging Station		vers:unknown/*
vers:unknown/* Siemens / Heliox Mobile DC 40 kW EV Charging Station		vers:unknown/*
vers:unknown/* Siemens / RUGGEDCOM APE1808		vers:unknown/*
vers:unknown/* Siemens / SICAM SIAPP SDK		vers:unknown/*
vers:unknown/* Siemens / SIDIS Prime		vers:unknown/*
vers:unknown/* Siemens / SIMATIC Drive Controller CPU 1504D TF (6ES7615-4DF10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC Drive Controller CPU 1507D TF (6ES7615-7DF10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1510SP F-1 PN (6ES7510-1SJ01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1510SP F-1 PN (6ES7510-1SK03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1510SP-1 PN (6ES7510-1DJ01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1510SP-1 PN (6ES7510-1DK03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1512SP F-1 PN (6ES7512-1SK01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1512SP F-1 PN (6ES7512-1SM03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1512SP-1 PN (6ES7512-1DK01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1512SP-1 PN (6ES7512-1DM03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1514SP F-2 PN (6ES7514-2SN03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1514SP-2 PN (6ES7514-2DN03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1514SPT F-2 PN (6ES7514-2WN03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1514SPT-2 PN (6ES7514-2VN03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) V2 CPUs - Windows OS		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) V3 CPUs - Industrial OS		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) V3 CPUs - Windows OS		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP Open Controller CPU 1515SP PC3 (incl. SIPLUS variants) V2 CPUs - Windows OS		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP Open Controller CPU 1515SP PC3 (incl. SIPLUS variants) V3 CPUs - Industrial OS		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP Open Controller CPU 1515SP PC3 (incl. SIPLUS variants) V3 CPUs - Windows OS		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511-1 PN (6ES7511-1AK00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511-1 PN (6ES7511-1AK01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511-1 PN (6ES7511-1AK02-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511-1 PN (6ES7511-1AL03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511C-1 PN (6ES7511-1CK00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511C-1 PN (6ES7511-1CK01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511C-1 PN (6ES7511-1CL03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511F-1 PN (6ES7511-1FK01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511F-1 PN (6ES7511-1FK02-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511F-1 PN (6ES7511-1FL03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511T-1 PN (6ES7511-1TK01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511T-1 PN (6ES7511-1TL03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511TF-1 PN (6ES7511-1UK01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511TF-1 PN (6ES7511-1UL03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1512C-1 PN (6ES7512-1CK00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1512C-1 PN (6ES7512-1CK01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1512C-1 PN (6ES7512-1CM03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1513-1 PN (6ES7513-1AL01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1513-1 PN (6ES7513-1AL02-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1513-1 PN (6ES7513-1AM03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1513F-1 PN (6ES7513-1FL01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1513F-1 PN (6ES7513-1FL02-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1513F-1 PN (6ES7513-1FM03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1513R-1 PN (6ES7513-1RL00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1513R-1 PN (6ES7513-1RM03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1513pro F-2 PN (6ES7513-2GM03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1513pro-2 PN (6ES7513-2PM03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515-2 PN (6ES7515-2AM01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515-2 PN (6ES7515-2AM02-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515-2 PN (6ES7515-2AN03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515F-2 PN (6ES7515-2FM01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515F-2 PN (6ES7515-2FM02-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515F-2 PN (6ES7515-2FN03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515R-2 PN (6ES7515-2RM00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515R-2 PN (6ES7515-2RN03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515T-2 PN (6ES7515-2TM01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515T-2 PN (6ES7515-2TN03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515TF-2 PN (6ES7515-2UM01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515TF-2 PN (6ES7515-2UN03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516-3 PN/DP (6ES7516-3AN01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516-3 PN/DP (6ES7516-3AN02-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516-3 PN/DP (6ES7516-3AP03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516F-3 PN/DP (6ES7516-3FN01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516F-3 PN/DP (6ES7516-3FN02-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516F-3 PN/DP (6ES7516-3FP03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516T-3 PN (6ES7516-3TP10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516T-3 PN/DP (6ES7516-3TN00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516TF-3 PN (6ES7516-3UP10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516TF-3 PN/DP (6ES7516-3UN00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516pro F-2 PN (6ES7516-2GP03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516pro-2 PN (6ES7516-2PP03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517-3 PN (6ES7517-3AQ10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517-3 PN/DP (6ES7517-3AP00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517F-3 PN (6ES7517-3FQ10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517F-3 PN/DP (6ES7517-3FP00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517F-3 PN/DP (6ES7517-3FP01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517H-3 PN (6ES7517-3HP00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517H-4 PN (6ES7517-4HQ10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517T-3 PN (6ES7517-3TQ10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517T-3 PN/DP (6ES7517-3TP00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517TF-3 PN (6ES7517-3UQ10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517TF-3 PN/DP (6ES7517-3UP00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518-3 PN (6ES7518-3AT10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP (6ES7518-4AP00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518F-3 PN (6ES7518-3FT10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP (6ES7518-4FP00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518HF-4 PN (6ES7518-4JP00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518HF-4 PN (6ES7518-4JT10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518T-3 PN (6ES7518-3TT10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518T-4 PN/DP (6ES7518-4TP00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518TF-3 PN (6ES7518-3UT10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518TF-4 PN/DP (6ES7518-4UP00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU S7-1518-4 PN/DP ODK (6ES7518-4AP00-3AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU S7-1518F-4 PN/DP ODK (6ES7518-4FP00-3AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 ET 200pro: CPU 1513PRO F-2 PN (6ES7513-2GL00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 ET 200pro: CPU 1513PRO-2 PN (6ES7513-2PL00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 ET 200pro: CPU 1516PRO F-2 PN (6ES7516-2GN00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 ET 200pro: CPU 1516PRO-2 PN (6ES7516-2PN00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1507S F V2		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1507S F V3		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1507S F V4		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1507S V2		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1507S V3		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1507S V4		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1508S F V2		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1508S F V3		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1508S F V4		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1508S T V3		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1508S TF V3		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1508S V2		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1508S V3		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1508S V4		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller Linux V2		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller Linux V3		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-PLCSIM Advanced		vers:unknown/*

CVE-2024-30172

Multiple vulnerabilities across Oracle Utilities Application Framework, WebLogic Server, and Business Intelligence Enterprise Edition, as well as Bouncy Castle libraries, allow unauthenticated attackers to induce denial of service, with CVSS scores of 7.5 for Oracle products.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')

Affected products

Known affected 126 products

Product	Identifier	Version	Remediation
vers:unknown/* Siemens / Heliox Flex 180 kW EV Charging Station		vers:unknown/*
vers:unknown/* Siemens / Heliox Mobile DC 40 kW EV Charging Station		vers:unknown/*
vers:unknown/* Siemens / RUGGEDCOM APE1808		vers:unknown/*
vers:unknown/* Siemens / SICAM SIAPP SDK		vers:unknown/*
vers:unknown/* Siemens / SIDIS Prime		vers:unknown/*
vers:unknown/* Siemens / SIMATIC Drive Controller CPU 1504D TF (6ES7615-4DF10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC Drive Controller CPU 1507D TF (6ES7615-7DF10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1510SP F-1 PN (6ES7510-1SJ01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1510SP F-1 PN (6ES7510-1SK03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1510SP-1 PN (6ES7510-1DJ01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1510SP-1 PN (6ES7510-1DK03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1512SP F-1 PN (6ES7512-1SK01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1512SP F-1 PN (6ES7512-1SM03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1512SP-1 PN (6ES7512-1DK01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1512SP-1 PN (6ES7512-1DM03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1514SP F-2 PN (6ES7514-2SN03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1514SP-2 PN (6ES7514-2DN03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1514SPT F-2 PN (6ES7514-2WN03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1514SPT-2 PN (6ES7514-2VN03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) V2 CPUs - Windows OS		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) V3 CPUs - Industrial OS		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) V3 CPUs - Windows OS		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP Open Controller CPU 1515SP PC3 (incl. SIPLUS variants) V2 CPUs - Windows OS		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP Open Controller CPU 1515SP PC3 (incl. SIPLUS variants) V3 CPUs - Industrial OS		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP Open Controller CPU 1515SP PC3 (incl. SIPLUS variants) V3 CPUs - Windows OS		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511-1 PN (6ES7511-1AK00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511-1 PN (6ES7511-1AK01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511-1 PN (6ES7511-1AK02-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511-1 PN (6ES7511-1AL03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511C-1 PN (6ES7511-1CK00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511C-1 PN (6ES7511-1CK01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511C-1 PN (6ES7511-1CL03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511F-1 PN (6ES7511-1FK01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511F-1 PN (6ES7511-1FK02-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511F-1 PN (6ES7511-1FL03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511T-1 PN (6ES7511-1TK01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511T-1 PN (6ES7511-1TL03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511TF-1 PN (6ES7511-1UK01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511TF-1 PN (6ES7511-1UL03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1512C-1 PN (6ES7512-1CK00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1512C-1 PN (6ES7512-1CK01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1512C-1 PN (6ES7512-1CM03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1513-1 PN (6ES7513-1AL01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1513-1 PN (6ES7513-1AL02-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1513-1 PN (6ES7513-1AM03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1513F-1 PN (6ES7513-1FL01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1513F-1 PN (6ES7513-1FL02-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1513F-1 PN (6ES7513-1FM03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1513R-1 PN (6ES7513-1RL00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1513R-1 PN (6ES7513-1RM03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1513pro F-2 PN (6ES7513-2GM03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1513pro-2 PN (6ES7513-2PM03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515-2 PN (6ES7515-2AM01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515-2 PN (6ES7515-2AM02-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515-2 PN (6ES7515-2AN03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515F-2 PN (6ES7515-2FM01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515F-2 PN (6ES7515-2FM02-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515F-2 PN (6ES7515-2FN03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515R-2 PN (6ES7515-2RM00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515R-2 PN (6ES7515-2RN03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515T-2 PN (6ES7515-2TM01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515T-2 PN (6ES7515-2TN03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515TF-2 PN (6ES7515-2UM01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515TF-2 PN (6ES7515-2UN03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516-3 PN/DP (6ES7516-3AN01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516-3 PN/DP (6ES7516-3AN02-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516-3 PN/DP (6ES7516-3AP03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516F-3 PN/DP (6ES7516-3FN01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516F-3 PN/DP (6ES7516-3FN02-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516F-3 PN/DP (6ES7516-3FP03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516T-3 PN (6ES7516-3TP10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516T-3 PN/DP (6ES7516-3TN00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516TF-3 PN (6ES7516-3UP10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516TF-3 PN/DP (6ES7516-3UN00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516pro F-2 PN (6ES7516-2GP03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516pro-2 PN (6ES7516-2PP03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517-3 PN (6ES7517-3AQ10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517-3 PN/DP (6ES7517-3AP00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517F-3 PN (6ES7517-3FQ10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517F-3 PN/DP (6ES7517-3FP00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517F-3 PN/DP (6ES7517-3FP01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517H-3 PN (6ES7517-3HP00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517H-4 PN (6ES7517-4HQ10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517T-3 PN (6ES7517-3TQ10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517T-3 PN/DP (6ES7517-3TP00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517TF-3 PN (6ES7517-3UQ10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517TF-3 PN/DP (6ES7517-3UP00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518-3 PN (6ES7518-3AT10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP (6ES7518-4AP00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518F-3 PN (6ES7518-3FT10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP (6ES7518-4FP00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518HF-4 PN (6ES7518-4JP00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518HF-4 PN (6ES7518-4JT10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518T-3 PN (6ES7518-3TT10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518T-4 PN/DP (6ES7518-4TP00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518TF-3 PN (6ES7518-3UT10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518TF-4 PN/DP (6ES7518-4UP00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU S7-1518-4 PN/DP ODK (6ES7518-4AP00-3AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU S7-1518F-4 PN/DP ODK (6ES7518-4FP00-3AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 ET 200pro: CPU 1513PRO F-2 PN (6ES7513-2GL00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 ET 200pro: CPU 1513PRO-2 PN (6ES7513-2PL00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 ET 200pro: CPU 1516PRO F-2 PN (6ES7516-2GN00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 ET 200pro: CPU 1516PRO-2 PN (6ES7516-2PN00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1507S F V2		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1507S F V3		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1507S F V4		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1507S V2		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1507S V3		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1507S V4		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1508S F V2		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1508S F V3		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1508S F V4		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1508S T V3		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1508S TF V3		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1508S V2		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1508S V3		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1508S V4		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller Linux V2		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller Linux V3		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-PLCSIM Advanced		vers:unknown/*

CVE-2024-41996

A vulnerability in the Diffie-Hellman Key Agreement Protocol in OpenSSL allows remote attackers to cause excessive server-side computational load by exploiting public key order validation with approved safe primes, addressed in updates fixing CVE-2023-50782 and CVE-2024-41996.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-295 - Improper Certificate Validation

Affected products

Known affected 126 products

Product	Identifier	Version	Remediation
vers:unknown/* Siemens / Heliox Flex 180 kW EV Charging Station		vers:unknown/*
vers:unknown/* Siemens / Heliox Mobile DC 40 kW EV Charging Station		vers:unknown/*
vers:unknown/* Siemens / RUGGEDCOM APE1808		vers:unknown/*
vers:unknown/* Siemens / SICAM SIAPP SDK		vers:unknown/*
vers:unknown/* Siemens / SIDIS Prime		vers:unknown/*
vers:unknown/* Siemens / SIMATIC Drive Controller CPU 1504D TF (6ES7615-4DF10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC Drive Controller CPU 1507D TF (6ES7615-7DF10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1510SP F-1 PN (6ES7510-1SJ01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1510SP F-1 PN (6ES7510-1SK03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1510SP-1 PN (6ES7510-1DJ01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1510SP-1 PN (6ES7510-1DK03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1512SP F-1 PN (6ES7512-1SK01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1512SP F-1 PN (6ES7512-1SM03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1512SP-1 PN (6ES7512-1DK01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1512SP-1 PN (6ES7512-1DM03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1514SP F-2 PN (6ES7514-2SN03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1514SP-2 PN (6ES7514-2DN03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1514SPT F-2 PN (6ES7514-2WN03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1514SPT-2 PN (6ES7514-2VN03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) V2 CPUs - Windows OS		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) V3 CPUs - Industrial OS		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) V3 CPUs - Windows OS		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP Open Controller CPU 1515SP PC3 (incl. SIPLUS variants) V2 CPUs - Windows OS		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP Open Controller CPU 1515SP PC3 (incl. SIPLUS variants) V3 CPUs - Industrial OS		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP Open Controller CPU 1515SP PC3 (incl. SIPLUS variants) V3 CPUs - Windows OS		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511-1 PN (6ES7511-1AK00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511-1 PN (6ES7511-1AK01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511-1 PN (6ES7511-1AK02-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511-1 PN (6ES7511-1AL03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511C-1 PN (6ES7511-1CK00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511C-1 PN (6ES7511-1CK01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511C-1 PN (6ES7511-1CL03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511F-1 PN (6ES7511-1FK01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511F-1 PN (6ES7511-1FK02-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511F-1 PN (6ES7511-1FL03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511T-1 PN (6ES7511-1TK01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511T-1 PN (6ES7511-1TL03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511TF-1 PN (6ES7511-1UK01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511TF-1 PN (6ES7511-1UL03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1512C-1 PN (6ES7512-1CK00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1512C-1 PN (6ES7512-1CK01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1512C-1 PN (6ES7512-1CM03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1513-1 PN (6ES7513-1AL01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1513-1 PN (6ES7513-1AL02-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1513-1 PN (6ES7513-1AM03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1513F-1 PN (6ES7513-1FL01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1513F-1 PN (6ES7513-1FL02-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1513F-1 PN (6ES7513-1FM03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1513R-1 PN (6ES7513-1RL00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1513R-1 PN (6ES7513-1RM03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1513pro F-2 PN (6ES7513-2GM03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1513pro-2 PN (6ES7513-2PM03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515-2 PN (6ES7515-2AM01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515-2 PN (6ES7515-2AM02-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515-2 PN (6ES7515-2AN03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515F-2 PN (6ES7515-2FM01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515F-2 PN (6ES7515-2FM02-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515F-2 PN (6ES7515-2FN03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515R-2 PN (6ES7515-2RM00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515R-2 PN (6ES7515-2RN03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515T-2 PN (6ES7515-2TM01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515T-2 PN (6ES7515-2TN03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515TF-2 PN (6ES7515-2UM01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515TF-2 PN (6ES7515-2UN03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516-3 PN/DP (6ES7516-3AN01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516-3 PN/DP (6ES7516-3AN02-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516-3 PN/DP (6ES7516-3AP03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516F-3 PN/DP (6ES7516-3FN01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516F-3 PN/DP (6ES7516-3FN02-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516F-3 PN/DP (6ES7516-3FP03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516T-3 PN (6ES7516-3TP10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516T-3 PN/DP (6ES7516-3TN00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516TF-3 PN (6ES7516-3UP10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516TF-3 PN/DP (6ES7516-3UN00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516pro F-2 PN (6ES7516-2GP03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516pro-2 PN (6ES7516-2PP03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517-3 PN (6ES7517-3AQ10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517-3 PN/DP (6ES7517-3AP00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517F-3 PN (6ES7517-3FQ10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517F-3 PN/DP (6ES7517-3FP00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517F-3 PN/DP (6ES7517-3FP01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517H-3 PN (6ES7517-3HP00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517H-4 PN (6ES7517-4HQ10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517T-3 PN (6ES7517-3TQ10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517T-3 PN/DP (6ES7517-3TP00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517TF-3 PN (6ES7517-3UQ10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517TF-3 PN/DP (6ES7517-3UP00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518-3 PN (6ES7518-3AT10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP (6ES7518-4AP00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518F-3 PN (6ES7518-3FT10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP (6ES7518-4FP00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518HF-4 PN (6ES7518-4JP00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518HF-4 PN (6ES7518-4JT10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518T-3 PN (6ES7518-3TT10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518T-4 PN/DP (6ES7518-4TP00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518TF-3 PN (6ES7518-3UT10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518TF-4 PN/DP (6ES7518-4UP00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU S7-1518-4 PN/DP ODK (6ES7518-4AP00-3AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU S7-1518F-4 PN/DP ODK (6ES7518-4FP00-3AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 ET 200pro: CPU 1513PRO F-2 PN (6ES7513-2GL00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 ET 200pro: CPU 1513PRO-2 PN (6ES7513-2PL00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 ET 200pro: CPU 1516PRO F-2 PN (6ES7516-2GN00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 ET 200pro: CPU 1516PRO-2 PN (6ES7516-2PN00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1507S F V2		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1507S F V3		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1507S F V4		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1507S V2		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1507S V3		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1507S V4		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1508S F V2		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1508S F V3		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1508S F V4		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1508S T V3		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1508S TF V3		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1508S V2		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1508S V3		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1508S V4		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller Linux V2		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller Linux V3		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-PLCSIM Advanced		vers:unknown/*

CVE-2025-6965

Critical vulnerabilities in Oracle Communications Cloud Native Core Unified Data Repository and Oracle Siebel CRM Cloud Applications allow unauthenticated attackers full system compromise, while multiple SQLite-related flaws affect various products including NetApp and Apple software, causing memory corruption and integer truncation issues.

9.8 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-197 - Numeric Truncation Error

Affected products

Known affected 126 products

Product	Identifier	Version	Remediation
vers:unknown/* Siemens / Heliox Flex 180 kW EV Charging Station		vers:unknown/*
vers:unknown/* Siemens / Heliox Mobile DC 40 kW EV Charging Station		vers:unknown/*
vers:unknown/* Siemens / RUGGEDCOM APE1808		vers:unknown/*
vers:unknown/* Siemens / SICAM SIAPP SDK		vers:unknown/*
vers:unknown/* Siemens / SIDIS Prime		vers:unknown/*
vers:unknown/* Siemens / SIMATIC Drive Controller CPU 1504D TF (6ES7615-4DF10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC Drive Controller CPU 1507D TF (6ES7615-7DF10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1510SP F-1 PN (6ES7510-1SJ01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1510SP F-1 PN (6ES7510-1SK03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1510SP-1 PN (6ES7510-1DJ01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1510SP-1 PN (6ES7510-1DK03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1512SP F-1 PN (6ES7512-1SK01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1512SP F-1 PN (6ES7512-1SM03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1512SP-1 PN (6ES7512-1DK01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1512SP-1 PN (6ES7512-1DM03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1514SP F-2 PN (6ES7514-2SN03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1514SP-2 PN (6ES7514-2DN03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1514SPT F-2 PN (6ES7514-2WN03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1514SPT-2 PN (6ES7514-2VN03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) V2 CPUs - Windows OS		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) V3 CPUs - Industrial OS		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) V3 CPUs - Windows OS		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP Open Controller CPU 1515SP PC3 (incl. SIPLUS variants) V2 CPUs - Windows OS		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP Open Controller CPU 1515SP PC3 (incl. SIPLUS variants) V3 CPUs - Industrial OS		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP Open Controller CPU 1515SP PC3 (incl. SIPLUS variants) V3 CPUs - Windows OS		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511-1 PN (6ES7511-1AK00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511-1 PN (6ES7511-1AK01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511-1 PN (6ES7511-1AK02-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511-1 PN (6ES7511-1AL03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511C-1 PN (6ES7511-1CK00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511C-1 PN (6ES7511-1CK01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511C-1 PN (6ES7511-1CL03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511F-1 PN (6ES7511-1FK01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511F-1 PN (6ES7511-1FK02-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511F-1 PN (6ES7511-1FL03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511T-1 PN (6ES7511-1TK01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511T-1 PN (6ES7511-1TL03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511TF-1 PN (6ES7511-1UK01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511TF-1 PN (6ES7511-1UL03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1512C-1 PN (6ES7512-1CK00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1512C-1 PN (6ES7512-1CK01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1512C-1 PN (6ES7512-1CM03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1513-1 PN (6ES7513-1AL01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1513-1 PN (6ES7513-1AL02-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1513-1 PN (6ES7513-1AM03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1513F-1 PN (6ES7513-1FL01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1513F-1 PN (6ES7513-1FL02-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1513F-1 PN (6ES7513-1FM03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1513R-1 PN (6ES7513-1RL00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1513R-1 PN (6ES7513-1RM03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1513pro F-2 PN (6ES7513-2GM03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1513pro-2 PN (6ES7513-2PM03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515-2 PN (6ES7515-2AM01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515-2 PN (6ES7515-2AM02-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515-2 PN (6ES7515-2AN03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515F-2 PN (6ES7515-2FM01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515F-2 PN (6ES7515-2FM02-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515F-2 PN (6ES7515-2FN03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515R-2 PN (6ES7515-2RM00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515R-2 PN (6ES7515-2RN03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515T-2 PN (6ES7515-2TM01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515T-2 PN (6ES7515-2TN03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515TF-2 PN (6ES7515-2UM01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515TF-2 PN (6ES7515-2UN03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516-3 PN/DP (6ES7516-3AN01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516-3 PN/DP (6ES7516-3AN02-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516-3 PN/DP (6ES7516-3AP03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516F-3 PN/DP (6ES7516-3FN01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516F-3 PN/DP (6ES7516-3FN02-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516F-3 PN/DP (6ES7516-3FP03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516T-3 PN (6ES7516-3TP10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516T-3 PN/DP (6ES7516-3TN00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516TF-3 PN (6ES7516-3UP10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516TF-3 PN/DP (6ES7516-3UN00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516pro F-2 PN (6ES7516-2GP03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516pro-2 PN (6ES7516-2PP03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517-3 PN (6ES7517-3AQ10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517-3 PN/DP (6ES7517-3AP00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517F-3 PN (6ES7517-3FQ10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517F-3 PN/DP (6ES7517-3FP00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517F-3 PN/DP (6ES7517-3FP01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517H-3 PN (6ES7517-3HP00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517H-4 PN (6ES7517-4HQ10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517T-3 PN (6ES7517-3TQ10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517T-3 PN/DP (6ES7517-3TP00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517TF-3 PN (6ES7517-3UQ10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517TF-3 PN/DP (6ES7517-3UP00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518-3 PN (6ES7518-3AT10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP (6ES7518-4AP00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518F-3 PN (6ES7518-3FT10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP (6ES7518-4FP00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518HF-4 PN (6ES7518-4JP00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518HF-4 PN (6ES7518-4JT10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518T-3 PN (6ES7518-3TT10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518T-4 PN/DP (6ES7518-4TP00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518TF-3 PN (6ES7518-3UT10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518TF-4 PN/DP (6ES7518-4UP00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU S7-1518-4 PN/DP ODK (6ES7518-4AP00-3AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU S7-1518F-4 PN/DP ODK (6ES7518-4FP00-3AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 ET 200pro: CPU 1513PRO F-2 PN (6ES7513-2GL00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 ET 200pro: CPU 1513PRO-2 PN (6ES7513-2PL00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 ET 200pro: CPU 1516PRO F-2 PN (6ES7516-2GN00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 ET 200pro: CPU 1516PRO-2 PN (6ES7516-2PN00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1507S F V2		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1507S F V3		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1507S F V4		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1507S V2		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1507S V3		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1507S V4		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1508S F V2		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1508S F V3		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1508S F V4		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1508S T V3		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1508S TF V3		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1508S V2		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1508S V3		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1508S V4		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller Linux V2		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller Linux V3		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-PLCSIM Advanced		vers:unknown/*

CVE-2025-7783

The form-data library's use of predictable random number generation for boundary values poses security risks, while vulnerabilities in HPE products allow for Remote Code Execution and Local Authentication Bypass.

9.1 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

CWE-330 - Use of Insufficiently Random Values

Affected products

Known affected 126 products

Product	Identifier	Version	Remediation
vers:unknown/* Siemens / Heliox Flex 180 kW EV Charging Station		vers:unknown/*
vers:unknown/* Siemens / Heliox Mobile DC 40 kW EV Charging Station		vers:unknown/*
vers:unknown/* Siemens / RUGGEDCOM APE1808		vers:unknown/*
vers:unknown/* Siemens / SICAM SIAPP SDK		vers:unknown/*
vers:unknown/* Siemens / SIDIS Prime		vers:unknown/*
vers:unknown/* Siemens / SIMATIC Drive Controller CPU 1504D TF (6ES7615-4DF10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC Drive Controller CPU 1507D TF (6ES7615-7DF10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1510SP F-1 PN (6ES7510-1SJ01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1510SP F-1 PN (6ES7510-1SK03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1510SP-1 PN (6ES7510-1DJ01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1510SP-1 PN (6ES7510-1DK03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1512SP F-1 PN (6ES7512-1SK01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1512SP F-1 PN (6ES7512-1SM03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1512SP-1 PN (6ES7512-1DK01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1512SP-1 PN (6ES7512-1DM03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1514SP F-2 PN (6ES7514-2SN03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1514SP-2 PN (6ES7514-2DN03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1514SPT F-2 PN (6ES7514-2WN03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1514SPT-2 PN (6ES7514-2VN03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) V2 CPUs - Windows OS		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) V3 CPUs - Industrial OS		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) V3 CPUs - Windows OS		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP Open Controller CPU 1515SP PC3 (incl. SIPLUS variants) V2 CPUs - Windows OS		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP Open Controller CPU 1515SP PC3 (incl. SIPLUS variants) V3 CPUs - Industrial OS		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP Open Controller CPU 1515SP PC3 (incl. SIPLUS variants) V3 CPUs - Windows OS		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511-1 PN (6ES7511-1AK00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511-1 PN (6ES7511-1AK01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511-1 PN (6ES7511-1AK02-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511-1 PN (6ES7511-1AL03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511C-1 PN (6ES7511-1CK00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511C-1 PN (6ES7511-1CK01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511C-1 PN (6ES7511-1CL03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511F-1 PN (6ES7511-1FK01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511F-1 PN (6ES7511-1FK02-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511F-1 PN (6ES7511-1FL03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511T-1 PN (6ES7511-1TK01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511T-1 PN (6ES7511-1TL03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511TF-1 PN (6ES7511-1UK01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511TF-1 PN (6ES7511-1UL03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1512C-1 PN (6ES7512-1CK00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1512C-1 PN (6ES7512-1CK01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1512C-1 PN (6ES7512-1CM03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1513-1 PN (6ES7513-1AL01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1513-1 PN (6ES7513-1AL02-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1513-1 PN (6ES7513-1AM03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1513F-1 PN (6ES7513-1FL01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1513F-1 PN (6ES7513-1FL02-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1513F-1 PN (6ES7513-1FM03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1513R-1 PN (6ES7513-1RL00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1513R-1 PN (6ES7513-1RM03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1513pro F-2 PN (6ES7513-2GM03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1513pro-2 PN (6ES7513-2PM03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515-2 PN (6ES7515-2AM01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515-2 PN (6ES7515-2AM02-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515-2 PN (6ES7515-2AN03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515F-2 PN (6ES7515-2FM01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515F-2 PN (6ES7515-2FM02-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515F-2 PN (6ES7515-2FN03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515R-2 PN (6ES7515-2RM00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515R-2 PN (6ES7515-2RN03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515T-2 PN (6ES7515-2TM01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515T-2 PN (6ES7515-2TN03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515TF-2 PN (6ES7515-2UM01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515TF-2 PN (6ES7515-2UN03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516-3 PN/DP (6ES7516-3AN01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516-3 PN/DP (6ES7516-3AN02-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516-3 PN/DP (6ES7516-3AP03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516F-3 PN/DP (6ES7516-3FN01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516F-3 PN/DP (6ES7516-3FN02-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516F-3 PN/DP (6ES7516-3FP03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516T-3 PN (6ES7516-3TP10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516T-3 PN/DP (6ES7516-3TN00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516TF-3 PN (6ES7516-3UP10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516TF-3 PN/DP (6ES7516-3UN00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516pro F-2 PN (6ES7516-2GP03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516pro-2 PN (6ES7516-2PP03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517-3 PN (6ES7517-3AQ10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517-3 PN/DP (6ES7517-3AP00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517F-3 PN (6ES7517-3FQ10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517F-3 PN/DP (6ES7517-3FP00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517F-3 PN/DP (6ES7517-3FP01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517H-3 PN (6ES7517-3HP00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517H-4 PN (6ES7517-4HQ10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517T-3 PN (6ES7517-3TQ10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517T-3 PN/DP (6ES7517-3TP00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517TF-3 PN (6ES7517-3UQ10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517TF-3 PN/DP (6ES7517-3UP00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518-3 PN (6ES7518-3AT10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP (6ES7518-4AP00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518F-3 PN (6ES7518-3FT10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP (6ES7518-4FP00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518HF-4 PN (6ES7518-4JP00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518HF-4 PN (6ES7518-4JT10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518T-3 PN (6ES7518-3TT10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518T-4 PN/DP (6ES7518-4TP00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518TF-3 PN (6ES7518-3UT10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518TF-4 PN/DP (6ES7518-4UP00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU S7-1518-4 PN/DP ODK (6ES7518-4AP00-3AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU S7-1518F-4 PN/DP ODK (6ES7518-4FP00-3AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 ET 200pro: CPU 1513PRO F-2 PN (6ES7513-2GL00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 ET 200pro: CPU 1513PRO-2 PN (6ES7513-2PL00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 ET 200pro: CPU 1516PRO F-2 PN (6ES7516-2GN00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 ET 200pro: CPU 1516PRO-2 PN (6ES7516-2PN00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1507S F V2		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1507S F V3		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1507S F V4		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1507S V2		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1507S V3		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1507S V4		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1508S F V2		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1508S F V3		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1508S F V4		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1508S T V3		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1508S TF V3		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1508S V2		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1508S V3		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1508S V4		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller Linux V2		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller Linux V3		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-PLCSIM Advanced		vers:unknown/*

CVE-2025-9230

Multiple OpenSSL versions have an out-of-bounds read/write vulnerability in RFC 3211 KEK unwrap related to password-based CMS decryption, with moderate severity due to low exploit likelihood, affecting products including NetApp, Oracle, and SAP components.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-125 - Out-of-bounds Read

Affected products

Known affected 126 products

Product	Identifier	Version	Remediation
vers:unknown/* Siemens / Heliox Flex 180 kW EV Charging Station		vers:unknown/*
vers:unknown/* Siemens / Heliox Mobile DC 40 kW EV Charging Station		vers:unknown/*
vers:unknown/* Siemens / RUGGEDCOM APE1808		vers:unknown/*
vers:unknown/* Siemens / SICAM SIAPP SDK		vers:unknown/*
vers:unknown/* Siemens / SIDIS Prime		vers:unknown/*
vers:unknown/* Siemens / SIMATIC Drive Controller CPU 1504D TF (6ES7615-4DF10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC Drive Controller CPU 1507D TF (6ES7615-7DF10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1510SP F-1 PN (6ES7510-1SJ01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1510SP F-1 PN (6ES7510-1SK03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1510SP-1 PN (6ES7510-1DJ01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1510SP-1 PN (6ES7510-1DK03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1512SP F-1 PN (6ES7512-1SK01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1512SP F-1 PN (6ES7512-1SM03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1512SP-1 PN (6ES7512-1DK01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1512SP-1 PN (6ES7512-1DM03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1514SP F-2 PN (6ES7514-2SN03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1514SP-2 PN (6ES7514-2DN03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1514SPT F-2 PN (6ES7514-2WN03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1514SPT-2 PN (6ES7514-2VN03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) V2 CPUs - Windows OS		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) V3 CPUs - Industrial OS		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) V3 CPUs - Windows OS		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP Open Controller CPU 1515SP PC3 (incl. SIPLUS variants) V2 CPUs - Windows OS		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP Open Controller CPU 1515SP PC3 (incl. SIPLUS variants) V3 CPUs - Industrial OS		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP Open Controller CPU 1515SP PC3 (incl. SIPLUS variants) V3 CPUs - Windows OS		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511-1 PN (6ES7511-1AK00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511-1 PN (6ES7511-1AK01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511-1 PN (6ES7511-1AK02-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511-1 PN (6ES7511-1AL03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511C-1 PN (6ES7511-1CK00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511C-1 PN (6ES7511-1CK01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511C-1 PN (6ES7511-1CL03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511F-1 PN (6ES7511-1FK01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511F-1 PN (6ES7511-1FK02-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511F-1 PN (6ES7511-1FL03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511T-1 PN (6ES7511-1TK01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511T-1 PN (6ES7511-1TL03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511TF-1 PN (6ES7511-1UK01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511TF-1 PN (6ES7511-1UL03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1512C-1 PN (6ES7512-1CK00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1512C-1 PN (6ES7512-1CK01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1512C-1 PN (6ES7512-1CM03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1513-1 PN (6ES7513-1AL01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1513-1 PN (6ES7513-1AL02-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1513-1 PN (6ES7513-1AM03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1513F-1 PN (6ES7513-1FL01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1513F-1 PN (6ES7513-1FL02-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1513F-1 PN (6ES7513-1FM03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1513R-1 PN (6ES7513-1RL00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1513R-1 PN (6ES7513-1RM03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1513pro F-2 PN (6ES7513-2GM03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1513pro-2 PN (6ES7513-2PM03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515-2 PN (6ES7515-2AM01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515-2 PN (6ES7515-2AM02-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515-2 PN (6ES7515-2AN03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515F-2 PN (6ES7515-2FM01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515F-2 PN (6ES7515-2FM02-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515F-2 PN (6ES7515-2FN03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515R-2 PN (6ES7515-2RM00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515R-2 PN (6ES7515-2RN03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515T-2 PN (6ES7515-2TM01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515T-2 PN (6ES7515-2TN03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515TF-2 PN (6ES7515-2UM01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515TF-2 PN (6ES7515-2UN03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516-3 PN/DP (6ES7516-3AN01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516-3 PN/DP (6ES7516-3AN02-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516-3 PN/DP (6ES7516-3AP03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516F-3 PN/DP (6ES7516-3FN01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516F-3 PN/DP (6ES7516-3FN02-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516F-3 PN/DP (6ES7516-3FP03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516T-3 PN (6ES7516-3TP10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516T-3 PN/DP (6ES7516-3TN00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516TF-3 PN (6ES7516-3UP10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516TF-3 PN/DP (6ES7516-3UN00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516pro F-2 PN (6ES7516-2GP03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516pro-2 PN (6ES7516-2PP03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517-3 PN (6ES7517-3AQ10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517-3 PN/DP (6ES7517-3AP00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517F-3 PN (6ES7517-3FQ10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517F-3 PN/DP (6ES7517-3FP00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517F-3 PN/DP (6ES7517-3FP01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517H-3 PN (6ES7517-3HP00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517H-4 PN (6ES7517-4HQ10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517T-3 PN (6ES7517-3TQ10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517T-3 PN/DP (6ES7517-3TP00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517TF-3 PN (6ES7517-3UQ10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517TF-3 PN/DP (6ES7517-3UP00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518-3 PN (6ES7518-3AT10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP (6ES7518-4AP00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518F-3 PN (6ES7518-3FT10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP (6ES7518-4FP00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518HF-4 PN (6ES7518-4JP00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518HF-4 PN (6ES7518-4JT10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518T-3 PN (6ES7518-3TT10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518T-4 PN/DP (6ES7518-4TP00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518TF-3 PN (6ES7518-3UT10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518TF-4 PN/DP (6ES7518-4UP00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU S7-1518-4 PN/DP ODK (6ES7518-4AP00-3AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU S7-1518F-4 PN/DP ODK (6ES7518-4FP00-3AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 ET 200pro: CPU 1513PRO F-2 PN (6ES7513-2GL00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 ET 200pro: CPU 1513PRO-2 PN (6ES7513-2PL00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 ET 200pro: CPU 1516PRO F-2 PN (6ES7516-2GN00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 ET 200pro: CPU 1516PRO-2 PN (6ES7516-2PN00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1507S F V2		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1507S F V3		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1507S F V4		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1507S V2		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1507S V3		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1507S V4		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1508S F V2		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1508S F V3		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1508S F V4		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1508S T V3		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1508S TF V3		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1508S V2		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1508S V3		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1508S V4		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller Linux V2		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller Linux V3		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-PLCSIM Advanced		vers:unknown/*

CVE-2025-9232

A low-severity out-of-bounds read vulnerability in OpenSSL HTTP client API occurs when the 'no_proxy' environment variable is set and the HTTP URL contains an IPv6 address, causing denial of service via application crash in multiple products including Oracle PeopleSoft and NetApp devices.

5.9 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-125 - Out-of-bounds Read

Affected products

Known affected 126 products

Product	Identifier	Version	Remediation
vers:unknown/* Siemens / Heliox Flex 180 kW EV Charging Station		vers:unknown/*
vers:unknown/* Siemens / Heliox Mobile DC 40 kW EV Charging Station		vers:unknown/*
vers:unknown/* Siemens / RUGGEDCOM APE1808		vers:unknown/*
vers:unknown/* Siemens / SICAM SIAPP SDK		vers:unknown/*
vers:unknown/* Siemens / SIDIS Prime		vers:unknown/*
vers:unknown/* Siemens / SIMATIC Drive Controller CPU 1504D TF (6ES7615-4DF10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC Drive Controller CPU 1507D TF (6ES7615-7DF10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1510SP F-1 PN (6ES7510-1SJ01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1510SP F-1 PN (6ES7510-1SK03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1510SP-1 PN (6ES7510-1DJ01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1510SP-1 PN (6ES7510-1DK03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1512SP F-1 PN (6ES7512-1SK01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1512SP F-1 PN (6ES7512-1SM03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1512SP-1 PN (6ES7512-1DK01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1512SP-1 PN (6ES7512-1DM03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1514SP F-2 PN (6ES7514-2SN03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1514SP-2 PN (6ES7514-2DN03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1514SPT F-2 PN (6ES7514-2WN03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1514SPT-2 PN (6ES7514-2VN03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) V2 CPUs - Windows OS		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) V3 CPUs - Industrial OS		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) V3 CPUs - Windows OS		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP Open Controller CPU 1515SP PC3 (incl. SIPLUS variants) V2 CPUs - Windows OS		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP Open Controller CPU 1515SP PC3 (incl. SIPLUS variants) V3 CPUs - Industrial OS		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP Open Controller CPU 1515SP PC3 (incl. SIPLUS variants) V3 CPUs - Windows OS		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511-1 PN (6ES7511-1AK00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511-1 PN (6ES7511-1AK01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511-1 PN (6ES7511-1AK02-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511-1 PN (6ES7511-1AL03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511C-1 PN (6ES7511-1CK00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511C-1 PN (6ES7511-1CK01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511C-1 PN (6ES7511-1CL03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511F-1 PN (6ES7511-1FK01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511F-1 PN (6ES7511-1FK02-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511F-1 PN (6ES7511-1FL03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511T-1 PN (6ES7511-1TK01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511T-1 PN (6ES7511-1TL03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511TF-1 PN (6ES7511-1UK01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511TF-1 PN (6ES7511-1UL03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1512C-1 PN (6ES7512-1CK00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1512C-1 PN (6ES7512-1CK01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1512C-1 PN (6ES7512-1CM03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1513-1 PN (6ES7513-1AL01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1513-1 PN (6ES7513-1AL02-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1513-1 PN (6ES7513-1AM03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1513F-1 PN (6ES7513-1FL01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1513F-1 PN (6ES7513-1FL02-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1513F-1 PN (6ES7513-1FM03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1513R-1 PN (6ES7513-1RL00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1513R-1 PN (6ES7513-1RM03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1513pro F-2 PN (6ES7513-2GM03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1513pro-2 PN (6ES7513-2PM03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515-2 PN (6ES7515-2AM01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515-2 PN (6ES7515-2AM02-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515-2 PN (6ES7515-2AN03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515F-2 PN (6ES7515-2FM01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515F-2 PN (6ES7515-2FM02-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515F-2 PN (6ES7515-2FN03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515R-2 PN (6ES7515-2RM00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515R-2 PN (6ES7515-2RN03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515T-2 PN (6ES7515-2TM01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515T-2 PN (6ES7515-2TN03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515TF-2 PN (6ES7515-2UM01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515TF-2 PN (6ES7515-2UN03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516-3 PN/DP (6ES7516-3AN01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516-3 PN/DP (6ES7516-3AN02-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516-3 PN/DP (6ES7516-3AP03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516F-3 PN/DP (6ES7516-3FN01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516F-3 PN/DP (6ES7516-3FN02-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516F-3 PN/DP (6ES7516-3FP03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516T-3 PN (6ES7516-3TP10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516T-3 PN/DP (6ES7516-3TN00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516TF-3 PN (6ES7516-3UP10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516TF-3 PN/DP (6ES7516-3UN00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516pro F-2 PN (6ES7516-2GP03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516pro-2 PN (6ES7516-2PP03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517-3 PN (6ES7517-3AQ10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517-3 PN/DP (6ES7517-3AP00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517F-3 PN (6ES7517-3FQ10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517F-3 PN/DP (6ES7517-3FP00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517F-3 PN/DP (6ES7517-3FP01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517H-3 PN (6ES7517-3HP00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517H-4 PN (6ES7517-4HQ10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517T-3 PN (6ES7517-3TQ10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517T-3 PN/DP (6ES7517-3TP00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517TF-3 PN (6ES7517-3UQ10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517TF-3 PN/DP (6ES7517-3UP00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518-3 PN (6ES7518-3AT10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP (6ES7518-4AP00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518F-3 PN (6ES7518-3FT10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP (6ES7518-4FP00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518HF-4 PN (6ES7518-4JP00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518HF-4 PN (6ES7518-4JT10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518T-3 PN (6ES7518-3TT10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518T-4 PN/DP (6ES7518-4TP00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518TF-3 PN (6ES7518-3UT10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518TF-4 PN/DP (6ES7518-4UP00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU S7-1518-4 PN/DP ODK (6ES7518-4AP00-3AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU S7-1518F-4 PN/DP ODK (6ES7518-4FP00-3AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 ET 200pro: CPU 1513PRO F-2 PN (6ES7513-2GL00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 ET 200pro: CPU 1513PRO-2 PN (6ES7513-2PL00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 ET 200pro: CPU 1516PRO F-2 PN (6ES7516-2GN00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 ET 200pro: CPU 1516PRO-2 PN (6ES7516-2PN00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1507S F V2		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1507S F V3		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1507S F V4		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1507S V2		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1507S V3		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1507S V4		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1508S F V2		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1508S F V3		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1508S F V4		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1508S T V3		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1508S TF V3		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1508S V2		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1508S V3		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1508S V4		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller Linux V2		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller Linux V3		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-PLCSIM Advanced		vers:unknown/*

CVE-2025-9670

A security vulnerability in mixmark-io turndown up to version 7.2.1 allows remote attackers to exploit inefficient regular expression complexity in src/commonmark-rules.js, with a public exploit available.

5.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

CWE-1333 - Inefficient Regular Expression Complexity

Affected products

Known affected 126 products

Product	Identifier	Version	Remediation
vers:unknown/* Siemens / Heliox Flex 180 kW EV Charging Station		vers:unknown/*
vers:unknown/* Siemens / Heliox Mobile DC 40 kW EV Charging Station		vers:unknown/*
vers:unknown/* Siemens / RUGGEDCOM APE1808		vers:unknown/*
vers:unknown/* Siemens / SICAM SIAPP SDK		vers:unknown/*
vers:unknown/* Siemens / SIDIS Prime		vers:unknown/*
vers:unknown/* Siemens / SIMATIC Drive Controller CPU 1504D TF (6ES7615-4DF10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC Drive Controller CPU 1507D TF (6ES7615-7DF10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1510SP F-1 PN (6ES7510-1SJ01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1510SP F-1 PN (6ES7510-1SK03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1510SP-1 PN (6ES7510-1DJ01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1510SP-1 PN (6ES7510-1DK03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1512SP F-1 PN (6ES7512-1SK01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1512SP F-1 PN (6ES7512-1SM03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1512SP-1 PN (6ES7512-1DK01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1512SP-1 PN (6ES7512-1DM03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1514SP F-2 PN (6ES7514-2SN03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1514SP-2 PN (6ES7514-2DN03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1514SPT F-2 PN (6ES7514-2WN03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1514SPT-2 PN (6ES7514-2VN03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) V2 CPUs - Windows OS		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) V3 CPUs - Industrial OS		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) V3 CPUs - Windows OS		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP Open Controller CPU 1515SP PC3 (incl. SIPLUS variants) V2 CPUs - Windows OS		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP Open Controller CPU 1515SP PC3 (incl. SIPLUS variants) V3 CPUs - Industrial OS		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP Open Controller CPU 1515SP PC3 (incl. SIPLUS variants) V3 CPUs - Windows OS		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511-1 PN (6ES7511-1AK00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511-1 PN (6ES7511-1AK01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511-1 PN (6ES7511-1AK02-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511-1 PN (6ES7511-1AL03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511C-1 PN (6ES7511-1CK00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511C-1 PN (6ES7511-1CK01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511C-1 PN (6ES7511-1CL03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511F-1 PN (6ES7511-1FK01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511F-1 PN (6ES7511-1FK02-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511F-1 PN (6ES7511-1FL03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511T-1 PN (6ES7511-1TK01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511T-1 PN (6ES7511-1TL03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511TF-1 PN (6ES7511-1UK01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511TF-1 PN (6ES7511-1UL03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1512C-1 PN (6ES7512-1CK00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1512C-1 PN (6ES7512-1CK01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1512C-1 PN (6ES7512-1CM03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1513-1 PN (6ES7513-1AL01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1513-1 PN (6ES7513-1AL02-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1513-1 PN (6ES7513-1AM03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1513F-1 PN (6ES7513-1FL01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1513F-1 PN (6ES7513-1FL02-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1513F-1 PN (6ES7513-1FM03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1513R-1 PN (6ES7513-1RL00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1513R-1 PN (6ES7513-1RM03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1513pro F-2 PN (6ES7513-2GM03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1513pro-2 PN (6ES7513-2PM03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515-2 PN (6ES7515-2AM01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515-2 PN (6ES7515-2AM02-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515-2 PN (6ES7515-2AN03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515F-2 PN (6ES7515-2FM01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515F-2 PN (6ES7515-2FM02-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515F-2 PN (6ES7515-2FN03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515R-2 PN (6ES7515-2RM00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515R-2 PN (6ES7515-2RN03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515T-2 PN (6ES7515-2TM01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515T-2 PN (6ES7515-2TN03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515TF-2 PN (6ES7515-2UM01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515TF-2 PN (6ES7515-2UN03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516-3 PN/DP (6ES7516-3AN01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516-3 PN/DP (6ES7516-3AN02-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516-3 PN/DP (6ES7516-3AP03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516F-3 PN/DP (6ES7516-3FN01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516F-3 PN/DP (6ES7516-3FN02-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516F-3 PN/DP (6ES7516-3FP03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516T-3 PN (6ES7516-3TP10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516T-3 PN/DP (6ES7516-3TN00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516TF-3 PN (6ES7516-3UP10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516TF-3 PN/DP (6ES7516-3UN00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516pro F-2 PN (6ES7516-2GP03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516pro-2 PN (6ES7516-2PP03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517-3 PN (6ES7517-3AQ10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517-3 PN/DP (6ES7517-3AP00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517F-3 PN (6ES7517-3FQ10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517F-3 PN/DP (6ES7517-3FP00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517F-3 PN/DP (6ES7517-3FP01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517H-3 PN (6ES7517-3HP00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517H-4 PN (6ES7517-4HQ10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517T-3 PN (6ES7517-3TQ10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517T-3 PN/DP (6ES7517-3TP00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517TF-3 PN (6ES7517-3UQ10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517TF-3 PN/DP (6ES7517-3UP00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518-3 PN (6ES7518-3AT10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP (6ES7518-4AP00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518F-3 PN (6ES7518-3FT10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP (6ES7518-4FP00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518HF-4 PN (6ES7518-4JP00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518HF-4 PN (6ES7518-4JT10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518T-3 PN (6ES7518-3TT10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518T-4 PN/DP (6ES7518-4TP00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518TF-3 PN (6ES7518-3UT10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518TF-4 PN/DP (6ES7518-4UP00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU S7-1518-4 PN/DP ODK (6ES7518-4AP00-3AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU S7-1518F-4 PN/DP ODK (6ES7518-4FP00-3AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 ET 200pro: CPU 1513PRO F-2 PN (6ES7513-2GL00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 ET 200pro: CPU 1513PRO-2 PN (6ES7513-2PL00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 ET 200pro: CPU 1516PRO F-2 PN (6ES7516-2GN00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 ET 200pro: CPU 1516PRO-2 PN (6ES7516-2PN00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1507S F V2		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1507S F V3		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1507S F V4		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1507S V2		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1507S V3		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1507S V4		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1508S F V2		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1508S F V3		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1508S F V4		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1508S T V3		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1508S TF V3		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1508S V2		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1508S V3		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1508S V4		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller Linux V2		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller Linux V3		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-PLCSIM Advanced		vers:unknown/*

CVE-2025-12816

This update addresses multiple golang exporter upgrades, fixes critical CVE-2025-12816 in Prometheus related to ASN.1 validation bypass in node-forge ≤1.3.1, and includes various bug fixes and optimizations across components like grafana, spacecmd, and uyuni-tools.

8.7 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N

CWE-436 - Interpretation Conflict

Affected products

Known affected 126 products

Product	Identifier	Version	Remediation
vers:unknown/* Siemens / Heliox Flex 180 kW EV Charging Station		vers:unknown/*
vers:unknown/* Siemens / Heliox Mobile DC 40 kW EV Charging Station		vers:unknown/*
vers:unknown/* Siemens / RUGGEDCOM APE1808		vers:unknown/*
vers:unknown/* Siemens / SICAM SIAPP SDK		vers:unknown/*
vers:unknown/* Siemens / SIDIS Prime		vers:unknown/*
vers:unknown/* Siemens / SIMATIC Drive Controller CPU 1504D TF (6ES7615-4DF10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC Drive Controller CPU 1507D TF (6ES7615-7DF10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1510SP F-1 PN (6ES7510-1SJ01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1510SP F-1 PN (6ES7510-1SK03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1510SP-1 PN (6ES7510-1DJ01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1510SP-1 PN (6ES7510-1DK03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1512SP F-1 PN (6ES7512-1SK01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1512SP F-1 PN (6ES7512-1SM03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1512SP-1 PN (6ES7512-1DK01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1512SP-1 PN (6ES7512-1DM03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1514SP F-2 PN (6ES7514-2SN03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1514SP-2 PN (6ES7514-2DN03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1514SPT F-2 PN (6ES7514-2WN03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1514SPT-2 PN (6ES7514-2VN03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) V2 CPUs - Windows OS		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) V3 CPUs - Industrial OS		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) V3 CPUs - Windows OS		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP Open Controller CPU 1515SP PC3 (incl. SIPLUS variants) V2 CPUs - Windows OS		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP Open Controller CPU 1515SP PC3 (incl. SIPLUS variants) V3 CPUs - Industrial OS		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP Open Controller CPU 1515SP PC3 (incl. SIPLUS variants) V3 CPUs - Windows OS		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511-1 PN (6ES7511-1AK00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511-1 PN (6ES7511-1AK01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511-1 PN (6ES7511-1AK02-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511-1 PN (6ES7511-1AL03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511C-1 PN (6ES7511-1CK00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511C-1 PN (6ES7511-1CK01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511C-1 PN (6ES7511-1CL03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511F-1 PN (6ES7511-1FK01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511F-1 PN (6ES7511-1FK02-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511F-1 PN (6ES7511-1FL03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511T-1 PN (6ES7511-1TK01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511T-1 PN (6ES7511-1TL03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511TF-1 PN (6ES7511-1UK01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511TF-1 PN (6ES7511-1UL03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1512C-1 PN (6ES7512-1CK00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1512C-1 PN (6ES7512-1CK01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1512C-1 PN (6ES7512-1CM03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1513-1 PN (6ES7513-1AL01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1513-1 PN (6ES7513-1AL02-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1513-1 PN (6ES7513-1AM03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1513F-1 PN (6ES7513-1FL01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1513F-1 PN (6ES7513-1FL02-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1513F-1 PN (6ES7513-1FM03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1513R-1 PN (6ES7513-1RL00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1513R-1 PN (6ES7513-1RM03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1513pro F-2 PN (6ES7513-2GM03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1513pro-2 PN (6ES7513-2PM03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515-2 PN (6ES7515-2AM01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515-2 PN (6ES7515-2AM02-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515-2 PN (6ES7515-2AN03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515F-2 PN (6ES7515-2FM01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515F-2 PN (6ES7515-2FM02-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515F-2 PN (6ES7515-2FN03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515R-2 PN (6ES7515-2RM00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515R-2 PN (6ES7515-2RN03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515T-2 PN (6ES7515-2TM01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515T-2 PN (6ES7515-2TN03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515TF-2 PN (6ES7515-2UM01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515TF-2 PN (6ES7515-2UN03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516-3 PN/DP (6ES7516-3AN01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516-3 PN/DP (6ES7516-3AN02-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516-3 PN/DP (6ES7516-3AP03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516F-3 PN/DP (6ES7516-3FN01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516F-3 PN/DP (6ES7516-3FN02-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516F-3 PN/DP (6ES7516-3FP03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516T-3 PN (6ES7516-3TP10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516T-3 PN/DP (6ES7516-3TN00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516TF-3 PN (6ES7516-3UP10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516TF-3 PN/DP (6ES7516-3UN00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516pro F-2 PN (6ES7516-2GP03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516pro-2 PN (6ES7516-2PP03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517-3 PN (6ES7517-3AQ10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517-3 PN/DP (6ES7517-3AP00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517F-3 PN (6ES7517-3FQ10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517F-3 PN/DP (6ES7517-3FP00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517F-3 PN/DP (6ES7517-3FP01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517H-3 PN (6ES7517-3HP00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517H-4 PN (6ES7517-4HQ10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517T-3 PN (6ES7517-3TQ10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517T-3 PN/DP (6ES7517-3TP00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517TF-3 PN (6ES7517-3UQ10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517TF-3 PN/DP (6ES7517-3UP00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518-3 PN (6ES7518-3AT10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP (6ES7518-4AP00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518F-3 PN (6ES7518-3FT10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP (6ES7518-4FP00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518HF-4 PN (6ES7518-4JP00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518HF-4 PN (6ES7518-4JT10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518T-3 PN (6ES7518-3TT10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518T-4 PN/DP (6ES7518-4TP00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518TF-3 PN (6ES7518-3UT10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518TF-4 PN/DP (6ES7518-4UP00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU S7-1518-4 PN/DP ODK (6ES7518-4AP00-3AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU S7-1518F-4 PN/DP ODK (6ES7518-4FP00-3AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 ET 200pro: CPU 1513PRO F-2 PN (6ES7513-2GL00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 ET 200pro: CPU 1513PRO-2 PN (6ES7513-2PL00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 ET 200pro: CPU 1516PRO F-2 PN (6ES7516-2GN00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 ET 200pro: CPU 1516PRO-2 PN (6ES7516-2PN00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1507S F V2		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1507S F V3		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1507S F V4		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1507S V2		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1507S V3		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1507S V4		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1508S F V2		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1508S F V3		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1508S F V4		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1508S T V3		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1508S TF V3		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1508S V2		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1508S V3		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1508S V4		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller Linux V2		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller Linux V3		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-PLCSIM Advanced		vers:unknown/*

CVE-2025-15284

The qs library's `arrayLimit` option fails to enforce limits on bracket notation arrays, enabling denial-of-service attacks via memory exhaustion by parsing large arrays from user input.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-20 - Improper Input Validation

Affected products

Known affected 126 products

Product	Identifier	Version	Remediation
vers:unknown/* Siemens / Heliox Flex 180 kW EV Charging Station		vers:unknown/*
vers:unknown/* Siemens / Heliox Mobile DC 40 kW EV Charging Station		vers:unknown/*
vers:unknown/* Siemens / RUGGEDCOM APE1808		vers:unknown/*
vers:unknown/* Siemens / SICAM SIAPP SDK		vers:unknown/*
vers:unknown/* Siemens / SIDIS Prime		vers:unknown/*
vers:unknown/* Siemens / SIMATIC Drive Controller CPU 1504D TF (6ES7615-4DF10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC Drive Controller CPU 1507D TF (6ES7615-7DF10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1510SP F-1 PN (6ES7510-1SJ01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1510SP F-1 PN (6ES7510-1SK03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1510SP-1 PN (6ES7510-1DJ01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1510SP-1 PN (6ES7510-1DK03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1512SP F-1 PN (6ES7512-1SK01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1512SP F-1 PN (6ES7512-1SM03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1512SP-1 PN (6ES7512-1DK01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1512SP-1 PN (6ES7512-1DM03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1514SP F-2 PN (6ES7514-2SN03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1514SP-2 PN (6ES7514-2DN03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1514SPT F-2 PN (6ES7514-2WN03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1514SPT-2 PN (6ES7514-2VN03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) V2 CPUs - Windows OS		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) V3 CPUs - Industrial OS		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) V3 CPUs - Windows OS		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP Open Controller CPU 1515SP PC3 (incl. SIPLUS variants) V2 CPUs - Windows OS		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP Open Controller CPU 1515SP PC3 (incl. SIPLUS variants) V3 CPUs - Industrial OS		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP Open Controller CPU 1515SP PC3 (incl. SIPLUS variants) V3 CPUs - Windows OS		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511-1 PN (6ES7511-1AK00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511-1 PN (6ES7511-1AK01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511-1 PN (6ES7511-1AK02-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511-1 PN (6ES7511-1AL03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511C-1 PN (6ES7511-1CK00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511C-1 PN (6ES7511-1CK01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511C-1 PN (6ES7511-1CL03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511F-1 PN (6ES7511-1FK01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511F-1 PN (6ES7511-1FK02-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511F-1 PN (6ES7511-1FL03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511T-1 PN (6ES7511-1TK01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511T-1 PN (6ES7511-1TL03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511TF-1 PN (6ES7511-1UK01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511TF-1 PN (6ES7511-1UL03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1512C-1 PN (6ES7512-1CK00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1512C-1 PN (6ES7512-1CK01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1512C-1 PN (6ES7512-1CM03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1513-1 PN (6ES7513-1AL01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1513-1 PN (6ES7513-1AL02-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1513-1 PN (6ES7513-1AM03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1513F-1 PN (6ES7513-1FL01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1513F-1 PN (6ES7513-1FL02-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1513F-1 PN (6ES7513-1FM03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1513R-1 PN (6ES7513-1RL00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1513R-1 PN (6ES7513-1RM03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1513pro F-2 PN (6ES7513-2GM03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1513pro-2 PN (6ES7513-2PM03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515-2 PN (6ES7515-2AM01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515-2 PN (6ES7515-2AM02-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515-2 PN (6ES7515-2AN03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515F-2 PN (6ES7515-2FM01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515F-2 PN (6ES7515-2FM02-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515F-2 PN (6ES7515-2FN03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515R-2 PN (6ES7515-2RM00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515R-2 PN (6ES7515-2RN03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515T-2 PN (6ES7515-2TM01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515T-2 PN (6ES7515-2TN03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515TF-2 PN (6ES7515-2UM01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515TF-2 PN (6ES7515-2UN03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516-3 PN/DP (6ES7516-3AN01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516-3 PN/DP (6ES7516-3AN02-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516-3 PN/DP (6ES7516-3AP03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516F-3 PN/DP (6ES7516-3FN01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516F-3 PN/DP (6ES7516-3FN02-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516F-3 PN/DP (6ES7516-3FP03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516T-3 PN (6ES7516-3TP10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516T-3 PN/DP (6ES7516-3TN00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516TF-3 PN (6ES7516-3UP10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516TF-3 PN/DP (6ES7516-3UN00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516pro F-2 PN (6ES7516-2GP03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516pro-2 PN (6ES7516-2PP03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517-3 PN (6ES7517-3AQ10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517-3 PN/DP (6ES7517-3AP00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517F-3 PN (6ES7517-3FQ10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517F-3 PN/DP (6ES7517-3FP00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517F-3 PN/DP (6ES7517-3FP01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517H-3 PN (6ES7517-3HP00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517H-4 PN (6ES7517-4HQ10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517T-3 PN (6ES7517-3TQ10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517T-3 PN/DP (6ES7517-3TP00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517TF-3 PN (6ES7517-3UQ10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517TF-3 PN/DP (6ES7517-3UP00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518-3 PN (6ES7518-3AT10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP (6ES7518-4AP00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518F-3 PN (6ES7518-3FT10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP (6ES7518-4FP00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518HF-4 PN (6ES7518-4JP00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518HF-4 PN (6ES7518-4JT10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518T-3 PN (6ES7518-3TT10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518T-4 PN/DP (6ES7518-4TP00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518TF-3 PN (6ES7518-3UT10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518TF-4 PN/DP (6ES7518-4UP00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU S7-1518-4 PN/DP ODK (6ES7518-4AP00-3AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU S7-1518F-4 PN/DP ODK (6ES7518-4FP00-3AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 ET 200pro: CPU 1513PRO F-2 PN (6ES7513-2GL00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 ET 200pro: CPU 1513PRO-2 PN (6ES7513-2PL00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 ET 200pro: CPU 1516PRO F-2 PN (6ES7516-2GN00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 ET 200pro: CPU 1516PRO-2 PN (6ES7516-2PN00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1507S F V2		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1507S F V3		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1507S F V4		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1507S V2		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1507S V3		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1507S V4		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1508S F V2		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1508S F V3		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1508S F V4		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1508S T V3		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1508S TF V3		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1508S V2		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1508S V3		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1508S V4		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller Linux V2		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller Linux V3		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-PLCSIM Advanced		vers:unknown/*

CVE-2025-27769

Affected devices exhibit improper access control, enabling attackers to potentially access unauthorized services via the charging cable interface.

2.6 (Low)


                        
                          CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N

CWE-923 - Improper Restriction of Communication Channel to Intended Endpoints

Affected products

Known affected 126 products

Product	Identifier	Version	Remediation
vers:unknown/* Siemens / Heliox Flex 180 kW EV Charging Station		vers:unknown/*
vers:unknown/* Siemens / Heliox Mobile DC 40 kW EV Charging Station		vers:unknown/*
vers:unknown/* Siemens / RUGGEDCOM APE1808		vers:unknown/*
vers:unknown/* Siemens / SICAM SIAPP SDK		vers:unknown/*
vers:unknown/* Siemens / SIDIS Prime		vers:unknown/*
vers:unknown/* Siemens / SIMATIC Drive Controller CPU 1504D TF (6ES7615-4DF10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC Drive Controller CPU 1507D TF (6ES7615-7DF10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1510SP F-1 PN (6ES7510-1SJ01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1510SP F-1 PN (6ES7510-1SK03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1510SP-1 PN (6ES7510-1DJ01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1510SP-1 PN (6ES7510-1DK03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1512SP F-1 PN (6ES7512-1SK01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1512SP F-1 PN (6ES7512-1SM03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1512SP-1 PN (6ES7512-1DK01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1512SP-1 PN (6ES7512-1DM03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1514SP F-2 PN (6ES7514-2SN03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1514SP-2 PN (6ES7514-2DN03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1514SPT F-2 PN (6ES7514-2WN03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1514SPT-2 PN (6ES7514-2VN03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) V2 CPUs - Windows OS		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) V3 CPUs - Industrial OS		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) V3 CPUs - Windows OS		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP Open Controller CPU 1515SP PC3 (incl. SIPLUS variants) V2 CPUs - Windows OS		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP Open Controller CPU 1515SP PC3 (incl. SIPLUS variants) V3 CPUs - Industrial OS		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP Open Controller CPU 1515SP PC3 (incl. SIPLUS variants) V3 CPUs - Windows OS		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511-1 PN (6ES7511-1AK00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511-1 PN (6ES7511-1AK01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511-1 PN (6ES7511-1AK02-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511-1 PN (6ES7511-1AL03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511C-1 PN (6ES7511-1CK00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511C-1 PN (6ES7511-1CK01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511C-1 PN (6ES7511-1CL03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511F-1 PN (6ES7511-1FK01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511F-1 PN (6ES7511-1FK02-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511F-1 PN (6ES7511-1FL03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511T-1 PN (6ES7511-1TK01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511T-1 PN (6ES7511-1TL03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511TF-1 PN (6ES7511-1UK01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511TF-1 PN (6ES7511-1UL03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1512C-1 PN (6ES7512-1CK00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1512C-1 PN (6ES7512-1CK01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1512C-1 PN (6ES7512-1CM03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1513-1 PN (6ES7513-1AL01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1513-1 PN (6ES7513-1AL02-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1513-1 PN (6ES7513-1AM03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1513F-1 PN (6ES7513-1FL01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1513F-1 PN (6ES7513-1FL02-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1513F-1 PN (6ES7513-1FM03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1513R-1 PN (6ES7513-1RL00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1513R-1 PN (6ES7513-1RM03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1513pro F-2 PN (6ES7513-2GM03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1513pro-2 PN (6ES7513-2PM03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515-2 PN (6ES7515-2AM01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515-2 PN (6ES7515-2AM02-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515-2 PN (6ES7515-2AN03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515F-2 PN (6ES7515-2FM01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515F-2 PN (6ES7515-2FM02-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515F-2 PN (6ES7515-2FN03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515R-2 PN (6ES7515-2RM00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515R-2 PN (6ES7515-2RN03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515T-2 PN (6ES7515-2TM01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515T-2 PN (6ES7515-2TN03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515TF-2 PN (6ES7515-2UM01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515TF-2 PN (6ES7515-2UN03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516-3 PN/DP (6ES7516-3AN01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516-3 PN/DP (6ES7516-3AN02-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516-3 PN/DP (6ES7516-3AP03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516F-3 PN/DP (6ES7516-3FN01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516F-3 PN/DP (6ES7516-3FN02-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516F-3 PN/DP (6ES7516-3FP03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516T-3 PN (6ES7516-3TP10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516T-3 PN/DP (6ES7516-3TN00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516TF-3 PN (6ES7516-3UP10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516TF-3 PN/DP (6ES7516-3UN00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516pro F-2 PN (6ES7516-2GP03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516pro-2 PN (6ES7516-2PP03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517-3 PN (6ES7517-3AQ10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517-3 PN/DP (6ES7517-3AP00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517F-3 PN (6ES7517-3FQ10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517F-3 PN/DP (6ES7517-3FP00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517F-3 PN/DP (6ES7517-3FP01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517H-3 PN (6ES7517-3HP00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517H-4 PN (6ES7517-4HQ10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517T-3 PN (6ES7517-3TQ10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517T-3 PN/DP (6ES7517-3TP00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517TF-3 PN (6ES7517-3UQ10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517TF-3 PN/DP (6ES7517-3UP00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518-3 PN (6ES7518-3AT10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP (6ES7518-4AP00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518F-3 PN (6ES7518-3FT10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP (6ES7518-4FP00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518HF-4 PN (6ES7518-4JP00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518HF-4 PN (6ES7518-4JT10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518T-3 PN (6ES7518-3TT10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518T-4 PN/DP (6ES7518-4TP00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518TF-3 PN (6ES7518-3UT10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518TF-4 PN/DP (6ES7518-4UP00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU S7-1518-4 PN/DP ODK (6ES7518-4AP00-3AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU S7-1518F-4 PN/DP ODK (6ES7518-4FP00-3AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 ET 200pro: CPU 1513PRO F-2 PN (6ES7513-2GL00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 ET 200pro: CPU 1513PRO-2 PN (6ES7513-2PL00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 ET 200pro: CPU 1516PRO F-2 PN (6ES7516-2GN00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 ET 200pro: CPU 1516PRO-2 PN (6ES7516-2PN00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1507S F V2		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1507S F V3		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1507S F V4		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1507S V2		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1507S V3		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1507S V4		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1508S F V2		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1508S F V3		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1508S F V4		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1508S T V3		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1508S TF V3		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1508S V2		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1508S V3		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1508S V4		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller Linux V2		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller Linux V3		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-PLCSIM Advanced		vers:unknown/*

CVE-2025-40943

Certain devices contain a vulnerability where trace files are insufficiently sanitized, enabling attackers to execute code by deceiving users into importing malicious trace files.

9.6 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Affected products

Known affected 126 products

Product	Identifier	Version	Remediation
vers:unknown/* Siemens / Heliox Flex 180 kW EV Charging Station		vers:unknown/*
vers:unknown/* Siemens / Heliox Mobile DC 40 kW EV Charging Station		vers:unknown/*
vers:unknown/* Siemens / RUGGEDCOM APE1808		vers:unknown/*
vers:unknown/* Siemens / SICAM SIAPP SDK		vers:unknown/*
vers:unknown/* Siemens / SIDIS Prime		vers:unknown/*
vers:unknown/* Siemens / SIMATIC Drive Controller CPU 1504D TF (6ES7615-4DF10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC Drive Controller CPU 1507D TF (6ES7615-7DF10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1510SP F-1 PN (6ES7510-1SJ01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1510SP F-1 PN (6ES7510-1SK03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1510SP-1 PN (6ES7510-1DJ01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1510SP-1 PN (6ES7510-1DK03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1512SP F-1 PN (6ES7512-1SK01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1512SP F-1 PN (6ES7512-1SM03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1512SP-1 PN (6ES7512-1DK01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1512SP-1 PN (6ES7512-1DM03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1514SP F-2 PN (6ES7514-2SN03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1514SP-2 PN (6ES7514-2DN03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1514SPT F-2 PN (6ES7514-2WN03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1514SPT-2 PN (6ES7514-2VN03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) V2 CPUs - Windows OS		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) V3 CPUs - Industrial OS		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) V3 CPUs - Windows OS		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP Open Controller CPU 1515SP PC3 (incl. SIPLUS variants) V2 CPUs - Windows OS		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP Open Controller CPU 1515SP PC3 (incl. SIPLUS variants) V3 CPUs - Industrial OS		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP Open Controller CPU 1515SP PC3 (incl. SIPLUS variants) V3 CPUs - Windows OS		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511-1 PN (6ES7511-1AK00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511-1 PN (6ES7511-1AK01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511-1 PN (6ES7511-1AK02-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511-1 PN (6ES7511-1AL03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511C-1 PN (6ES7511-1CK00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511C-1 PN (6ES7511-1CK01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511C-1 PN (6ES7511-1CL03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511F-1 PN (6ES7511-1FK01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511F-1 PN (6ES7511-1FK02-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511F-1 PN (6ES7511-1FL03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511T-1 PN (6ES7511-1TK01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511T-1 PN (6ES7511-1TL03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511TF-1 PN (6ES7511-1UK01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511TF-1 PN (6ES7511-1UL03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1512C-1 PN (6ES7512-1CK00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1512C-1 PN (6ES7512-1CK01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1512C-1 PN (6ES7512-1CM03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1513-1 PN (6ES7513-1AL01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1513-1 PN (6ES7513-1AL02-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1513-1 PN (6ES7513-1AM03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1513F-1 PN (6ES7513-1FL01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1513F-1 PN (6ES7513-1FL02-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1513F-1 PN (6ES7513-1FM03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1513R-1 PN (6ES7513-1RL00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1513R-1 PN (6ES7513-1RM03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1513pro F-2 PN (6ES7513-2GM03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1513pro-2 PN (6ES7513-2PM03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515-2 PN (6ES7515-2AM01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515-2 PN (6ES7515-2AM02-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515-2 PN (6ES7515-2AN03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515F-2 PN (6ES7515-2FM01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515F-2 PN (6ES7515-2FM02-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515F-2 PN (6ES7515-2FN03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515R-2 PN (6ES7515-2RM00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515R-2 PN (6ES7515-2RN03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515T-2 PN (6ES7515-2TM01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515T-2 PN (6ES7515-2TN03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515TF-2 PN (6ES7515-2UM01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515TF-2 PN (6ES7515-2UN03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516-3 PN/DP (6ES7516-3AN01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516-3 PN/DP (6ES7516-3AN02-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516-3 PN/DP (6ES7516-3AP03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516F-3 PN/DP (6ES7516-3FN01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516F-3 PN/DP (6ES7516-3FN02-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516F-3 PN/DP (6ES7516-3FP03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516T-3 PN (6ES7516-3TP10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516T-3 PN/DP (6ES7516-3TN00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516TF-3 PN (6ES7516-3UP10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516TF-3 PN/DP (6ES7516-3UN00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516pro F-2 PN (6ES7516-2GP03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516pro-2 PN (6ES7516-2PP03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517-3 PN (6ES7517-3AQ10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517-3 PN/DP (6ES7517-3AP00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517F-3 PN (6ES7517-3FQ10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517F-3 PN/DP (6ES7517-3FP00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517F-3 PN/DP (6ES7517-3FP01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517H-3 PN (6ES7517-3HP00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517H-4 PN (6ES7517-4HQ10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517T-3 PN (6ES7517-3TQ10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517T-3 PN/DP (6ES7517-3TP00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517TF-3 PN (6ES7517-3UQ10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517TF-3 PN/DP (6ES7517-3UP00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518-3 PN (6ES7518-3AT10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP (6ES7518-4AP00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518F-3 PN (6ES7518-3FT10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP (6ES7518-4FP00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518HF-4 PN (6ES7518-4JP00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518HF-4 PN (6ES7518-4JT10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518T-3 PN (6ES7518-3TT10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518T-4 PN/DP (6ES7518-4TP00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518TF-3 PN (6ES7518-3UT10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518TF-4 PN/DP (6ES7518-4UP00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU S7-1518-4 PN/DP ODK (6ES7518-4AP00-3AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU S7-1518F-4 PN/DP ODK (6ES7518-4FP00-3AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 ET 200pro: CPU 1513PRO F-2 PN (6ES7513-2GL00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 ET 200pro: CPU 1513PRO-2 PN (6ES7513-2PL00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 ET 200pro: CPU 1516PRO F-2 PN (6ES7516-2GN00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 ET 200pro: CPU 1516PRO-2 PN (6ES7516-2PN00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1507S F V2		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1507S F V3		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1507S F V4		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1507S V2		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1507S V3		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1507S V4		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1508S F V2		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1508S F V3		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1508S F V4		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1508S T V3		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1508S TF V3		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1508S V2		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1508S V3		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1508S V4		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller Linux V2		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller Linux V3		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-PLCSIM Advanced		vers:unknown/*

CVE-2025-55018

An HTTP request smuggling vulnerability in Fortinet FortiOS allows unauthenticated attackers to bypass firewall policies by sending specially crafted headers, potentially compromising security.

5.8 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N

CWE-444 - Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')

Affected products

Known affected 126 products

Product	Identifier	Version	Remediation
vers:unknown/* Siemens / Heliox Flex 180 kW EV Charging Station		vers:unknown/*
vers:unknown/* Siemens / Heliox Mobile DC 40 kW EV Charging Station		vers:unknown/*
vers:unknown/* Siemens / RUGGEDCOM APE1808		vers:unknown/*
vers:unknown/* Siemens / SICAM SIAPP SDK		vers:unknown/*
vers:unknown/* Siemens / SIDIS Prime		vers:unknown/*
vers:unknown/* Siemens / SIMATIC Drive Controller CPU 1504D TF (6ES7615-4DF10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC Drive Controller CPU 1507D TF (6ES7615-7DF10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1510SP F-1 PN (6ES7510-1SJ01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1510SP F-1 PN (6ES7510-1SK03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1510SP-1 PN (6ES7510-1DJ01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1510SP-1 PN (6ES7510-1DK03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1512SP F-1 PN (6ES7512-1SK01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1512SP F-1 PN (6ES7512-1SM03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1512SP-1 PN (6ES7512-1DK01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1512SP-1 PN (6ES7512-1DM03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1514SP F-2 PN (6ES7514-2SN03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1514SP-2 PN (6ES7514-2DN03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1514SPT F-2 PN (6ES7514-2WN03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1514SPT-2 PN (6ES7514-2VN03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) V2 CPUs - Windows OS		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) V3 CPUs - Industrial OS		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) V3 CPUs - Windows OS		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP Open Controller CPU 1515SP PC3 (incl. SIPLUS variants) V2 CPUs - Windows OS		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP Open Controller CPU 1515SP PC3 (incl. SIPLUS variants) V3 CPUs - Industrial OS		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP Open Controller CPU 1515SP PC3 (incl. SIPLUS variants) V3 CPUs - Windows OS		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511-1 PN (6ES7511-1AK00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511-1 PN (6ES7511-1AK01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511-1 PN (6ES7511-1AK02-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511-1 PN (6ES7511-1AL03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511C-1 PN (6ES7511-1CK00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511C-1 PN (6ES7511-1CK01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511C-1 PN (6ES7511-1CL03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511F-1 PN (6ES7511-1FK01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511F-1 PN (6ES7511-1FK02-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511F-1 PN (6ES7511-1FL03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511T-1 PN (6ES7511-1TK01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511T-1 PN (6ES7511-1TL03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511TF-1 PN (6ES7511-1UK01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511TF-1 PN (6ES7511-1UL03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1512C-1 PN (6ES7512-1CK00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1512C-1 PN (6ES7512-1CK01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1512C-1 PN (6ES7512-1CM03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1513-1 PN (6ES7513-1AL01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1513-1 PN (6ES7513-1AL02-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1513-1 PN (6ES7513-1AM03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1513F-1 PN (6ES7513-1FL01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1513F-1 PN (6ES7513-1FL02-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1513F-1 PN (6ES7513-1FM03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1513R-1 PN (6ES7513-1RL00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1513R-1 PN (6ES7513-1RM03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1513pro F-2 PN (6ES7513-2GM03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1513pro-2 PN (6ES7513-2PM03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515-2 PN (6ES7515-2AM01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515-2 PN (6ES7515-2AM02-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515-2 PN (6ES7515-2AN03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515F-2 PN (6ES7515-2FM01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515F-2 PN (6ES7515-2FM02-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515F-2 PN (6ES7515-2FN03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515R-2 PN (6ES7515-2RM00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515R-2 PN (6ES7515-2RN03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515T-2 PN (6ES7515-2TM01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515T-2 PN (6ES7515-2TN03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515TF-2 PN (6ES7515-2UM01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515TF-2 PN (6ES7515-2UN03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516-3 PN/DP (6ES7516-3AN01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516-3 PN/DP (6ES7516-3AN02-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516-3 PN/DP (6ES7516-3AP03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516F-3 PN/DP (6ES7516-3FN01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516F-3 PN/DP (6ES7516-3FN02-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516F-3 PN/DP (6ES7516-3FP03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516T-3 PN (6ES7516-3TP10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516T-3 PN/DP (6ES7516-3TN00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516TF-3 PN (6ES7516-3UP10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516TF-3 PN/DP (6ES7516-3UN00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516pro F-2 PN (6ES7516-2GP03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516pro-2 PN (6ES7516-2PP03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517-3 PN (6ES7517-3AQ10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517-3 PN/DP (6ES7517-3AP00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517F-3 PN (6ES7517-3FQ10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517F-3 PN/DP (6ES7517-3FP00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517F-3 PN/DP (6ES7517-3FP01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517H-3 PN (6ES7517-3HP00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517H-4 PN (6ES7517-4HQ10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517T-3 PN (6ES7517-3TQ10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517T-3 PN/DP (6ES7517-3TP00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517TF-3 PN (6ES7517-3UQ10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517TF-3 PN/DP (6ES7517-3UP00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518-3 PN (6ES7518-3AT10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP (6ES7518-4AP00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518F-3 PN (6ES7518-3FT10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP (6ES7518-4FP00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518HF-4 PN (6ES7518-4JP00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518HF-4 PN (6ES7518-4JT10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518T-3 PN (6ES7518-3TT10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518T-4 PN/DP (6ES7518-4TP00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518TF-3 PN (6ES7518-3UT10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518TF-4 PN/DP (6ES7518-4UP00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU S7-1518-4 PN/DP ODK (6ES7518-4AP00-3AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU S7-1518F-4 PN/DP ODK (6ES7518-4FP00-3AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 ET 200pro: CPU 1513PRO F-2 PN (6ES7513-2GL00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 ET 200pro: CPU 1513PRO-2 PN (6ES7513-2PL00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 ET 200pro: CPU 1516PRO F-2 PN (6ES7516-2GN00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 ET 200pro: CPU 1516PRO-2 PN (6ES7516-2PN00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1507S F V2		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1507S F V3		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1507S F V4		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1507S V2		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1507S V3		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1507S V4		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1508S F V2		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1508S F V3		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1508S F V4		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1508S T V3		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1508S TF V3		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1508S V2		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1508S V3		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1508S V4		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller Linux V2		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller Linux V3		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-PLCSIM Advanced		vers:unknown/*

CVE-2025-58751

Certain Vite applications allowed files in the public directory to be served without following `server.fs` settings, particularly when exposed to the network, with specific versions addressing this issue.

5.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor

Affected products

Known affected 126 products

Product	Identifier	Version	Remediation
vers:unknown/* Siemens / Heliox Flex 180 kW EV Charging Station		vers:unknown/*
vers:unknown/* Siemens / Heliox Mobile DC 40 kW EV Charging Station		vers:unknown/*
vers:unknown/* Siemens / RUGGEDCOM APE1808		vers:unknown/*
vers:unknown/* Siemens / SICAM SIAPP SDK		vers:unknown/*
vers:unknown/* Siemens / SIDIS Prime		vers:unknown/*
vers:unknown/* Siemens / SIMATIC Drive Controller CPU 1504D TF (6ES7615-4DF10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC Drive Controller CPU 1507D TF (6ES7615-7DF10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1510SP F-1 PN (6ES7510-1SJ01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1510SP F-1 PN (6ES7510-1SK03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1510SP-1 PN (6ES7510-1DJ01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1510SP-1 PN (6ES7510-1DK03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1512SP F-1 PN (6ES7512-1SK01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1512SP F-1 PN (6ES7512-1SM03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1512SP-1 PN (6ES7512-1DK01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1512SP-1 PN (6ES7512-1DM03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1514SP F-2 PN (6ES7514-2SN03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1514SP-2 PN (6ES7514-2DN03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1514SPT F-2 PN (6ES7514-2WN03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1514SPT-2 PN (6ES7514-2VN03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) V2 CPUs - Windows OS		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) V3 CPUs - Industrial OS		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) V3 CPUs - Windows OS		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP Open Controller CPU 1515SP PC3 (incl. SIPLUS variants) V2 CPUs - Windows OS		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP Open Controller CPU 1515SP PC3 (incl. SIPLUS variants) V3 CPUs - Industrial OS		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP Open Controller CPU 1515SP PC3 (incl. SIPLUS variants) V3 CPUs - Windows OS		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511-1 PN (6ES7511-1AK00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511-1 PN (6ES7511-1AK01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511-1 PN (6ES7511-1AK02-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511-1 PN (6ES7511-1AL03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511C-1 PN (6ES7511-1CK00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511C-1 PN (6ES7511-1CK01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511C-1 PN (6ES7511-1CL03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511F-1 PN (6ES7511-1FK01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511F-1 PN (6ES7511-1FK02-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511F-1 PN (6ES7511-1FL03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511T-1 PN (6ES7511-1TK01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511T-1 PN (6ES7511-1TL03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511TF-1 PN (6ES7511-1UK01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511TF-1 PN (6ES7511-1UL03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1512C-1 PN (6ES7512-1CK00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1512C-1 PN (6ES7512-1CK01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1512C-1 PN (6ES7512-1CM03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1513-1 PN (6ES7513-1AL01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1513-1 PN (6ES7513-1AL02-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1513-1 PN (6ES7513-1AM03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1513F-1 PN (6ES7513-1FL01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1513F-1 PN (6ES7513-1FL02-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1513F-1 PN (6ES7513-1FM03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1513R-1 PN (6ES7513-1RL00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1513R-1 PN (6ES7513-1RM03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1513pro F-2 PN (6ES7513-2GM03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1513pro-2 PN (6ES7513-2PM03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515-2 PN (6ES7515-2AM01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515-2 PN (6ES7515-2AM02-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515-2 PN (6ES7515-2AN03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515F-2 PN (6ES7515-2FM01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515F-2 PN (6ES7515-2FM02-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515F-2 PN (6ES7515-2FN03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515R-2 PN (6ES7515-2RM00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515R-2 PN (6ES7515-2RN03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515T-2 PN (6ES7515-2TM01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515T-2 PN (6ES7515-2TN03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515TF-2 PN (6ES7515-2UM01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515TF-2 PN (6ES7515-2UN03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516-3 PN/DP (6ES7516-3AN01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516-3 PN/DP (6ES7516-3AN02-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516-3 PN/DP (6ES7516-3AP03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516F-3 PN/DP (6ES7516-3FN01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516F-3 PN/DP (6ES7516-3FN02-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516F-3 PN/DP (6ES7516-3FP03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516T-3 PN (6ES7516-3TP10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516T-3 PN/DP (6ES7516-3TN00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516TF-3 PN (6ES7516-3UP10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516TF-3 PN/DP (6ES7516-3UN00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516pro F-2 PN (6ES7516-2GP03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516pro-2 PN (6ES7516-2PP03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517-3 PN (6ES7517-3AQ10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517-3 PN/DP (6ES7517-3AP00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517F-3 PN (6ES7517-3FQ10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517F-3 PN/DP (6ES7517-3FP00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517F-3 PN/DP (6ES7517-3FP01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517H-3 PN (6ES7517-3HP00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517H-4 PN (6ES7517-4HQ10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517T-3 PN (6ES7517-3TQ10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517T-3 PN/DP (6ES7517-3TP00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517TF-3 PN (6ES7517-3UQ10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517TF-3 PN/DP (6ES7517-3UP00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518-3 PN (6ES7518-3AT10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP (6ES7518-4AP00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518F-3 PN (6ES7518-3FT10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP (6ES7518-4FP00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518HF-4 PN (6ES7518-4JP00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518HF-4 PN (6ES7518-4JT10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518T-3 PN (6ES7518-3TT10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518T-4 PN/DP (6ES7518-4TP00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518TF-3 PN (6ES7518-3UT10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518TF-4 PN/DP (6ES7518-4UP00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU S7-1518-4 PN/DP ODK (6ES7518-4AP00-3AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU S7-1518F-4 PN/DP ODK (6ES7518-4FP00-3AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 ET 200pro: CPU 1513PRO F-2 PN (6ES7513-2GL00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 ET 200pro: CPU 1513PRO-2 PN (6ES7513-2PL00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 ET 200pro: CPU 1516PRO F-2 PN (6ES7516-2GN00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 ET 200pro: CPU 1516PRO-2 PN (6ES7516-2PN00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1507S F V2		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1507S F V3		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1507S F V4		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1507S V2		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1507S V3		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1507S V4		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1508S F V2		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1508S F V3		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1508S F V4		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1508S T V3		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1508S TF V3		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1508S V2		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1508S V3		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1508S V4		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller Linux V2		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller Linux V3		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-PLCSIM Advanced		vers:unknown/*

CVE-2025-58752

Vite versions prior to 7.1.5, 7.0.7, 6.3.6, and 5.4.20 contained a low-severity vulnerability allowing unauthorized access to HTML files outside configured directories via path traversal when the dev or preview server was exposed and appType was 'spa' or 'mpa'.

5.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor

Affected products

Known affected 126 products

Product	Identifier	Version	Remediation
vers:unknown/* Siemens / Heliox Flex 180 kW EV Charging Station		vers:unknown/*
vers:unknown/* Siemens / Heliox Mobile DC 40 kW EV Charging Station		vers:unknown/*
vers:unknown/* Siemens / RUGGEDCOM APE1808		vers:unknown/*
vers:unknown/* Siemens / SICAM SIAPP SDK		vers:unknown/*
vers:unknown/* Siemens / SIDIS Prime		vers:unknown/*
vers:unknown/* Siemens / SIMATIC Drive Controller CPU 1504D TF (6ES7615-4DF10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC Drive Controller CPU 1507D TF (6ES7615-7DF10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1510SP F-1 PN (6ES7510-1SJ01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1510SP F-1 PN (6ES7510-1SK03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1510SP-1 PN (6ES7510-1DJ01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1510SP-1 PN (6ES7510-1DK03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1512SP F-1 PN (6ES7512-1SK01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1512SP F-1 PN (6ES7512-1SM03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1512SP-1 PN (6ES7512-1DK01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1512SP-1 PN (6ES7512-1DM03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1514SP F-2 PN (6ES7514-2SN03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1514SP-2 PN (6ES7514-2DN03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1514SPT F-2 PN (6ES7514-2WN03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1514SPT-2 PN (6ES7514-2VN03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) V2 CPUs - Windows OS		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) V3 CPUs - Industrial OS		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) V3 CPUs - Windows OS		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP Open Controller CPU 1515SP PC3 (incl. SIPLUS variants) V2 CPUs - Windows OS		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP Open Controller CPU 1515SP PC3 (incl. SIPLUS variants) V3 CPUs - Industrial OS		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP Open Controller CPU 1515SP PC3 (incl. SIPLUS variants) V3 CPUs - Windows OS		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511-1 PN (6ES7511-1AK00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511-1 PN (6ES7511-1AK01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511-1 PN (6ES7511-1AK02-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511-1 PN (6ES7511-1AL03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511C-1 PN (6ES7511-1CK00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511C-1 PN (6ES7511-1CK01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511C-1 PN (6ES7511-1CL03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511F-1 PN (6ES7511-1FK01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511F-1 PN (6ES7511-1FK02-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511F-1 PN (6ES7511-1FL03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511T-1 PN (6ES7511-1TK01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511T-1 PN (6ES7511-1TL03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511TF-1 PN (6ES7511-1UK01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511TF-1 PN (6ES7511-1UL03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1512C-1 PN (6ES7512-1CK00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1512C-1 PN (6ES7512-1CK01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1512C-1 PN (6ES7512-1CM03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1513-1 PN (6ES7513-1AL01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1513-1 PN (6ES7513-1AL02-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1513-1 PN (6ES7513-1AM03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1513F-1 PN (6ES7513-1FL01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1513F-1 PN (6ES7513-1FL02-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1513F-1 PN (6ES7513-1FM03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1513R-1 PN (6ES7513-1RL00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1513R-1 PN (6ES7513-1RM03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1513pro F-2 PN (6ES7513-2GM03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1513pro-2 PN (6ES7513-2PM03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515-2 PN (6ES7515-2AM01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515-2 PN (6ES7515-2AM02-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515-2 PN (6ES7515-2AN03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515F-2 PN (6ES7515-2FM01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515F-2 PN (6ES7515-2FM02-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515F-2 PN (6ES7515-2FN03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515R-2 PN (6ES7515-2RM00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515R-2 PN (6ES7515-2RN03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515T-2 PN (6ES7515-2TM01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515T-2 PN (6ES7515-2TN03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515TF-2 PN (6ES7515-2UM01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515TF-2 PN (6ES7515-2UN03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516-3 PN/DP (6ES7516-3AN01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516-3 PN/DP (6ES7516-3AN02-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516-3 PN/DP (6ES7516-3AP03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516F-3 PN/DP (6ES7516-3FN01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516F-3 PN/DP (6ES7516-3FN02-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516F-3 PN/DP (6ES7516-3FP03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516T-3 PN (6ES7516-3TP10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516T-3 PN/DP (6ES7516-3TN00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516TF-3 PN (6ES7516-3UP10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516TF-3 PN/DP (6ES7516-3UN00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516pro F-2 PN (6ES7516-2GP03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516pro-2 PN (6ES7516-2PP03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517-3 PN (6ES7517-3AQ10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517-3 PN/DP (6ES7517-3AP00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517F-3 PN (6ES7517-3FQ10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517F-3 PN/DP (6ES7517-3FP00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517F-3 PN/DP (6ES7517-3FP01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517H-3 PN (6ES7517-3HP00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517H-4 PN (6ES7517-4HQ10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517T-3 PN (6ES7517-3TQ10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517T-3 PN/DP (6ES7517-3TP00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517TF-3 PN (6ES7517-3UQ10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517TF-3 PN/DP (6ES7517-3UP00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518-3 PN (6ES7518-3AT10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP (6ES7518-4AP00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518F-3 PN (6ES7518-3FT10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP (6ES7518-4FP00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518HF-4 PN (6ES7518-4JP00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518HF-4 PN (6ES7518-4JT10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518T-3 PN (6ES7518-3TT10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518T-4 PN/DP (6ES7518-4TP00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518TF-3 PN (6ES7518-3UT10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518TF-4 PN/DP (6ES7518-4UP00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU S7-1518-4 PN/DP ODK (6ES7518-4AP00-3AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU S7-1518F-4 PN/DP ODK (6ES7518-4FP00-3AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 ET 200pro: CPU 1513PRO F-2 PN (6ES7513-2GL00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 ET 200pro: CPU 1513PRO-2 PN (6ES7513-2PL00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 ET 200pro: CPU 1516PRO F-2 PN (6ES7516-2GN00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 ET 200pro: CPU 1516PRO-2 PN (6ES7516-2PN00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1507S F V2		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1507S F V3		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1507S F V4		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1507S V2		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1507S V3		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1507S V4		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1508S F V2		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1508S F V3		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1508S F V4		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1508S T V3		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1508S TF V3		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1508S V2		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1508S V3		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1508S V4		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller Linux V2		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller Linux V3		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-PLCSIM Advanced		vers:unknown/*

CVE-2025-58754

Axios is vulnerable to denial of service attacks due to unbounded memory allocation for `data:` URIs in versions prior to 0.30.2 and 1.12.0, with additional security issues noted in HPE and Oracle products.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-770 - Allocation of Resources Without Limits or Throttling

Affected products

Known affected 126 products

Product	Identifier	Version	Remediation
vers:unknown/* Siemens / Heliox Flex 180 kW EV Charging Station		vers:unknown/*
vers:unknown/* Siemens / Heliox Mobile DC 40 kW EV Charging Station		vers:unknown/*
vers:unknown/* Siemens / RUGGEDCOM APE1808		vers:unknown/*
vers:unknown/* Siemens / SICAM SIAPP SDK		vers:unknown/*
vers:unknown/* Siemens / SIDIS Prime		vers:unknown/*
vers:unknown/* Siemens / SIMATIC Drive Controller CPU 1504D TF (6ES7615-4DF10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC Drive Controller CPU 1507D TF (6ES7615-7DF10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1510SP F-1 PN (6ES7510-1SJ01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1510SP F-1 PN (6ES7510-1SK03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1510SP-1 PN (6ES7510-1DJ01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1510SP-1 PN (6ES7510-1DK03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1512SP F-1 PN (6ES7512-1SK01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1512SP F-1 PN (6ES7512-1SM03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1512SP-1 PN (6ES7512-1DK01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1512SP-1 PN (6ES7512-1DM03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1514SP F-2 PN (6ES7514-2SN03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1514SP-2 PN (6ES7514-2DN03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1514SPT F-2 PN (6ES7514-2WN03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1514SPT-2 PN (6ES7514-2VN03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) V2 CPUs - Windows OS		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) V3 CPUs - Industrial OS		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) V3 CPUs - Windows OS		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP Open Controller CPU 1515SP PC3 (incl. SIPLUS variants) V2 CPUs - Windows OS		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP Open Controller CPU 1515SP PC3 (incl. SIPLUS variants) V3 CPUs - Industrial OS		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP Open Controller CPU 1515SP PC3 (incl. SIPLUS variants) V3 CPUs - Windows OS		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511-1 PN (6ES7511-1AK00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511-1 PN (6ES7511-1AK01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511-1 PN (6ES7511-1AK02-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511-1 PN (6ES7511-1AL03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511C-1 PN (6ES7511-1CK00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511C-1 PN (6ES7511-1CK01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511C-1 PN (6ES7511-1CL03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511F-1 PN (6ES7511-1FK01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511F-1 PN (6ES7511-1FK02-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511F-1 PN (6ES7511-1FL03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511T-1 PN (6ES7511-1TK01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511T-1 PN (6ES7511-1TL03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511TF-1 PN (6ES7511-1UK01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511TF-1 PN (6ES7511-1UL03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1512C-1 PN (6ES7512-1CK00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1512C-1 PN (6ES7512-1CK01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1512C-1 PN (6ES7512-1CM03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1513-1 PN (6ES7513-1AL01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1513-1 PN (6ES7513-1AL02-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1513-1 PN (6ES7513-1AM03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1513F-1 PN (6ES7513-1FL01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1513F-1 PN (6ES7513-1FL02-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1513F-1 PN (6ES7513-1FM03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1513R-1 PN (6ES7513-1RL00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1513R-1 PN (6ES7513-1RM03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1513pro F-2 PN (6ES7513-2GM03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1513pro-2 PN (6ES7513-2PM03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515-2 PN (6ES7515-2AM01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515-2 PN (6ES7515-2AM02-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515-2 PN (6ES7515-2AN03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515F-2 PN (6ES7515-2FM01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515F-2 PN (6ES7515-2FM02-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515F-2 PN (6ES7515-2FN03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515R-2 PN (6ES7515-2RM00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515R-2 PN (6ES7515-2RN03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515T-2 PN (6ES7515-2TM01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515T-2 PN (6ES7515-2TN03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515TF-2 PN (6ES7515-2UM01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515TF-2 PN (6ES7515-2UN03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516-3 PN/DP (6ES7516-3AN01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516-3 PN/DP (6ES7516-3AN02-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516-3 PN/DP (6ES7516-3AP03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516F-3 PN/DP (6ES7516-3FN01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516F-3 PN/DP (6ES7516-3FN02-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516F-3 PN/DP (6ES7516-3FP03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516T-3 PN (6ES7516-3TP10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516T-3 PN/DP (6ES7516-3TN00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516TF-3 PN (6ES7516-3UP10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516TF-3 PN/DP (6ES7516-3UN00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516pro F-2 PN (6ES7516-2GP03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516pro-2 PN (6ES7516-2PP03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517-3 PN (6ES7517-3AQ10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517-3 PN/DP (6ES7517-3AP00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517F-3 PN (6ES7517-3FQ10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517F-3 PN/DP (6ES7517-3FP00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517F-3 PN/DP (6ES7517-3FP01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517H-3 PN (6ES7517-3HP00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517H-4 PN (6ES7517-4HQ10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517T-3 PN (6ES7517-3TQ10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517T-3 PN/DP (6ES7517-3TP00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517TF-3 PN (6ES7517-3UQ10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517TF-3 PN/DP (6ES7517-3UP00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518-3 PN (6ES7518-3AT10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP (6ES7518-4AP00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518F-3 PN (6ES7518-3FT10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP (6ES7518-4FP00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518HF-4 PN (6ES7518-4JP00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518HF-4 PN (6ES7518-4JT10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518T-3 PN (6ES7518-3TT10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518T-4 PN/DP (6ES7518-4TP00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518TF-3 PN (6ES7518-3UT10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518TF-4 PN/DP (6ES7518-4UP00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU S7-1518-4 PN/DP ODK (6ES7518-4AP00-3AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU S7-1518F-4 PN/DP ODK (6ES7518-4FP00-3AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 ET 200pro: CPU 1513PRO F-2 PN (6ES7513-2GL00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 ET 200pro: CPU 1513PRO-2 PN (6ES7513-2PL00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 ET 200pro: CPU 1516PRO F-2 PN (6ES7516-2GN00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 ET 200pro: CPU 1516PRO-2 PN (6ES7516-2PN00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1507S F V2		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1507S F V3		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1507S F V4		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1507S V2		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1507S V3		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1507S V4		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1508S F V2		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1508S F V3		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1508S F V4		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1508S T V3		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1508S TF V3		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1508S V2		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1508S V3		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1508S V4		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller Linux V2		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller Linux V3		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-PLCSIM Advanced		vers:unknown/*

CVE-2025-62439

A vulnerability in Fortinet FortiOS versions 7.0 through 7.6.4, specifically in the FSSO Terminal Services Agent, allows an authenticated user with knowledge of FSSO policy configurations to gain unauthorized access to protected network resources via crafted requests due to improper verification of the communication channel source.

4.2 (Medium)


                        
                          CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N

CWE-940 - Improper Verification of Source of a Communication Channel

Affected products

Known affected 126 products

Product	Identifier	Version	Remediation
vers:unknown/* Siemens / Heliox Flex 180 kW EV Charging Station		vers:unknown/*
vers:unknown/* Siemens / Heliox Mobile DC 40 kW EV Charging Station		vers:unknown/*
vers:unknown/* Siemens / RUGGEDCOM APE1808		vers:unknown/*
vers:unknown/* Siemens / SICAM SIAPP SDK		vers:unknown/*
vers:unknown/* Siemens / SIDIS Prime		vers:unknown/*
vers:unknown/* Siemens / SIMATIC Drive Controller CPU 1504D TF (6ES7615-4DF10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC Drive Controller CPU 1507D TF (6ES7615-7DF10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1510SP F-1 PN (6ES7510-1SJ01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1510SP F-1 PN (6ES7510-1SK03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1510SP-1 PN (6ES7510-1DJ01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1510SP-1 PN (6ES7510-1DK03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1512SP F-1 PN (6ES7512-1SK01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1512SP F-1 PN (6ES7512-1SM03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1512SP-1 PN (6ES7512-1DK01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1512SP-1 PN (6ES7512-1DM03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1514SP F-2 PN (6ES7514-2SN03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1514SP-2 PN (6ES7514-2DN03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1514SPT F-2 PN (6ES7514-2WN03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1514SPT-2 PN (6ES7514-2VN03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) V2 CPUs - Windows OS		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) V3 CPUs - Industrial OS		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) V3 CPUs - Windows OS		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP Open Controller CPU 1515SP PC3 (incl. SIPLUS variants) V2 CPUs - Windows OS		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP Open Controller CPU 1515SP PC3 (incl. SIPLUS variants) V3 CPUs - Industrial OS		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP Open Controller CPU 1515SP PC3 (incl. SIPLUS variants) V3 CPUs - Windows OS		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511-1 PN (6ES7511-1AK00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511-1 PN (6ES7511-1AK01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511-1 PN (6ES7511-1AK02-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511-1 PN (6ES7511-1AL03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511C-1 PN (6ES7511-1CK00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511C-1 PN (6ES7511-1CK01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511C-1 PN (6ES7511-1CL03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511F-1 PN (6ES7511-1FK01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511F-1 PN (6ES7511-1FK02-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511F-1 PN (6ES7511-1FL03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511T-1 PN (6ES7511-1TK01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511T-1 PN (6ES7511-1TL03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511TF-1 PN (6ES7511-1UK01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511TF-1 PN (6ES7511-1UL03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1512C-1 PN (6ES7512-1CK00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1512C-1 PN (6ES7512-1CK01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1512C-1 PN (6ES7512-1CM03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1513-1 PN (6ES7513-1AL01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1513-1 PN (6ES7513-1AL02-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1513-1 PN (6ES7513-1AM03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1513F-1 PN (6ES7513-1FL01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1513F-1 PN (6ES7513-1FL02-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1513F-1 PN (6ES7513-1FM03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1513R-1 PN (6ES7513-1RL00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1513R-1 PN (6ES7513-1RM03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1513pro F-2 PN (6ES7513-2GM03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1513pro-2 PN (6ES7513-2PM03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515-2 PN (6ES7515-2AM01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515-2 PN (6ES7515-2AM02-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515-2 PN (6ES7515-2AN03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515F-2 PN (6ES7515-2FM01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515F-2 PN (6ES7515-2FM02-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515F-2 PN (6ES7515-2FN03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515R-2 PN (6ES7515-2RM00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515R-2 PN (6ES7515-2RN03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515T-2 PN (6ES7515-2TM01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515T-2 PN (6ES7515-2TN03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515TF-2 PN (6ES7515-2UM01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515TF-2 PN (6ES7515-2UN03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516-3 PN/DP (6ES7516-3AN01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516-3 PN/DP (6ES7516-3AN02-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516-3 PN/DP (6ES7516-3AP03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516F-3 PN/DP (6ES7516-3FN01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516F-3 PN/DP (6ES7516-3FN02-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516F-3 PN/DP (6ES7516-3FP03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516T-3 PN (6ES7516-3TP10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516T-3 PN/DP (6ES7516-3TN00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516TF-3 PN (6ES7516-3UP10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516TF-3 PN/DP (6ES7516-3UN00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516pro F-2 PN (6ES7516-2GP03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516pro-2 PN (6ES7516-2PP03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517-3 PN (6ES7517-3AQ10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517-3 PN/DP (6ES7517-3AP00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517F-3 PN (6ES7517-3FQ10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517F-3 PN/DP (6ES7517-3FP00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517F-3 PN/DP (6ES7517-3FP01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517H-3 PN (6ES7517-3HP00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517H-4 PN (6ES7517-4HQ10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517T-3 PN (6ES7517-3TQ10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517T-3 PN/DP (6ES7517-3TP00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517TF-3 PN (6ES7517-3UQ10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517TF-3 PN/DP (6ES7517-3UP00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518-3 PN (6ES7518-3AT10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP (6ES7518-4AP00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518F-3 PN (6ES7518-3FT10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP (6ES7518-4FP00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518HF-4 PN (6ES7518-4JP00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518HF-4 PN (6ES7518-4JT10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518T-3 PN (6ES7518-3TT10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518T-4 PN/DP (6ES7518-4TP00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518TF-3 PN (6ES7518-3UT10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518TF-4 PN/DP (6ES7518-4UP00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU S7-1518-4 PN/DP ODK (6ES7518-4AP00-3AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU S7-1518F-4 PN/DP ODK (6ES7518-4FP00-3AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 ET 200pro: CPU 1513PRO F-2 PN (6ES7513-2GL00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 ET 200pro: CPU 1513PRO-2 PN (6ES7513-2PL00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 ET 200pro: CPU 1516PRO F-2 PN (6ES7516-2GN00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 ET 200pro: CPU 1516PRO-2 PN (6ES7516-2PN00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1507S F V2		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1507S F V3		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1507S F V4		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1507S V2		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1507S V3		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1507S V4		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1508S F V2		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1508S F V3		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1508S F V4		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1508S T V3		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1508S TF V3		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1508S V2		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1508S V3		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1508S V4		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller Linux V2		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller Linux V3		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-PLCSIM Advanced		vers:unknown/*

CVE-2025-62522

Vite versions from 2.9.18 to 7.1.11 had a vulnerability on Windows allowing access to files denied by `server.fs.deny` if the URL ended with `\\`, which has been patched in later releases.

6.5 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Affected products

Known affected 126 products

Product	Identifier	Version	Remediation
vers:unknown/* Siemens / Heliox Flex 180 kW EV Charging Station		vers:unknown/*
vers:unknown/* Siemens / Heliox Mobile DC 40 kW EV Charging Station		vers:unknown/*
vers:unknown/* Siemens / RUGGEDCOM APE1808		vers:unknown/*
vers:unknown/* Siemens / SICAM SIAPP SDK		vers:unknown/*
vers:unknown/* Siemens / SIDIS Prime		vers:unknown/*
vers:unknown/* Siemens / SIMATIC Drive Controller CPU 1504D TF (6ES7615-4DF10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC Drive Controller CPU 1507D TF (6ES7615-7DF10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1510SP F-1 PN (6ES7510-1SJ01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1510SP F-1 PN (6ES7510-1SK03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1510SP-1 PN (6ES7510-1DJ01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1510SP-1 PN (6ES7510-1DK03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1512SP F-1 PN (6ES7512-1SK01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1512SP F-1 PN (6ES7512-1SM03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1512SP-1 PN (6ES7512-1DK01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1512SP-1 PN (6ES7512-1DM03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1514SP F-2 PN (6ES7514-2SN03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1514SP-2 PN (6ES7514-2DN03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1514SPT F-2 PN (6ES7514-2WN03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1514SPT-2 PN (6ES7514-2VN03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) V2 CPUs - Windows OS		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) V3 CPUs - Industrial OS		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) V3 CPUs - Windows OS		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP Open Controller CPU 1515SP PC3 (incl. SIPLUS variants) V2 CPUs - Windows OS		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP Open Controller CPU 1515SP PC3 (incl. SIPLUS variants) V3 CPUs - Industrial OS		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP Open Controller CPU 1515SP PC3 (incl. SIPLUS variants) V3 CPUs - Windows OS		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511-1 PN (6ES7511-1AK00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511-1 PN (6ES7511-1AK01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511-1 PN (6ES7511-1AK02-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511-1 PN (6ES7511-1AL03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511C-1 PN (6ES7511-1CK00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511C-1 PN (6ES7511-1CK01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511C-1 PN (6ES7511-1CL03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511F-1 PN (6ES7511-1FK01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511F-1 PN (6ES7511-1FK02-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511F-1 PN (6ES7511-1FL03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511T-1 PN (6ES7511-1TK01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511T-1 PN (6ES7511-1TL03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511TF-1 PN (6ES7511-1UK01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511TF-1 PN (6ES7511-1UL03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1512C-1 PN (6ES7512-1CK00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1512C-1 PN (6ES7512-1CK01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1512C-1 PN (6ES7512-1CM03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1513-1 PN (6ES7513-1AL01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1513-1 PN (6ES7513-1AL02-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1513-1 PN (6ES7513-1AM03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1513F-1 PN (6ES7513-1FL01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1513F-1 PN (6ES7513-1FL02-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1513F-1 PN (6ES7513-1FM03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1513R-1 PN (6ES7513-1RL00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1513R-1 PN (6ES7513-1RM03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1513pro F-2 PN (6ES7513-2GM03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1513pro-2 PN (6ES7513-2PM03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515-2 PN (6ES7515-2AM01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515-2 PN (6ES7515-2AM02-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515-2 PN (6ES7515-2AN03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515F-2 PN (6ES7515-2FM01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515F-2 PN (6ES7515-2FM02-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515F-2 PN (6ES7515-2FN03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515R-2 PN (6ES7515-2RM00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515R-2 PN (6ES7515-2RN03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515T-2 PN (6ES7515-2TM01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515T-2 PN (6ES7515-2TN03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515TF-2 PN (6ES7515-2UM01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515TF-2 PN (6ES7515-2UN03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516-3 PN/DP (6ES7516-3AN01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516-3 PN/DP (6ES7516-3AN02-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516-3 PN/DP (6ES7516-3AP03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516F-3 PN/DP (6ES7516-3FN01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516F-3 PN/DP (6ES7516-3FN02-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516F-3 PN/DP (6ES7516-3FP03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516T-3 PN (6ES7516-3TP10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516T-3 PN/DP (6ES7516-3TN00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516TF-3 PN (6ES7516-3UP10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516TF-3 PN/DP (6ES7516-3UN00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516pro F-2 PN (6ES7516-2GP03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516pro-2 PN (6ES7516-2PP03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517-3 PN (6ES7517-3AQ10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517-3 PN/DP (6ES7517-3AP00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517F-3 PN (6ES7517-3FQ10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517F-3 PN/DP (6ES7517-3FP00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517F-3 PN/DP (6ES7517-3FP01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517H-3 PN (6ES7517-3HP00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517H-4 PN (6ES7517-4HQ10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517T-3 PN (6ES7517-3TQ10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517T-3 PN/DP (6ES7517-3TP00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517TF-3 PN (6ES7517-3UQ10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517TF-3 PN/DP (6ES7517-3UP00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518-3 PN (6ES7518-3AT10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP (6ES7518-4AP00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518F-3 PN (6ES7518-3FT10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP (6ES7518-4FP00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518HF-4 PN (6ES7518-4JP00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518HF-4 PN (6ES7518-4JT10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518T-3 PN (6ES7518-3TT10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518T-4 PN/DP (6ES7518-4TP00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518TF-3 PN (6ES7518-3UT10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518TF-4 PN/DP (6ES7518-4UP00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU S7-1518-4 PN/DP ODK (6ES7518-4AP00-3AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU S7-1518F-4 PN/DP ODK (6ES7518-4FP00-3AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 ET 200pro: CPU 1513PRO F-2 PN (6ES7513-2GL00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 ET 200pro: CPU 1513PRO-2 PN (6ES7513-2PL00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 ET 200pro: CPU 1516PRO F-2 PN (6ES7516-2GN00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 ET 200pro: CPU 1516PRO-2 PN (6ES7516-2PN00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1507S F V2		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1507S F V3		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1507S F V4		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1507S V2		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1507S V3		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1507S V4		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1508S F V2		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1508S F V3		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1508S F V4		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1508S T V3		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1508S TF V3		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1508S V2		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1508S V3		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1508S V4		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller Linux V2		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller Linux V3		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-PLCSIM Advanced		vers:unknown/*

CVE-2025-64157

Fortinet FortiOS versions 7.0 through 7.6.4, including FortiGate devices, contain a CWE-134 externally-controlled format string vulnerability that allows an authenticated admin to execute unauthorized code or commands via crafted configurations.

6.7 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CWE-134 - Use of Externally-Controlled Format String

Affected products

Known affected 126 products

Product	Identifier	Version	Remediation
vers:unknown/* Siemens / Heliox Flex 180 kW EV Charging Station		vers:unknown/*
vers:unknown/* Siemens / Heliox Mobile DC 40 kW EV Charging Station		vers:unknown/*
vers:unknown/* Siemens / RUGGEDCOM APE1808		vers:unknown/*
vers:unknown/* Siemens / SICAM SIAPP SDK		vers:unknown/*
vers:unknown/* Siemens / SIDIS Prime		vers:unknown/*
vers:unknown/* Siemens / SIMATIC Drive Controller CPU 1504D TF (6ES7615-4DF10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC Drive Controller CPU 1507D TF (6ES7615-7DF10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1510SP F-1 PN (6ES7510-1SJ01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1510SP F-1 PN (6ES7510-1SK03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1510SP-1 PN (6ES7510-1DJ01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1510SP-1 PN (6ES7510-1DK03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1512SP F-1 PN (6ES7512-1SK01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1512SP F-1 PN (6ES7512-1SM03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1512SP-1 PN (6ES7512-1DK01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1512SP-1 PN (6ES7512-1DM03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1514SP F-2 PN (6ES7514-2SN03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1514SP-2 PN (6ES7514-2DN03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1514SPT F-2 PN (6ES7514-2WN03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1514SPT-2 PN (6ES7514-2VN03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) V2 CPUs - Windows OS		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) V3 CPUs - Industrial OS		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) V3 CPUs - Windows OS		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP Open Controller CPU 1515SP PC3 (incl. SIPLUS variants) V2 CPUs - Windows OS		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP Open Controller CPU 1515SP PC3 (incl. SIPLUS variants) V3 CPUs - Industrial OS		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP Open Controller CPU 1515SP PC3 (incl. SIPLUS variants) V3 CPUs - Windows OS		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511-1 PN (6ES7511-1AK00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511-1 PN (6ES7511-1AK01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511-1 PN (6ES7511-1AK02-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511-1 PN (6ES7511-1AL03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511C-1 PN (6ES7511-1CK00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511C-1 PN (6ES7511-1CK01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511C-1 PN (6ES7511-1CL03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511F-1 PN (6ES7511-1FK01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511F-1 PN (6ES7511-1FK02-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511F-1 PN (6ES7511-1FL03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511T-1 PN (6ES7511-1TK01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511T-1 PN (6ES7511-1TL03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511TF-1 PN (6ES7511-1UK01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511TF-1 PN (6ES7511-1UL03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1512C-1 PN (6ES7512-1CK00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1512C-1 PN (6ES7512-1CK01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1512C-1 PN (6ES7512-1CM03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1513-1 PN (6ES7513-1AL01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1513-1 PN (6ES7513-1AL02-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1513-1 PN (6ES7513-1AM03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1513F-1 PN (6ES7513-1FL01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1513F-1 PN (6ES7513-1FL02-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1513F-1 PN (6ES7513-1FM03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1513R-1 PN (6ES7513-1RL00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1513R-1 PN (6ES7513-1RM03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1513pro F-2 PN (6ES7513-2GM03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1513pro-2 PN (6ES7513-2PM03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515-2 PN (6ES7515-2AM01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515-2 PN (6ES7515-2AM02-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515-2 PN (6ES7515-2AN03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515F-2 PN (6ES7515-2FM01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515F-2 PN (6ES7515-2FM02-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515F-2 PN (6ES7515-2FN03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515R-2 PN (6ES7515-2RM00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515R-2 PN (6ES7515-2RN03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515T-2 PN (6ES7515-2TM01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515T-2 PN (6ES7515-2TN03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515TF-2 PN (6ES7515-2UM01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515TF-2 PN (6ES7515-2UN03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516-3 PN/DP (6ES7516-3AN01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516-3 PN/DP (6ES7516-3AN02-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516-3 PN/DP (6ES7516-3AP03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516F-3 PN/DP (6ES7516-3FN01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516F-3 PN/DP (6ES7516-3FN02-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516F-3 PN/DP (6ES7516-3FP03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516T-3 PN (6ES7516-3TP10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516T-3 PN/DP (6ES7516-3TN00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516TF-3 PN (6ES7516-3UP10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516TF-3 PN/DP (6ES7516-3UN00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516pro F-2 PN (6ES7516-2GP03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516pro-2 PN (6ES7516-2PP03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517-3 PN (6ES7517-3AQ10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517-3 PN/DP (6ES7517-3AP00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517F-3 PN (6ES7517-3FQ10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517F-3 PN/DP (6ES7517-3FP00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517F-3 PN/DP (6ES7517-3FP01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517H-3 PN (6ES7517-3HP00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517H-4 PN (6ES7517-4HQ10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517T-3 PN (6ES7517-3TQ10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517T-3 PN/DP (6ES7517-3TP00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517TF-3 PN (6ES7517-3UQ10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517TF-3 PN/DP (6ES7517-3UP00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518-3 PN (6ES7518-3AT10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP (6ES7518-4AP00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518F-3 PN (6ES7518-3FT10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP (6ES7518-4FP00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518HF-4 PN (6ES7518-4JP00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518HF-4 PN (6ES7518-4JT10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518T-3 PN (6ES7518-3TT10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518T-4 PN/DP (6ES7518-4TP00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518TF-3 PN (6ES7518-3UT10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518TF-4 PN/DP (6ES7518-4UP00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU S7-1518-4 PN/DP ODK (6ES7518-4AP00-3AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU S7-1518F-4 PN/DP ODK (6ES7518-4FP00-3AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 ET 200pro: CPU 1513PRO F-2 PN (6ES7513-2GL00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 ET 200pro: CPU 1513PRO-2 PN (6ES7513-2PL00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 ET 200pro: CPU 1516PRO F-2 PN (6ES7516-2GN00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 ET 200pro: CPU 1516PRO-2 PN (6ES7516-2PN00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1507S F V2		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1507S F V3		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1507S F V4		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1507S V2		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1507S V3		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1507S V4		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1508S F V2		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1508S F V3		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1508S F V4		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1508S T V3		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1508S TF V3		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1508S V2		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1508S V3		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1508S V4		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller Linux V2		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller Linux V3		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-PLCSIM Advanced		vers:unknown/*

CVE-2025-64718

Multiple vulnerabilities have been identified in js-yaml, Oracle Communications Unified Assurance, and HPE Telco software, allowing for prototype pollution and unauthorized access, with varying severity and available patches.

5.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

CWE-1321 - Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

Affected products

Known affected 126 products

Product	Identifier	Version	Remediation
vers:unknown/* Siemens / Heliox Flex 180 kW EV Charging Station		vers:unknown/*
vers:unknown/* Siemens / Heliox Mobile DC 40 kW EV Charging Station		vers:unknown/*
vers:unknown/* Siemens / RUGGEDCOM APE1808		vers:unknown/*
vers:unknown/* Siemens / SICAM SIAPP SDK		vers:unknown/*
vers:unknown/* Siemens / SIDIS Prime		vers:unknown/*
vers:unknown/* Siemens / SIMATIC Drive Controller CPU 1504D TF (6ES7615-4DF10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC Drive Controller CPU 1507D TF (6ES7615-7DF10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1510SP F-1 PN (6ES7510-1SJ01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1510SP F-1 PN (6ES7510-1SK03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1510SP-1 PN (6ES7510-1DJ01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1510SP-1 PN (6ES7510-1DK03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1512SP F-1 PN (6ES7512-1SK01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1512SP F-1 PN (6ES7512-1SM03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1512SP-1 PN (6ES7512-1DK01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1512SP-1 PN (6ES7512-1DM03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1514SP F-2 PN (6ES7514-2SN03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1514SP-2 PN (6ES7514-2DN03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1514SPT F-2 PN (6ES7514-2WN03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1514SPT-2 PN (6ES7514-2VN03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) V2 CPUs - Windows OS		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) V3 CPUs - Industrial OS		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) V3 CPUs - Windows OS		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP Open Controller CPU 1515SP PC3 (incl. SIPLUS variants) V2 CPUs - Windows OS		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP Open Controller CPU 1515SP PC3 (incl. SIPLUS variants) V3 CPUs - Industrial OS		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP Open Controller CPU 1515SP PC3 (incl. SIPLUS variants) V3 CPUs - Windows OS		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511-1 PN (6ES7511-1AK00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511-1 PN (6ES7511-1AK01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511-1 PN (6ES7511-1AK02-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511-1 PN (6ES7511-1AL03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511C-1 PN (6ES7511-1CK00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511C-1 PN (6ES7511-1CK01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511C-1 PN (6ES7511-1CL03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511F-1 PN (6ES7511-1FK01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511F-1 PN (6ES7511-1FK02-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511F-1 PN (6ES7511-1FL03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511T-1 PN (6ES7511-1TK01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511T-1 PN (6ES7511-1TL03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511TF-1 PN (6ES7511-1UK01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511TF-1 PN (6ES7511-1UL03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1512C-1 PN (6ES7512-1CK00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1512C-1 PN (6ES7512-1CK01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1512C-1 PN (6ES7512-1CM03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1513-1 PN (6ES7513-1AL01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1513-1 PN (6ES7513-1AL02-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1513-1 PN (6ES7513-1AM03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1513F-1 PN (6ES7513-1FL01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1513F-1 PN (6ES7513-1FL02-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1513F-1 PN (6ES7513-1FM03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1513R-1 PN (6ES7513-1RL00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1513R-1 PN (6ES7513-1RM03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1513pro F-2 PN (6ES7513-2GM03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1513pro-2 PN (6ES7513-2PM03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515-2 PN (6ES7515-2AM01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515-2 PN (6ES7515-2AM02-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515-2 PN (6ES7515-2AN03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515F-2 PN (6ES7515-2FM01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515F-2 PN (6ES7515-2FM02-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515F-2 PN (6ES7515-2FN03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515R-2 PN (6ES7515-2RM00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515R-2 PN (6ES7515-2RN03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515T-2 PN (6ES7515-2TM01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515T-2 PN (6ES7515-2TN03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515TF-2 PN (6ES7515-2UM01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515TF-2 PN (6ES7515-2UN03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516-3 PN/DP (6ES7516-3AN01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516-3 PN/DP (6ES7516-3AN02-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516-3 PN/DP (6ES7516-3AP03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516F-3 PN/DP (6ES7516-3FN01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516F-3 PN/DP (6ES7516-3FN02-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516F-3 PN/DP (6ES7516-3FP03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516T-3 PN (6ES7516-3TP10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516T-3 PN/DP (6ES7516-3TN00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516TF-3 PN (6ES7516-3UP10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516TF-3 PN/DP (6ES7516-3UN00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516pro F-2 PN (6ES7516-2GP03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516pro-2 PN (6ES7516-2PP03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517-3 PN (6ES7517-3AQ10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517-3 PN/DP (6ES7517-3AP00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517F-3 PN (6ES7517-3FQ10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517F-3 PN/DP (6ES7517-3FP00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517F-3 PN/DP (6ES7517-3FP01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517H-3 PN (6ES7517-3HP00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517H-4 PN (6ES7517-4HQ10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517T-3 PN (6ES7517-3TQ10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517T-3 PN/DP (6ES7517-3TP00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517TF-3 PN (6ES7517-3UQ10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517TF-3 PN/DP (6ES7517-3UP00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518-3 PN (6ES7518-3AT10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP (6ES7518-4AP00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518F-3 PN (6ES7518-3FT10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP (6ES7518-4FP00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518HF-4 PN (6ES7518-4JP00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518HF-4 PN (6ES7518-4JT10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518T-3 PN (6ES7518-3TT10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518T-4 PN/DP (6ES7518-4TP00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518TF-3 PN (6ES7518-3UT10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518TF-4 PN/DP (6ES7518-4UP00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU S7-1518-4 PN/DP ODK (6ES7518-4AP00-3AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU S7-1518F-4 PN/DP ODK (6ES7518-4FP00-3AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 ET 200pro: CPU 1513PRO F-2 PN (6ES7513-2GL00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 ET 200pro: CPU 1513PRO-2 PN (6ES7513-2PL00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 ET 200pro: CPU 1516PRO F-2 PN (6ES7516-2GN00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 ET 200pro: CPU 1516PRO-2 PN (6ES7516-2PN00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1507S F V2		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1507S F V3		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1507S F V4		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1507S V2		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1507S V3		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1507S V4		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1508S F V2		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1508S F V3		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1508S F V4		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1508S T V3		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1508S TF V3		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1508S V2		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1508S V3		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1508S V4		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller Linux V2		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller Linux V3		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-PLCSIM Advanced		vers:unknown/*

CVE-2025-64756

The glob CLI has a command injection vulnerability in its `-c/--cmd` option, allowing arbitrary command execution through malicious filenames, which has been patched in versions 10.5.0 and 11.1.0.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Affected products

Known affected 126 products

Product	Identifier	Version	Remediation
vers:unknown/* Siemens / Heliox Flex 180 kW EV Charging Station		vers:unknown/*
vers:unknown/* Siemens / Heliox Mobile DC 40 kW EV Charging Station		vers:unknown/*
vers:unknown/* Siemens / RUGGEDCOM APE1808		vers:unknown/*
vers:unknown/* Siemens / SICAM SIAPP SDK		vers:unknown/*
vers:unknown/* Siemens / SIDIS Prime		vers:unknown/*
vers:unknown/* Siemens / SIMATIC Drive Controller CPU 1504D TF (6ES7615-4DF10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC Drive Controller CPU 1507D TF (6ES7615-7DF10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1510SP F-1 PN (6ES7510-1SJ01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1510SP F-1 PN (6ES7510-1SK03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1510SP-1 PN (6ES7510-1DJ01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1510SP-1 PN (6ES7510-1DK03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1512SP F-1 PN (6ES7512-1SK01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1512SP F-1 PN (6ES7512-1SM03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1512SP-1 PN (6ES7512-1DK01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1512SP-1 PN (6ES7512-1DM03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1514SP F-2 PN (6ES7514-2SN03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1514SP-2 PN (6ES7514-2DN03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1514SPT F-2 PN (6ES7514-2WN03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1514SPT-2 PN (6ES7514-2VN03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) V2 CPUs - Windows OS		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) V3 CPUs - Industrial OS		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) V3 CPUs - Windows OS		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP Open Controller CPU 1515SP PC3 (incl. SIPLUS variants) V2 CPUs - Windows OS		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP Open Controller CPU 1515SP PC3 (incl. SIPLUS variants) V3 CPUs - Industrial OS		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP Open Controller CPU 1515SP PC3 (incl. SIPLUS variants) V3 CPUs - Windows OS		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511-1 PN (6ES7511-1AK00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511-1 PN (6ES7511-1AK01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511-1 PN (6ES7511-1AK02-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511-1 PN (6ES7511-1AL03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511C-1 PN (6ES7511-1CK00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511C-1 PN (6ES7511-1CK01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511C-1 PN (6ES7511-1CL03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511F-1 PN (6ES7511-1FK01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511F-1 PN (6ES7511-1FK02-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511F-1 PN (6ES7511-1FL03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511T-1 PN (6ES7511-1TK01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511T-1 PN (6ES7511-1TL03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511TF-1 PN (6ES7511-1UK01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511TF-1 PN (6ES7511-1UL03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1512C-1 PN (6ES7512-1CK00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1512C-1 PN (6ES7512-1CK01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1512C-1 PN (6ES7512-1CM03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1513-1 PN (6ES7513-1AL01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1513-1 PN (6ES7513-1AL02-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1513-1 PN (6ES7513-1AM03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1513F-1 PN (6ES7513-1FL01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1513F-1 PN (6ES7513-1FL02-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1513F-1 PN (6ES7513-1FM03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1513R-1 PN (6ES7513-1RL00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1513R-1 PN (6ES7513-1RM03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1513pro F-2 PN (6ES7513-2GM03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1513pro-2 PN (6ES7513-2PM03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515-2 PN (6ES7515-2AM01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515-2 PN (6ES7515-2AM02-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515-2 PN (6ES7515-2AN03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515F-2 PN (6ES7515-2FM01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515F-2 PN (6ES7515-2FM02-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515F-2 PN (6ES7515-2FN03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515R-2 PN (6ES7515-2RM00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515R-2 PN (6ES7515-2RN03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515T-2 PN (6ES7515-2TM01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515T-2 PN (6ES7515-2TN03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515TF-2 PN (6ES7515-2UM01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515TF-2 PN (6ES7515-2UN03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516-3 PN/DP (6ES7516-3AN01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516-3 PN/DP (6ES7516-3AN02-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516-3 PN/DP (6ES7516-3AP03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516F-3 PN/DP (6ES7516-3FN01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516F-3 PN/DP (6ES7516-3FN02-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516F-3 PN/DP (6ES7516-3FP03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516T-3 PN (6ES7516-3TP10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516T-3 PN/DP (6ES7516-3TN00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516TF-3 PN (6ES7516-3UP10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516TF-3 PN/DP (6ES7516-3UN00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516pro F-2 PN (6ES7516-2GP03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516pro-2 PN (6ES7516-2PP03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517-3 PN (6ES7517-3AQ10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517-3 PN/DP (6ES7517-3AP00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517F-3 PN (6ES7517-3FQ10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517F-3 PN/DP (6ES7517-3FP00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517F-3 PN/DP (6ES7517-3FP01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517H-3 PN (6ES7517-3HP00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517H-4 PN (6ES7517-4HQ10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517T-3 PN (6ES7517-3TQ10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517T-3 PN/DP (6ES7517-3TP00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517TF-3 PN (6ES7517-3UQ10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517TF-3 PN/DP (6ES7517-3UP00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518-3 PN (6ES7518-3AT10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP (6ES7518-4AP00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518F-3 PN (6ES7518-3FT10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP (6ES7518-4FP00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518HF-4 PN (6ES7518-4JP00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518HF-4 PN (6ES7518-4JT10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518T-3 PN (6ES7518-3TT10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518T-4 PN/DP (6ES7518-4TP00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518TF-3 PN (6ES7518-3UT10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518TF-4 PN/DP (6ES7518-4UP00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU S7-1518-4 PN/DP ODK (6ES7518-4AP00-3AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU S7-1518F-4 PN/DP ODK (6ES7518-4FP00-3AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 ET 200pro: CPU 1513PRO F-2 PN (6ES7513-2GL00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 ET 200pro: CPU 1513PRO-2 PN (6ES7513-2PL00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 ET 200pro: CPU 1516PRO F-2 PN (6ES7516-2GN00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 ET 200pro: CPU 1516PRO-2 PN (6ES7516-2PN00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1507S F V2		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1507S F V3		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1507S F V4		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1507S V2		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1507S V3		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1507S V4		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1508S F V2		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1508S F V3		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1508S F V4		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1508S T V3		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1508S TF V3		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1508S V2		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1508S V3		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1508S V4		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller Linux V2		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller Linux V3		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-PLCSIM Advanced		vers:unknown/*

CVE-2025-66030

An Integer Overflow vulnerability in node-forge versions up to 1.3.1 allows remote attackers to craft ASN.1 OIDs with oversized arcs that bypass security controls via 32-bit truncation, fixed in version 1.3.2.

5.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

CWE-190 - Integer Overflow or Wraparound

Affected products

Known affected 126 products

Product	Identifier	Version	Remediation
vers:unknown/* Siemens / Heliox Flex 180 kW EV Charging Station		vers:unknown/*
vers:unknown/* Siemens / Heliox Mobile DC 40 kW EV Charging Station		vers:unknown/*
vers:unknown/* Siemens / RUGGEDCOM APE1808		vers:unknown/*
vers:unknown/* Siemens / SICAM SIAPP SDK		vers:unknown/*
vers:unknown/* Siemens / SIDIS Prime		vers:unknown/*
vers:unknown/* Siemens / SIMATIC Drive Controller CPU 1504D TF (6ES7615-4DF10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC Drive Controller CPU 1507D TF (6ES7615-7DF10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1510SP F-1 PN (6ES7510-1SJ01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1510SP F-1 PN (6ES7510-1SK03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1510SP-1 PN (6ES7510-1DJ01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1510SP-1 PN (6ES7510-1DK03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1512SP F-1 PN (6ES7512-1SK01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1512SP F-1 PN (6ES7512-1SM03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1512SP-1 PN (6ES7512-1DK01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1512SP-1 PN (6ES7512-1DM03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1514SP F-2 PN (6ES7514-2SN03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1514SP-2 PN (6ES7514-2DN03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1514SPT F-2 PN (6ES7514-2WN03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1514SPT-2 PN (6ES7514-2VN03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) V2 CPUs - Windows OS		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) V3 CPUs - Industrial OS		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) V3 CPUs - Windows OS		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP Open Controller CPU 1515SP PC3 (incl. SIPLUS variants) V2 CPUs - Windows OS		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP Open Controller CPU 1515SP PC3 (incl. SIPLUS variants) V3 CPUs - Industrial OS		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP Open Controller CPU 1515SP PC3 (incl. SIPLUS variants) V3 CPUs - Windows OS		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511-1 PN (6ES7511-1AK00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511-1 PN (6ES7511-1AK01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511-1 PN (6ES7511-1AK02-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511-1 PN (6ES7511-1AL03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511C-1 PN (6ES7511-1CK00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511C-1 PN (6ES7511-1CK01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511C-1 PN (6ES7511-1CL03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511F-1 PN (6ES7511-1FK01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511F-1 PN (6ES7511-1FK02-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511F-1 PN (6ES7511-1FL03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511T-1 PN (6ES7511-1TK01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511T-1 PN (6ES7511-1TL03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511TF-1 PN (6ES7511-1UK01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511TF-1 PN (6ES7511-1UL03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1512C-1 PN (6ES7512-1CK00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1512C-1 PN (6ES7512-1CK01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1512C-1 PN (6ES7512-1CM03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1513-1 PN (6ES7513-1AL01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1513-1 PN (6ES7513-1AL02-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1513-1 PN (6ES7513-1AM03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1513F-1 PN (6ES7513-1FL01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1513F-1 PN (6ES7513-1FL02-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1513F-1 PN (6ES7513-1FM03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1513R-1 PN (6ES7513-1RL00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1513R-1 PN (6ES7513-1RM03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1513pro F-2 PN (6ES7513-2GM03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1513pro-2 PN (6ES7513-2PM03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515-2 PN (6ES7515-2AM01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515-2 PN (6ES7515-2AM02-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515-2 PN (6ES7515-2AN03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515F-2 PN (6ES7515-2FM01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515F-2 PN (6ES7515-2FM02-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515F-2 PN (6ES7515-2FN03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515R-2 PN (6ES7515-2RM00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515R-2 PN (6ES7515-2RN03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515T-2 PN (6ES7515-2TM01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515T-2 PN (6ES7515-2TN03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515TF-2 PN (6ES7515-2UM01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515TF-2 PN (6ES7515-2UN03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516-3 PN/DP (6ES7516-3AN01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516-3 PN/DP (6ES7516-3AN02-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516-3 PN/DP (6ES7516-3AP03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516F-3 PN/DP (6ES7516-3FN01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516F-3 PN/DP (6ES7516-3FN02-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516F-3 PN/DP (6ES7516-3FP03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516T-3 PN (6ES7516-3TP10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516T-3 PN/DP (6ES7516-3TN00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516TF-3 PN (6ES7516-3UP10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516TF-3 PN/DP (6ES7516-3UN00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516pro F-2 PN (6ES7516-2GP03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516pro-2 PN (6ES7516-2PP03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517-3 PN (6ES7517-3AQ10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517-3 PN/DP (6ES7517-3AP00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517F-3 PN (6ES7517-3FQ10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517F-3 PN/DP (6ES7517-3FP00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517F-3 PN/DP (6ES7517-3FP01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517H-3 PN (6ES7517-3HP00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517H-4 PN (6ES7517-4HQ10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517T-3 PN (6ES7517-3TQ10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517T-3 PN/DP (6ES7517-3TP00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517TF-3 PN (6ES7517-3UQ10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517TF-3 PN/DP (6ES7517-3UP00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518-3 PN (6ES7518-3AT10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP (6ES7518-4AP00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518F-3 PN (6ES7518-3FT10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP (6ES7518-4FP00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518HF-4 PN (6ES7518-4JP00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518HF-4 PN (6ES7518-4JT10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518T-3 PN (6ES7518-3TT10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518T-4 PN/DP (6ES7518-4TP00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518TF-3 PN (6ES7518-3UT10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518TF-4 PN/DP (6ES7518-4UP00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU S7-1518-4 PN/DP ODK (6ES7518-4AP00-3AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU S7-1518F-4 PN/DP ODK (6ES7518-4FP00-3AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 ET 200pro: CPU 1513PRO F-2 PN (6ES7513-2GL00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 ET 200pro: CPU 1513PRO-2 PN (6ES7513-2PL00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 ET 200pro: CPU 1516PRO F-2 PN (6ES7516-2GN00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 ET 200pro: CPU 1516PRO-2 PN (6ES7516-2PN00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1507S F V2		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1507S F V3		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1507S F V4		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1507S V2		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1507S V3		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1507S V4		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1508S F V2		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1508S F V3		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1508S F V4		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1508S T V3		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1508S TF V3		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1508S V2		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1508S V3		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1508S V4		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller Linux V2		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller Linux V3		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-PLCSIM Advanced		vers:unknown/*

CVE-2025-66031

An Uncontrolled Recursion vulnerability in node-forge versions 1.3.1 and below allows remote attackers to exploit ASN.1 structures, leading to Denial-of-Service via stack exhaustion during TLS connections or certificate parsing.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-674 - Uncontrolled Recursion

Affected products

Known affected 126 products

Product	Identifier	Version	Remediation
vers:unknown/* Siemens / Heliox Flex 180 kW EV Charging Station		vers:unknown/*
vers:unknown/* Siemens / Heliox Mobile DC 40 kW EV Charging Station		vers:unknown/*
vers:unknown/* Siemens / RUGGEDCOM APE1808		vers:unknown/*
vers:unknown/* Siemens / SICAM SIAPP SDK		vers:unknown/*
vers:unknown/* Siemens / SIDIS Prime		vers:unknown/*
vers:unknown/* Siemens / SIMATIC Drive Controller CPU 1504D TF (6ES7615-4DF10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC Drive Controller CPU 1507D TF (6ES7615-7DF10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1510SP F-1 PN (6ES7510-1SJ01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1510SP F-1 PN (6ES7510-1SK03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1510SP-1 PN (6ES7510-1DJ01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1510SP-1 PN (6ES7510-1DK03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1512SP F-1 PN (6ES7512-1SK01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1512SP F-1 PN (6ES7512-1SM03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1512SP-1 PN (6ES7512-1DK01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1512SP-1 PN (6ES7512-1DM03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1514SP F-2 PN (6ES7514-2SN03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1514SP-2 PN (6ES7514-2DN03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1514SPT F-2 PN (6ES7514-2WN03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1514SPT-2 PN (6ES7514-2VN03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) V2 CPUs - Windows OS		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) V3 CPUs - Industrial OS		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) V3 CPUs - Windows OS		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP Open Controller CPU 1515SP PC3 (incl. SIPLUS variants) V2 CPUs - Windows OS		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP Open Controller CPU 1515SP PC3 (incl. SIPLUS variants) V3 CPUs - Industrial OS		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP Open Controller CPU 1515SP PC3 (incl. SIPLUS variants) V3 CPUs - Windows OS		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511-1 PN (6ES7511-1AK00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511-1 PN (6ES7511-1AK01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511-1 PN (6ES7511-1AK02-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511-1 PN (6ES7511-1AL03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511C-1 PN (6ES7511-1CK00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511C-1 PN (6ES7511-1CK01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511C-1 PN (6ES7511-1CL03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511F-1 PN (6ES7511-1FK01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511F-1 PN (6ES7511-1FK02-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511F-1 PN (6ES7511-1FL03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511T-1 PN (6ES7511-1TK01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511T-1 PN (6ES7511-1TL03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511TF-1 PN (6ES7511-1UK01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511TF-1 PN (6ES7511-1UL03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1512C-1 PN (6ES7512-1CK00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1512C-1 PN (6ES7512-1CK01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1512C-1 PN (6ES7512-1CM03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1513-1 PN (6ES7513-1AL01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1513-1 PN (6ES7513-1AL02-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1513-1 PN (6ES7513-1AM03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1513F-1 PN (6ES7513-1FL01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1513F-1 PN (6ES7513-1FL02-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1513F-1 PN (6ES7513-1FM03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1513R-1 PN (6ES7513-1RL00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1513R-1 PN (6ES7513-1RM03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1513pro F-2 PN (6ES7513-2GM03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1513pro-2 PN (6ES7513-2PM03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515-2 PN (6ES7515-2AM01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515-2 PN (6ES7515-2AM02-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515-2 PN (6ES7515-2AN03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515F-2 PN (6ES7515-2FM01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515F-2 PN (6ES7515-2FM02-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515F-2 PN (6ES7515-2FN03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515R-2 PN (6ES7515-2RM00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515R-2 PN (6ES7515-2RN03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515T-2 PN (6ES7515-2TM01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515T-2 PN (6ES7515-2TN03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515TF-2 PN (6ES7515-2UM01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515TF-2 PN (6ES7515-2UN03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516-3 PN/DP (6ES7516-3AN01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516-3 PN/DP (6ES7516-3AN02-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516-3 PN/DP (6ES7516-3AP03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516F-3 PN/DP (6ES7516-3FN01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516F-3 PN/DP (6ES7516-3FN02-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516F-3 PN/DP (6ES7516-3FP03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516T-3 PN (6ES7516-3TP10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516T-3 PN/DP (6ES7516-3TN00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516TF-3 PN (6ES7516-3UP10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516TF-3 PN/DP (6ES7516-3UN00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516pro F-2 PN (6ES7516-2GP03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516pro-2 PN (6ES7516-2PP03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517-3 PN (6ES7517-3AQ10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517-3 PN/DP (6ES7517-3AP00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517F-3 PN (6ES7517-3FQ10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517F-3 PN/DP (6ES7517-3FP00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517F-3 PN/DP (6ES7517-3FP01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517H-3 PN (6ES7517-3HP00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517H-4 PN (6ES7517-4HQ10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517T-3 PN (6ES7517-3TQ10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517T-3 PN/DP (6ES7517-3TP00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517TF-3 PN (6ES7517-3UQ10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517TF-3 PN/DP (6ES7517-3UP00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518-3 PN (6ES7518-3AT10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP (6ES7518-4AP00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518F-3 PN (6ES7518-3FT10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP (6ES7518-4FP00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518HF-4 PN (6ES7518-4JP00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518HF-4 PN (6ES7518-4JT10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518T-3 PN (6ES7518-3TT10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518T-4 PN/DP (6ES7518-4TP00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518TF-3 PN (6ES7518-3UT10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518TF-4 PN/DP (6ES7518-4UP00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU S7-1518-4 PN/DP ODK (6ES7518-4AP00-3AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU S7-1518F-4 PN/DP ODK (6ES7518-4FP00-3AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 ET 200pro: CPU 1513PRO F-2 PN (6ES7513-2GL00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 ET 200pro: CPU 1513PRO-2 PN (6ES7513-2PL00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 ET 200pro: CPU 1516PRO F-2 PN (6ES7516-2GN00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 ET 200pro: CPU 1516PRO-2 PN (6ES7516-2PN00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1507S F V2		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1507S F V3		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1507S F V4		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1507S V2		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1507S V3		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1507S V4		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1508S F V2		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1508S F V3		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1508S F V4		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1508S T V3		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1508S TF V3		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1508S V2		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1508S V3		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1508S V4		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller Linux V2		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller Linux V3		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-PLCSIM Advanced		vers:unknown/*

CVE-2025-66035

The document outlines a vulnerability in Angular's HttpClient that allows unauthorized disclosure of the XSRF token due to improper handling of protocol-relative URLs, affecting versions prior to 19.2.16, 20.3.14, and 21.0.1.

8.6 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

CWE-201 - Insertion of Sensitive Information Into Sent Data

Affected products

Known affected 126 products

Product	Identifier	Version	Remediation
vers:unknown/* Siemens / Heliox Flex 180 kW EV Charging Station		vers:unknown/*
vers:unknown/* Siemens / Heliox Mobile DC 40 kW EV Charging Station		vers:unknown/*
vers:unknown/* Siemens / RUGGEDCOM APE1808		vers:unknown/*
vers:unknown/* Siemens / SICAM SIAPP SDK		vers:unknown/*
vers:unknown/* Siemens / SIDIS Prime		vers:unknown/*
vers:unknown/* Siemens / SIMATIC Drive Controller CPU 1504D TF (6ES7615-4DF10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC Drive Controller CPU 1507D TF (6ES7615-7DF10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1510SP F-1 PN (6ES7510-1SJ01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1510SP F-1 PN (6ES7510-1SK03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1510SP-1 PN (6ES7510-1DJ01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1510SP-1 PN (6ES7510-1DK03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1512SP F-1 PN (6ES7512-1SK01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1512SP F-1 PN (6ES7512-1SM03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1512SP-1 PN (6ES7512-1DK01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1512SP-1 PN (6ES7512-1DM03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1514SP F-2 PN (6ES7514-2SN03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1514SP-2 PN (6ES7514-2DN03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1514SPT F-2 PN (6ES7514-2WN03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1514SPT-2 PN (6ES7514-2VN03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) V2 CPUs - Windows OS		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) V3 CPUs - Industrial OS		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) V3 CPUs - Windows OS		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP Open Controller CPU 1515SP PC3 (incl. SIPLUS variants) V2 CPUs - Windows OS		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP Open Controller CPU 1515SP PC3 (incl. SIPLUS variants) V3 CPUs - Industrial OS		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP Open Controller CPU 1515SP PC3 (incl. SIPLUS variants) V3 CPUs - Windows OS		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511-1 PN (6ES7511-1AK00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511-1 PN (6ES7511-1AK01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511-1 PN (6ES7511-1AK02-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511-1 PN (6ES7511-1AL03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511C-1 PN (6ES7511-1CK00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511C-1 PN (6ES7511-1CK01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511C-1 PN (6ES7511-1CL03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511F-1 PN (6ES7511-1FK01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511F-1 PN (6ES7511-1FK02-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511F-1 PN (6ES7511-1FL03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511T-1 PN (6ES7511-1TK01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511T-1 PN (6ES7511-1TL03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511TF-1 PN (6ES7511-1UK01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511TF-1 PN (6ES7511-1UL03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1512C-1 PN (6ES7512-1CK00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1512C-1 PN (6ES7512-1CK01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1512C-1 PN (6ES7512-1CM03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1513-1 PN (6ES7513-1AL01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1513-1 PN (6ES7513-1AL02-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1513-1 PN (6ES7513-1AM03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1513F-1 PN (6ES7513-1FL01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1513F-1 PN (6ES7513-1FL02-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1513F-1 PN (6ES7513-1FM03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1513R-1 PN (6ES7513-1RL00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1513R-1 PN (6ES7513-1RM03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1513pro F-2 PN (6ES7513-2GM03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1513pro-2 PN (6ES7513-2PM03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515-2 PN (6ES7515-2AM01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515-2 PN (6ES7515-2AM02-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515-2 PN (6ES7515-2AN03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515F-2 PN (6ES7515-2FM01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515F-2 PN (6ES7515-2FM02-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515F-2 PN (6ES7515-2FN03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515R-2 PN (6ES7515-2RM00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515R-2 PN (6ES7515-2RN03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515T-2 PN (6ES7515-2TM01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515T-2 PN (6ES7515-2TN03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515TF-2 PN (6ES7515-2UM01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515TF-2 PN (6ES7515-2UN03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516-3 PN/DP (6ES7516-3AN01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516-3 PN/DP (6ES7516-3AN02-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516-3 PN/DP (6ES7516-3AP03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516F-3 PN/DP (6ES7516-3FN01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516F-3 PN/DP (6ES7516-3FN02-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516F-3 PN/DP (6ES7516-3FP03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516T-3 PN (6ES7516-3TP10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516T-3 PN/DP (6ES7516-3TN00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516TF-3 PN (6ES7516-3UP10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516TF-3 PN/DP (6ES7516-3UN00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516pro F-2 PN (6ES7516-2GP03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516pro-2 PN (6ES7516-2PP03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517-3 PN (6ES7517-3AQ10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517-3 PN/DP (6ES7517-3AP00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517F-3 PN (6ES7517-3FQ10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517F-3 PN/DP (6ES7517-3FP00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517F-3 PN/DP (6ES7517-3FP01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517H-3 PN (6ES7517-3HP00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517H-4 PN (6ES7517-4HQ10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517T-3 PN (6ES7517-3TQ10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517T-3 PN/DP (6ES7517-3TP00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517TF-3 PN (6ES7517-3UQ10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517TF-3 PN/DP (6ES7517-3UP00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518-3 PN (6ES7518-3AT10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP (6ES7518-4AP00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518F-3 PN (6ES7518-3FT10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP (6ES7518-4FP00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518HF-4 PN (6ES7518-4JP00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518HF-4 PN (6ES7518-4JT10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518T-3 PN (6ES7518-3TT10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518T-4 PN/DP (6ES7518-4TP00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518TF-3 PN (6ES7518-3UT10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518TF-4 PN/DP (6ES7518-4UP00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU S7-1518-4 PN/DP ODK (6ES7518-4AP00-3AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU S7-1518F-4 PN/DP ODK (6ES7518-4FP00-3AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 ET 200pro: CPU 1513PRO F-2 PN (6ES7513-2GL00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 ET 200pro: CPU 1513PRO-2 PN (6ES7513-2PL00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 ET 200pro: CPU 1516PRO F-2 PN (6ES7516-2GN00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 ET 200pro: CPU 1516PRO-2 PN (6ES7516-2PN00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1507S F V2		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1507S F V3		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1507S F V4		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1507S V2		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1507S V3		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1507S V4		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1508S F V2		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1508S F V3		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1508S F V4		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1508S T V3		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1508S TF V3		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1508S V2		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1508S V3		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1508S V4		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller Linux V2		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller Linux V3		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-PLCSIM Advanced		vers:unknown/*

CVE-2025-66412

A Stored Cross-Site Scripting vulnerability in Angular Template Compiler prior to versions 21.0.2, 20.3.15, and 19.2.17 allows attackers to inject malicious scripts via improperly validated URL attributes and SVG elements.

8.1 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Affected products

Known affected 126 products

Product	Identifier	Version	Remediation
vers:unknown/* Siemens / Heliox Flex 180 kW EV Charging Station		vers:unknown/*
vers:unknown/* Siemens / Heliox Mobile DC 40 kW EV Charging Station		vers:unknown/*
vers:unknown/* Siemens / RUGGEDCOM APE1808		vers:unknown/*
vers:unknown/* Siemens / SICAM SIAPP SDK		vers:unknown/*
vers:unknown/* Siemens / SIDIS Prime		vers:unknown/*
vers:unknown/* Siemens / SIMATIC Drive Controller CPU 1504D TF (6ES7615-4DF10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC Drive Controller CPU 1507D TF (6ES7615-7DF10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1510SP F-1 PN (6ES7510-1SJ01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1510SP F-1 PN (6ES7510-1SK03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1510SP-1 PN (6ES7510-1DJ01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1510SP-1 PN (6ES7510-1DK03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1512SP F-1 PN (6ES7512-1SK01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1512SP F-1 PN (6ES7512-1SM03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1512SP-1 PN (6ES7512-1DK01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1512SP-1 PN (6ES7512-1DM03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1514SP F-2 PN (6ES7514-2SN03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1514SP-2 PN (6ES7514-2DN03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1514SPT F-2 PN (6ES7514-2WN03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1514SPT-2 PN (6ES7514-2VN03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) V2 CPUs - Windows OS		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) V3 CPUs - Industrial OS		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) V3 CPUs - Windows OS		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP Open Controller CPU 1515SP PC3 (incl. SIPLUS variants) V2 CPUs - Windows OS		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP Open Controller CPU 1515SP PC3 (incl. SIPLUS variants) V3 CPUs - Industrial OS		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP Open Controller CPU 1515SP PC3 (incl. SIPLUS variants) V3 CPUs - Windows OS		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511-1 PN (6ES7511-1AK00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511-1 PN (6ES7511-1AK01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511-1 PN (6ES7511-1AK02-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511-1 PN (6ES7511-1AL03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511C-1 PN (6ES7511-1CK00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511C-1 PN (6ES7511-1CK01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511C-1 PN (6ES7511-1CL03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511F-1 PN (6ES7511-1FK01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511F-1 PN (6ES7511-1FK02-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511F-1 PN (6ES7511-1FL03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511T-1 PN (6ES7511-1TK01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511T-1 PN (6ES7511-1TL03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511TF-1 PN (6ES7511-1UK01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511TF-1 PN (6ES7511-1UL03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1512C-1 PN (6ES7512-1CK00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1512C-1 PN (6ES7512-1CK01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1512C-1 PN (6ES7512-1CM03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1513-1 PN (6ES7513-1AL01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1513-1 PN (6ES7513-1AL02-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1513-1 PN (6ES7513-1AM03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1513F-1 PN (6ES7513-1FL01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1513F-1 PN (6ES7513-1FL02-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1513F-1 PN (6ES7513-1FM03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1513R-1 PN (6ES7513-1RL00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1513R-1 PN (6ES7513-1RM03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1513pro F-2 PN (6ES7513-2GM03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1513pro-2 PN (6ES7513-2PM03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515-2 PN (6ES7515-2AM01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515-2 PN (6ES7515-2AM02-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515-2 PN (6ES7515-2AN03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515F-2 PN (6ES7515-2FM01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515F-2 PN (6ES7515-2FM02-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515F-2 PN (6ES7515-2FN03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515R-2 PN (6ES7515-2RM00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515R-2 PN (6ES7515-2RN03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515T-2 PN (6ES7515-2TM01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515T-2 PN (6ES7515-2TN03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515TF-2 PN (6ES7515-2UM01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515TF-2 PN (6ES7515-2UN03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516-3 PN/DP (6ES7516-3AN01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516-3 PN/DP (6ES7516-3AN02-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516-3 PN/DP (6ES7516-3AP03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516F-3 PN/DP (6ES7516-3FN01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516F-3 PN/DP (6ES7516-3FN02-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516F-3 PN/DP (6ES7516-3FP03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516T-3 PN (6ES7516-3TP10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516T-3 PN/DP (6ES7516-3TN00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516TF-3 PN (6ES7516-3UP10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516TF-3 PN/DP (6ES7516-3UN00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516pro F-2 PN (6ES7516-2GP03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516pro-2 PN (6ES7516-2PP03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517-3 PN (6ES7517-3AQ10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517-3 PN/DP (6ES7517-3AP00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517F-3 PN (6ES7517-3FQ10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517F-3 PN/DP (6ES7517-3FP00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517F-3 PN/DP (6ES7517-3FP01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517H-3 PN (6ES7517-3HP00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517H-4 PN (6ES7517-4HQ10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517T-3 PN (6ES7517-3TQ10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517T-3 PN/DP (6ES7517-3TP00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517TF-3 PN (6ES7517-3UQ10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517TF-3 PN/DP (6ES7517-3UP00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518-3 PN (6ES7518-3AT10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP (6ES7518-4AP00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518F-3 PN (6ES7518-3FT10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP (6ES7518-4FP00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518HF-4 PN (6ES7518-4JP00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518HF-4 PN (6ES7518-4JT10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518T-3 PN (6ES7518-3TT10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518T-4 PN/DP (6ES7518-4TP00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518TF-3 PN (6ES7518-3UT10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518TF-4 PN/DP (6ES7518-4UP00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU S7-1518-4 PN/DP ODK (6ES7518-4AP00-3AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU S7-1518F-4 PN/DP ODK (6ES7518-4FP00-3AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 ET 200pro: CPU 1513PRO F-2 PN (6ES7513-2GL00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 ET 200pro: CPU 1513PRO-2 PN (6ES7513-2PL00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 ET 200pro: CPU 1516PRO F-2 PN (6ES7516-2GN00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 ET 200pro: CPU 1516PRO-2 PN (6ES7516-2PN00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1507S F V2		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1507S F V3		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1507S F V4		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1507S V2		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1507S V3		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1507S V4		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1508S F V2		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1508S F V3		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1508S F V4		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1508S T V3		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1508S TF V3		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1508S V2		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1508S V3		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1508S V4		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller Linux V2		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller Linux V3		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-PLCSIM Advanced		vers:unknown/*

CVE-2025-69277

Libsodium versions prior to ad3004e contain vulnerabilities in the crypto_core_ed25519_is_valid_point function that cause improper validation of elliptic curve points, potentially allowing security bypasses in custom cryptographic scenarios.

4.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N

CWE-184 - Incomplete List of Disallowed Inputs

Affected products

Known affected 126 products

Product	Identifier	Version	Remediation
vers:unknown/* Siemens / Heliox Flex 180 kW EV Charging Station		vers:unknown/*
vers:unknown/* Siemens / Heliox Mobile DC 40 kW EV Charging Station		vers:unknown/*
vers:unknown/* Siemens / RUGGEDCOM APE1808		vers:unknown/*
vers:unknown/* Siemens / SICAM SIAPP SDK		vers:unknown/*
vers:unknown/* Siemens / SIDIS Prime		vers:unknown/*
vers:unknown/* Siemens / SIMATIC Drive Controller CPU 1504D TF (6ES7615-4DF10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC Drive Controller CPU 1507D TF (6ES7615-7DF10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1510SP F-1 PN (6ES7510-1SJ01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1510SP F-1 PN (6ES7510-1SK03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1510SP-1 PN (6ES7510-1DJ01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1510SP-1 PN (6ES7510-1DK03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1512SP F-1 PN (6ES7512-1SK01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1512SP F-1 PN (6ES7512-1SM03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1512SP-1 PN (6ES7512-1DK01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1512SP-1 PN (6ES7512-1DM03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1514SP F-2 PN (6ES7514-2SN03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1514SP-2 PN (6ES7514-2DN03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1514SPT F-2 PN (6ES7514-2WN03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1514SPT-2 PN (6ES7514-2VN03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) V2 CPUs - Windows OS		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) V3 CPUs - Industrial OS		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) V3 CPUs - Windows OS		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP Open Controller CPU 1515SP PC3 (incl. SIPLUS variants) V2 CPUs - Windows OS		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP Open Controller CPU 1515SP PC3 (incl. SIPLUS variants) V3 CPUs - Industrial OS		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP Open Controller CPU 1515SP PC3 (incl. SIPLUS variants) V3 CPUs - Windows OS		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511-1 PN (6ES7511-1AK00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511-1 PN (6ES7511-1AK01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511-1 PN (6ES7511-1AK02-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511-1 PN (6ES7511-1AL03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511C-1 PN (6ES7511-1CK00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511C-1 PN (6ES7511-1CK01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511C-1 PN (6ES7511-1CL03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511F-1 PN (6ES7511-1FK01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511F-1 PN (6ES7511-1FK02-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511F-1 PN (6ES7511-1FL03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511T-1 PN (6ES7511-1TK01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511T-1 PN (6ES7511-1TL03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511TF-1 PN (6ES7511-1UK01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511TF-1 PN (6ES7511-1UL03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1512C-1 PN (6ES7512-1CK00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1512C-1 PN (6ES7512-1CK01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1512C-1 PN (6ES7512-1CM03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1513-1 PN (6ES7513-1AL01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1513-1 PN (6ES7513-1AL02-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1513-1 PN (6ES7513-1AM03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1513F-1 PN (6ES7513-1FL01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1513F-1 PN (6ES7513-1FL02-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1513F-1 PN (6ES7513-1FM03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1513R-1 PN (6ES7513-1RL00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1513R-1 PN (6ES7513-1RM03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1513pro F-2 PN (6ES7513-2GM03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1513pro-2 PN (6ES7513-2PM03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515-2 PN (6ES7515-2AM01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515-2 PN (6ES7515-2AM02-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515-2 PN (6ES7515-2AN03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515F-2 PN (6ES7515-2FM01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515F-2 PN (6ES7515-2FM02-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515F-2 PN (6ES7515-2FN03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515R-2 PN (6ES7515-2RM00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515R-2 PN (6ES7515-2RN03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515T-2 PN (6ES7515-2TM01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515T-2 PN (6ES7515-2TN03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515TF-2 PN (6ES7515-2UM01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515TF-2 PN (6ES7515-2UN03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516-3 PN/DP (6ES7516-3AN01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516-3 PN/DP (6ES7516-3AN02-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516-3 PN/DP (6ES7516-3AP03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516F-3 PN/DP (6ES7516-3FN01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516F-3 PN/DP (6ES7516-3FN02-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516F-3 PN/DP (6ES7516-3FP03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516T-3 PN (6ES7516-3TP10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516T-3 PN/DP (6ES7516-3TN00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516TF-3 PN (6ES7516-3UP10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516TF-3 PN/DP (6ES7516-3UN00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516pro F-2 PN (6ES7516-2GP03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516pro-2 PN (6ES7516-2PP03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517-3 PN (6ES7517-3AQ10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517-3 PN/DP (6ES7517-3AP00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517F-3 PN (6ES7517-3FQ10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517F-3 PN/DP (6ES7517-3FP00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517F-3 PN/DP (6ES7517-3FP01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517H-3 PN (6ES7517-3HP00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517H-4 PN (6ES7517-4HQ10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517T-3 PN (6ES7517-3TQ10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517T-3 PN/DP (6ES7517-3TP00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517TF-3 PN (6ES7517-3UQ10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517TF-3 PN/DP (6ES7517-3UP00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518-3 PN (6ES7518-3AT10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP (6ES7518-4AP00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518F-3 PN (6ES7518-3FT10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP (6ES7518-4FP00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518HF-4 PN (6ES7518-4JP00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518HF-4 PN (6ES7518-4JT10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518T-3 PN (6ES7518-3TT10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518T-4 PN/DP (6ES7518-4TP00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518TF-3 PN (6ES7518-3UT10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518TF-4 PN/DP (6ES7518-4UP00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU S7-1518-4 PN/DP ODK (6ES7518-4AP00-3AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU S7-1518F-4 PN/DP ODK (6ES7518-4FP00-3AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 ET 200pro: CPU 1513PRO F-2 PN (6ES7513-2GL00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 ET 200pro: CPU 1513PRO-2 PN (6ES7513-2PL00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 ET 200pro: CPU 1516PRO F-2 PN (6ES7516-2GN00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 ET 200pro: CPU 1516PRO-2 PN (6ES7516-2PN00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1507S F V2		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1507S F V3		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1507S F V4		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1507S V2		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1507S V3		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1507S V4		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1508S F V2		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1508S F V3		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1508S F V4		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1508S T V3		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1508S TF V3		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1508S V2		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1508S V3		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1508S V4		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller Linux V2		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller Linux V3		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-PLCSIM Advanced		vers:unknown/*

CVE-2026-22610

A Cross-Site Scripting (XSS) vulnerability in the Angular Template Compiler allows for arbitrary JavaScript execution via improperly sanitized SVG `<script>` attributes, affecting several Red Hat products with a moderate severity rating.

8.0 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Affected products

Known affected 126 products

Product	Identifier	Version	Remediation
vers:unknown/* Siemens / Heliox Flex 180 kW EV Charging Station		vers:unknown/*
vers:unknown/* Siemens / Heliox Mobile DC 40 kW EV Charging Station		vers:unknown/*
vers:unknown/* Siemens / RUGGEDCOM APE1808		vers:unknown/*
vers:unknown/* Siemens / SICAM SIAPP SDK		vers:unknown/*
vers:unknown/* Siemens / SIDIS Prime		vers:unknown/*
vers:unknown/* Siemens / SIMATIC Drive Controller CPU 1504D TF (6ES7615-4DF10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC Drive Controller CPU 1507D TF (6ES7615-7DF10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1510SP F-1 PN (6ES7510-1SJ01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1510SP F-1 PN (6ES7510-1SK03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1510SP-1 PN (6ES7510-1DJ01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1510SP-1 PN (6ES7510-1DK03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1512SP F-1 PN (6ES7512-1SK01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1512SP F-1 PN (6ES7512-1SM03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1512SP-1 PN (6ES7512-1DK01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1512SP-1 PN (6ES7512-1DM03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1514SP F-2 PN (6ES7514-2SN03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1514SP-2 PN (6ES7514-2DN03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1514SPT F-2 PN (6ES7514-2WN03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1514SPT-2 PN (6ES7514-2VN03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) V2 CPUs - Windows OS		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) V3 CPUs - Industrial OS		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) V3 CPUs - Windows OS		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP Open Controller CPU 1515SP PC3 (incl. SIPLUS variants) V2 CPUs - Windows OS		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP Open Controller CPU 1515SP PC3 (incl. SIPLUS variants) V3 CPUs - Industrial OS		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP Open Controller CPU 1515SP PC3 (incl. SIPLUS variants) V3 CPUs - Windows OS		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511-1 PN (6ES7511-1AK00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511-1 PN (6ES7511-1AK01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511-1 PN (6ES7511-1AK02-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511-1 PN (6ES7511-1AL03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511C-1 PN (6ES7511-1CK00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511C-1 PN (6ES7511-1CK01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511C-1 PN (6ES7511-1CL03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511F-1 PN (6ES7511-1FK01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511F-1 PN (6ES7511-1FK02-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511F-1 PN (6ES7511-1FL03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511T-1 PN (6ES7511-1TK01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511T-1 PN (6ES7511-1TL03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511TF-1 PN (6ES7511-1UK01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511TF-1 PN (6ES7511-1UL03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1512C-1 PN (6ES7512-1CK00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1512C-1 PN (6ES7512-1CK01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1512C-1 PN (6ES7512-1CM03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1513-1 PN (6ES7513-1AL01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1513-1 PN (6ES7513-1AL02-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1513-1 PN (6ES7513-1AM03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1513F-1 PN (6ES7513-1FL01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1513F-1 PN (6ES7513-1FL02-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1513F-1 PN (6ES7513-1FM03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1513R-1 PN (6ES7513-1RL00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1513R-1 PN (6ES7513-1RM03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1513pro F-2 PN (6ES7513-2GM03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1513pro-2 PN (6ES7513-2PM03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515-2 PN (6ES7515-2AM01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515-2 PN (6ES7515-2AM02-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515-2 PN (6ES7515-2AN03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515F-2 PN (6ES7515-2FM01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515F-2 PN (6ES7515-2FM02-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515F-2 PN (6ES7515-2FN03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515R-2 PN (6ES7515-2RM00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515R-2 PN (6ES7515-2RN03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515T-2 PN (6ES7515-2TM01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515T-2 PN (6ES7515-2TN03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515TF-2 PN (6ES7515-2UM01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515TF-2 PN (6ES7515-2UN03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516-3 PN/DP (6ES7516-3AN01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516-3 PN/DP (6ES7516-3AN02-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516-3 PN/DP (6ES7516-3AP03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516F-3 PN/DP (6ES7516-3FN01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516F-3 PN/DP (6ES7516-3FN02-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516F-3 PN/DP (6ES7516-3FP03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516T-3 PN (6ES7516-3TP10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516T-3 PN/DP (6ES7516-3TN00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516TF-3 PN (6ES7516-3UP10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516TF-3 PN/DP (6ES7516-3UN00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516pro F-2 PN (6ES7516-2GP03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516pro-2 PN (6ES7516-2PP03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517-3 PN (6ES7517-3AQ10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517-3 PN/DP (6ES7517-3AP00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517F-3 PN (6ES7517-3FQ10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517F-3 PN/DP (6ES7517-3FP00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517F-3 PN/DP (6ES7517-3FP01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517H-3 PN (6ES7517-3HP00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517H-4 PN (6ES7517-4HQ10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517T-3 PN (6ES7517-3TQ10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517T-3 PN/DP (6ES7517-3TP00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517TF-3 PN (6ES7517-3UQ10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517TF-3 PN/DP (6ES7517-3UP00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518-3 PN (6ES7518-3AT10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP (6ES7518-4AP00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518F-3 PN (6ES7518-3FT10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP (6ES7518-4FP00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518HF-4 PN (6ES7518-4JP00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518HF-4 PN (6ES7518-4JT10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518T-3 PN (6ES7518-3TT10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518T-4 PN/DP (6ES7518-4TP00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518TF-3 PN (6ES7518-3UT10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518TF-4 PN/DP (6ES7518-4UP00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU S7-1518-4 PN/DP ODK (6ES7518-4AP00-3AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU S7-1518F-4 PN/DP ODK (6ES7518-4FP00-3AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 ET 200pro: CPU 1513PRO F-2 PN (6ES7513-2GL00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 ET 200pro: CPU 1513PRO-2 PN (6ES7513-2PL00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 ET 200pro: CPU 1516PRO F-2 PN (6ES7516-2GN00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 ET 200pro: CPU 1516PRO-2 PN (6ES7516-2PN00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1507S F V2		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1507S F V3		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1507S F V4		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1507S V2		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1507S V3		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1507S V4		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1508S F V2		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1508S F V3		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1508S F V4		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1508S T V3		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1508S TF V3		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1508S V2		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1508S V3		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1508S V4		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller Linux V2		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller Linux V3		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-PLCSIM Advanced		vers:unknown/*

CVE-2026-24858

Multiple Fortinet products including FortiAnalyzer, FortiManager, FortiOS, and FortiProxy have an authentication bypass vulnerability exploitable via FortiCloud SSO, allowing attackers with FortiCloud credentials to access other users' devices.

9.8 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H/RL:O/RC:C

CWE-288 - Authentication Bypass Using an Alternate Path or Channel

Affected products

Known affected 126 products

Product	Identifier	Version	Remediation
vers:unknown/* Siemens / Heliox Flex 180 kW EV Charging Station		vers:unknown/*
vers:unknown/* Siemens / Heliox Mobile DC 40 kW EV Charging Station		vers:unknown/*
vers:unknown/* Siemens / RUGGEDCOM APE1808		vers:unknown/*
vers:unknown/* Siemens / SICAM SIAPP SDK		vers:unknown/*
vers:unknown/* Siemens / SIDIS Prime		vers:unknown/*
vers:unknown/* Siemens / SIMATIC Drive Controller CPU 1504D TF (6ES7615-4DF10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC Drive Controller CPU 1507D TF (6ES7615-7DF10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1510SP F-1 PN (6ES7510-1SJ01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1510SP F-1 PN (6ES7510-1SK03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1510SP-1 PN (6ES7510-1DJ01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1510SP-1 PN (6ES7510-1DK03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1512SP F-1 PN (6ES7512-1SK01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1512SP F-1 PN (6ES7512-1SM03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1512SP-1 PN (6ES7512-1DK01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1512SP-1 PN (6ES7512-1DM03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1514SP F-2 PN (6ES7514-2SN03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1514SP-2 PN (6ES7514-2DN03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1514SPT F-2 PN (6ES7514-2WN03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1514SPT-2 PN (6ES7514-2VN03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) V2 CPUs - Windows OS		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) V3 CPUs - Industrial OS		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) V3 CPUs - Windows OS		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP Open Controller CPU 1515SP PC3 (incl. SIPLUS variants) V2 CPUs - Windows OS		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP Open Controller CPU 1515SP PC3 (incl. SIPLUS variants) V3 CPUs - Industrial OS		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP Open Controller CPU 1515SP PC3 (incl. SIPLUS variants) V3 CPUs - Windows OS		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511-1 PN (6ES7511-1AK00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511-1 PN (6ES7511-1AK01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511-1 PN (6ES7511-1AK02-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511-1 PN (6ES7511-1AL03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511C-1 PN (6ES7511-1CK00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511C-1 PN (6ES7511-1CK01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511C-1 PN (6ES7511-1CL03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511F-1 PN (6ES7511-1FK01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511F-1 PN (6ES7511-1FK02-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511F-1 PN (6ES7511-1FL03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511T-1 PN (6ES7511-1TK01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511T-1 PN (6ES7511-1TL03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511TF-1 PN (6ES7511-1UK01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511TF-1 PN (6ES7511-1UL03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1512C-1 PN (6ES7512-1CK00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1512C-1 PN (6ES7512-1CK01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1512C-1 PN (6ES7512-1CM03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1513-1 PN (6ES7513-1AL01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1513-1 PN (6ES7513-1AL02-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1513-1 PN (6ES7513-1AM03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1513F-1 PN (6ES7513-1FL01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1513F-1 PN (6ES7513-1FL02-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1513F-1 PN (6ES7513-1FM03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1513R-1 PN (6ES7513-1RL00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1513R-1 PN (6ES7513-1RM03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1513pro F-2 PN (6ES7513-2GM03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1513pro-2 PN (6ES7513-2PM03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515-2 PN (6ES7515-2AM01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515-2 PN (6ES7515-2AM02-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515-2 PN (6ES7515-2AN03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515F-2 PN (6ES7515-2FM01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515F-2 PN (6ES7515-2FM02-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515F-2 PN (6ES7515-2FN03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515R-2 PN (6ES7515-2RM00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515R-2 PN (6ES7515-2RN03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515T-2 PN (6ES7515-2TM01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515T-2 PN (6ES7515-2TN03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515TF-2 PN (6ES7515-2UM01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515TF-2 PN (6ES7515-2UN03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516-3 PN/DP (6ES7516-3AN01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516-3 PN/DP (6ES7516-3AN02-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516-3 PN/DP (6ES7516-3AP03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516F-3 PN/DP (6ES7516-3FN01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516F-3 PN/DP (6ES7516-3FN02-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516F-3 PN/DP (6ES7516-3FP03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516T-3 PN (6ES7516-3TP10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516T-3 PN/DP (6ES7516-3TN00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516TF-3 PN (6ES7516-3UP10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516TF-3 PN/DP (6ES7516-3UN00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516pro F-2 PN (6ES7516-2GP03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516pro-2 PN (6ES7516-2PP03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517-3 PN (6ES7517-3AQ10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517-3 PN/DP (6ES7517-3AP00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517F-3 PN (6ES7517-3FQ10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517F-3 PN/DP (6ES7517-3FP00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517F-3 PN/DP (6ES7517-3FP01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517H-3 PN (6ES7517-3HP00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517H-4 PN (6ES7517-4HQ10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517T-3 PN (6ES7517-3TQ10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517T-3 PN/DP (6ES7517-3TP00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517TF-3 PN (6ES7517-3UQ10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517TF-3 PN/DP (6ES7517-3UP00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518-3 PN (6ES7518-3AT10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP (6ES7518-4AP00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518F-3 PN (6ES7518-3FT10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP (6ES7518-4FP00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518HF-4 PN (6ES7518-4JP00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518HF-4 PN (6ES7518-4JT10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518T-3 PN (6ES7518-3TT10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518T-4 PN/DP (6ES7518-4TP00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518TF-3 PN (6ES7518-3UT10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518TF-4 PN/DP (6ES7518-4UP00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU S7-1518-4 PN/DP ODK (6ES7518-4AP00-3AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU S7-1518F-4 PN/DP ODK (6ES7518-4FP00-3AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 ET 200pro: CPU 1513PRO F-2 PN (6ES7513-2GL00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 ET 200pro: CPU 1513PRO-2 PN (6ES7513-2PL00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 ET 200pro: CPU 1516PRO F-2 PN (6ES7516-2GN00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 ET 200pro: CPU 1516PRO-2 PN (6ES7516-2PN00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1507S F V2		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1507S F V3		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1507S F V4		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1507S V2		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1507S V3		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1507S V4		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1508S F V2		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1508S F V3		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1508S F V4		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1508S T V3		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1508S TF V3		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1508S V2		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1508S V3		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1508S V4		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller Linux V2		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller Linux V3		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-PLCSIM Advanced		vers:unknown/*

CVE-2026-25569

An out-of-bounds write vulnerability in the SICAM SIAPP SDK could allow attackers to cause denial of service or execute arbitrary code, posing significant security risks.

7.4 (High)


                        
                          CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-787 - Out-of-bounds Write

Affected products

Known affected 126 products

Product	Identifier	Version	Remediation
vers:unknown/* Siemens / Heliox Flex 180 kW EV Charging Station		vers:unknown/*
vers:unknown/* Siemens / Heliox Mobile DC 40 kW EV Charging Station		vers:unknown/*
vers:unknown/* Siemens / RUGGEDCOM APE1808		vers:unknown/*
vers:unknown/* Siemens / SICAM SIAPP SDK		vers:unknown/*
vers:unknown/* Siemens / SIDIS Prime		vers:unknown/*
vers:unknown/* Siemens / SIMATIC Drive Controller CPU 1504D TF (6ES7615-4DF10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC Drive Controller CPU 1507D TF (6ES7615-7DF10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1510SP F-1 PN (6ES7510-1SJ01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1510SP F-1 PN (6ES7510-1SK03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1510SP-1 PN (6ES7510-1DJ01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1510SP-1 PN (6ES7510-1DK03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1512SP F-1 PN (6ES7512-1SK01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1512SP F-1 PN (6ES7512-1SM03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1512SP-1 PN (6ES7512-1DK01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1512SP-1 PN (6ES7512-1DM03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1514SP F-2 PN (6ES7514-2SN03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1514SP-2 PN (6ES7514-2DN03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1514SPT F-2 PN (6ES7514-2WN03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1514SPT-2 PN (6ES7514-2VN03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) V2 CPUs - Windows OS		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) V3 CPUs - Industrial OS		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) V3 CPUs - Windows OS		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP Open Controller CPU 1515SP PC3 (incl. SIPLUS variants) V2 CPUs - Windows OS		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP Open Controller CPU 1515SP PC3 (incl. SIPLUS variants) V3 CPUs - Industrial OS		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP Open Controller CPU 1515SP PC3 (incl. SIPLUS variants) V3 CPUs - Windows OS		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511-1 PN (6ES7511-1AK00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511-1 PN (6ES7511-1AK01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511-1 PN (6ES7511-1AK02-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511-1 PN (6ES7511-1AL03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511C-1 PN (6ES7511-1CK00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511C-1 PN (6ES7511-1CK01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511C-1 PN (6ES7511-1CL03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511F-1 PN (6ES7511-1FK01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511F-1 PN (6ES7511-1FK02-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511F-1 PN (6ES7511-1FL03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511T-1 PN (6ES7511-1TK01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511T-1 PN (6ES7511-1TL03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511TF-1 PN (6ES7511-1UK01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511TF-1 PN (6ES7511-1UL03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1512C-1 PN (6ES7512-1CK00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1512C-1 PN (6ES7512-1CK01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1512C-1 PN (6ES7512-1CM03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1513-1 PN (6ES7513-1AL01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1513-1 PN (6ES7513-1AL02-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1513-1 PN (6ES7513-1AM03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1513F-1 PN (6ES7513-1FL01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1513F-1 PN (6ES7513-1FL02-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1513F-1 PN (6ES7513-1FM03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1513R-1 PN (6ES7513-1RL00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1513R-1 PN (6ES7513-1RM03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1513pro F-2 PN (6ES7513-2GM03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1513pro-2 PN (6ES7513-2PM03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515-2 PN (6ES7515-2AM01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515-2 PN (6ES7515-2AM02-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515-2 PN (6ES7515-2AN03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515F-2 PN (6ES7515-2FM01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515F-2 PN (6ES7515-2FM02-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515F-2 PN (6ES7515-2FN03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515R-2 PN (6ES7515-2RM00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515R-2 PN (6ES7515-2RN03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515T-2 PN (6ES7515-2TM01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515T-2 PN (6ES7515-2TN03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515TF-2 PN (6ES7515-2UM01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515TF-2 PN (6ES7515-2UN03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516-3 PN/DP (6ES7516-3AN01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516-3 PN/DP (6ES7516-3AN02-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516-3 PN/DP (6ES7516-3AP03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516F-3 PN/DP (6ES7516-3FN01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516F-3 PN/DP (6ES7516-3FN02-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516F-3 PN/DP (6ES7516-3FP03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516T-3 PN (6ES7516-3TP10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516T-3 PN/DP (6ES7516-3TN00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516TF-3 PN (6ES7516-3UP10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516TF-3 PN/DP (6ES7516-3UN00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516pro F-2 PN (6ES7516-2GP03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516pro-2 PN (6ES7516-2PP03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517-3 PN (6ES7517-3AQ10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517-3 PN/DP (6ES7517-3AP00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517F-3 PN (6ES7517-3FQ10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517F-3 PN/DP (6ES7517-3FP00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517F-3 PN/DP (6ES7517-3FP01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517H-3 PN (6ES7517-3HP00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517H-4 PN (6ES7517-4HQ10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517T-3 PN (6ES7517-3TQ10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517T-3 PN/DP (6ES7517-3TP00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517TF-3 PN (6ES7517-3UQ10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517TF-3 PN/DP (6ES7517-3UP00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518-3 PN (6ES7518-3AT10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP (6ES7518-4AP00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518F-3 PN (6ES7518-3FT10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP (6ES7518-4FP00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518HF-4 PN (6ES7518-4JP00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518HF-4 PN (6ES7518-4JT10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518T-3 PN (6ES7518-3TT10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518T-4 PN/DP (6ES7518-4TP00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518TF-3 PN (6ES7518-3UT10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518TF-4 PN/DP (6ES7518-4UP00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU S7-1518-4 PN/DP ODK (6ES7518-4AP00-3AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU S7-1518F-4 PN/DP ODK (6ES7518-4FP00-3AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 ET 200pro: CPU 1513PRO F-2 PN (6ES7513-2GL00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 ET 200pro: CPU 1513PRO-2 PN (6ES7513-2PL00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 ET 200pro: CPU 1516PRO F-2 PN (6ES7516-2GN00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 ET 200pro: CPU 1516PRO-2 PN (6ES7516-2PN00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1507S F V2		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1507S F V3		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1507S F V4		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1507S V2		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1507S V3		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1507S V4		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1508S F V2		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1508S F V3		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1508S F V4		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1508S T V3		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1508S TF V3		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1508S V2		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1508S V3		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1508S V4		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller Linux V2		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller Linux V3		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-PLCSIM Advanced		vers:unknown/*

CVE-2026-25570

The SICAM SIAPP SDK contains a vulnerability caused by insufficient input validation, which may result in stack overflow, enabling potential code execution and denial of service attacks.

7.4 (High)


                        
                          CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-121 - Stack-based Buffer Overflow

Affected products

Known affected 126 products

Product	Identifier	Version	Remediation
vers:unknown/* Siemens / Heliox Flex 180 kW EV Charging Station		vers:unknown/*
vers:unknown/* Siemens / Heliox Mobile DC 40 kW EV Charging Station		vers:unknown/*
vers:unknown/* Siemens / RUGGEDCOM APE1808		vers:unknown/*
vers:unknown/* Siemens / SICAM SIAPP SDK		vers:unknown/*
vers:unknown/* Siemens / SIDIS Prime		vers:unknown/*
vers:unknown/* Siemens / SIMATIC Drive Controller CPU 1504D TF (6ES7615-4DF10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC Drive Controller CPU 1507D TF (6ES7615-7DF10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1510SP F-1 PN (6ES7510-1SJ01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1510SP F-1 PN (6ES7510-1SK03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1510SP-1 PN (6ES7510-1DJ01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1510SP-1 PN (6ES7510-1DK03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1512SP F-1 PN (6ES7512-1SK01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1512SP F-1 PN (6ES7512-1SM03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1512SP-1 PN (6ES7512-1DK01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1512SP-1 PN (6ES7512-1DM03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1514SP F-2 PN (6ES7514-2SN03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1514SP-2 PN (6ES7514-2DN03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1514SPT F-2 PN (6ES7514-2WN03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1514SPT-2 PN (6ES7514-2VN03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) V2 CPUs - Windows OS		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) V3 CPUs - Industrial OS		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) V3 CPUs - Windows OS		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP Open Controller CPU 1515SP PC3 (incl. SIPLUS variants) V2 CPUs - Windows OS		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP Open Controller CPU 1515SP PC3 (incl. SIPLUS variants) V3 CPUs - Industrial OS		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP Open Controller CPU 1515SP PC3 (incl. SIPLUS variants) V3 CPUs - Windows OS		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511-1 PN (6ES7511-1AK00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511-1 PN (6ES7511-1AK01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511-1 PN (6ES7511-1AK02-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511-1 PN (6ES7511-1AL03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511C-1 PN (6ES7511-1CK00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511C-1 PN (6ES7511-1CK01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511C-1 PN (6ES7511-1CL03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511F-1 PN (6ES7511-1FK01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511F-1 PN (6ES7511-1FK02-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511F-1 PN (6ES7511-1FL03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511T-1 PN (6ES7511-1TK01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511T-1 PN (6ES7511-1TL03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511TF-1 PN (6ES7511-1UK01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511TF-1 PN (6ES7511-1UL03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1512C-1 PN (6ES7512-1CK00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1512C-1 PN (6ES7512-1CK01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1512C-1 PN (6ES7512-1CM03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1513-1 PN (6ES7513-1AL01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1513-1 PN (6ES7513-1AL02-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1513-1 PN (6ES7513-1AM03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1513F-1 PN (6ES7513-1FL01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1513F-1 PN (6ES7513-1FL02-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1513F-1 PN (6ES7513-1FM03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1513R-1 PN (6ES7513-1RL00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1513R-1 PN (6ES7513-1RM03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1513pro F-2 PN (6ES7513-2GM03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1513pro-2 PN (6ES7513-2PM03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515-2 PN (6ES7515-2AM01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515-2 PN (6ES7515-2AM02-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515-2 PN (6ES7515-2AN03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515F-2 PN (6ES7515-2FM01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515F-2 PN (6ES7515-2FM02-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515F-2 PN (6ES7515-2FN03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515R-2 PN (6ES7515-2RM00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515R-2 PN (6ES7515-2RN03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515T-2 PN (6ES7515-2TM01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515T-2 PN (6ES7515-2TN03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515TF-2 PN (6ES7515-2UM01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515TF-2 PN (6ES7515-2UN03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516-3 PN/DP (6ES7516-3AN01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516-3 PN/DP (6ES7516-3AN02-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516-3 PN/DP (6ES7516-3AP03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516F-3 PN/DP (6ES7516-3FN01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516F-3 PN/DP (6ES7516-3FN02-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516F-3 PN/DP (6ES7516-3FP03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516T-3 PN (6ES7516-3TP10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516T-3 PN/DP (6ES7516-3TN00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516TF-3 PN (6ES7516-3UP10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516TF-3 PN/DP (6ES7516-3UN00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516pro F-2 PN (6ES7516-2GP03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516pro-2 PN (6ES7516-2PP03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517-3 PN (6ES7517-3AQ10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517-3 PN/DP (6ES7517-3AP00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517F-3 PN (6ES7517-3FQ10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517F-3 PN/DP (6ES7517-3FP00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517F-3 PN/DP (6ES7517-3FP01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517H-3 PN (6ES7517-3HP00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517H-4 PN (6ES7517-4HQ10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517T-3 PN (6ES7517-3TQ10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517T-3 PN/DP (6ES7517-3TP00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517TF-3 PN (6ES7517-3UQ10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517TF-3 PN/DP (6ES7517-3UP00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518-3 PN (6ES7518-3AT10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP (6ES7518-4AP00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518F-3 PN (6ES7518-3FT10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP (6ES7518-4FP00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518HF-4 PN (6ES7518-4JP00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518HF-4 PN (6ES7518-4JT10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518T-3 PN (6ES7518-3TT10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518T-4 PN/DP (6ES7518-4TP00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518TF-3 PN (6ES7518-3UT10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518TF-4 PN/DP (6ES7518-4UP00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU S7-1518-4 PN/DP ODK (6ES7518-4AP00-3AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU S7-1518F-4 PN/DP ODK (6ES7518-4FP00-3AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 ET 200pro: CPU 1513PRO F-2 PN (6ES7513-2GL00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 ET 200pro: CPU 1513PRO-2 PN (6ES7513-2PL00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 ET 200pro: CPU 1516PRO F-2 PN (6ES7516-2GN00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 ET 200pro: CPU 1516PRO-2 PN (6ES7516-2PN00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1507S F V2		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1507S F V3		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1507S F V4		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1507S V2		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1507S V3		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1507S V4		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1508S F V2		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1508S F V3		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1508S F V4		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1508S T V3		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1508S TF V3		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1508S V2		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1508S V3		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1508S V4		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller Linux V2		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller Linux V3		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-PLCSIM Advanced		vers:unknown/*

CVE-2026-25571

The SICAM SIAPP SDK client component contains a stack overflow vulnerability caused by insufficient maximum length checks on certain variables, which can result in process crashes and denial of service.

5.1 (Medium)


                        
                          CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-130 - Improper Handling of Length Parameter Inconsistency

Affected products

Known affected 126 products

Product	Identifier	Version	Remediation
vers:unknown/* Siemens / Heliox Flex 180 kW EV Charging Station		vers:unknown/*
vers:unknown/* Siemens / Heliox Mobile DC 40 kW EV Charging Station		vers:unknown/*
vers:unknown/* Siemens / RUGGEDCOM APE1808		vers:unknown/*
vers:unknown/* Siemens / SICAM SIAPP SDK		vers:unknown/*
vers:unknown/* Siemens / SIDIS Prime		vers:unknown/*
vers:unknown/* Siemens / SIMATIC Drive Controller CPU 1504D TF (6ES7615-4DF10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC Drive Controller CPU 1507D TF (6ES7615-7DF10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1510SP F-1 PN (6ES7510-1SJ01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1510SP F-1 PN (6ES7510-1SK03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1510SP-1 PN (6ES7510-1DJ01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1510SP-1 PN (6ES7510-1DK03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1512SP F-1 PN (6ES7512-1SK01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1512SP F-1 PN (6ES7512-1SM03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1512SP-1 PN (6ES7512-1DK01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1512SP-1 PN (6ES7512-1DM03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1514SP F-2 PN (6ES7514-2SN03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1514SP-2 PN (6ES7514-2DN03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1514SPT F-2 PN (6ES7514-2WN03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1514SPT-2 PN (6ES7514-2VN03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) V2 CPUs - Windows OS		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) V3 CPUs - Industrial OS		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) V3 CPUs - Windows OS		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP Open Controller CPU 1515SP PC3 (incl. SIPLUS variants) V2 CPUs - Windows OS		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP Open Controller CPU 1515SP PC3 (incl. SIPLUS variants) V3 CPUs - Industrial OS		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP Open Controller CPU 1515SP PC3 (incl. SIPLUS variants) V3 CPUs - Windows OS		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511-1 PN (6ES7511-1AK00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511-1 PN (6ES7511-1AK01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511-1 PN (6ES7511-1AK02-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511-1 PN (6ES7511-1AL03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511C-1 PN (6ES7511-1CK00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511C-1 PN (6ES7511-1CK01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511C-1 PN (6ES7511-1CL03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511F-1 PN (6ES7511-1FK01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511F-1 PN (6ES7511-1FK02-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511F-1 PN (6ES7511-1FL03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511T-1 PN (6ES7511-1TK01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511T-1 PN (6ES7511-1TL03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511TF-1 PN (6ES7511-1UK01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511TF-1 PN (6ES7511-1UL03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1512C-1 PN (6ES7512-1CK00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1512C-1 PN (6ES7512-1CK01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1512C-1 PN (6ES7512-1CM03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1513-1 PN (6ES7513-1AL01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1513-1 PN (6ES7513-1AL02-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1513-1 PN (6ES7513-1AM03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1513F-1 PN (6ES7513-1FL01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1513F-1 PN (6ES7513-1FL02-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1513F-1 PN (6ES7513-1FM03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1513R-1 PN (6ES7513-1RL00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1513R-1 PN (6ES7513-1RM03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1513pro F-2 PN (6ES7513-2GM03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1513pro-2 PN (6ES7513-2PM03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515-2 PN (6ES7515-2AM01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515-2 PN (6ES7515-2AM02-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515-2 PN (6ES7515-2AN03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515F-2 PN (6ES7515-2FM01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515F-2 PN (6ES7515-2FM02-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515F-2 PN (6ES7515-2FN03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515R-2 PN (6ES7515-2RM00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515R-2 PN (6ES7515-2RN03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515T-2 PN (6ES7515-2TM01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515T-2 PN (6ES7515-2TN03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515TF-2 PN (6ES7515-2UM01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515TF-2 PN (6ES7515-2UN03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516-3 PN/DP (6ES7516-3AN01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516-3 PN/DP (6ES7516-3AN02-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516-3 PN/DP (6ES7516-3AP03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516F-3 PN/DP (6ES7516-3FN01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516F-3 PN/DP (6ES7516-3FN02-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516F-3 PN/DP (6ES7516-3FP03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516T-3 PN (6ES7516-3TP10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516T-3 PN/DP (6ES7516-3TN00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516TF-3 PN (6ES7516-3UP10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516TF-3 PN/DP (6ES7516-3UN00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516pro F-2 PN (6ES7516-2GP03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516pro-2 PN (6ES7516-2PP03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517-3 PN (6ES7517-3AQ10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517-3 PN/DP (6ES7517-3AP00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517F-3 PN (6ES7517-3FQ10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517F-3 PN/DP (6ES7517-3FP00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517F-3 PN/DP (6ES7517-3FP01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517H-3 PN (6ES7517-3HP00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517H-4 PN (6ES7517-4HQ10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517T-3 PN (6ES7517-3TQ10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517T-3 PN/DP (6ES7517-3TP00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517TF-3 PN (6ES7517-3UQ10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517TF-3 PN/DP (6ES7517-3UP00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518-3 PN (6ES7518-3AT10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP (6ES7518-4AP00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518F-3 PN (6ES7518-3FT10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP (6ES7518-4FP00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518HF-4 PN (6ES7518-4JP00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518HF-4 PN (6ES7518-4JT10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518T-3 PN (6ES7518-3TT10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518T-4 PN/DP (6ES7518-4TP00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518TF-3 PN (6ES7518-3UT10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518TF-4 PN/DP (6ES7518-4UP00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU S7-1518-4 PN/DP ODK (6ES7518-4AP00-3AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU S7-1518F-4 PN/DP ODK (6ES7518-4FP00-3AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 ET 200pro: CPU 1513PRO F-2 PN (6ES7513-2GL00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 ET 200pro: CPU 1513PRO-2 PN (6ES7513-2PL00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 ET 200pro: CPU 1516PRO F-2 PN (6ES7516-2GN00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 ET 200pro: CPU 1516PRO-2 PN (6ES7516-2PN00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1507S F V2		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1507S F V3		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1507S F V4		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1507S V2		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1507S V3		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1507S V4		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1508S F V2		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1508S F V3		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1508S F V4		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1508S T V3		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1508S TF V3		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1508S V2		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1508S V3		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1508S V4		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller Linux V2		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller Linux V3		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-PLCSIM Advanced		vers:unknown/*

CVE-2026-25572

The SICAM SIAPP SDK server component contains a stack overflow vulnerability caused by insufficient maximum length checks on certain variables, which can result in process crashes and denial of service.

5.1 (Medium)


                        
                          CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-130 - Improper Handling of Length Parameter Inconsistency

Affected products

Known affected 126 products

Product	Identifier	Version	Remediation
vers:unknown/* Siemens / Heliox Flex 180 kW EV Charging Station		vers:unknown/*
vers:unknown/* Siemens / Heliox Mobile DC 40 kW EV Charging Station		vers:unknown/*
vers:unknown/* Siemens / RUGGEDCOM APE1808		vers:unknown/*
vers:unknown/* Siemens / SICAM SIAPP SDK		vers:unknown/*
vers:unknown/* Siemens / SIDIS Prime		vers:unknown/*
vers:unknown/* Siemens / SIMATIC Drive Controller CPU 1504D TF (6ES7615-4DF10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC Drive Controller CPU 1507D TF (6ES7615-7DF10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1510SP F-1 PN (6ES7510-1SJ01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1510SP F-1 PN (6ES7510-1SK03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1510SP-1 PN (6ES7510-1DJ01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1510SP-1 PN (6ES7510-1DK03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1512SP F-1 PN (6ES7512-1SK01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1512SP F-1 PN (6ES7512-1SM03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1512SP-1 PN (6ES7512-1DK01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1512SP-1 PN (6ES7512-1DM03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1514SP F-2 PN (6ES7514-2SN03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1514SP-2 PN (6ES7514-2DN03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1514SPT F-2 PN (6ES7514-2WN03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1514SPT-2 PN (6ES7514-2VN03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) V2 CPUs - Windows OS		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) V3 CPUs - Industrial OS		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) V3 CPUs - Windows OS		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP Open Controller CPU 1515SP PC3 (incl. SIPLUS variants) V2 CPUs - Windows OS		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP Open Controller CPU 1515SP PC3 (incl. SIPLUS variants) V3 CPUs - Industrial OS		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP Open Controller CPU 1515SP PC3 (incl. SIPLUS variants) V3 CPUs - Windows OS		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511-1 PN (6ES7511-1AK00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511-1 PN (6ES7511-1AK01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511-1 PN (6ES7511-1AK02-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511-1 PN (6ES7511-1AL03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511C-1 PN (6ES7511-1CK00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511C-1 PN (6ES7511-1CK01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511C-1 PN (6ES7511-1CL03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511F-1 PN (6ES7511-1FK01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511F-1 PN (6ES7511-1FK02-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511F-1 PN (6ES7511-1FL03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511T-1 PN (6ES7511-1TK01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511T-1 PN (6ES7511-1TL03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511TF-1 PN (6ES7511-1UK01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511TF-1 PN (6ES7511-1UL03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1512C-1 PN (6ES7512-1CK00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1512C-1 PN (6ES7512-1CK01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1512C-1 PN (6ES7512-1CM03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1513-1 PN (6ES7513-1AL01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1513-1 PN (6ES7513-1AL02-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1513-1 PN (6ES7513-1AM03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1513F-1 PN (6ES7513-1FL01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1513F-1 PN (6ES7513-1FL02-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1513F-1 PN (6ES7513-1FM03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1513R-1 PN (6ES7513-1RL00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1513R-1 PN (6ES7513-1RM03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1513pro F-2 PN (6ES7513-2GM03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1513pro-2 PN (6ES7513-2PM03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515-2 PN (6ES7515-2AM01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515-2 PN (6ES7515-2AM02-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515-2 PN (6ES7515-2AN03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515F-2 PN (6ES7515-2FM01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515F-2 PN (6ES7515-2FM02-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515F-2 PN (6ES7515-2FN03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515R-2 PN (6ES7515-2RM00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515R-2 PN (6ES7515-2RN03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515T-2 PN (6ES7515-2TM01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515T-2 PN (6ES7515-2TN03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515TF-2 PN (6ES7515-2UM01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515TF-2 PN (6ES7515-2UN03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516-3 PN/DP (6ES7516-3AN01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516-3 PN/DP (6ES7516-3AN02-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516-3 PN/DP (6ES7516-3AP03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516F-3 PN/DP (6ES7516-3FN01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516F-3 PN/DP (6ES7516-3FN02-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516F-3 PN/DP (6ES7516-3FP03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516T-3 PN (6ES7516-3TP10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516T-3 PN/DP (6ES7516-3TN00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516TF-3 PN (6ES7516-3UP10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516TF-3 PN/DP (6ES7516-3UN00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516pro F-2 PN (6ES7516-2GP03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516pro-2 PN (6ES7516-2PP03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517-3 PN (6ES7517-3AQ10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517-3 PN/DP (6ES7517-3AP00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517F-3 PN (6ES7517-3FQ10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517F-3 PN/DP (6ES7517-3FP00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517F-3 PN/DP (6ES7517-3FP01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517H-3 PN (6ES7517-3HP00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517H-4 PN (6ES7517-4HQ10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517T-3 PN (6ES7517-3TQ10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517T-3 PN/DP (6ES7517-3TP00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517TF-3 PN (6ES7517-3UQ10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517TF-3 PN/DP (6ES7517-3UP00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518-3 PN (6ES7518-3AT10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP (6ES7518-4AP00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518F-3 PN (6ES7518-3FT10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP (6ES7518-4FP00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518HF-4 PN (6ES7518-4JP00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518HF-4 PN (6ES7518-4JT10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518T-3 PN (6ES7518-3TT10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518T-4 PN/DP (6ES7518-4TP00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518TF-3 PN (6ES7518-3UT10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518TF-4 PN/DP (6ES7518-4UP00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU S7-1518-4 PN/DP ODK (6ES7518-4AP00-3AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU S7-1518F-4 PN/DP ODK (6ES7518-4FP00-3AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 ET 200pro: CPU 1513PRO F-2 PN (6ES7513-2GL00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 ET 200pro: CPU 1513PRO-2 PN (6ES7513-2PL00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 ET 200pro: CPU 1516PRO F-2 PN (6ES7516-2GN00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 ET 200pro: CPU 1516PRO-2 PN (6ES7516-2PN00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1507S F V2		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1507S F V3		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1507S F V4		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1507S V2		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1507S V3		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1507S V4		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1508S F V2		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1508S F V3		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1508S F V4		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1508S T V3		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1508S TF V3		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1508S V2		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1508S V3		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1508S V4		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller Linux V2		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller Linux V3		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-PLCSIM Advanced		vers:unknown/*

CVE-2026-25573

The application executes shell commands constructed from user input, exposing it to command injection vulnerabilities that can lead to full system compromise.

7.4 (High)


                        
                          CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-73 - External Control of File Name or Path

Affected products

Known affected 126 products

Product	Identifier	Version	Remediation
vers:unknown/* Siemens / Heliox Flex 180 kW EV Charging Station		vers:unknown/*
vers:unknown/* Siemens / Heliox Mobile DC 40 kW EV Charging Station		vers:unknown/*
vers:unknown/* Siemens / RUGGEDCOM APE1808		vers:unknown/*
vers:unknown/* Siemens / SICAM SIAPP SDK		vers:unknown/*
vers:unknown/* Siemens / SIDIS Prime		vers:unknown/*
vers:unknown/* Siemens / SIMATIC Drive Controller CPU 1504D TF (6ES7615-4DF10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC Drive Controller CPU 1507D TF (6ES7615-7DF10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1510SP F-1 PN (6ES7510-1SJ01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1510SP F-1 PN (6ES7510-1SK03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1510SP-1 PN (6ES7510-1DJ01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1510SP-1 PN (6ES7510-1DK03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1512SP F-1 PN (6ES7512-1SK01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1512SP F-1 PN (6ES7512-1SM03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1512SP-1 PN (6ES7512-1DK01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1512SP-1 PN (6ES7512-1DM03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1514SP F-2 PN (6ES7514-2SN03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1514SP-2 PN (6ES7514-2DN03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1514SPT F-2 PN (6ES7514-2WN03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1514SPT-2 PN (6ES7514-2VN03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) V2 CPUs - Windows OS		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) V3 CPUs - Industrial OS		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) V3 CPUs - Windows OS		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP Open Controller CPU 1515SP PC3 (incl. SIPLUS variants) V2 CPUs - Windows OS		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP Open Controller CPU 1515SP PC3 (incl. SIPLUS variants) V3 CPUs - Industrial OS		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP Open Controller CPU 1515SP PC3 (incl. SIPLUS variants) V3 CPUs - Windows OS		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511-1 PN (6ES7511-1AK00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511-1 PN (6ES7511-1AK01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511-1 PN (6ES7511-1AK02-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511-1 PN (6ES7511-1AL03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511C-1 PN (6ES7511-1CK00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511C-1 PN (6ES7511-1CK01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511C-1 PN (6ES7511-1CL03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511F-1 PN (6ES7511-1FK01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511F-1 PN (6ES7511-1FK02-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511F-1 PN (6ES7511-1FL03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511T-1 PN (6ES7511-1TK01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511T-1 PN (6ES7511-1TL03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511TF-1 PN (6ES7511-1UK01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511TF-1 PN (6ES7511-1UL03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1512C-1 PN (6ES7512-1CK00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1512C-1 PN (6ES7512-1CK01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1512C-1 PN (6ES7512-1CM03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1513-1 PN (6ES7513-1AL01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1513-1 PN (6ES7513-1AL02-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1513-1 PN (6ES7513-1AM03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1513F-1 PN (6ES7513-1FL01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1513F-1 PN (6ES7513-1FL02-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1513F-1 PN (6ES7513-1FM03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1513R-1 PN (6ES7513-1RL00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1513R-1 PN (6ES7513-1RM03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1513pro F-2 PN (6ES7513-2GM03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1513pro-2 PN (6ES7513-2PM03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515-2 PN (6ES7515-2AM01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515-2 PN (6ES7515-2AM02-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515-2 PN (6ES7515-2AN03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515F-2 PN (6ES7515-2FM01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515F-2 PN (6ES7515-2FM02-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515F-2 PN (6ES7515-2FN03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515R-2 PN (6ES7515-2RM00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515R-2 PN (6ES7515-2RN03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515T-2 PN (6ES7515-2TM01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515T-2 PN (6ES7515-2TN03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515TF-2 PN (6ES7515-2UM01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515TF-2 PN (6ES7515-2UN03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516-3 PN/DP (6ES7516-3AN01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516-3 PN/DP (6ES7516-3AN02-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516-3 PN/DP (6ES7516-3AP03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516F-3 PN/DP (6ES7516-3FN01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516F-3 PN/DP (6ES7516-3FN02-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516F-3 PN/DP (6ES7516-3FP03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516T-3 PN (6ES7516-3TP10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516T-3 PN/DP (6ES7516-3TN00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516TF-3 PN (6ES7516-3UP10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516TF-3 PN/DP (6ES7516-3UN00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516pro F-2 PN (6ES7516-2GP03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516pro-2 PN (6ES7516-2PP03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517-3 PN (6ES7517-3AQ10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517-3 PN/DP (6ES7517-3AP00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517F-3 PN (6ES7517-3FQ10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517F-3 PN/DP (6ES7517-3FP00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517F-3 PN/DP (6ES7517-3FP01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517H-3 PN (6ES7517-3HP00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517H-4 PN (6ES7517-4HQ10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517T-3 PN (6ES7517-3TQ10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517T-3 PN/DP (6ES7517-3TP00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517TF-3 PN (6ES7517-3UQ10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517TF-3 PN/DP (6ES7517-3UP00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518-3 PN (6ES7518-3AT10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP (6ES7518-4AP00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518F-3 PN (6ES7518-3FT10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP (6ES7518-4FP00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518HF-4 PN (6ES7518-4JP00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518HF-4 PN (6ES7518-4JT10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518T-3 PN (6ES7518-3TT10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518T-4 PN/DP (6ES7518-4TP00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518TF-3 PN (6ES7518-3UT10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518TF-4 PN/DP (6ES7518-4UP00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU S7-1518-4 PN/DP ODK (6ES7518-4AP00-3AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU S7-1518F-4 PN/DP ODK (6ES7518-4FP00-3AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 ET 200pro: CPU 1513PRO F-2 PN (6ES7513-2GL00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 ET 200pro: CPU 1513PRO-2 PN (6ES7513-2PL00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 ET 200pro: CPU 1516PRO F-2 PN (6ES7516-2GN00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 ET 200pro: CPU 1516PRO-2 PN (6ES7516-2PN00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1507S F V2		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1507S F V3		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1507S F V4		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1507S V2		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1507S V3		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1507S V4		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1508S F V2		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1508S F V3		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1508S F V4		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1508S T V3		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1508S TF V3		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1508S V2		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1508S V3		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1508S V4		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller Linux V2		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller Linux V3		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-PLCSIM Advanced		vers:unknown/*

CVE-2026-25605

The application fails to properly validate file paths during deletion, enabling attackers to delete authorized files or sockets, potentially causing service disruption or denial of service.

6.7 (Medium)


                        
                          CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H

CWE-73 - External Control of File Name or Path

Affected products

Known affected 126 products

Product	Identifier	Version	Remediation
vers:unknown/* Siemens / Heliox Flex 180 kW EV Charging Station		vers:unknown/*
vers:unknown/* Siemens / Heliox Mobile DC 40 kW EV Charging Station		vers:unknown/*
vers:unknown/* Siemens / RUGGEDCOM APE1808		vers:unknown/*
vers:unknown/* Siemens / SICAM SIAPP SDK		vers:unknown/*
vers:unknown/* Siemens / SIDIS Prime		vers:unknown/*
vers:unknown/* Siemens / SIMATIC Drive Controller CPU 1504D TF (6ES7615-4DF10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC Drive Controller CPU 1507D TF (6ES7615-7DF10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1510SP F-1 PN (6ES7510-1SJ01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1510SP F-1 PN (6ES7510-1SK03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1510SP-1 PN (6ES7510-1DJ01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1510SP-1 PN (6ES7510-1DK03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1512SP F-1 PN (6ES7512-1SK01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1512SP F-1 PN (6ES7512-1SM03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1512SP-1 PN (6ES7512-1DK01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1512SP-1 PN (6ES7512-1DM03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1514SP F-2 PN (6ES7514-2SN03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1514SP-2 PN (6ES7514-2DN03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1514SPT F-2 PN (6ES7514-2WN03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP CPU 1514SPT-2 PN (6ES7514-2VN03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) V2 CPUs - Windows OS		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) V3 CPUs - Industrial OS		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) V3 CPUs - Windows OS		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP Open Controller CPU 1515SP PC3 (incl. SIPLUS variants) V2 CPUs - Windows OS		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP Open Controller CPU 1515SP PC3 (incl. SIPLUS variants) V3 CPUs - Industrial OS		vers:unknown/*
vers:unknown/* Siemens / SIMATIC ET 200SP Open Controller CPU 1515SP PC3 (incl. SIPLUS variants) V3 CPUs - Windows OS		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511-1 PN (6ES7511-1AK00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511-1 PN (6ES7511-1AK01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511-1 PN (6ES7511-1AK02-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511-1 PN (6ES7511-1AL03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511C-1 PN (6ES7511-1CK00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511C-1 PN (6ES7511-1CK01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511C-1 PN (6ES7511-1CL03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511F-1 PN (6ES7511-1FK01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511F-1 PN (6ES7511-1FK02-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511F-1 PN (6ES7511-1FL03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511T-1 PN (6ES7511-1TK01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511T-1 PN (6ES7511-1TL03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511TF-1 PN (6ES7511-1UK01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1511TF-1 PN (6ES7511-1UL03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1512C-1 PN (6ES7512-1CK00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1512C-1 PN (6ES7512-1CK01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1512C-1 PN (6ES7512-1CM03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1513-1 PN (6ES7513-1AL01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1513-1 PN (6ES7513-1AL02-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1513-1 PN (6ES7513-1AM03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1513F-1 PN (6ES7513-1FL01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1513F-1 PN (6ES7513-1FL02-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1513F-1 PN (6ES7513-1FM03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1513R-1 PN (6ES7513-1RL00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1513R-1 PN (6ES7513-1RM03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1513pro F-2 PN (6ES7513-2GM03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1513pro-2 PN (6ES7513-2PM03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515-2 PN (6ES7515-2AM01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515-2 PN (6ES7515-2AM02-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515-2 PN (6ES7515-2AN03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515F-2 PN (6ES7515-2FM01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515F-2 PN (6ES7515-2FM02-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515F-2 PN (6ES7515-2FN03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515R-2 PN (6ES7515-2RM00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515R-2 PN (6ES7515-2RN03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515T-2 PN (6ES7515-2TM01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515T-2 PN (6ES7515-2TN03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515TF-2 PN (6ES7515-2UM01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1515TF-2 PN (6ES7515-2UN03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516-3 PN/DP (6ES7516-3AN01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516-3 PN/DP (6ES7516-3AN02-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516-3 PN/DP (6ES7516-3AP03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516F-3 PN/DP (6ES7516-3FN01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516F-3 PN/DP (6ES7516-3FN02-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516F-3 PN/DP (6ES7516-3FP03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516T-3 PN (6ES7516-3TP10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516T-3 PN/DP (6ES7516-3TN00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516TF-3 PN (6ES7516-3UP10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516TF-3 PN/DP (6ES7516-3UN00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516pro F-2 PN (6ES7516-2GP03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1516pro-2 PN (6ES7516-2PP03-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517-3 PN (6ES7517-3AQ10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517-3 PN/DP (6ES7517-3AP00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517F-3 PN (6ES7517-3FQ10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517F-3 PN/DP (6ES7517-3FP00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517F-3 PN/DP (6ES7517-3FP01-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517H-3 PN (6ES7517-3HP00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517H-4 PN (6ES7517-4HQ10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517T-3 PN (6ES7517-3TQ10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517T-3 PN/DP (6ES7517-3TP00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517TF-3 PN (6ES7517-3UQ10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1517TF-3 PN/DP (6ES7517-3UP00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518-3 PN (6ES7518-3AT10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP (6ES7518-4AP00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518F-3 PN (6ES7518-3FT10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP (6ES7518-4FP00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518HF-4 PN (6ES7518-4JP00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518HF-4 PN (6ES7518-4JT10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518T-3 PN (6ES7518-3TT10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518T-4 PN/DP (6ES7518-4TP00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518TF-3 PN (6ES7518-3UT10-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU 1518TF-4 PN/DP (6ES7518-4UP00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU S7-1518-4 PN/DP ODK (6ES7518-4AP00-3AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 CPU S7-1518F-4 PN/DP ODK (6ES7518-4FP00-3AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 ET 200pro: CPU 1513PRO F-2 PN (6ES7513-2GL00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 ET 200pro: CPU 1513PRO-2 PN (6ES7513-2PL00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 ET 200pro: CPU 1516PRO F-2 PN (6ES7516-2GN00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 ET 200pro: CPU 1516PRO-2 PN (6ES7516-2PN00-0AB0)		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1507S F V2		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1507S F V3		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1507S F V4		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1507S V2		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1507S V3		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1507S V4		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1508S F V2		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1508S F V3		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1508S F V4		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1508S T V3		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1508S TF V3		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1508S V2		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1508S V3		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller CPU 1508S V4		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller Linux V2		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 Software Controller Linux V3		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem		vers:unknown/*
vers:unknown/* Siemens / SIMATIC S7-PLCSIM Advanced		vers:unknown/*

References

40 references

URL	Category
https://cert-portal.siemens.com/productcert/html/…	external
https://cert-portal.siemens.com/productcert/html/…	external
https://cert-portal.siemens.com/productcert/html/…	external
https://cert-portal.siemens.com/productcert/html/…	external
https://cert-portal.siemens.com/productcert/html/…	external
https://vulnerabilities.ncsc.nl/csaf/v2/2024/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2024/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2024/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2024/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self

JSON

To clipboard

{
  "document": {
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE"
      }
    },
    "lang": "nl",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:\n\n    NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.\n\n    NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.\n    This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings."
      },
      {
        "category": "description",
        "text": "Siemens heeft kwetsbaarheden verholpen in diverse producten als Heliox, Ruggedcom, SICAM, SIDIS en SIMATIC.",
        "title": "Feiten"
      },
      {
        "category": "description",
        "text": "De kwetsbaarheden stellen een kwaadwillende mogelijk in staat aanvallen uit te voeren die kunnen leiden tot de volgende categorie\u00ebn schade:\n\n- Denial-of-Service (DoS)\n- Manipulatie van gegevens\n- Omzeilen van een beveiligingsmaatregel\n- (Remote) code execution (root/admin rechten)\n- Toegang tot systeemgegevens\n- Verhogen van rechten\n\nVoor succesvol misbruik van de genoemde kwetsbaarheden moet de kwaadwillende toegang hebben tot de productie-omgeving. Het is goed gebruik een dergelijke omgeving niet publiek toegankelijk te hebben.",
        "title": "Interpretaties"
      },
      {
        "category": "description",
        "text": "Siemens heeft beveiligingsupdates uitgebracht om de kwetsbaarheden te verhelpen. Voor de kwetsbaarheden waar nog geen updates voor zijn, heeft Siemens mitigerende maatregelen gepubliceerd om de risico\u0027s zoveel als mogelijk te beperken. Zie de bijgevoegde referenties voor meer informatie.",
        "title": "Oplossingen"
      },
      {
        "category": "general",
        "text": "medium",
        "title": "Kans"
      },
      {
        "category": "general",
        "text": "high",
        "title": "Schade"
      },
      {
        "category": "general",
        "text": "Improper Input Validation",
        "title": "CWE-20"
      },
      {
        "category": "general",
        "text": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
        "title": "CWE-22"
      },
      {
        "category": "general",
        "text": "Relative Path Traversal",
        "title": "CWE-23"
      },
      {
        "category": "general",
        "text": "External Control of File Name or Path",
        "title": "CWE-73"
      },
      {
        "category": "general",
        "text": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
        "title": "CWE-78"
      },
      {
        "category": "general",
        "text": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
        "title": "CWE-79"
      },
      {
        "category": "general",
        "text": "Stack-based Buffer Overflow",
        "title": "CWE-121"
      },
      {
        "category": "general",
        "text": "Out-of-bounds Read",
        "title": "CWE-125"
      },
      {
        "category": "general",
        "text": "Improper Handling of Length Parameter Inconsistency",
        "title": "CWE-130"
      },
      {
        "category": "general",
        "text": "Use of Externally-Controlled Format String",
        "title": "CWE-134"
      },
      {
        "category": "general",
        "text": "Incorrect Behavior Order: Early Validation",
        "title": "CWE-179"
      },
      {
        "category": "general",
        "text": "Incomplete List of Disallowed Inputs",
        "title": "CWE-184"
      },
      {
        "category": "general",
        "text": "Integer Overflow or Wraparound",
        "title": "CWE-190"
      },
      {
        "category": "general",
        "text": "Numeric Truncation Error",
        "title": "CWE-197"
      },
      {
        "category": "general",
        "text": "Exposure of Sensitive Information to an Unauthorized Actor",
        "title": "CWE-200"
      },
      {
        "category": "general",
        "text": "Insertion of Sensitive Information Into Sent Data",
        "title": "CWE-201"
      },
      {
        "category": "general",
        "text": "Observable Discrepancy",
        "title": "CWE-203"
      },
      {
        "category": "general",
        "text": "Observable Timing Discrepancy",
        "title": "CWE-208"
      },
      {
        "category": "general",
        "text": "Improper Access Control",
        "title": "CWE-284"
      },
      {
        "category": "general",
        "text": "Authentication Bypass Using an Alternate Path or Channel",
        "title": "CWE-288"
      },
      {
        "category": "general",
        "text": "Improper Certificate Validation",
        "title": "CWE-295"
      },
      {
        "category": "general",
        "text": "Use of Insufficiently Random Values",
        "title": "CWE-330"
      },
      {
        "category": "general",
        "text": "Exposure of Private Personal Information to an Unauthorized Actor",
        "title": "CWE-359"
      },
      {
        "category": "general",
        "text": "Uncontrolled Resource Consumption",
        "title": "CWE-400"
      },
      {
        "category": "general",
        "text": "Improper Resource Shutdown or Release",
        "title": "CWE-404"
      },
      {
        "category": "general",
        "text": "Interpretation Conflict",
        "title": "CWE-436"
      },
      {
        "category": "general",
        "text": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)",
        "title": "CWE-444"
      },
      {
        "category": "general",
        "text": "Uncontrolled Recursion",
        "title": "CWE-674"
      },
      {
        "category": "general",
        "text": "Allocation of Resources Without Limits or Throttling",
        "title": "CWE-770"
      },
      {
        "category": "general",
        "text": "Out-of-bounds Write",
        "title": "CWE-787"
      },
      {
        "category": "general",
        "text": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)",
        "title": "CWE-835"
      },
      {
        "category": "general",
        "text": "Improper Restriction of Communication Channel to Intended Endpoints",
        "title": "CWE-923"
      },
      {
        "category": "general",
        "text": "CWE-937",
        "title": "CWE-937"
      },
      {
        "category": "general",
        "text": "Improper Verification of Source of a Communication Channel",
        "title": "CWE-940"
      },
      {
        "category": "general",
        "text": "CWE-1035",
        "title": "CWE-1035"
      },
      {
        "category": "general",
        "text": "Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)",
        "title": "CWE-1321"
      },
      {
        "category": "general",
        "text": "Inefficient Regular Expression Complexity",
        "title": "CWE-1333"
      }
    ],
    "publisher": {
      "category": "coordinator",
      "contact_details": "cert@ncsc.nl",
      "name": "Nationaal Cyber Security Centrum",
      "namespace": "https://www.ncsc.nl/"
    },
    "references": [
      {
        "category": "external",
        "summary": "Reference",
        "url": "https://cert-portal.siemens.com/productcert/html/ssa-126399.html"
      },
      {
        "category": "external",
        "summary": "Reference",
        "url": "https://cert-portal.siemens.com/productcert/html/ssa-452276.html"
      },
      {
        "category": "external",
        "summary": "Reference",
        "url": "https://cert-portal.siemens.com/productcert/html/ssa-485750.html"
      },
      {
        "category": "external",
        "summary": "Reference",
        "url": "https://cert-portal.siemens.com/productcert/html/ssa-903736.html"
      },
      {
        "category": "external",
        "summary": "Reference",
        "url": "https://cert-portal.siemens.com/productcert/html/ssa-975644.html"
      }
    ],
    "title": "Kwetsbaarheden verholpen in Siemens producten",
    "tracking": {
      "current_release_date": "2026-03-10T12:39:14.474522Z",
      "generator": {
        "date": "2025-08-04T16:30:00Z",
        "engine": {
          "name": "V.A.",
          "version": "1.3"
        }
      },
      "id": "NCSC-2026-0079",
      "initial_release_date": "2026-03-10T12:39:14.474522Z",
      "revision_history": [
        {
          "date": "2026-03-10T12:39:14.474522Z",
          "number": "1.0.0",
          "summary": "Initiele versie"
        }
      ],
      "status": "final",
      "version": "1.0.0"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-1"
                }
              }
            ],
            "category": "product_name",
            "name": "Heliox Flex 180 kW EV Charging Station"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-2"
                }
              }
            ],
            "category": "product_name",
            "name": "Heliox Mobile DC 40 kW EV Charging Station"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-3"
                }
              }
            ],
            "category": "product_name",
            "name": "RUGGEDCOM APE1808"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-4"
                }
              }
            ],
            "category": "product_name",
            "name": "SICAM SIAPP SDK"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-5"
                }
              }
            ],
            "category": "product_name",
            "name": "SIDIS Prime"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-6"
                }
              }
            ],
            "category": "product_name",
            "name": "SIMATIC Drive Controller CPU 1504D TF (6ES7615-4DF10-0AB0)"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-7"
                }
              }
            ],
            "category": "product_name",
            "name": "SIMATIC Drive Controller CPU 1507D TF (6ES7615-7DF10-0AB0)"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-8"
                }
              }
            ],
            "category": "product_name",
            "name": "SIMATIC ET 200SP CPU 1510SP F-1 PN (6ES7510-1SJ01-0AB0)"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-9"
                }
              }
            ],
            "category": "product_name",
            "name": "SIMATIC ET 200SP CPU 1510SP F-1 PN (6ES7510-1SK03-0AB0)"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-10"
                }
              }
            ],
            "category": "product_name",
            "name": "SIMATIC ET 200SP CPU 1510SP-1 PN (6ES7510-1DJ01-0AB0)"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-11"
                }
              }
            ],
            "category": "product_name",
            "name": "SIMATIC ET 200SP CPU 1510SP-1 PN (6ES7510-1DK03-0AB0)"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-12"
                }
              }
            ],
            "category": "product_name",
            "name": "SIMATIC ET 200SP CPU 1512SP F-1 PN (6ES7512-1SK01-0AB0)"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-13"
                }
              }
            ],
            "category": "product_name",
            "name": "SIMATIC ET 200SP CPU 1512SP F-1 PN (6ES7512-1SM03-0AB0)"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-14"
                }
              }
            ],
            "category": "product_name",
            "name": "SIMATIC ET 200SP CPU 1512SP-1 PN (6ES7512-1DK01-0AB0)"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-15"
                }
              }
            ],
            "category": "product_name",
            "name": "SIMATIC ET 200SP CPU 1512SP-1 PN (6ES7512-1DM03-0AB0)"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-16"
                }
              }
            ],
            "category": "product_name",
            "name": "SIMATIC ET 200SP CPU 1514SP F-2 PN (6ES7514-2SN03-0AB0)"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-17"
                }
              }
            ],
            "category": "product_name",
            "name": "SIMATIC ET 200SP CPU 1514SP-2 PN (6ES7514-2DN03-0AB0)"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-18"
                }
              }
            ],
            "category": "product_name",
            "name": "SIMATIC ET 200SP CPU 1514SPT F-2 PN (6ES7514-2WN03-0AB0)"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-19"
                }
              }
            ],
            "category": "product_name",
            "name": "SIMATIC ET 200SP CPU 1514SPT-2 PN (6ES7514-2VN03-0AB0)"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-20"
                }
              }
            ],
            "category": "product_name",
            "name": "SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants)"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-21"
                }
              }
            ],
            "category": "product_name",
            "name": "SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) V2 CPUs - Windows OS"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-22"
                }
              }
            ],
            "category": "product_name",
            "name": "SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) V3 CPUs - Industrial OS"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-23"
                }
              }
            ],
            "category": "product_name",
            "name": "SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) V3 CPUs - Windows OS"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-24"
                }
              }
            ],
            "category": "product_name",
            "name": "SIMATIC ET 200SP Open Controller CPU 1515SP PC3 (incl. SIPLUS variants) V2 CPUs - Windows OS"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-25"
                }
              }
            ],
            "category": "product_name",
            "name": "SIMATIC ET 200SP Open Controller CPU 1515SP PC3 (incl. SIPLUS variants) V3 CPUs - Industrial OS"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-26"
                }
              }
            ],
            "category": "product_name",
            "name": "SIMATIC ET 200SP Open Controller CPU 1515SP PC3 (incl. SIPLUS variants) V3 CPUs - Windows OS"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-27"
                }
              }
            ],
            "category": "product_name",
            "name": "SIMATIC S7-1500 CPU 1511-1 PN (6ES7511-1AK00-0AB0)"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-28"
                }
              }
            ],
            "category": "product_name",
            "name": "SIMATIC S7-1500 CPU 1511-1 PN (6ES7511-1AK01-0AB0)"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-29"
                }
              }
            ],
            "category": "product_name",
            "name": "SIMATIC S7-1500 CPU 1511-1 PN (6ES7511-1AK02-0AB0)"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-30"
                }
              }
            ],
            "category": "product_name",
            "name": "SIMATIC S7-1500 CPU 1511-1 PN (6ES7511-1AL03-0AB0)"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-31"
                }
              }
            ],
            "category": "product_name",
            "name": "SIMATIC S7-1500 CPU 1511C-1 PN (6ES7511-1CK00-0AB0)"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-32"
                }
              }
            ],
            "category": "product_name",
            "name": "SIMATIC S7-1500 CPU 1511C-1 PN (6ES7511-1CK01-0AB0)"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-33"
                }
              }
            ],
            "category": "product_name",
            "name": "SIMATIC S7-1500 CPU 1511C-1 PN (6ES7511-1CL03-0AB0)"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-34"
                }
              }
            ],
            "category": "product_name",
            "name": "SIMATIC S7-1500 CPU 1511F-1 PN (6ES7511-1FK01-0AB0)"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-35"
                }
              }
            ],
            "category": "product_name",
            "name": "SIMATIC S7-1500 CPU 1511F-1 PN (6ES7511-1FK02-0AB0)"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-36"
                }
              }
            ],
            "category": "product_name",
            "name": "SIMATIC S7-1500 CPU 1511F-1 PN (6ES7511-1FL03-0AB0)"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-37"
                }
              }
            ],
            "category": "product_name",
            "name": "SIMATIC S7-1500 CPU 1511T-1 PN (6ES7511-1TK01-0AB0)"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-38"
                }
              }
            ],
            "category": "product_name",
            "name": "SIMATIC S7-1500 CPU 1511T-1 PN (6ES7511-1TL03-0AB0)"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-39"
                }
              }
            ],
            "category": "product_name",
            "name": "SIMATIC S7-1500 CPU 1511TF-1 PN (6ES7511-1UK01-0AB0)"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-40"
                }
              }
            ],
            "category": "product_name",
            "name": "SIMATIC S7-1500 CPU 1511TF-1 PN (6ES7511-1UL03-0AB0)"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-41"
                }
              }
            ],
            "category": "product_name",
            "name": "SIMATIC S7-1500 CPU 1512C-1 PN (6ES7512-1CK00-0AB0)"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-42"
                }
              }
            ],
            "category": "product_name",
            "name": "SIMATIC S7-1500 CPU 1512C-1 PN (6ES7512-1CK01-0AB0)"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-43"
                }
              }
            ],
            "category": "product_name",
            "name": "SIMATIC S7-1500 CPU 1512C-1 PN (6ES7512-1CM03-0AB0)"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-44"
                }
              }
            ],
            "category": "product_name",
            "name": "SIMATIC S7-1500 CPU 1513-1 PN (6ES7513-1AL01-0AB0)"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-45"
                }
              }
            ],
            "category": "product_name",
            "name": "SIMATIC S7-1500 CPU 1513-1 PN (6ES7513-1AL02-0AB0)"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-46"
                }
              }
            ],
            "category": "product_name",
            "name": "SIMATIC S7-1500 CPU 1513-1 PN (6ES7513-1AM03-0AB0)"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-47"
                }
              }
            ],
            "category": "product_name",
            "name": "SIMATIC S7-1500 CPU 1513F-1 PN (6ES7513-1FL01-0AB0)"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-48"
                }
              }
            ],
            "category": "product_name",
            "name": "SIMATIC S7-1500 CPU 1513F-1 PN (6ES7513-1FL02-0AB0)"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-49"
                }
              }
            ],
            "category": "product_name",
            "name": "SIMATIC S7-1500 CPU 1513F-1 PN (6ES7513-1FM03-0AB0)"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-50"
                }
              }
            ],
            "category": "product_name",
            "name": "SIMATIC S7-1500 CPU 1513R-1 PN (6ES7513-1RL00-0AB0)"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-51"
                }
              }
            ],
            "category": "product_name",
            "name": "SIMATIC S7-1500 CPU 1513R-1 PN (6ES7513-1RM03-0AB0)"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-52"
                }
              }
            ],
            "category": "product_name",
            "name": "SIMATIC S7-1500 CPU 1513pro F-2 PN (6ES7513-2GM03-0AB0)"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-53"
                }
              }
            ],
            "category": "product_name",
            "name": "SIMATIC S7-1500 CPU 1513pro-2 PN (6ES7513-2PM03-0AB0)"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-54"
                }
              }
            ],
            "category": "product_name",
            "name": "SIMATIC S7-1500 CPU 1515-2 PN (6ES7515-2AM01-0AB0)"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-55"
                }
              }
            ],
            "category": "product_name",
            "name": "SIMATIC S7-1500 CPU 1515-2 PN (6ES7515-2AM02-0AB0)"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-56"
                }
              }
            ],
            "category": "product_name",
            "name": "SIMATIC S7-1500 CPU 1515-2 PN (6ES7515-2AN03-0AB0)"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-57"
                }
              }
            ],
            "category": "product_name",
            "name": "SIMATIC S7-1500 CPU 1515F-2 PN (6ES7515-2FM01-0AB0)"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-58"
                }
              }
            ],
            "category": "product_name",
            "name": "SIMATIC S7-1500 CPU 1515F-2 PN (6ES7515-2FM02-0AB0)"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-59"
                }
              }
            ],
            "category": "product_name",
            "name": "SIMATIC S7-1500 CPU 1515F-2 PN (6ES7515-2FN03-0AB0)"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-60"
                }
              }
            ],
            "category": "product_name",
            "name": "SIMATIC S7-1500 CPU 1515R-2 PN (6ES7515-2RM00-0AB0)"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-61"
                }
              }
            ],
            "category": "product_name",
            "name": "SIMATIC S7-1500 CPU 1515R-2 PN (6ES7515-2RN03-0AB0)"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-62"
                }
              }
            ],
            "category": "product_name",
            "name": "SIMATIC S7-1500 CPU 1515T-2 PN (6ES7515-2TM01-0AB0)"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-63"
                }
              }
            ],
            "category": "product_name",
            "name": "SIMATIC S7-1500 CPU 1515T-2 PN (6ES7515-2TN03-0AB0)"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-64"
                }
              }
            ],
            "category": "product_name",
            "name": "SIMATIC S7-1500 CPU 1515TF-2 PN (6ES7515-2UM01-0AB0)"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-65"
                }
              }
            ],
            "category": "product_name",
            "name": "SIMATIC S7-1500 CPU 1515TF-2 PN (6ES7515-2UN03-0AB0)"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-66"
                }
              }
            ],
            "category": "product_name",
            "name": "SIMATIC S7-1500 CPU 1516-3 PN/DP (6ES7516-3AN01-0AB0)"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-67"
                }
              }
            ],
            "category": "product_name",
            "name": "SIMATIC S7-1500 CPU 1516-3 PN/DP (6ES7516-3AN02-0AB0)"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-68"
                }
              }
            ],
            "category": "product_name",
            "name": "SIMATIC S7-1500 CPU 1516-3 PN/DP (6ES7516-3AP03-0AB0)"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-69"
                }
              }
            ],
            "category": "product_name",
            "name": "SIMATIC S7-1500 CPU 1516F-3 PN/DP (6ES7516-3FN01-0AB0)"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-70"
                }
              }
            ],
            "category": "product_name",
            "name": "SIMATIC S7-1500 CPU 1516F-3 PN/DP (6ES7516-3FN02-0AB0)"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-71"
                }
              }
            ],
            "category": "product_name",
            "name": "SIMATIC S7-1500 CPU 1516F-3 PN/DP (6ES7516-3FP03-0AB0)"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-72"
                }
              }
            ],
            "category": "product_name",
            "name": "SIMATIC S7-1500 CPU 1516T-3 PN (6ES7516-3TP10-0AB0)"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-73"
                }
              }
            ],
            "category": "product_name",
            "name": "SIMATIC S7-1500 CPU 1516T-3 PN/DP (6ES7516-3TN00-0AB0)"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-74"
                }
              }
            ],
            "category": "product_name",
            "name": "SIMATIC S7-1500 CPU 1516TF-3 PN (6ES7516-3UP10-0AB0)"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-75"
                }
              }
            ],
            "category": "product_name",
            "name": "SIMATIC S7-1500 CPU 1516TF-3 PN/DP (6ES7516-3UN00-0AB0)"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-76"
                }
              }
            ],
            "category": "product_name",
            "name": "SIMATIC S7-1500 CPU 1516pro F-2 PN (6ES7516-2GP03-0AB0)"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-77"
                }
              }
            ],
            "category": "product_name",
            "name": "SIMATIC S7-1500 CPU 1516pro-2 PN (6ES7516-2PP03-0AB0)"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-78"
                }
              }
            ],
            "category": "product_name",
            "name": "SIMATIC S7-1500 CPU 1517-3 PN (6ES7517-3AQ10-0AB0)"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-79"
                }
              }
            ],
            "category": "product_name",
            "name": "SIMATIC S7-1500 CPU 1517-3 PN/DP (6ES7517-3AP00-0AB0)"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-80"
                }
              }
            ],
            "category": "product_name",
            "name": "SIMATIC S7-1500 CPU 1517F-3 PN (6ES7517-3FQ10-0AB0)"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-81"
                }
              }
            ],
            "category": "product_name",
            "name": "SIMATIC S7-1500 CPU 1517F-3 PN/DP (6ES7517-3FP00-0AB0)"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-82"
                }
              }
            ],
            "category": "product_name",
            "name": "SIMATIC S7-1500 CPU 1517F-3 PN/DP (6ES7517-3FP01-0AB0)"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-83"
                }
              }
            ],
            "category": "product_name",
            "name": "SIMATIC S7-1500 CPU 1517H-3 PN (6ES7517-3HP00-0AB0)"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-84"
                }
              }
            ],
            "category": "product_name",
            "name": "SIMATIC S7-1500 CPU 1517H-4 PN (6ES7517-4HQ10-0AB0)"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-85"
                }
              }
            ],
            "category": "product_name",
            "name": "SIMATIC S7-1500 CPU 1517T-3 PN (6ES7517-3TQ10-0AB0)"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-86"
                }
              }
            ],
            "category": "product_name",
            "name": "SIMATIC S7-1500 CPU 1517T-3 PN/DP (6ES7517-3TP00-0AB0)"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-87"
                }
              }
            ],
            "category": "product_name",
            "name": "SIMATIC S7-1500 CPU 1517TF-3 PN (6ES7517-3UQ10-0AB0)"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-88"
                }
              }
            ],
            "category": "product_name",
            "name": "SIMATIC S7-1500 CPU 1517TF-3 PN/DP (6ES7517-3UP00-0AB0)"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-89"
                }
              }
            ],
            "category": "product_name",
            "name": "SIMATIC S7-1500 CPU 1518-3 PN (6ES7518-3AT10-0AB0)"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-90"
                }
              }
            ],
            "category": "product_name",
            "name": "SIMATIC S7-1500 CPU 1518-4 PN/DP (6ES7518-4AP00-0AB0)"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-91"
                }
              }
            ],
            "category": "product_name",
            "name": "SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-92"
                }
              }
            ],
            "category": "product_name",
            "name": "SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-93"
                }
              }
            ],
            "category": "product_name",
            "name": "SIMATIC S7-1500 CPU 1518F-3 PN (6ES7518-3FT10-0AB0)"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-94"
                }
              }
            ],
            "category": "product_name",
            "name": "SIMATIC S7-1500 CPU 1518F-4 PN/DP (6ES7518-4FP00-0AB0)"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-95"
                }
              }
            ],
            "category": "product_name",
            "name": "SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-96"
                }
              }
            ],
            "category": "product_name",
            "name": "SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-97"
                }
              }
            ],
            "category": "product_name",
            "name": "SIMATIC S7-1500 CPU 1518HF-4 PN (6ES7518-4JP00-0AB0)"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-98"
                }
              }
            ],
            "category": "product_name",
            "name": "SIMATIC S7-1500 CPU 1518HF-4 PN (6ES7518-4JT10-0AB0)"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-99"
                }
              }
            ],
            "category": "product_name",
            "name": "SIMATIC S7-1500 CPU 1518T-3 PN (6ES7518-3TT10-0AB0)"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-100"
                }
              }
            ],
            "category": "product_name",
            "name": "SIMATIC S7-1500 CPU 1518T-4 PN/DP (6ES7518-4TP00-0AB0)"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-101"
                }
              }
            ],
            "category": "product_name",
            "name": "SIMATIC S7-1500 CPU 1518TF-3 PN (6ES7518-3UT10-0AB0)"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-102"
                }
              }
            ],
            "category": "product_name",
            "name": "SIMATIC S7-1500 CPU 1518TF-4 PN/DP (6ES7518-4UP00-0AB0)"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-103"
                }
              }
            ],
            "category": "product_name",
            "name": "SIMATIC S7-1500 CPU S7-1518-4 PN/DP ODK (6ES7518-4AP00-3AB0)"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-104"
                }
              }
            ],
            "category": "product_name",
            "name": "SIMATIC S7-1500 CPU S7-1518F-4 PN/DP ODK (6ES7518-4FP00-3AB0)"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-105"
                }
              }
            ],
            "category": "product_name",
            "name": "SIMATIC S7-1500 ET 200pro: CPU 1513PRO F-2 PN (6ES7513-2GL00-0AB0)"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-106"
                }
              }
            ],
            "category": "product_name",
            "name": "SIMATIC S7-1500 ET 200pro: CPU 1513PRO-2 PN (6ES7513-2PL00-0AB0)"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-107"
                }
              }
            ],
            "category": "product_name",
            "name": "SIMATIC S7-1500 ET 200pro: CPU 1516PRO F-2 PN (6ES7516-2GN00-0AB0)"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-108"
                }
              }
            ],
            "category": "product_name",
            "name": "SIMATIC S7-1500 ET 200pro: CPU 1516PRO-2 PN (6ES7516-2PN00-0AB0)"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-109"
                }
              }
            ],
            "category": "product_name",
            "name": "SIMATIC S7-1500 Software Controller CPU 1507S F V2"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-110"
                }
              }
            ],
            "category": "product_name",
            "name": "SIMATIC S7-1500 Software Controller CPU 1507S F V3"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-111"
                }
              }
            ],
            "category": "product_name",
            "name": "SIMATIC S7-1500 Software Controller CPU 1507S F V4"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-112"
                }
              }
            ],
            "category": "product_name",
            "name": "SIMATIC S7-1500 Software Controller CPU 1507S V2"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-113"
                }
              }
            ],
            "category": "product_name",
            "name": "SIMATIC S7-1500 Software Controller CPU 1507S V3"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-114"
                }
              }
            ],
            "category": "product_name",
            "name": "SIMATIC S7-1500 Software Controller CPU 1507S V4"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-115"
                }
              }
            ],
            "category": "product_name",
            "name": "SIMATIC S7-1500 Software Controller CPU 1508S F V2"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-116"
                }
              }
            ],
            "category": "product_name",
            "name": "SIMATIC S7-1500 Software Controller CPU 1508S F V3"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-117"
                }
              }
            ],
            "category": "product_name",
            "name": "SIMATIC S7-1500 Software Controller CPU 1508S F V4"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-118"
                }
              }
            ],
            "category": "product_name",
            "name": "SIMATIC S7-1500 Software Controller CPU 1508S T V3"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-119"
                }
              }
            ],
            "category": "product_name",
            "name": "SIMATIC S7-1500 Software Controller CPU 1508S TF V3"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-120"
                }
              }
            ],
            "category": "product_name",
            "name": "SIMATIC S7-1500 Software Controller CPU 1508S V2"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-121"
                }
              }
            ],
            "category": "product_name",
            "name": "SIMATIC S7-1500 Software Controller CPU 1508S V3"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-122"
                }
              }
            ],
            "category": "product_name",
            "name": "SIMATIC S7-1500 Software Controller CPU 1508S V4"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-123"
                }
              }
            ],
            "category": "product_name",
            "name": "SIMATIC S7-1500 Software Controller Linux V2"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-124"
                }
              }
            ],
            "category": "product_name",
            "name": "SIMATIC S7-1500 Software Controller Linux V3"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-125"
                }
              }
            ],
            "category": "product_name",
            "name": "SIMATIC S7-1500 TM MFP - GNU/Linux subsystem"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-126"
                }
              }
            ],
            "category": "product_name",
            "name": "SIMATIC S7-PLCSIM Advanced"
          }
        ],
        "category": "vendor",
        "name": "Siemens"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2024-29857",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Input Validation",
          "title": "CWE-20"
        },
        {
          "category": "other",
          "text": "Uncontrolled Resource Consumption",
          "title": "CWE-400"
        },
        {
          "category": "other",
          "text": "Out-of-bounds Read",
          "title": "CWE-125"
        },
        {
          "category": "description",
          "text": "Multiple vulnerabilities across Oracle products, including Utilities Application Framework, Fusion Middleware, and WebLogic Server, allow unauthenticated attackers to execute denial of service attacks, with CVSS scores of 7.5 and varying damage ratings.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18",
          "CSAFPID-19",
          "CSAFPID-20",
          "CSAFPID-21",
          "CSAFPID-22",
          "CSAFPID-23",
          "CSAFPID-24",
          "CSAFPID-25",
          "CSAFPID-26",
          "CSAFPID-27",
          "CSAFPID-28",
          "CSAFPID-29",
          "CSAFPID-30",
          "CSAFPID-31",
          "CSAFPID-32",
          "CSAFPID-33",
          "CSAFPID-34",
          "CSAFPID-35",
          "CSAFPID-36",
          "CSAFPID-37",
          "CSAFPID-38",
          "CSAFPID-39",
          "CSAFPID-40",
          "CSAFPID-41",
          "CSAFPID-42",
          "CSAFPID-43",
          "CSAFPID-44",
          "CSAFPID-45",
          "CSAFPID-46",
          "CSAFPID-47",
          "CSAFPID-48",
          "CSAFPID-49",
          "CSAFPID-50",
          "CSAFPID-51",
          "CSAFPID-52",
          "CSAFPID-53",
          "CSAFPID-54",
          "CSAFPID-55",
          "CSAFPID-56",
          "CSAFPID-57",
          "CSAFPID-58",
          "CSAFPID-59",
          "CSAFPID-60",
          "CSAFPID-61",
          "CSAFPID-62",
          "CSAFPID-63",
          "CSAFPID-64",
          "CSAFPID-65",
          "CSAFPID-66",
          "CSAFPID-67",
          "CSAFPID-68",
          "CSAFPID-69",
          "CSAFPID-70",
          "CSAFPID-71",
          "CSAFPID-72",
          "CSAFPID-73",
          "CSAFPID-74",
          "CSAFPID-75",
          "CSAFPID-76",
          "CSAFPID-77",
          "CSAFPID-78",
          "CSAFPID-79",
          "CSAFPID-80",
          "CSAFPID-81",
          "CSAFPID-82",
          "CSAFPID-83",
          "CSAFPID-84",
          "CSAFPID-85",
          "CSAFPID-86",
          "CSAFPID-87",
          "CSAFPID-88",
          "CSAFPID-89",
          "CSAFPID-90",
          "CSAFPID-91",
          "CSAFPID-92",
          "CSAFPID-93",
          "CSAFPID-94",
          "CSAFPID-95",
          "CSAFPID-96",
          "CSAFPID-97",
          "CSAFPID-98",
          "CSAFPID-99",
          "CSAFPID-100",
          "CSAFPID-101",
          "CSAFPID-102",
          "CSAFPID-103",
          "CSAFPID-104",
          "CSAFPID-105",
          "CSAFPID-106",
          "CSAFPID-107",
          "CSAFPID-108",
          "CSAFPID-109",
          "CSAFPID-110",
          "CSAFPID-111",
          "CSAFPID-112",
          "CSAFPID-113",
          "CSAFPID-114",
          "CSAFPID-115",
          "CSAFPID-116",
          "CSAFPID-117",
          "CSAFPID-118",
          "CSAFPID-119",
          "CSAFPID-120",
          "CSAFPID-121",
          "CSAFPID-122",
          "CSAFPID-123",
          "CSAFPID-124",
          "CSAFPID-125",
          "CSAFPID-126"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-29857 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2024/cve-2024-29857.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18",
            "CSAFPID-19",
            "CSAFPID-20",
            "CSAFPID-21",
            "CSAFPID-22",
            "CSAFPID-23",
            "CSAFPID-24",
            "CSAFPID-25",
            "CSAFPID-26",
            "CSAFPID-27",
            "CSAFPID-28",
            "CSAFPID-29",
            "CSAFPID-30",
            "CSAFPID-31",
            "CSAFPID-32",
            "CSAFPID-33",
            "CSAFPID-34",
            "CSAFPID-35",
            "CSAFPID-36",
            "CSAFPID-37",
            "CSAFPID-38",
            "CSAFPID-39",
            "CSAFPID-40",
            "CSAFPID-41",
            "CSAFPID-42",
            "CSAFPID-43",
            "CSAFPID-44",
            "CSAFPID-45",
            "CSAFPID-46",
            "CSAFPID-47",
            "CSAFPID-48",
            "CSAFPID-49",
            "CSAFPID-50",
            "CSAFPID-51",
            "CSAFPID-52",
            "CSAFPID-53",
            "CSAFPID-54",
            "CSAFPID-55",
            "CSAFPID-56",
            "CSAFPID-57",
            "CSAFPID-58",
            "CSAFPID-59",
            "CSAFPID-60",
            "CSAFPID-61",
            "CSAFPID-62",
            "CSAFPID-63",
            "CSAFPID-64",
            "CSAFPID-65",
            "CSAFPID-66",
            "CSAFPID-67",
            "CSAFPID-68",
            "CSAFPID-69",
            "CSAFPID-70",
            "CSAFPID-71",
            "CSAFPID-72",
            "CSAFPID-73",
            "CSAFPID-74",
            "CSAFPID-75",
            "CSAFPID-76",
            "CSAFPID-77",
            "CSAFPID-78",
            "CSAFPID-79",
            "CSAFPID-80",
            "CSAFPID-81",
            "CSAFPID-82",
            "CSAFPID-83",
            "CSAFPID-84",
            "CSAFPID-85",
            "CSAFPID-86",
            "CSAFPID-87",
            "CSAFPID-88",
            "CSAFPID-89",
            "CSAFPID-90",
            "CSAFPID-91",
            "CSAFPID-92",
            "CSAFPID-93",
            "CSAFPID-94",
            "CSAFPID-95",
            "CSAFPID-96",
            "CSAFPID-97",
            "CSAFPID-98",
            "CSAFPID-99",
            "CSAFPID-100",
            "CSAFPID-101",
            "CSAFPID-102",
            "CSAFPID-103",
            "CSAFPID-104",
            "CSAFPID-105",
            "CSAFPID-106",
            "CSAFPID-107",
            "CSAFPID-108",
            "CSAFPID-109",
            "CSAFPID-110",
            "CSAFPID-111",
            "CSAFPID-112",
            "CSAFPID-113",
            "CSAFPID-114",
            "CSAFPID-115",
            "CSAFPID-116",
            "CSAFPID-117",
            "CSAFPID-118",
            "CSAFPID-119",
            "CSAFPID-120",
            "CSAFPID-121",
            "CSAFPID-122",
            "CSAFPID-123",
            "CSAFPID-124",
            "CSAFPID-125",
            "CSAFPID-126"
          ]
        }
      ],
      "title": "CVE-2024-29857"
    },
    {
      "cve": "CVE-2024-30171",
      "cwe": {
        "id": "CWE-208",
        "name": "Observable Timing Discrepancy"
      },
      "notes": [
        {
          "category": "other",
          "text": "Observable Timing Discrepancy",
          "title": "CWE-208"
        },
        {
          "category": "other",
          "text": "Observable Discrepancy",
          "title": "CWE-203"
        },
        {
          "category": "description",
          "text": "Multiple vulnerabilities across Oracle Utilities, WebLogic Server, and Bouncy Castle libraries allow for denial of service attacks and sensitive data leakage through timing side-channel exploits.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18",
          "CSAFPID-19",
          "CSAFPID-20",
          "CSAFPID-21",
          "CSAFPID-22",
          "CSAFPID-23",
          "CSAFPID-24",
          "CSAFPID-25",
          "CSAFPID-26",
          "CSAFPID-27",
          "CSAFPID-28",
          "CSAFPID-29",
          "CSAFPID-30",
          "CSAFPID-31",
          "CSAFPID-32",
          "CSAFPID-33",
          "CSAFPID-34",
          "CSAFPID-35",
          "CSAFPID-36",
          "CSAFPID-37",
          "CSAFPID-38",
          "CSAFPID-39",
          "CSAFPID-40",
          "CSAFPID-41",
          "CSAFPID-42",
          "CSAFPID-43",
          "CSAFPID-44",
          "CSAFPID-45",
          "CSAFPID-46",
          "CSAFPID-47",
          "CSAFPID-48",
          "CSAFPID-49",
          "CSAFPID-50",
          "CSAFPID-51",
          "CSAFPID-52",
          "CSAFPID-53",
          "CSAFPID-54",
          "CSAFPID-55",
          "CSAFPID-56",
          "CSAFPID-57",
          "CSAFPID-58",
          "CSAFPID-59",
          "CSAFPID-60",
          "CSAFPID-61",
          "CSAFPID-62",
          "CSAFPID-63",
          "CSAFPID-64",
          "CSAFPID-65",
          "CSAFPID-66",
          "CSAFPID-67",
          "CSAFPID-68",
          "CSAFPID-69",
          "CSAFPID-70",
          "CSAFPID-71",
          "CSAFPID-72",
          "CSAFPID-73",
          "CSAFPID-74",
          "CSAFPID-75",
          "CSAFPID-76",
          "CSAFPID-77",
          "CSAFPID-78",
          "CSAFPID-79",
          "CSAFPID-80",
          "CSAFPID-81",
          "CSAFPID-82",
          "CSAFPID-83",
          "CSAFPID-84",
          "CSAFPID-85",
          "CSAFPID-86",
          "CSAFPID-87",
          "CSAFPID-88",
          "CSAFPID-89",
          "CSAFPID-90",
          "CSAFPID-91",
          "CSAFPID-92",
          "CSAFPID-93",
          "CSAFPID-94",
          "CSAFPID-95",
          "CSAFPID-96",
          "CSAFPID-97",
          "CSAFPID-98",
          "CSAFPID-99",
          "CSAFPID-100",
          "CSAFPID-101",
          "CSAFPID-102",
          "CSAFPID-103",
          "CSAFPID-104",
          "CSAFPID-105",
          "CSAFPID-106",
          "CSAFPID-107",
          "CSAFPID-108",
          "CSAFPID-109",
          "CSAFPID-110",
          "CSAFPID-111",
          "CSAFPID-112",
          "CSAFPID-113",
          "CSAFPID-114",
          "CSAFPID-115",
          "CSAFPID-116",
          "CSAFPID-117",
          "CSAFPID-118",
          "CSAFPID-119",
          "CSAFPID-120",
          "CSAFPID-121",
          "CSAFPID-122",
          "CSAFPID-123",
          "CSAFPID-124",
          "CSAFPID-125",
          "CSAFPID-126"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-30171 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2024/cve-2024-30171.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18",
            "CSAFPID-19",
            "CSAFPID-20",
            "CSAFPID-21",
            "CSAFPID-22",
            "CSAFPID-23",
            "CSAFPID-24",
            "CSAFPID-25",
            "CSAFPID-26",
            "CSAFPID-27",
            "CSAFPID-28",
            "CSAFPID-29",
            "CSAFPID-30",
            "CSAFPID-31",
            "CSAFPID-32",
            "CSAFPID-33",
            "CSAFPID-34",
            "CSAFPID-35",
            "CSAFPID-36",
            "CSAFPID-37",
            "CSAFPID-38",
            "CSAFPID-39",
            "CSAFPID-40",
            "CSAFPID-41",
            "CSAFPID-42",
            "CSAFPID-43",
            "CSAFPID-44",
            "CSAFPID-45",
            "CSAFPID-46",
            "CSAFPID-47",
            "CSAFPID-48",
            "CSAFPID-49",
            "CSAFPID-50",
            "CSAFPID-51",
            "CSAFPID-52",
            "CSAFPID-53",
            "CSAFPID-54",
            "CSAFPID-55",
            "CSAFPID-56",
            "CSAFPID-57",
            "CSAFPID-58",
            "CSAFPID-59",
            "CSAFPID-60",
            "CSAFPID-61",
            "CSAFPID-62",
            "CSAFPID-63",
            "CSAFPID-64",
            "CSAFPID-65",
            "CSAFPID-66",
            "CSAFPID-67",
            "CSAFPID-68",
            "CSAFPID-69",
            "CSAFPID-70",
            "CSAFPID-71",
            "CSAFPID-72",
            "CSAFPID-73",
            "CSAFPID-74",
            "CSAFPID-75",
            "CSAFPID-76",
            "CSAFPID-77",
            "CSAFPID-78",
            "CSAFPID-79",
            "CSAFPID-80",
            "CSAFPID-81",
            "CSAFPID-82",
            "CSAFPID-83",
            "CSAFPID-84",
            "CSAFPID-85",
            "CSAFPID-86",
            "CSAFPID-87",
            "CSAFPID-88",
            "CSAFPID-89",
            "CSAFPID-90",
            "CSAFPID-91",
            "CSAFPID-92",
            "CSAFPID-93",
            "CSAFPID-94",
            "CSAFPID-95",
            "CSAFPID-96",
            "CSAFPID-97",
            "CSAFPID-98",
            "CSAFPID-99",
            "CSAFPID-100",
            "CSAFPID-101",
            "CSAFPID-102",
            "CSAFPID-103",
            "CSAFPID-104",
            "CSAFPID-105",
            "CSAFPID-106",
            "CSAFPID-107",
            "CSAFPID-108",
            "CSAFPID-109",
            "CSAFPID-110",
            "CSAFPID-111",
            "CSAFPID-112",
            "CSAFPID-113",
            "CSAFPID-114",
            "CSAFPID-115",
            "CSAFPID-116",
            "CSAFPID-117",
            "CSAFPID-118",
            "CSAFPID-119",
            "CSAFPID-120",
            "CSAFPID-121",
            "CSAFPID-122",
            "CSAFPID-123",
            "CSAFPID-124",
            "CSAFPID-125",
            "CSAFPID-126"
          ]
        }
      ],
      "title": "CVE-2024-30171"
    },
    {
      "cve": "CVE-2024-30172",
      "cwe": {
        "id": "CWE-835",
        "name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)"
      },
      "notes": [
        {
          "category": "other",
          "text": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)",
          "title": "CWE-835"
        },
        {
          "category": "other",
          "text": "Improper Input Validation",
          "title": "CWE-20"
        },
        {
          "category": "description",
          "text": "Multiple vulnerabilities across Oracle Utilities Application Framework, WebLogic Server, and Business Intelligence Enterprise Edition, as well as Bouncy Castle libraries, allow unauthenticated attackers to induce denial of service, with CVSS scores of 7.5 for Oracle products.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18",
          "CSAFPID-19",
          "CSAFPID-20",
          "CSAFPID-21",
          "CSAFPID-22",
          "CSAFPID-23",
          "CSAFPID-24",
          "CSAFPID-25",
          "CSAFPID-26",
          "CSAFPID-27",
          "CSAFPID-28",
          "CSAFPID-29",
          "CSAFPID-30",
          "CSAFPID-31",
          "CSAFPID-32",
          "CSAFPID-33",
          "CSAFPID-34",
          "CSAFPID-35",
          "CSAFPID-36",
          "CSAFPID-37",
          "CSAFPID-38",
          "CSAFPID-39",
          "CSAFPID-40",
          "CSAFPID-41",
          "CSAFPID-42",
          "CSAFPID-43",
          "CSAFPID-44",
          "CSAFPID-45",
          "CSAFPID-46",
          "CSAFPID-47",
          "CSAFPID-48",
          "CSAFPID-49",
          "CSAFPID-50",
          "CSAFPID-51",
          "CSAFPID-52",
          "CSAFPID-53",
          "CSAFPID-54",
          "CSAFPID-55",
          "CSAFPID-56",
          "CSAFPID-57",
          "CSAFPID-58",
          "CSAFPID-59",
          "CSAFPID-60",
          "CSAFPID-61",
          "CSAFPID-62",
          "CSAFPID-63",
          "CSAFPID-64",
          "CSAFPID-65",
          "CSAFPID-66",
          "CSAFPID-67",
          "CSAFPID-68",
          "CSAFPID-69",
          "CSAFPID-70",
          "CSAFPID-71",
          "CSAFPID-72",
          "CSAFPID-73",
          "CSAFPID-74",
          "CSAFPID-75",
          "CSAFPID-76",
          "CSAFPID-77",
          "CSAFPID-78",
          "CSAFPID-79",
          "CSAFPID-80",
          "CSAFPID-81",
          "CSAFPID-82",
          "CSAFPID-83",
          "CSAFPID-84",
          "CSAFPID-85",
          "CSAFPID-86",
          "CSAFPID-87",
          "CSAFPID-88",
          "CSAFPID-89",
          "CSAFPID-90",
          "CSAFPID-91",
          "CSAFPID-92",
          "CSAFPID-93",
          "CSAFPID-94",
          "CSAFPID-95",
          "CSAFPID-96",
          "CSAFPID-97",
          "CSAFPID-98",
          "CSAFPID-99",
          "CSAFPID-100",
          "CSAFPID-101",
          "CSAFPID-102",
          "CSAFPID-103",
          "CSAFPID-104",
          "CSAFPID-105",
          "CSAFPID-106",
          "CSAFPID-107",
          "CSAFPID-108",
          "CSAFPID-109",
          "CSAFPID-110",
          "CSAFPID-111",
          "CSAFPID-112",
          "CSAFPID-113",
          "CSAFPID-114",
          "CSAFPID-115",
          "CSAFPID-116",
          "CSAFPID-117",
          "CSAFPID-118",
          "CSAFPID-119",
          "CSAFPID-120",
          "CSAFPID-121",
          "CSAFPID-122",
          "CSAFPID-123",
          "CSAFPID-124",
          "CSAFPID-125",
          "CSAFPID-126"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-30172 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2024/cve-2024-30172.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18",
            "CSAFPID-19",
            "CSAFPID-20",
            "CSAFPID-21",
            "CSAFPID-22",
            "CSAFPID-23",
            "CSAFPID-24",
            "CSAFPID-25",
            "CSAFPID-26",
            "CSAFPID-27",
            "CSAFPID-28",
            "CSAFPID-29",
            "CSAFPID-30",
            "CSAFPID-31",
            "CSAFPID-32",
            "CSAFPID-33",
            "CSAFPID-34",
            "CSAFPID-35",
            "CSAFPID-36",
            "CSAFPID-37",
            "CSAFPID-38",
            "CSAFPID-39",
            "CSAFPID-40",
            "CSAFPID-41",
            "CSAFPID-42",
            "CSAFPID-43",
            "CSAFPID-44",
            "CSAFPID-45",
            "CSAFPID-46",
            "CSAFPID-47",
            "CSAFPID-48",
            "CSAFPID-49",
            "CSAFPID-50",
            "CSAFPID-51",
            "CSAFPID-52",
            "CSAFPID-53",
            "CSAFPID-54",
            "CSAFPID-55",
            "CSAFPID-56",
            "CSAFPID-57",
            "CSAFPID-58",
            "CSAFPID-59",
            "CSAFPID-60",
            "CSAFPID-61",
            "CSAFPID-62",
            "CSAFPID-63",
            "CSAFPID-64",
            "CSAFPID-65",
            "CSAFPID-66",
            "CSAFPID-67",
            "CSAFPID-68",
            "CSAFPID-69",
            "CSAFPID-70",
            "CSAFPID-71",
            "CSAFPID-72",
            "CSAFPID-73",
            "CSAFPID-74",
            "CSAFPID-75",
            "CSAFPID-76",
            "CSAFPID-77",
            "CSAFPID-78",
            "CSAFPID-79",
            "CSAFPID-80",
            "CSAFPID-81",
            "CSAFPID-82",
            "CSAFPID-83",
            "CSAFPID-84",
            "CSAFPID-85",
            "CSAFPID-86",
            "CSAFPID-87",
            "CSAFPID-88",
            "CSAFPID-89",
            "CSAFPID-90",
            "CSAFPID-91",
            "CSAFPID-92",
            "CSAFPID-93",
            "CSAFPID-94",
            "CSAFPID-95",
            "CSAFPID-96",
            "CSAFPID-97",
            "CSAFPID-98",
            "CSAFPID-99",
            "CSAFPID-100",
            "CSAFPID-101",
            "CSAFPID-102",
            "CSAFPID-103",
            "CSAFPID-104",
            "CSAFPID-105",
            "CSAFPID-106",
            "CSAFPID-107",
            "CSAFPID-108",
            "CSAFPID-109",
            "CSAFPID-110",
            "CSAFPID-111",
            "CSAFPID-112",
            "CSAFPID-113",
            "CSAFPID-114",
            "CSAFPID-115",
            "CSAFPID-116",
            "CSAFPID-117",
            "CSAFPID-118",
            "CSAFPID-119",
            "CSAFPID-120",
            "CSAFPID-121",
            "CSAFPID-122",
            "CSAFPID-123",
            "CSAFPID-124",
            "CSAFPID-125",
            "CSAFPID-126"
          ]
        }
      ],
      "title": "CVE-2024-30172"
    },
    {
      "cve": "CVE-2024-41996",
      "cwe": {
        "id": "CWE-295",
        "name": "Improper Certificate Validation"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Certificate Validation",
          "title": "CWE-295"
        },
        {
          "category": "description",
          "text": "A vulnerability in the Diffie-Hellman Key Agreement Protocol in OpenSSL allows remote attackers to cause excessive server-side computational load by exploiting public key order validation with approved safe primes, addressed in updates fixing CVE-2023-50782 and CVE-2024-41996.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18",
          "CSAFPID-19",
          "CSAFPID-20",
          "CSAFPID-21",
          "CSAFPID-22",
          "CSAFPID-23",
          "CSAFPID-24",
          "CSAFPID-25",
          "CSAFPID-26",
          "CSAFPID-27",
          "CSAFPID-28",
          "CSAFPID-29",
          "CSAFPID-30",
          "CSAFPID-31",
          "CSAFPID-32",
          "CSAFPID-33",
          "CSAFPID-34",
          "CSAFPID-35",
          "CSAFPID-36",
          "CSAFPID-37",
          "CSAFPID-38",
          "CSAFPID-39",
          "CSAFPID-40",
          "CSAFPID-41",
          "CSAFPID-42",
          "CSAFPID-43",
          "CSAFPID-44",
          "CSAFPID-45",
          "CSAFPID-46",
          "CSAFPID-47",
          "CSAFPID-48",
          "CSAFPID-49",
          "CSAFPID-50",
          "CSAFPID-51",
          "CSAFPID-52",
          "CSAFPID-53",
          "CSAFPID-54",
          "CSAFPID-55",
          "CSAFPID-56",
          "CSAFPID-57",
          "CSAFPID-58",
          "CSAFPID-59",
          "CSAFPID-60",
          "CSAFPID-61",
          "CSAFPID-62",
          "CSAFPID-63",
          "CSAFPID-64",
          "CSAFPID-65",
          "CSAFPID-66",
          "CSAFPID-67",
          "CSAFPID-68",
          "CSAFPID-69",
          "CSAFPID-70",
          "CSAFPID-71",
          "CSAFPID-72",
          "CSAFPID-73",
          "CSAFPID-74",
          "CSAFPID-75",
          "CSAFPID-76",
          "CSAFPID-77",
          "CSAFPID-78",
          "CSAFPID-79",
          "CSAFPID-80",
          "CSAFPID-81",
          "CSAFPID-82",
          "CSAFPID-83",
          "CSAFPID-84",
          "CSAFPID-85",
          "CSAFPID-86",
          "CSAFPID-87",
          "CSAFPID-88",
          "CSAFPID-89",
          "CSAFPID-90",
          "CSAFPID-91",
          "CSAFPID-92",
          "CSAFPID-93",
          "CSAFPID-94",
          "CSAFPID-95",
          "CSAFPID-96",
          "CSAFPID-97",
          "CSAFPID-98",
          "CSAFPID-99",
          "CSAFPID-100",
          "CSAFPID-101",
          "CSAFPID-102",
          "CSAFPID-103",
          "CSAFPID-104",
          "CSAFPID-105",
          "CSAFPID-106",
          "CSAFPID-107",
          "CSAFPID-108",
          "CSAFPID-109",
          "CSAFPID-110",
          "CSAFPID-111",
          "CSAFPID-112",
          "CSAFPID-113",
          "CSAFPID-114",
          "CSAFPID-115",
          "CSAFPID-116",
          "CSAFPID-117",
          "CSAFPID-118",
          "CSAFPID-119",
          "CSAFPID-120",
          "CSAFPID-121",
          "CSAFPID-122",
          "CSAFPID-123",
          "CSAFPID-124",
          "CSAFPID-125",
          "CSAFPID-126"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-41996 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2024/cve-2024-41996.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18",
            "CSAFPID-19",
            "CSAFPID-20",
            "CSAFPID-21",
            "CSAFPID-22",
            "CSAFPID-23",
            "CSAFPID-24",
            "CSAFPID-25",
            "CSAFPID-26",
            "CSAFPID-27",
            "CSAFPID-28",
            "CSAFPID-29",
            "CSAFPID-30",
            "CSAFPID-31",
            "CSAFPID-32",
            "CSAFPID-33",
            "CSAFPID-34",
            "CSAFPID-35",
            "CSAFPID-36",
            "CSAFPID-37",
            "CSAFPID-38",
            "CSAFPID-39",
            "CSAFPID-40",
            "CSAFPID-41",
            "CSAFPID-42",
            "CSAFPID-43",
            "CSAFPID-44",
            "CSAFPID-45",
            "CSAFPID-46",
            "CSAFPID-47",
            "CSAFPID-48",
            "CSAFPID-49",
            "CSAFPID-50",
            "CSAFPID-51",
            "CSAFPID-52",
            "CSAFPID-53",
            "CSAFPID-54",
            "CSAFPID-55",
            "CSAFPID-56",
            "CSAFPID-57",
            "CSAFPID-58",
            "CSAFPID-59",
            "CSAFPID-60",
            "CSAFPID-61",
            "CSAFPID-62",
            "CSAFPID-63",
            "CSAFPID-64",
            "CSAFPID-65",
            "CSAFPID-66",
            "CSAFPID-67",
            "CSAFPID-68",
            "CSAFPID-69",
            "CSAFPID-70",
            "CSAFPID-71",
            "CSAFPID-72",
            "CSAFPID-73",
            "CSAFPID-74",
            "CSAFPID-75",
            "CSAFPID-76",
            "CSAFPID-77",
            "CSAFPID-78",
            "CSAFPID-79",
            "CSAFPID-80",
            "CSAFPID-81",
            "CSAFPID-82",
            "CSAFPID-83",
            "CSAFPID-84",
            "CSAFPID-85",
            "CSAFPID-86",
            "CSAFPID-87",
            "CSAFPID-88",
            "CSAFPID-89",
            "CSAFPID-90",
            "CSAFPID-91",
            "CSAFPID-92",
            "CSAFPID-93",
            "CSAFPID-94",
            "CSAFPID-95",
            "CSAFPID-96",
            "CSAFPID-97",
            "CSAFPID-98",
            "CSAFPID-99",
            "CSAFPID-100",
            "CSAFPID-101",
            "CSAFPID-102",
            "CSAFPID-103",
            "CSAFPID-104",
            "CSAFPID-105",
            "CSAFPID-106",
            "CSAFPID-107",
            "CSAFPID-108",
            "CSAFPID-109",
            "CSAFPID-110",
            "CSAFPID-111",
            "CSAFPID-112",
            "CSAFPID-113",
            "CSAFPID-114",
            "CSAFPID-115",
            "CSAFPID-116",
            "CSAFPID-117",
            "CSAFPID-118",
            "CSAFPID-119",
            "CSAFPID-120",
            "CSAFPID-121",
            "CSAFPID-122",
            "CSAFPID-123",
            "CSAFPID-124",
            "CSAFPID-125",
            "CSAFPID-126"
          ]
        }
      ],
      "title": "CVE-2024-41996"
    },
    {
      "cve": "CVE-2025-6965",
      "cwe": {
        "id": "CWE-197",
        "name": "Numeric Truncation Error"
      },
      "notes": [
        {
          "category": "other",
          "text": "Numeric Truncation Error",
          "title": "CWE-197"
        },
        {
          "category": "description",
          "text": "Critical vulnerabilities in Oracle Communications Cloud Native Core Unified Data Repository and Oracle Siebel CRM Cloud Applications allow unauthenticated attackers full system compromise, while multiple SQLite-related flaws affect various products including NetApp and Apple software, causing memory corruption and integer truncation issues.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:L/VI:H/VA:L/SC:L/SI:H/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:N/R:U/V:D/RE:L/U:Green",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18",
          "CSAFPID-19",
          "CSAFPID-20",
          "CSAFPID-21",
          "CSAFPID-22",
          "CSAFPID-23",
          "CSAFPID-24",
          "CSAFPID-25",
          "CSAFPID-26",
          "CSAFPID-27",
          "CSAFPID-28",
          "CSAFPID-29",
          "CSAFPID-30",
          "CSAFPID-31",
          "CSAFPID-32",
          "CSAFPID-33",
          "CSAFPID-34",
          "CSAFPID-35",
          "CSAFPID-36",
          "CSAFPID-37",
          "CSAFPID-38",
          "CSAFPID-39",
          "CSAFPID-40",
          "CSAFPID-41",
          "CSAFPID-42",
          "CSAFPID-43",
          "CSAFPID-44",
          "CSAFPID-45",
          "CSAFPID-46",
          "CSAFPID-47",
          "CSAFPID-48",
          "CSAFPID-49",
          "CSAFPID-50",
          "CSAFPID-51",
          "CSAFPID-52",
          "CSAFPID-53",
          "CSAFPID-54",
          "CSAFPID-55",
          "CSAFPID-56",
          "CSAFPID-57",
          "CSAFPID-58",
          "CSAFPID-59",
          "CSAFPID-60",
          "CSAFPID-61",
          "CSAFPID-62",
          "CSAFPID-63",
          "CSAFPID-64",
          "CSAFPID-65",
          "CSAFPID-66",
          "CSAFPID-67",
          "CSAFPID-68",
          "CSAFPID-69",
          "CSAFPID-70",
          "CSAFPID-71",
          "CSAFPID-72",
          "CSAFPID-73",
          "CSAFPID-74",
          "CSAFPID-75",
          "CSAFPID-76",
          "CSAFPID-77",
          "CSAFPID-78",
          "CSAFPID-79",
          "CSAFPID-80",
          "CSAFPID-81",
          "CSAFPID-82",
          "CSAFPID-83",
          "CSAFPID-84",
          "CSAFPID-85",
          "CSAFPID-86",
          "CSAFPID-87",
          "CSAFPID-88",
          "CSAFPID-89",
          "CSAFPID-90",
          "CSAFPID-91",
          "CSAFPID-92",
          "CSAFPID-93",
          "CSAFPID-94",
          "CSAFPID-95",
          "CSAFPID-96",
          "CSAFPID-97",
          "CSAFPID-98",
          "CSAFPID-99",
          "CSAFPID-100",
          "CSAFPID-101",
          "CSAFPID-102",
          "CSAFPID-103",
          "CSAFPID-104",
          "CSAFPID-105",
          "CSAFPID-106",
          "CSAFPID-107",
          "CSAFPID-108",
          "CSAFPID-109",
          "CSAFPID-110",
          "CSAFPID-111",
          "CSAFPID-112",
          "CSAFPID-113",
          "CSAFPID-114",
          "CSAFPID-115",
          "CSAFPID-116",
          "CSAFPID-117",
          "CSAFPID-118",
          "CSAFPID-119",
          "CSAFPID-120",
          "CSAFPID-121",
          "CSAFPID-122",
          "CSAFPID-123",
          "CSAFPID-124",
          "CSAFPID-125",
          "CSAFPID-126"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-6965 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-6965.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18",
            "CSAFPID-19",
            "CSAFPID-20",
            "CSAFPID-21",
            "CSAFPID-22",
            "CSAFPID-23",
            "CSAFPID-24",
            "CSAFPID-25",
            "CSAFPID-26",
            "CSAFPID-27",
            "CSAFPID-28",
            "CSAFPID-29",
            "CSAFPID-30",
            "CSAFPID-31",
            "CSAFPID-32",
            "CSAFPID-33",
            "CSAFPID-34",
            "CSAFPID-35",
            "CSAFPID-36",
            "CSAFPID-37",
            "CSAFPID-38",
            "CSAFPID-39",
            "CSAFPID-40",
            "CSAFPID-41",
            "CSAFPID-42",
            "CSAFPID-43",
            "CSAFPID-44",
            "CSAFPID-45",
            "CSAFPID-46",
            "CSAFPID-47",
            "CSAFPID-48",
            "CSAFPID-49",
            "CSAFPID-50",
            "CSAFPID-51",
            "CSAFPID-52",
            "CSAFPID-53",
            "CSAFPID-54",
            "CSAFPID-55",
            "CSAFPID-56",
            "CSAFPID-57",
            "CSAFPID-58",
            "CSAFPID-59",
            "CSAFPID-60",
            "CSAFPID-61",
            "CSAFPID-62",
            "CSAFPID-63",
            "CSAFPID-64",
            "CSAFPID-65",
            "CSAFPID-66",
            "CSAFPID-67",
            "CSAFPID-68",
            "CSAFPID-69",
            "CSAFPID-70",
            "CSAFPID-71",
            "CSAFPID-72",
            "CSAFPID-73",
            "CSAFPID-74",
            "CSAFPID-75",
            "CSAFPID-76",
            "CSAFPID-77",
            "CSAFPID-78",
            "CSAFPID-79",
            "CSAFPID-80",
            "CSAFPID-81",
            "CSAFPID-82",
            "CSAFPID-83",
            "CSAFPID-84",
            "CSAFPID-85",
            "CSAFPID-86",
            "CSAFPID-87",
            "CSAFPID-88",
            "CSAFPID-89",
            "CSAFPID-90",
            "CSAFPID-91",
            "CSAFPID-92",
            "CSAFPID-93",
            "CSAFPID-94",
            "CSAFPID-95",
            "CSAFPID-96",
            "CSAFPID-97",
            "CSAFPID-98",
            "CSAFPID-99",
            "CSAFPID-100",
            "CSAFPID-101",
            "CSAFPID-102",
            "CSAFPID-103",
            "CSAFPID-104",
            "CSAFPID-105",
            "CSAFPID-106",
            "CSAFPID-107",
            "CSAFPID-108",
            "CSAFPID-109",
            "CSAFPID-110",
            "CSAFPID-111",
            "CSAFPID-112",
            "CSAFPID-113",
            "CSAFPID-114",
            "CSAFPID-115",
            "CSAFPID-116",
            "CSAFPID-117",
            "CSAFPID-118",
            "CSAFPID-119",
            "CSAFPID-120",
            "CSAFPID-121",
            "CSAFPID-122",
            "CSAFPID-123",
            "CSAFPID-124",
            "CSAFPID-125",
            "CSAFPID-126"
          ]
        }
      ],
      "title": "CVE-2025-6965"
    },
    {
      "cve": "CVE-2025-7783",
      "cwe": {
        "id": "CWE-330",
        "name": "Use of Insufficiently Random Values"
      },
      "notes": [
        {
          "category": "other",
          "text": "Use of Insufficiently Random Values",
          "title": "CWE-330"
        },
        {
          "category": "description",
          "text": "The form-data library\u0027s use of predictable random number generation for boundary values poses security risks, while vulnerabilities in HPE products allow for Remote Code Execution and Local Authentication Bypass.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18",
          "CSAFPID-19",
          "CSAFPID-20",
          "CSAFPID-21",
          "CSAFPID-22",
          "CSAFPID-23",
          "CSAFPID-24",
          "CSAFPID-25",
          "CSAFPID-26",
          "CSAFPID-27",
          "CSAFPID-28",
          "CSAFPID-29",
          "CSAFPID-30",
          "CSAFPID-31",
          "CSAFPID-32",
          "CSAFPID-33",
          "CSAFPID-34",
          "CSAFPID-35",
          "CSAFPID-36",
          "CSAFPID-37",
          "CSAFPID-38",
          "CSAFPID-39",
          "CSAFPID-40",
          "CSAFPID-41",
          "CSAFPID-42",
          "CSAFPID-43",
          "CSAFPID-44",
          "CSAFPID-45",
          "CSAFPID-46",
          "CSAFPID-47",
          "CSAFPID-48",
          "CSAFPID-49",
          "CSAFPID-50",
          "CSAFPID-51",
          "CSAFPID-52",
          "CSAFPID-53",
          "CSAFPID-54",
          "CSAFPID-55",
          "CSAFPID-56",
          "CSAFPID-57",
          "CSAFPID-58",
          "CSAFPID-59",
          "CSAFPID-60",
          "CSAFPID-61",
          "CSAFPID-62",
          "CSAFPID-63",
          "CSAFPID-64",
          "CSAFPID-65",
          "CSAFPID-66",
          "CSAFPID-67",
          "CSAFPID-68",
          "CSAFPID-69",
          "CSAFPID-70",
          "CSAFPID-71",
          "CSAFPID-72",
          "CSAFPID-73",
          "CSAFPID-74",
          "CSAFPID-75",
          "CSAFPID-76",
          "CSAFPID-77",
          "CSAFPID-78",
          "CSAFPID-79",
          "CSAFPID-80",
          "CSAFPID-81",
          "CSAFPID-82",
          "CSAFPID-83",
          "CSAFPID-84",
          "CSAFPID-85",
          "CSAFPID-86",
          "CSAFPID-87",
          "CSAFPID-88",
          "CSAFPID-89",
          "CSAFPID-90",
          "CSAFPID-91",
          "CSAFPID-92",
          "CSAFPID-93",
          "CSAFPID-94",
          "CSAFPID-95",
          "CSAFPID-96",
          "CSAFPID-97",
          "CSAFPID-98",
          "CSAFPID-99",
          "CSAFPID-100",
          "CSAFPID-101",
          "CSAFPID-102",
          "CSAFPID-103",
          "CSAFPID-104",
          "CSAFPID-105",
          "CSAFPID-106",
          "CSAFPID-107",
          "CSAFPID-108",
          "CSAFPID-109",
          "CSAFPID-110",
          "CSAFPID-111",
          "CSAFPID-112",
          "CSAFPID-113",
          "CSAFPID-114",
          "CSAFPID-115",
          "CSAFPID-116",
          "CSAFPID-117",
          "CSAFPID-118",
          "CSAFPID-119",
          "CSAFPID-120",
          "CSAFPID-121",
          "CSAFPID-122",
          "CSAFPID-123",
          "CSAFPID-124",
          "CSAFPID-125",
          "CSAFPID-126"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-7783 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-7783.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.1,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18",
            "CSAFPID-19",
            "CSAFPID-20",
            "CSAFPID-21",
            "CSAFPID-22",
            "CSAFPID-23",
            "CSAFPID-24",
            "CSAFPID-25",
            "CSAFPID-26",
            "CSAFPID-27",
            "CSAFPID-28",
            "CSAFPID-29",
            "CSAFPID-30",
            "CSAFPID-31",
            "CSAFPID-32",
            "CSAFPID-33",
            "CSAFPID-34",
            "CSAFPID-35",
            "CSAFPID-36",
            "CSAFPID-37",
            "CSAFPID-38",
            "CSAFPID-39",
            "CSAFPID-40",
            "CSAFPID-41",
            "CSAFPID-42",
            "CSAFPID-43",
            "CSAFPID-44",
            "CSAFPID-45",
            "CSAFPID-46",
            "CSAFPID-47",
            "CSAFPID-48",
            "CSAFPID-49",
            "CSAFPID-50",
            "CSAFPID-51",
            "CSAFPID-52",
            "CSAFPID-53",
            "CSAFPID-54",
            "CSAFPID-55",
            "CSAFPID-56",
            "CSAFPID-57",
            "CSAFPID-58",
            "CSAFPID-59",
            "CSAFPID-60",
            "CSAFPID-61",
            "CSAFPID-62",
            "CSAFPID-63",
            "CSAFPID-64",
            "CSAFPID-65",
            "CSAFPID-66",
            "CSAFPID-67",
            "CSAFPID-68",
            "CSAFPID-69",
            "CSAFPID-70",
            "CSAFPID-71",
            "CSAFPID-72",
            "CSAFPID-73",
            "CSAFPID-74",
            "CSAFPID-75",
            "CSAFPID-76",
            "CSAFPID-77",
            "CSAFPID-78",
            "CSAFPID-79",
            "CSAFPID-80",
            "CSAFPID-81",
            "CSAFPID-82",
            "CSAFPID-83",
            "CSAFPID-84",
            "CSAFPID-85",
            "CSAFPID-86",
            "CSAFPID-87",
            "CSAFPID-88",
            "CSAFPID-89",
            "CSAFPID-90",
            "CSAFPID-91",
            "CSAFPID-92",
            "CSAFPID-93",
            "CSAFPID-94",
            "CSAFPID-95",
            "CSAFPID-96",
            "CSAFPID-97",
            "CSAFPID-98",
            "CSAFPID-99",
            "CSAFPID-100",
            "CSAFPID-101",
            "CSAFPID-102",
            "CSAFPID-103",
            "CSAFPID-104",
            "CSAFPID-105",
            "CSAFPID-106",
            "CSAFPID-107",
            "CSAFPID-108",
            "CSAFPID-109",
            "CSAFPID-110",
            "CSAFPID-111",
            "CSAFPID-112",
            "CSAFPID-113",
            "CSAFPID-114",
            "CSAFPID-115",
            "CSAFPID-116",
            "CSAFPID-117",
            "CSAFPID-118",
            "CSAFPID-119",
            "CSAFPID-120",
            "CSAFPID-121",
            "CSAFPID-122",
            "CSAFPID-123",
            "CSAFPID-124",
            "CSAFPID-125",
            "CSAFPID-126"
          ]
        }
      ],
      "title": "CVE-2025-7783"
    },
    {
      "cve": "CVE-2025-9230",
      "cwe": {
        "id": "CWE-125",
        "name": "Out-of-bounds Read"
      },
      "notes": [
        {
          "category": "other",
          "text": "Out-of-bounds Read",
          "title": "CWE-125"
        },
        {
          "category": "other",
          "text": "Out-of-bounds Write",
          "title": "CWE-787"
        },
        {
          "category": "description",
          "text": "Multiple OpenSSL versions have an out-of-bounds read/write vulnerability in RFC 3211 KEK unwrap related to password-based CMS decryption, with moderate severity due to low exploit likelihood, affecting products including NetApp, Oracle, and SAP components.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18",
          "CSAFPID-19",
          "CSAFPID-20",
          "CSAFPID-21",
          "CSAFPID-22",
          "CSAFPID-23",
          "CSAFPID-24",
          "CSAFPID-25",
          "CSAFPID-26",
          "CSAFPID-27",
          "CSAFPID-28",
          "CSAFPID-29",
          "CSAFPID-30",
          "CSAFPID-31",
          "CSAFPID-32",
          "CSAFPID-33",
          "CSAFPID-34",
          "CSAFPID-35",
          "CSAFPID-36",
          "CSAFPID-37",
          "CSAFPID-38",
          "CSAFPID-39",
          "CSAFPID-40",
          "CSAFPID-41",
          "CSAFPID-42",
          "CSAFPID-43",
          "CSAFPID-44",
          "CSAFPID-45",
          "CSAFPID-46",
          "CSAFPID-47",
          "CSAFPID-48",
          "CSAFPID-49",
          "CSAFPID-50",
          "CSAFPID-51",
          "CSAFPID-52",
          "CSAFPID-53",
          "CSAFPID-54",
          "CSAFPID-55",
          "CSAFPID-56",
          "CSAFPID-57",
          "CSAFPID-58",
          "CSAFPID-59",
          "CSAFPID-60",
          "CSAFPID-61",
          "CSAFPID-62",
          "CSAFPID-63",
          "CSAFPID-64",
          "CSAFPID-65",
          "CSAFPID-66",
          "CSAFPID-67",
          "CSAFPID-68",
          "CSAFPID-69",
          "CSAFPID-70",
          "CSAFPID-71",
          "CSAFPID-72",
          "CSAFPID-73",
          "CSAFPID-74",
          "CSAFPID-75",
          "CSAFPID-76",
          "CSAFPID-77",
          "CSAFPID-78",
          "CSAFPID-79",
          "CSAFPID-80",
          "CSAFPID-81",
          "CSAFPID-82",
          "CSAFPID-83",
          "CSAFPID-84",
          "CSAFPID-85",
          "CSAFPID-86",
          "CSAFPID-87",
          "CSAFPID-88",
          "CSAFPID-89",
          "CSAFPID-90",
          "CSAFPID-91",
          "CSAFPID-92",
          "CSAFPID-93",
          "CSAFPID-94",
          "CSAFPID-95",
          "CSAFPID-96",
          "CSAFPID-97",
          "CSAFPID-98",
          "CSAFPID-99",
          "CSAFPID-100",
          "CSAFPID-101",
          "CSAFPID-102",
          "CSAFPID-103",
          "CSAFPID-104",
          "CSAFPID-105",
          "CSAFPID-106",
          "CSAFPID-107",
          "CSAFPID-108",
          "CSAFPID-109",
          "CSAFPID-110",
          "CSAFPID-111",
          "CSAFPID-112",
          "CSAFPID-113",
          "CSAFPID-114",
          "CSAFPID-115",
          "CSAFPID-116",
          "CSAFPID-117",
          "CSAFPID-118",
          "CSAFPID-119",
          "CSAFPID-120",
          "CSAFPID-121",
          "CSAFPID-122",
          "CSAFPID-123",
          "CSAFPID-124",
          "CSAFPID-125",
          "CSAFPID-126"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-9230 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-9230.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18",
            "CSAFPID-19",
            "CSAFPID-20",
            "CSAFPID-21",
            "CSAFPID-22",
            "CSAFPID-23",
            "CSAFPID-24",
            "CSAFPID-25",
            "CSAFPID-26",
            "CSAFPID-27",
            "CSAFPID-28",
            "CSAFPID-29",
            "CSAFPID-30",
            "CSAFPID-31",
            "CSAFPID-32",
            "CSAFPID-33",
            "CSAFPID-34",
            "CSAFPID-35",
            "CSAFPID-36",
            "CSAFPID-37",
            "CSAFPID-38",
            "CSAFPID-39",
            "CSAFPID-40",
            "CSAFPID-41",
            "CSAFPID-42",
            "CSAFPID-43",
            "CSAFPID-44",
            "CSAFPID-45",
            "CSAFPID-46",
            "CSAFPID-47",
            "CSAFPID-48",
            "CSAFPID-49",
            "CSAFPID-50",
            "CSAFPID-51",
            "CSAFPID-52",
            "CSAFPID-53",
            "CSAFPID-54",
            "CSAFPID-55",
            "CSAFPID-56",
            "CSAFPID-57",
            "CSAFPID-58",
            "CSAFPID-59",
            "CSAFPID-60",
            "CSAFPID-61",
            "CSAFPID-62",
            "CSAFPID-63",
            "CSAFPID-64",
            "CSAFPID-65",
            "CSAFPID-66",
            "CSAFPID-67",
            "CSAFPID-68",
            "CSAFPID-69",
            "CSAFPID-70",
            "CSAFPID-71",
            "CSAFPID-72",
            "CSAFPID-73",
            "CSAFPID-74",
            "CSAFPID-75",
            "CSAFPID-76",
            "CSAFPID-77",
            "CSAFPID-78",
            "CSAFPID-79",
            "CSAFPID-80",
            "CSAFPID-81",
            "CSAFPID-82",
            "CSAFPID-83",
            "CSAFPID-84",
            "CSAFPID-85",
            "CSAFPID-86",
            "CSAFPID-87",
            "CSAFPID-88",
            "CSAFPID-89",
            "CSAFPID-90",
            "CSAFPID-91",
            "CSAFPID-92",
            "CSAFPID-93",
            "CSAFPID-94",
            "CSAFPID-95",
            "CSAFPID-96",
            "CSAFPID-97",
            "CSAFPID-98",
            "CSAFPID-99",
            "CSAFPID-100",
            "CSAFPID-101",
            "CSAFPID-102",
            "CSAFPID-103",
            "CSAFPID-104",
            "CSAFPID-105",
            "CSAFPID-106",
            "CSAFPID-107",
            "CSAFPID-108",
            "CSAFPID-109",
            "CSAFPID-110",
            "CSAFPID-111",
            "CSAFPID-112",
            "CSAFPID-113",
            "CSAFPID-114",
            "CSAFPID-115",
            "CSAFPID-116",
            "CSAFPID-117",
            "CSAFPID-118",
            "CSAFPID-119",
            "CSAFPID-120",
            "CSAFPID-121",
            "CSAFPID-122",
            "CSAFPID-123",
            "CSAFPID-124",
            "CSAFPID-125",
            "CSAFPID-126"
          ]
        }
      ],
      "title": "CVE-2025-9230"
    },
    {
      "cve": "CVE-2025-9232",
      "cwe": {
        "id": "CWE-125",
        "name": "Out-of-bounds Read"
      },
      "notes": [
        {
          "category": "other",
          "text": "Out-of-bounds Read",
          "title": "CWE-125"
        },
        {
          "category": "description",
          "text": "A low-severity out-of-bounds read vulnerability in OpenSSL HTTP client API occurs when the \u0027no_proxy\u0027 environment variable is set and the HTTP URL contains an IPv6 address, causing denial of service via application crash in multiple products including Oracle PeopleSoft and NetApp devices.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18",
          "CSAFPID-19",
          "CSAFPID-20",
          "CSAFPID-21",
          "CSAFPID-22",
          "CSAFPID-23",
          "CSAFPID-24",
          "CSAFPID-25",
          "CSAFPID-26",
          "CSAFPID-27",
          "CSAFPID-28",
          "CSAFPID-29",
          "CSAFPID-30",
          "CSAFPID-31",
          "CSAFPID-32",
          "CSAFPID-33",
          "CSAFPID-34",
          "CSAFPID-35",
          "CSAFPID-36",
          "CSAFPID-37",
          "CSAFPID-38",
          "CSAFPID-39",
          "CSAFPID-40",
          "CSAFPID-41",
          "CSAFPID-42",
          "CSAFPID-43",
          "CSAFPID-44",
          "CSAFPID-45",
          "CSAFPID-46",
          "CSAFPID-47",
          "CSAFPID-48",
          "CSAFPID-49",
          "CSAFPID-50",
          "CSAFPID-51",
          "CSAFPID-52",
          "CSAFPID-53",
          "CSAFPID-54",
          "CSAFPID-55",
          "CSAFPID-56",
          "CSAFPID-57",
          "CSAFPID-58",
          "CSAFPID-59",
          "CSAFPID-60",
          "CSAFPID-61",
          "CSAFPID-62",
          "CSAFPID-63",
          "CSAFPID-64",
          "CSAFPID-65",
          "CSAFPID-66",
          "CSAFPID-67",
          "CSAFPID-68",
          "CSAFPID-69",
          "CSAFPID-70",
          "CSAFPID-71",
          "CSAFPID-72",
          "CSAFPID-73",
          "CSAFPID-74",
          "CSAFPID-75",
          "CSAFPID-76",
          "CSAFPID-77",
          "CSAFPID-78",
          "CSAFPID-79",
          "CSAFPID-80",
          "CSAFPID-81",
          "CSAFPID-82",
          "CSAFPID-83",
          "CSAFPID-84",
          "CSAFPID-85",
          "CSAFPID-86",
          "CSAFPID-87",
          "CSAFPID-88",
          "CSAFPID-89",
          "CSAFPID-90",
          "CSAFPID-91",
          "CSAFPID-92",
          "CSAFPID-93",
          "CSAFPID-94",
          "CSAFPID-95",
          "CSAFPID-96",
          "CSAFPID-97",
          "CSAFPID-98",
          "CSAFPID-99",
          "CSAFPID-100",
          "CSAFPID-101",
          "CSAFPID-102",
          "CSAFPID-103",
          "CSAFPID-104",
          "CSAFPID-105",
          "CSAFPID-106",
          "CSAFPID-107",
          "CSAFPID-108",
          "CSAFPID-109",
          "CSAFPID-110",
          "CSAFPID-111",
          "CSAFPID-112",
          "CSAFPID-113",
          "CSAFPID-114",
          "CSAFPID-115",
          "CSAFPID-116",
          "CSAFPID-117",
          "CSAFPID-118",
          "CSAFPID-119",
          "CSAFPID-120",
          "CSAFPID-121",
          "CSAFPID-122",
          "CSAFPID-123",
          "CSAFPID-124",
          "CSAFPID-125",
          "CSAFPID-126"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-9232 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-9232.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18",
            "CSAFPID-19",
            "CSAFPID-20",
            "CSAFPID-21",
            "CSAFPID-22",
            "CSAFPID-23",
            "CSAFPID-24",
            "CSAFPID-25",
            "CSAFPID-26",
            "CSAFPID-27",
            "CSAFPID-28",
            "CSAFPID-29",
            "CSAFPID-30",
            "CSAFPID-31",
            "CSAFPID-32",
            "CSAFPID-33",
            "CSAFPID-34",
            "CSAFPID-35",
            "CSAFPID-36",
            "CSAFPID-37",
            "CSAFPID-38",
            "CSAFPID-39",
            "CSAFPID-40",
            "CSAFPID-41",
            "CSAFPID-42",
            "CSAFPID-43",
            "CSAFPID-44",
            "CSAFPID-45",
            "CSAFPID-46",
            "CSAFPID-47",
            "CSAFPID-48",
            "CSAFPID-49",
            "CSAFPID-50",
            "CSAFPID-51",
            "CSAFPID-52",
            "CSAFPID-53",
            "CSAFPID-54",
            "CSAFPID-55",
            "CSAFPID-56",
            "CSAFPID-57",
            "CSAFPID-58",
            "CSAFPID-59",
            "CSAFPID-60",
            "CSAFPID-61",
            "CSAFPID-62",
            "CSAFPID-63",
            "CSAFPID-64",
            "CSAFPID-65",
            "CSAFPID-66",
            "CSAFPID-67",
            "CSAFPID-68",
            "CSAFPID-69",
            "CSAFPID-70",
            "CSAFPID-71",
            "CSAFPID-72",
            "CSAFPID-73",
            "CSAFPID-74",
            "CSAFPID-75",
            "CSAFPID-76",
            "CSAFPID-77",
            "CSAFPID-78",
            "CSAFPID-79",
            "CSAFPID-80",
            "CSAFPID-81",
            "CSAFPID-82",
            "CSAFPID-83",
            "CSAFPID-84",
            "CSAFPID-85",
            "CSAFPID-86",
            "CSAFPID-87",
            "CSAFPID-88",
            "CSAFPID-89",
            "CSAFPID-90",
            "CSAFPID-91",
            "CSAFPID-92",
            "CSAFPID-93",
            "CSAFPID-94",
            "CSAFPID-95",
            "CSAFPID-96",
            "CSAFPID-97",
            "CSAFPID-98",
            "CSAFPID-99",
            "CSAFPID-100",
            "CSAFPID-101",
            "CSAFPID-102",
            "CSAFPID-103",
            "CSAFPID-104",
            "CSAFPID-105",
            "CSAFPID-106",
            "CSAFPID-107",
            "CSAFPID-108",
            "CSAFPID-109",
            "CSAFPID-110",
            "CSAFPID-111",
            "CSAFPID-112",
            "CSAFPID-113",
            "CSAFPID-114",
            "CSAFPID-115",
            "CSAFPID-116",
            "CSAFPID-117",
            "CSAFPID-118",
            "CSAFPID-119",
            "CSAFPID-120",
            "CSAFPID-121",
            "CSAFPID-122",
            "CSAFPID-123",
            "CSAFPID-124",
            "CSAFPID-125",
            "CSAFPID-126"
          ]
        }
      ],
      "title": "CVE-2025-9232"
    },
    {
      "cve": "CVE-2025-9670",
      "cwe": {
        "id": "CWE-1333",
        "name": "Inefficient Regular Expression Complexity"
      },
      "notes": [
        {
          "category": "other",
          "text": "Inefficient Regular Expression Complexity",
          "title": "CWE-1333"
        },
        {
          "category": "other",
          "text": "Uncontrolled Resource Consumption",
          "title": "CWE-400"
        },
        {
          "category": "description",
          "text": "A security vulnerability in mixmark-io turndown up to version 7.2.1 allows remote attackers to exploit inefficient regular expression complexity in src/commonmark-rules.js, with a public exploit available.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18",
          "CSAFPID-19",
          "CSAFPID-20",
          "CSAFPID-21",
          "CSAFPID-22",
          "CSAFPID-23",
          "CSAFPID-24",
          "CSAFPID-25",
          "CSAFPID-26",
          "CSAFPID-27",
          "CSAFPID-28",
          "CSAFPID-29",
          "CSAFPID-30",
          "CSAFPID-31",
          "CSAFPID-32",
          "CSAFPID-33",
          "CSAFPID-34",
          "CSAFPID-35",
          "CSAFPID-36",
          "CSAFPID-37",
          "CSAFPID-38",
          "CSAFPID-39",
          "CSAFPID-40",
          "CSAFPID-41",
          "CSAFPID-42",
          "CSAFPID-43",
          "CSAFPID-44",
          "CSAFPID-45",
          "CSAFPID-46",
          "CSAFPID-47",
          "CSAFPID-48",
          "CSAFPID-49",
          "CSAFPID-50",
          "CSAFPID-51",
          "CSAFPID-52",
          "CSAFPID-53",
          "CSAFPID-54",
          "CSAFPID-55",
          "CSAFPID-56",
          "CSAFPID-57",
          "CSAFPID-58",
          "CSAFPID-59",
          "CSAFPID-60",
          "CSAFPID-61",
          "CSAFPID-62",
          "CSAFPID-63",
          "CSAFPID-64",
          "CSAFPID-65",
          "CSAFPID-66",
          "CSAFPID-67",
          "CSAFPID-68",
          "CSAFPID-69",
          "CSAFPID-70",
          "CSAFPID-71",
          "CSAFPID-72",
          "CSAFPID-73",
          "CSAFPID-74",
          "CSAFPID-75",
          "CSAFPID-76",
          "CSAFPID-77",
          "CSAFPID-78",
          "CSAFPID-79",
          "CSAFPID-80",
          "CSAFPID-81",
          "CSAFPID-82",
          "CSAFPID-83",
          "CSAFPID-84",
          "CSAFPID-85",
          "CSAFPID-86",
          "CSAFPID-87",
          "CSAFPID-88",
          "CSAFPID-89",
          "CSAFPID-90",
          "CSAFPID-91",
          "CSAFPID-92",
          "CSAFPID-93",
          "CSAFPID-94",
          "CSAFPID-95",
          "CSAFPID-96",
          "CSAFPID-97",
          "CSAFPID-98",
          "CSAFPID-99",
          "CSAFPID-100",
          "CSAFPID-101",
          "CSAFPID-102",
          "CSAFPID-103",
          "CSAFPID-104",
          "CSAFPID-105",
          "CSAFPID-106",
          "CSAFPID-107",
          "CSAFPID-108",
          "CSAFPID-109",
          "CSAFPID-110",
          "CSAFPID-111",
          "CSAFPID-112",
          "CSAFPID-113",
          "CSAFPID-114",
          "CSAFPID-115",
          "CSAFPID-116",
          "CSAFPID-117",
          "CSAFPID-118",
          "CSAFPID-119",
          "CSAFPID-120",
          "CSAFPID-121",
          "CSAFPID-122",
          "CSAFPID-123",
          "CSAFPID-124",
          "CSAFPID-125",
          "CSAFPID-126"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-9670 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-9670.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18",
            "CSAFPID-19",
            "CSAFPID-20",
            "CSAFPID-21",
            "CSAFPID-22",
            "CSAFPID-23",
            "CSAFPID-24",
            "CSAFPID-25",
            "CSAFPID-26",
            "CSAFPID-27",
            "CSAFPID-28",
            "CSAFPID-29",
            "CSAFPID-30",
            "CSAFPID-31",
            "CSAFPID-32",
            "CSAFPID-33",
            "CSAFPID-34",
            "CSAFPID-35",
            "CSAFPID-36",
            "CSAFPID-37",
            "CSAFPID-38",
            "CSAFPID-39",
            "CSAFPID-40",
            "CSAFPID-41",
            "CSAFPID-42",
            "CSAFPID-43",
            "CSAFPID-44",
            "CSAFPID-45",
            "CSAFPID-46",
            "CSAFPID-47",
            "CSAFPID-48",
            "CSAFPID-49",
            "CSAFPID-50",
            "CSAFPID-51",
            "CSAFPID-52",
            "CSAFPID-53",
            "CSAFPID-54",
            "CSAFPID-55",
            "CSAFPID-56",
            "CSAFPID-57",
            "CSAFPID-58",
            "CSAFPID-59",
            "CSAFPID-60",
            "CSAFPID-61",
            "CSAFPID-62",
            "CSAFPID-63",
            "CSAFPID-64",
            "CSAFPID-65",
            "CSAFPID-66",
            "CSAFPID-67",
            "CSAFPID-68",
            "CSAFPID-69",
            "CSAFPID-70",
            "CSAFPID-71",
            "CSAFPID-72",
            "CSAFPID-73",
            "CSAFPID-74",
            "CSAFPID-75",
            "CSAFPID-76",
            "CSAFPID-77",
            "CSAFPID-78",
            "CSAFPID-79",
            "CSAFPID-80",
            "CSAFPID-81",
            "CSAFPID-82",
            "CSAFPID-83",
            "CSAFPID-84",
            "CSAFPID-85",
            "CSAFPID-86",
            "CSAFPID-87",
            "CSAFPID-88",
            "CSAFPID-89",
            "CSAFPID-90",
            "CSAFPID-91",
            "CSAFPID-92",
            "CSAFPID-93",
            "CSAFPID-94",
            "CSAFPID-95",
            "CSAFPID-96",
            "CSAFPID-97",
            "CSAFPID-98",
            "CSAFPID-99",
            "CSAFPID-100",
            "CSAFPID-101",
            "CSAFPID-102",
            "CSAFPID-103",
            "CSAFPID-104",
            "CSAFPID-105",
            "CSAFPID-106",
            "CSAFPID-107",
            "CSAFPID-108",
            "CSAFPID-109",
            "CSAFPID-110",
            "CSAFPID-111",
            "CSAFPID-112",
            "CSAFPID-113",
            "CSAFPID-114",
            "CSAFPID-115",
            "CSAFPID-116",
            "CSAFPID-117",
            "CSAFPID-118",
            "CSAFPID-119",
            "CSAFPID-120",
            "CSAFPID-121",
            "CSAFPID-122",
            "CSAFPID-123",
            "CSAFPID-124",
            "CSAFPID-125",
            "CSAFPID-126"
          ]
        }
      ],
      "title": "CVE-2025-9670"
    },
    {
      "cve": "CVE-2025-12816",
      "cwe": {
        "id": "CWE-436",
        "name": "Interpretation Conflict"
      },
      "notes": [
        {
          "category": "other",
          "text": "Interpretation Conflict",
          "title": "CWE-436"
        },
        {
          "category": "other",
          "text": "Incorrect Behavior Order: Early Validation",
          "title": "CWE-179"
        },
        {
          "category": "description",
          "text": "This update addresses multiple golang exporter upgrades, fixes critical CVE-2025-12816 in Prometheus related to ASN.1 validation bypass in node-forge \u22641.3.1, and includes various bug fixes and optimizations across components like grafana, spacecmd, and uyuni-tools.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18",
          "CSAFPID-19",
          "CSAFPID-20",
          "CSAFPID-21",
          "CSAFPID-22",
          "CSAFPID-23",
          "CSAFPID-24",
          "CSAFPID-25",
          "CSAFPID-26",
          "CSAFPID-27",
          "CSAFPID-28",
          "CSAFPID-29",
          "CSAFPID-30",
          "CSAFPID-31",
          "CSAFPID-32",
          "CSAFPID-33",
          "CSAFPID-34",
          "CSAFPID-35",
          "CSAFPID-36",
          "CSAFPID-37",
          "CSAFPID-38",
          "CSAFPID-39",
          "CSAFPID-40",
          "CSAFPID-41",
          "CSAFPID-42",
          "CSAFPID-43",
          "CSAFPID-44",
          "CSAFPID-45",
          "CSAFPID-46",
          "CSAFPID-47",
          "CSAFPID-48",
          "CSAFPID-49",
          "CSAFPID-50",
          "CSAFPID-51",
          "CSAFPID-52",
          "CSAFPID-53",
          "CSAFPID-54",
          "CSAFPID-55",
          "CSAFPID-56",
          "CSAFPID-57",
          "CSAFPID-58",
          "CSAFPID-59",
          "CSAFPID-60",
          "CSAFPID-61",
          "CSAFPID-62",
          "CSAFPID-63",
          "CSAFPID-64",
          "CSAFPID-65",
          "CSAFPID-66",
          "CSAFPID-67",
          "CSAFPID-68",
          "CSAFPID-69",
          "CSAFPID-70",
          "CSAFPID-71",
          "CSAFPID-72",
          "CSAFPID-73",
          "CSAFPID-74",
          "CSAFPID-75",
          "CSAFPID-76",
          "CSAFPID-77",
          "CSAFPID-78",
          "CSAFPID-79",
          "CSAFPID-80",
          "CSAFPID-81",
          "CSAFPID-82",
          "CSAFPID-83",
          "CSAFPID-84",
          "CSAFPID-85",
          "CSAFPID-86",
          "CSAFPID-87",
          "CSAFPID-88",
          "CSAFPID-89",
          "CSAFPID-90",
          "CSAFPID-91",
          "CSAFPID-92",
          "CSAFPID-93",
          "CSAFPID-94",
          "CSAFPID-95",
          "CSAFPID-96",
          "CSAFPID-97",
          "CSAFPID-98",
          "CSAFPID-99",
          "CSAFPID-100",
          "CSAFPID-101",
          "CSAFPID-102",
          "CSAFPID-103",
          "CSAFPID-104",
          "CSAFPID-105",
          "CSAFPID-106",
          "CSAFPID-107",
          "CSAFPID-108",
          "CSAFPID-109",
          "CSAFPID-110",
          "CSAFPID-111",
          "CSAFPID-112",
          "CSAFPID-113",
          "CSAFPID-114",
          "CSAFPID-115",
          "CSAFPID-116",
          "CSAFPID-117",
          "CSAFPID-118",
          "CSAFPID-119",
          "CSAFPID-120",
          "CSAFPID-121",
          "CSAFPID-122",
          "CSAFPID-123",
          "CSAFPID-124",
          "CSAFPID-125",
          "CSAFPID-126"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-12816 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-12816.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.7,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18",
            "CSAFPID-19",
            "CSAFPID-20",
            "CSAFPID-21",
            "CSAFPID-22",
            "CSAFPID-23",
            "CSAFPID-24",
            "CSAFPID-25",
            "CSAFPID-26",
            "CSAFPID-27",
            "CSAFPID-28",
            "CSAFPID-29",
            "CSAFPID-30",
            "CSAFPID-31",
            "CSAFPID-32",
            "CSAFPID-33",
            "CSAFPID-34",
            "CSAFPID-35",
            "CSAFPID-36",
            "CSAFPID-37",
            "CSAFPID-38",
            "CSAFPID-39",
            "CSAFPID-40",
            "CSAFPID-41",
            "CSAFPID-42",
            "CSAFPID-43",
            "CSAFPID-44",
            "CSAFPID-45",
            "CSAFPID-46",
            "CSAFPID-47",
            "CSAFPID-48",
            "CSAFPID-49",
            "CSAFPID-50",
            "CSAFPID-51",
            "CSAFPID-52",
            "CSAFPID-53",
            "CSAFPID-54",
            "CSAFPID-55",
            "CSAFPID-56",
            "CSAFPID-57",
            "CSAFPID-58",
            "CSAFPID-59",
            "CSAFPID-60",
            "CSAFPID-61",
            "CSAFPID-62",
            "CSAFPID-63",
            "CSAFPID-64",
            "CSAFPID-65",
            "CSAFPID-66",
            "CSAFPID-67",
            "CSAFPID-68",
            "CSAFPID-69",
            "CSAFPID-70",
            "CSAFPID-71",
            "CSAFPID-72",
            "CSAFPID-73",
            "CSAFPID-74",
            "CSAFPID-75",
            "CSAFPID-76",
            "CSAFPID-77",
            "CSAFPID-78",
            "CSAFPID-79",
            "CSAFPID-80",
            "CSAFPID-81",
            "CSAFPID-82",
            "CSAFPID-83",
            "CSAFPID-84",
            "CSAFPID-85",
            "CSAFPID-86",
            "CSAFPID-87",
            "CSAFPID-88",
            "CSAFPID-89",
            "CSAFPID-90",
            "CSAFPID-91",
            "CSAFPID-92",
            "CSAFPID-93",
            "CSAFPID-94",
            "CSAFPID-95",
            "CSAFPID-96",
            "CSAFPID-97",
            "CSAFPID-98",
            "CSAFPID-99",
            "CSAFPID-100",
            "CSAFPID-101",
            "CSAFPID-102",
            "CSAFPID-103",
            "CSAFPID-104",
            "CSAFPID-105",
            "CSAFPID-106",
            "CSAFPID-107",
            "CSAFPID-108",
            "CSAFPID-109",
            "CSAFPID-110",
            "CSAFPID-111",
            "CSAFPID-112",
            "CSAFPID-113",
            "CSAFPID-114",
            "CSAFPID-115",
            "CSAFPID-116",
            "CSAFPID-117",
            "CSAFPID-118",
            "CSAFPID-119",
            "CSAFPID-120",
            "CSAFPID-121",
            "CSAFPID-122",
            "CSAFPID-123",
            "CSAFPID-124",
            "CSAFPID-125",
            "CSAFPID-126"
          ]
        }
      ],
      "title": "CVE-2025-12816"
    },
    {
      "cve": "CVE-2025-15284",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Input Validation",
          "title": "CWE-20"
        },
        {
          "category": "other",
          "text": "Allocation of Resources Without Limits or Throttling",
          "title": "CWE-770"
        },
        {
          "category": "other",
          "text": "CWE-1035",
          "title": "CWE-1035"
        },
        {
          "category": "other",
          "text": "CWE-937",
          "title": "CWE-937"
        },
        {
          "category": "description",
          "text": "The qs library\u0027s `arrayLimit` option fails to enforce limits on bracket notation arrays, enabling denial-of-service attacks via memory exhaustion by parsing large arrays from user input.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18",
          "CSAFPID-19",
          "CSAFPID-20",
          "CSAFPID-21",
          "CSAFPID-22",
          "CSAFPID-23",
          "CSAFPID-24",
          "CSAFPID-25",
          "CSAFPID-26",
          "CSAFPID-27",
          "CSAFPID-28",
          "CSAFPID-29",
          "CSAFPID-30",
          "CSAFPID-31",
          "CSAFPID-32",
          "CSAFPID-33",
          "CSAFPID-34",
          "CSAFPID-35",
          "CSAFPID-36",
          "CSAFPID-37",
          "CSAFPID-38",
          "CSAFPID-39",
          "CSAFPID-40",
          "CSAFPID-41",
          "CSAFPID-42",
          "CSAFPID-43",
          "CSAFPID-44",
          "CSAFPID-45",
          "CSAFPID-46",
          "CSAFPID-47",
          "CSAFPID-48",
          "CSAFPID-49",
          "CSAFPID-50",
          "CSAFPID-51",
          "CSAFPID-52",
          "CSAFPID-53",
          "CSAFPID-54",
          "CSAFPID-55",
          "CSAFPID-56",
          "CSAFPID-57",
          "CSAFPID-58",
          "CSAFPID-59",
          "CSAFPID-60",
          "CSAFPID-61",
          "CSAFPID-62",
          "CSAFPID-63",
          "CSAFPID-64",
          "CSAFPID-65",
          "CSAFPID-66",
          "CSAFPID-67",
          "CSAFPID-68",
          "CSAFPID-69",
          "CSAFPID-70",
          "CSAFPID-71",
          "CSAFPID-72",
          "CSAFPID-73",
          "CSAFPID-74",
          "CSAFPID-75",
          "CSAFPID-76",
          "CSAFPID-77",
          "CSAFPID-78",
          "CSAFPID-79",
          "CSAFPID-80",
          "CSAFPID-81",
          "CSAFPID-82",
          "CSAFPID-83",
          "CSAFPID-84",
          "CSAFPID-85",
          "CSAFPID-86",
          "CSAFPID-87",
          "CSAFPID-88",
          "CSAFPID-89",
          "CSAFPID-90",
          "CSAFPID-91",
          "CSAFPID-92",
          "CSAFPID-93",
          "CSAFPID-94",
          "CSAFPID-95",
          "CSAFPID-96",
          "CSAFPID-97",
          "CSAFPID-98",
          "CSAFPID-99",
          "CSAFPID-100",
          "CSAFPID-101",
          "CSAFPID-102",
          "CSAFPID-103",
          "CSAFPID-104",
          "CSAFPID-105",
          "CSAFPID-106",
          "CSAFPID-107",
          "CSAFPID-108",
          "CSAFPID-109",
          "CSAFPID-110",
          "CSAFPID-111",
          "CSAFPID-112",
          "CSAFPID-113",
          "CSAFPID-114",
          "CSAFPID-115",
          "CSAFPID-116",
          "CSAFPID-117",
          "CSAFPID-118",
          "CSAFPID-119",
          "CSAFPID-120",
          "CSAFPID-121",
          "CSAFPID-122",
          "CSAFPID-123",
          "CSAFPID-124",
          "CSAFPID-125",
          "CSAFPID-126"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-15284 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-15284.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18",
            "CSAFPID-19",
            "CSAFPID-20",
            "CSAFPID-21",
            "CSAFPID-22",
            "CSAFPID-23",
            "CSAFPID-24",
            "CSAFPID-25",
            "CSAFPID-26",
            "CSAFPID-27",
            "CSAFPID-28",
            "CSAFPID-29",
            "CSAFPID-30",
            "CSAFPID-31",
            "CSAFPID-32",
            "CSAFPID-33",
            "CSAFPID-34",
            "CSAFPID-35",
            "CSAFPID-36",
            "CSAFPID-37",
            "CSAFPID-38",
            "CSAFPID-39",
            "CSAFPID-40",
            "CSAFPID-41",
            "CSAFPID-42",
            "CSAFPID-43",
            "CSAFPID-44",
            "CSAFPID-45",
            "CSAFPID-46",
            "CSAFPID-47",
            "CSAFPID-48",
            "CSAFPID-49",
            "CSAFPID-50",
            "CSAFPID-51",
            "CSAFPID-52",
            "CSAFPID-53",
            "CSAFPID-54",
            "CSAFPID-55",
            "CSAFPID-56",
            "CSAFPID-57",
            "CSAFPID-58",
            "CSAFPID-59",
            "CSAFPID-60",
            "CSAFPID-61",
            "CSAFPID-62",
            "CSAFPID-63",
            "CSAFPID-64",
            "CSAFPID-65",
            "CSAFPID-66",
            "CSAFPID-67",
            "CSAFPID-68",
            "CSAFPID-69",
            "CSAFPID-70",
            "CSAFPID-71",
            "CSAFPID-72",
            "CSAFPID-73",
            "CSAFPID-74",
            "CSAFPID-75",
            "CSAFPID-76",
            "CSAFPID-77",
            "CSAFPID-78",
            "CSAFPID-79",
            "CSAFPID-80",
            "CSAFPID-81",
            "CSAFPID-82",
            "CSAFPID-83",
            "CSAFPID-84",
            "CSAFPID-85",
            "CSAFPID-86",
            "CSAFPID-87",
            "CSAFPID-88",
            "CSAFPID-89",
            "CSAFPID-90",
            "CSAFPID-91",
            "CSAFPID-92",
            "CSAFPID-93",
            "CSAFPID-94",
            "CSAFPID-95",
            "CSAFPID-96",
            "CSAFPID-97",
            "CSAFPID-98",
            "CSAFPID-99",
            "CSAFPID-100",
            "CSAFPID-101",
            "CSAFPID-102",
            "CSAFPID-103",
            "CSAFPID-104",
            "CSAFPID-105",
            "CSAFPID-106",
            "CSAFPID-107",
            "CSAFPID-108",
            "CSAFPID-109",
            "CSAFPID-110",
            "CSAFPID-111",
            "CSAFPID-112",
            "CSAFPID-113",
            "CSAFPID-114",
            "CSAFPID-115",
            "CSAFPID-116",
            "CSAFPID-117",
            "CSAFPID-118",
            "CSAFPID-119",
            "CSAFPID-120",
            "CSAFPID-121",
            "CSAFPID-122",
            "CSAFPID-123",
            "CSAFPID-124",
            "CSAFPID-125",
            "CSAFPID-126"
          ]
        }
      ],
      "title": "CVE-2025-15284"
    },
    {
      "cve": "CVE-2025-27769",
      "cwe": {
        "id": "CWE-923",
        "name": "Improper Restriction of Communication Channel to Intended Endpoints"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Restriction of Communication Channel to Intended Endpoints",
          "title": "CWE-923"
        },
        {
          "category": "description",
          "text": "Affected devices exhibit improper access control, enabling attackers to potentially access unauthorized services via the charging cable interface.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18",
          "CSAFPID-19",
          "CSAFPID-20",
          "CSAFPID-21",
          "CSAFPID-22",
          "CSAFPID-23",
          "CSAFPID-24",
          "CSAFPID-25",
          "CSAFPID-26",
          "CSAFPID-27",
          "CSAFPID-28",
          "CSAFPID-29",
          "CSAFPID-30",
          "CSAFPID-31",
          "CSAFPID-32",
          "CSAFPID-33",
          "CSAFPID-34",
          "CSAFPID-35",
          "CSAFPID-36",
          "CSAFPID-37",
          "CSAFPID-38",
          "CSAFPID-39",
          "CSAFPID-40",
          "CSAFPID-41",
          "CSAFPID-42",
          "CSAFPID-43",
          "CSAFPID-44",
          "CSAFPID-45",
          "CSAFPID-46",
          "CSAFPID-47",
          "CSAFPID-48",
          "CSAFPID-49",
          "CSAFPID-50",
          "CSAFPID-51",
          "CSAFPID-52",
          "CSAFPID-53",
          "CSAFPID-54",
          "CSAFPID-55",
          "CSAFPID-56",
          "CSAFPID-57",
          "CSAFPID-58",
          "CSAFPID-59",
          "CSAFPID-60",
          "CSAFPID-61",
          "CSAFPID-62",
          "CSAFPID-63",
          "CSAFPID-64",
          "CSAFPID-65",
          "CSAFPID-66",
          "CSAFPID-67",
          "CSAFPID-68",
          "CSAFPID-69",
          "CSAFPID-70",
          "CSAFPID-71",
          "CSAFPID-72",
          "CSAFPID-73",
          "CSAFPID-74",
          "CSAFPID-75",
          "CSAFPID-76",
          "CSAFPID-77",
          "CSAFPID-78",
          "CSAFPID-79",
          "CSAFPID-80",
          "CSAFPID-81",
          "CSAFPID-82",
          "CSAFPID-83",
          "CSAFPID-84",
          "CSAFPID-85",
          "CSAFPID-86",
          "CSAFPID-87",
          "CSAFPID-88",
          "CSAFPID-89",
          "CSAFPID-90",
          "CSAFPID-91",
          "CSAFPID-92",
          "CSAFPID-93",
          "CSAFPID-94",
          "CSAFPID-95",
          "CSAFPID-96",
          "CSAFPID-97",
          "CSAFPID-98",
          "CSAFPID-99",
          "CSAFPID-100",
          "CSAFPID-101",
          "CSAFPID-102",
          "CSAFPID-103",
          "CSAFPID-104",
          "CSAFPID-105",
          "CSAFPID-106",
          "CSAFPID-107",
          "CSAFPID-108",
          "CSAFPID-109",
          "CSAFPID-110",
          "CSAFPID-111",
          "CSAFPID-112",
          "CSAFPID-113",
          "CSAFPID-114",
          "CSAFPID-115",
          "CSAFPID-116",
          "CSAFPID-117",
          "CSAFPID-118",
          "CSAFPID-119",
          "CSAFPID-120",
          "CSAFPID-121",
          "CSAFPID-122",
          "CSAFPID-123",
          "CSAFPID-124",
          "CSAFPID-125",
          "CSAFPID-126"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-27769 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-27769.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 2.6,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18",
            "CSAFPID-19",
            "CSAFPID-20",
            "CSAFPID-21",
            "CSAFPID-22",
            "CSAFPID-23",
            "CSAFPID-24",
            "CSAFPID-25",
            "CSAFPID-26",
            "CSAFPID-27",
            "CSAFPID-28",
            "CSAFPID-29",
            "CSAFPID-30",
            "CSAFPID-31",
            "CSAFPID-32",
            "CSAFPID-33",
            "CSAFPID-34",
            "CSAFPID-35",
            "CSAFPID-36",
            "CSAFPID-37",
            "CSAFPID-38",
            "CSAFPID-39",
            "CSAFPID-40",
            "CSAFPID-41",
            "CSAFPID-42",
            "CSAFPID-43",
            "CSAFPID-44",
            "CSAFPID-45",
            "CSAFPID-46",
            "CSAFPID-47",
            "CSAFPID-48",
            "CSAFPID-49",
            "CSAFPID-50",
            "CSAFPID-51",
            "CSAFPID-52",
            "CSAFPID-53",
            "CSAFPID-54",
            "CSAFPID-55",
            "CSAFPID-56",
            "CSAFPID-57",
            "CSAFPID-58",
            "CSAFPID-59",
            "CSAFPID-60",
            "CSAFPID-61",
            "CSAFPID-62",
            "CSAFPID-63",
            "CSAFPID-64",
            "CSAFPID-65",
            "CSAFPID-66",
            "CSAFPID-67",
            "CSAFPID-68",
            "CSAFPID-69",
            "CSAFPID-70",
            "CSAFPID-71",
            "CSAFPID-72",
            "CSAFPID-73",
            "CSAFPID-74",
            "CSAFPID-75",
            "CSAFPID-76",
            "CSAFPID-77",
            "CSAFPID-78",
            "CSAFPID-79",
            "CSAFPID-80",
            "CSAFPID-81",
            "CSAFPID-82",
            "CSAFPID-83",
            "CSAFPID-84",
            "CSAFPID-85",
            "CSAFPID-86",
            "CSAFPID-87",
            "CSAFPID-88",
            "CSAFPID-89",
            "CSAFPID-90",
            "CSAFPID-91",
            "CSAFPID-92",
            "CSAFPID-93",
            "CSAFPID-94",
            "CSAFPID-95",
            "CSAFPID-96",
            "CSAFPID-97",
            "CSAFPID-98",
            "CSAFPID-99",
            "CSAFPID-100",
            "CSAFPID-101",
            "CSAFPID-102",
            "CSAFPID-103",
            "CSAFPID-104",
            "CSAFPID-105",
            "CSAFPID-106",
            "CSAFPID-107",
            "CSAFPID-108",
            "CSAFPID-109",
            "CSAFPID-110",
            "CSAFPID-111",
            "CSAFPID-112",
            "CSAFPID-113",
            "CSAFPID-114",
            "CSAFPID-115",
            "CSAFPID-116",
            "CSAFPID-117",
            "CSAFPID-118",
            "CSAFPID-119",
            "CSAFPID-120",
            "CSAFPID-121",
            "CSAFPID-122",
            "CSAFPID-123",
            "CSAFPID-124",
            "CSAFPID-125",
            "CSAFPID-126"
          ]
        }
      ],
      "title": "CVE-2025-27769"
    },
    {
      "cve": "CVE-2025-40943",
      "cwe": {
        "id": "CWE-79",
        "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
          "title": "CWE-79"
        },
        {
          "category": "description",
          "text": "Certain devices contain a vulnerability where trace files are insufficiently sanitized, enabling attackers to execute code by deceiving users into importing malicious trace files.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18",
          "CSAFPID-19",
          "CSAFPID-20",
          "CSAFPID-21",
          "CSAFPID-22",
          "CSAFPID-23",
          "CSAFPID-24",
          "CSAFPID-25",
          "CSAFPID-26",
          "CSAFPID-27",
          "CSAFPID-28",
          "CSAFPID-29",
          "CSAFPID-30",
          "CSAFPID-31",
          "CSAFPID-32",
          "CSAFPID-33",
          "CSAFPID-34",
          "CSAFPID-35",
          "CSAFPID-36",
          "CSAFPID-37",
          "CSAFPID-38",
          "CSAFPID-39",
          "CSAFPID-40",
          "CSAFPID-41",
          "CSAFPID-42",
          "CSAFPID-43",
          "CSAFPID-44",
          "CSAFPID-45",
          "CSAFPID-46",
          "CSAFPID-47",
          "CSAFPID-48",
          "CSAFPID-49",
          "CSAFPID-50",
          "CSAFPID-51",
          "CSAFPID-52",
          "CSAFPID-53",
          "CSAFPID-54",
          "CSAFPID-55",
          "CSAFPID-56",
          "CSAFPID-57",
          "CSAFPID-58",
          "CSAFPID-59",
          "CSAFPID-60",
          "CSAFPID-61",
          "CSAFPID-62",
          "CSAFPID-63",
          "CSAFPID-64",
          "CSAFPID-65",
          "CSAFPID-66",
          "CSAFPID-67",
          "CSAFPID-68",
          "CSAFPID-69",
          "CSAFPID-70",
          "CSAFPID-71",
          "CSAFPID-72",
          "CSAFPID-73",
          "CSAFPID-74",
          "CSAFPID-75",
          "CSAFPID-76",
          "CSAFPID-77",
          "CSAFPID-78",
          "CSAFPID-79",
          "CSAFPID-80",
          "CSAFPID-81",
          "CSAFPID-82",
          "CSAFPID-83",
          "CSAFPID-84",
          "CSAFPID-85",
          "CSAFPID-86",
          "CSAFPID-87",
          "CSAFPID-88",
          "CSAFPID-89",
          "CSAFPID-90",
          "CSAFPID-91",
          "CSAFPID-92",
          "CSAFPID-93",
          "CSAFPID-94",
          "CSAFPID-95",
          "CSAFPID-96",
          "CSAFPID-97",
          "CSAFPID-98",
          "CSAFPID-99",
          "CSAFPID-100",
          "CSAFPID-101",
          "CSAFPID-102",
          "CSAFPID-103",
          "CSAFPID-104",
          "CSAFPID-105",
          "CSAFPID-106",
          "CSAFPID-107",
          "CSAFPID-108",
          "CSAFPID-109",
          "CSAFPID-110",
          "CSAFPID-111",
          "CSAFPID-112",
          "CSAFPID-113",
          "CSAFPID-114",
          "CSAFPID-115",
          "CSAFPID-116",
          "CSAFPID-117",
          "CSAFPID-118",
          "CSAFPID-119",
          "CSAFPID-120",
          "CSAFPID-121",
          "CSAFPID-122",
          "CSAFPID-123",
          "CSAFPID-124",
          "CSAFPID-125",
          "CSAFPID-126"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-40943 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-40943.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.6,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18",
            "CSAFPID-19",
            "CSAFPID-20",
            "CSAFPID-21",
            "CSAFPID-22",
            "CSAFPID-23",
            "CSAFPID-24",
            "CSAFPID-25",
            "CSAFPID-26",
            "CSAFPID-27",
            "CSAFPID-28",
            "CSAFPID-29",
            "CSAFPID-30",
            "CSAFPID-31",
            "CSAFPID-32",
            "CSAFPID-33",
            "CSAFPID-34",
            "CSAFPID-35",
            "CSAFPID-36",
            "CSAFPID-37",
            "CSAFPID-38",
            "CSAFPID-39",
            "CSAFPID-40",
            "CSAFPID-41",
            "CSAFPID-42",
            "CSAFPID-43",
            "CSAFPID-44",
            "CSAFPID-45",
            "CSAFPID-46",
            "CSAFPID-47",
            "CSAFPID-48",
            "CSAFPID-49",
            "CSAFPID-50",
            "CSAFPID-51",
            "CSAFPID-52",
            "CSAFPID-53",
            "CSAFPID-54",
            "CSAFPID-55",
            "CSAFPID-56",
            "CSAFPID-57",
            "CSAFPID-58",
            "CSAFPID-59",
            "CSAFPID-60",
            "CSAFPID-61",
            "CSAFPID-62",
            "CSAFPID-63",
            "CSAFPID-64",
            "CSAFPID-65",
            "CSAFPID-66",
            "CSAFPID-67",
            "CSAFPID-68",
            "CSAFPID-69",
            "CSAFPID-70",
            "CSAFPID-71",
            "CSAFPID-72",
            "CSAFPID-73",
            "CSAFPID-74",
            "CSAFPID-75",
            "CSAFPID-76",
            "CSAFPID-77",
            "CSAFPID-78",
            "CSAFPID-79",
            "CSAFPID-80",
            "CSAFPID-81",
            "CSAFPID-82",
            "CSAFPID-83",
            "CSAFPID-84",
            "CSAFPID-85",
            "CSAFPID-86",
            "CSAFPID-87",
            "CSAFPID-88",
            "CSAFPID-89",
            "CSAFPID-90",
            "CSAFPID-91",
            "CSAFPID-92",
            "CSAFPID-93",
            "CSAFPID-94",
            "CSAFPID-95",
            "CSAFPID-96",
            "CSAFPID-97",
            "CSAFPID-98",
            "CSAFPID-99",
            "CSAFPID-100",
            "CSAFPID-101",
            "CSAFPID-102",
            "CSAFPID-103",
            "CSAFPID-104",
            "CSAFPID-105",
            "CSAFPID-106",
            "CSAFPID-107",
            "CSAFPID-108",
            "CSAFPID-109",
            "CSAFPID-110",
            "CSAFPID-111",
            "CSAFPID-112",
            "CSAFPID-113",
            "CSAFPID-114",
            "CSAFPID-115",
            "CSAFPID-116",
            "CSAFPID-117",
            "CSAFPID-118",
            "CSAFPID-119",
            "CSAFPID-120",
            "CSAFPID-121",
            "CSAFPID-122",
            "CSAFPID-123",
            "CSAFPID-124",
            "CSAFPID-125",
            "CSAFPID-126"
          ]
        }
      ],
      "title": "CVE-2025-40943"
    },
    {
      "cve": "CVE-2025-55018",
      "cwe": {
        "id": "CWE-444",
        "name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
      },
      "notes": [
        {
          "category": "other",
          "text": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)",
          "title": "CWE-444"
        },
        {
          "category": "description",
          "text": "An HTTP request smuggling vulnerability in Fortinet FortiOS allows unauthenticated attackers to bypass firewall policies by sending specially crafted headers, potentially compromising security.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18",
          "CSAFPID-19",
          "CSAFPID-20",
          "CSAFPID-21",
          "CSAFPID-22",
          "CSAFPID-23",
          "CSAFPID-24",
          "CSAFPID-25",
          "CSAFPID-26",
          "CSAFPID-27",
          "CSAFPID-28",
          "CSAFPID-29",
          "CSAFPID-30",
          "CSAFPID-31",
          "CSAFPID-32",
          "CSAFPID-33",
          "CSAFPID-34",
          "CSAFPID-35",
          "CSAFPID-36",
          "CSAFPID-37",
          "CSAFPID-38",
          "CSAFPID-39",
          "CSAFPID-40",
          "CSAFPID-41",
          "CSAFPID-42",
          "CSAFPID-43",
          "CSAFPID-44",
          "CSAFPID-45",
          "CSAFPID-46",
          "CSAFPID-47",
          "CSAFPID-48",
          "CSAFPID-49",
          "CSAFPID-50",
          "CSAFPID-51",
          "CSAFPID-52",
          "CSAFPID-53",
          "CSAFPID-54",
          "CSAFPID-55",
          "CSAFPID-56",
          "CSAFPID-57",
          "CSAFPID-58",
          "CSAFPID-59",
          "CSAFPID-60",
          "CSAFPID-61",
          "CSAFPID-62",
          "CSAFPID-63",
          "CSAFPID-64",
          "CSAFPID-65",
          "CSAFPID-66",
          "CSAFPID-67",
          "CSAFPID-68",
          "CSAFPID-69",
          "CSAFPID-70",
          "CSAFPID-71",
          "CSAFPID-72",
          "CSAFPID-73",
          "CSAFPID-74",
          "CSAFPID-75",
          "CSAFPID-76",
          "CSAFPID-77",
          "CSAFPID-78",
          "CSAFPID-79",
          "CSAFPID-80",
          "CSAFPID-81",
          "CSAFPID-82",
          "CSAFPID-83",
          "CSAFPID-84",
          "CSAFPID-85",
          "CSAFPID-86",
          "CSAFPID-87",
          "CSAFPID-88",
          "CSAFPID-89",
          "CSAFPID-90",
          "CSAFPID-91",
          "CSAFPID-92",
          "CSAFPID-93",
          "CSAFPID-94",
          "CSAFPID-95",
          "CSAFPID-96",
          "CSAFPID-97",
          "CSAFPID-98",
          "CSAFPID-99",
          "CSAFPID-100",
          "CSAFPID-101",
          "CSAFPID-102",
          "CSAFPID-103",
          "CSAFPID-104",
          "CSAFPID-105",
          "CSAFPID-106",
          "CSAFPID-107",
          "CSAFPID-108",
          "CSAFPID-109",
          "CSAFPID-110",
          "CSAFPID-111",
          "CSAFPID-112",
          "CSAFPID-113",
          "CSAFPID-114",
          "CSAFPID-115",
          "CSAFPID-116",
          "CSAFPID-117",
          "CSAFPID-118",
          "CSAFPID-119",
          "CSAFPID-120",
          "CSAFPID-121",
          "CSAFPID-122",
          "CSAFPID-123",
          "CSAFPID-124",
          "CSAFPID-125",
          "CSAFPID-126"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-55018 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-55018.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.8,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18",
            "CSAFPID-19",
            "CSAFPID-20",
            "CSAFPID-21",
            "CSAFPID-22",
            "CSAFPID-23",
            "CSAFPID-24",
            "CSAFPID-25",
            "CSAFPID-26",
            "CSAFPID-27",
            "CSAFPID-28",
            "CSAFPID-29",
            "CSAFPID-30",
            "CSAFPID-31",
            "CSAFPID-32",
            "CSAFPID-33",
            "CSAFPID-34",
            "CSAFPID-35",
            "CSAFPID-36",
            "CSAFPID-37",
            "CSAFPID-38",
            "CSAFPID-39",
            "CSAFPID-40",
            "CSAFPID-41",
            "CSAFPID-42",
            "CSAFPID-43",
            "CSAFPID-44",
            "CSAFPID-45",
            "CSAFPID-46",
            "CSAFPID-47",
            "CSAFPID-48",
            "CSAFPID-49",
            "CSAFPID-50",
            "CSAFPID-51",
            "CSAFPID-52",
            "CSAFPID-53",
            "CSAFPID-54",
            "CSAFPID-55",
            "CSAFPID-56",
            "CSAFPID-57",
            "CSAFPID-58",
            "CSAFPID-59",
            "CSAFPID-60",
            "CSAFPID-61",
            "CSAFPID-62",
            "CSAFPID-63",
            "CSAFPID-64",
            "CSAFPID-65",
            "CSAFPID-66",
            "CSAFPID-67",
            "CSAFPID-68",
            "CSAFPID-69",
            "CSAFPID-70",
            "CSAFPID-71",
            "CSAFPID-72",
            "CSAFPID-73",
            "CSAFPID-74",
            "CSAFPID-75",
            "CSAFPID-76",
            "CSAFPID-77",
            "CSAFPID-78",
            "CSAFPID-79",
            "CSAFPID-80",
            "CSAFPID-81",
            "CSAFPID-82",
            "CSAFPID-83",
            "CSAFPID-84",
            "CSAFPID-85",
            "CSAFPID-86",
            "CSAFPID-87",
            "CSAFPID-88",
            "CSAFPID-89",
            "CSAFPID-90",
            "CSAFPID-91",
            "CSAFPID-92",
            "CSAFPID-93",
            "CSAFPID-94",
            "CSAFPID-95",
            "CSAFPID-96",
            "CSAFPID-97",
            "CSAFPID-98",
            "CSAFPID-99",
            "CSAFPID-100",
            "CSAFPID-101",
            "CSAFPID-102",
            "CSAFPID-103",
            "CSAFPID-104",
            "CSAFPID-105",
            "CSAFPID-106",
            "CSAFPID-107",
            "CSAFPID-108",
            "CSAFPID-109",
            "CSAFPID-110",
            "CSAFPID-111",
            "CSAFPID-112",
            "CSAFPID-113",
            "CSAFPID-114",
            "CSAFPID-115",
            "CSAFPID-116",
            "CSAFPID-117",
            "CSAFPID-118",
            "CSAFPID-119",
            "CSAFPID-120",
            "CSAFPID-121",
            "CSAFPID-122",
            "CSAFPID-123",
            "CSAFPID-124",
            "CSAFPID-125",
            "CSAFPID-126"
          ]
        }
      ],
      "title": "CVE-2025-55018"
    },
    {
      "cve": "CVE-2025-58751",
      "cwe": {
        "id": "CWE-200",
        "name": "Exposure of Sensitive Information to an Unauthorized Actor"
      },
      "notes": [
        {
          "category": "other",
          "text": "Exposure of Sensitive Information to an Unauthorized Actor",
          "title": "CWE-200"
        },
        {
          "category": "other",
          "text": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
          "title": "CWE-22"
        },
        {
          "category": "other",
          "text": "Improper Access Control",
          "title": "CWE-284"
        },
        {
          "category": "description",
          "text": "Certain Vite applications allowed files in the public directory to be served without following `server.fs` settings, particularly when exposed to the network, with specific versions addressing this issue.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18",
          "CSAFPID-19",
          "CSAFPID-20",
          "CSAFPID-21",
          "CSAFPID-22",
          "CSAFPID-23",
          "CSAFPID-24",
          "CSAFPID-25",
          "CSAFPID-26",
          "CSAFPID-27",
          "CSAFPID-28",
          "CSAFPID-29",
          "CSAFPID-30",
          "CSAFPID-31",
          "CSAFPID-32",
          "CSAFPID-33",
          "CSAFPID-34",
          "CSAFPID-35",
          "CSAFPID-36",
          "CSAFPID-37",
          "CSAFPID-38",
          "CSAFPID-39",
          "CSAFPID-40",
          "CSAFPID-41",
          "CSAFPID-42",
          "CSAFPID-43",
          "CSAFPID-44",
          "CSAFPID-45",
          "CSAFPID-46",
          "CSAFPID-47",
          "CSAFPID-48",
          "CSAFPID-49",
          "CSAFPID-50",
          "CSAFPID-51",
          "CSAFPID-52",
          "CSAFPID-53",
          "CSAFPID-54",
          "CSAFPID-55",
          "CSAFPID-56",
          "CSAFPID-57",
          "CSAFPID-58",
          "CSAFPID-59",
          "CSAFPID-60",
          "CSAFPID-61",
          "CSAFPID-62",
          "CSAFPID-63",
          "CSAFPID-64",
          "CSAFPID-65",
          "CSAFPID-66",
          "CSAFPID-67",
          "CSAFPID-68",
          "CSAFPID-69",
          "CSAFPID-70",
          "CSAFPID-71",
          "CSAFPID-72",
          "CSAFPID-73",
          "CSAFPID-74",
          "CSAFPID-75",
          "CSAFPID-76",
          "CSAFPID-77",
          "CSAFPID-78",
          "CSAFPID-79",
          "CSAFPID-80",
          "CSAFPID-81",
          "CSAFPID-82",
          "CSAFPID-83",
          "CSAFPID-84",
          "CSAFPID-85",
          "CSAFPID-86",
          "CSAFPID-87",
          "CSAFPID-88",
          "CSAFPID-89",
          "CSAFPID-90",
          "CSAFPID-91",
          "CSAFPID-92",
          "CSAFPID-93",
          "CSAFPID-94",
          "CSAFPID-95",
          "CSAFPID-96",
          "CSAFPID-97",
          "CSAFPID-98",
          "CSAFPID-99",
          "CSAFPID-100",
          "CSAFPID-101",
          "CSAFPID-102",
          "CSAFPID-103",
          "CSAFPID-104",
          "CSAFPID-105",
          "CSAFPID-106",
          "CSAFPID-107",
          "CSAFPID-108",
          "CSAFPID-109",
          "CSAFPID-110",
          "CSAFPID-111",
          "CSAFPID-112",
          "CSAFPID-113",
          "CSAFPID-114",
          "CSAFPID-115",
          "CSAFPID-116",
          "CSAFPID-117",
          "CSAFPID-118",
          "CSAFPID-119",
          "CSAFPID-120",
          "CSAFPID-121",
          "CSAFPID-122",
          "CSAFPID-123",
          "CSAFPID-124",
          "CSAFPID-125",
          "CSAFPID-126"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-58751 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-58751.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18",
            "CSAFPID-19",
            "CSAFPID-20",
            "CSAFPID-21",
            "CSAFPID-22",
            "CSAFPID-23",
            "CSAFPID-24",
            "CSAFPID-25",
            "CSAFPID-26",
            "CSAFPID-27",
            "CSAFPID-28",
            "CSAFPID-29",
            "CSAFPID-30",
            "CSAFPID-31",
            "CSAFPID-32",
            "CSAFPID-33",
            "CSAFPID-34",
            "CSAFPID-35",
            "CSAFPID-36",
            "CSAFPID-37",
            "CSAFPID-38",
            "CSAFPID-39",
            "CSAFPID-40",
            "CSAFPID-41",
            "CSAFPID-42",
            "CSAFPID-43",
            "CSAFPID-44",
            "CSAFPID-45",
            "CSAFPID-46",
            "CSAFPID-47",
            "CSAFPID-48",
            "CSAFPID-49",
            "CSAFPID-50",
            "CSAFPID-51",
            "CSAFPID-52",
            "CSAFPID-53",
            "CSAFPID-54",
            "CSAFPID-55",
            "CSAFPID-56",
            "CSAFPID-57",
            "CSAFPID-58",
            "CSAFPID-59",
            "CSAFPID-60",
            "CSAFPID-61",
            "CSAFPID-62",
            "CSAFPID-63",
            "CSAFPID-64",
            "CSAFPID-65",
            "CSAFPID-66",
            "CSAFPID-67",
            "CSAFPID-68",
            "CSAFPID-69",
            "CSAFPID-70",
            "CSAFPID-71",
            "CSAFPID-72",
            "CSAFPID-73",
            "CSAFPID-74",
            "CSAFPID-75",
            "CSAFPID-76",
            "CSAFPID-77",
            "CSAFPID-78",
            "CSAFPID-79",
            "CSAFPID-80",
            "CSAFPID-81",
            "CSAFPID-82",
            "CSAFPID-83",
            "CSAFPID-84",
            "CSAFPID-85",
            "CSAFPID-86",
            "CSAFPID-87",
            "CSAFPID-88",
            "CSAFPID-89",
            "CSAFPID-90",
            "CSAFPID-91",
            "CSAFPID-92",
            "CSAFPID-93",
            "CSAFPID-94",
            "CSAFPID-95",
            "CSAFPID-96",
            "CSAFPID-97",
            "CSAFPID-98",
            "CSAFPID-99",
            "CSAFPID-100",
            "CSAFPID-101",
            "CSAFPID-102",
            "CSAFPID-103",
            "CSAFPID-104",
            "CSAFPID-105",
            "CSAFPID-106",
            "CSAFPID-107",
            "CSAFPID-108",
            "CSAFPID-109",
            "CSAFPID-110",
            "CSAFPID-111",
            "CSAFPID-112",
            "CSAFPID-113",
            "CSAFPID-114",
            "CSAFPID-115",
            "CSAFPID-116",
            "CSAFPID-117",
            "CSAFPID-118",
            "CSAFPID-119",
            "CSAFPID-120",
            "CSAFPID-121",
            "CSAFPID-122",
            "CSAFPID-123",
            "CSAFPID-124",
            "CSAFPID-125",
            "CSAFPID-126"
          ]
        }
      ],
      "title": "CVE-2025-58751"
    },
    {
      "cve": "CVE-2025-58752",
      "cwe": {
        "id": "CWE-200",
        "name": "Exposure of Sensitive Information to an Unauthorized Actor"
      },
      "notes": [
        {
          "category": "other",
          "text": "Exposure of Sensitive Information to an Unauthorized Actor",
          "title": "CWE-200"
        },
        {
          "category": "other",
          "text": "Relative Path Traversal",
          "title": "CWE-23"
        },
        {
          "category": "other",
          "text": "Improper Access Control",
          "title": "CWE-284"
        },
        {
          "category": "description",
          "text": "Vite versions prior to 7.1.5, 7.0.7, 6.3.6, and 5.4.20 contained a low-severity vulnerability allowing unauthorized access to HTML files outside configured directories via path traversal when the dev or preview server was exposed and appType was \u0027spa\u0027 or \u0027mpa\u0027.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18",
          "CSAFPID-19",
          "CSAFPID-20",
          "CSAFPID-21",
          "CSAFPID-22",
          "CSAFPID-23",
          "CSAFPID-24",
          "CSAFPID-25",
          "CSAFPID-26",
          "CSAFPID-27",
          "CSAFPID-28",
          "CSAFPID-29",
          "CSAFPID-30",
          "CSAFPID-31",
          "CSAFPID-32",
          "CSAFPID-33",
          "CSAFPID-34",
          "CSAFPID-35",
          "CSAFPID-36",
          "CSAFPID-37",
          "CSAFPID-38",
          "CSAFPID-39",
          "CSAFPID-40",
          "CSAFPID-41",
          "CSAFPID-42",
          "CSAFPID-43",
          "CSAFPID-44",
          "CSAFPID-45",
          "CSAFPID-46",
          "CSAFPID-47",
          "CSAFPID-48",
          "CSAFPID-49",
          "CSAFPID-50",
          "CSAFPID-51",
          "CSAFPID-52",
          "CSAFPID-53",
          "CSAFPID-54",
          "CSAFPID-55",
          "CSAFPID-56",
          "CSAFPID-57",
          "CSAFPID-58",
          "CSAFPID-59",
          "CSAFPID-60",
          "CSAFPID-61",
          "CSAFPID-62",
          "CSAFPID-63",
          "CSAFPID-64",
          "CSAFPID-65",
          "CSAFPID-66",
          "CSAFPID-67",
          "CSAFPID-68",
          "CSAFPID-69",
          "CSAFPID-70",
          "CSAFPID-71",
          "CSAFPID-72",
          "CSAFPID-73",
          "CSAFPID-74",
          "CSAFPID-75",
          "CSAFPID-76",
          "CSAFPID-77",
          "CSAFPID-78",
          "CSAFPID-79",
          "CSAFPID-80",
          "CSAFPID-81",
          "CSAFPID-82",
          "CSAFPID-83",
          "CSAFPID-84",
          "CSAFPID-85",
          "CSAFPID-86",
          "CSAFPID-87",
          "CSAFPID-88",
          "CSAFPID-89",
          "CSAFPID-90",
          "CSAFPID-91",
          "CSAFPID-92",
          "CSAFPID-93",
          "CSAFPID-94",
          "CSAFPID-95",
          "CSAFPID-96",
          "CSAFPID-97",
          "CSAFPID-98",
          "CSAFPID-99",
          "CSAFPID-100",
          "CSAFPID-101",
          "CSAFPID-102",
          "CSAFPID-103",
          "CSAFPID-104",
          "CSAFPID-105",
          "CSAFPID-106",
          "CSAFPID-107",
          "CSAFPID-108",
          "CSAFPID-109",
          "CSAFPID-110",
          "CSAFPID-111",
          "CSAFPID-112",
          "CSAFPID-113",
          "CSAFPID-114",
          "CSAFPID-115",
          "CSAFPID-116",
          "CSAFPID-117",
          "CSAFPID-118",
          "CSAFPID-119",
          "CSAFPID-120",
          "CSAFPID-121",
          "CSAFPID-122",
          "CSAFPID-123",
          "CSAFPID-124",
          "CSAFPID-125",
          "CSAFPID-126"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-58752 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-58752.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18",
            "CSAFPID-19",
            "CSAFPID-20",
            "CSAFPID-21",
            "CSAFPID-22",
            "CSAFPID-23",
            "CSAFPID-24",
            "CSAFPID-25",
            "CSAFPID-26",
            "CSAFPID-27",
            "CSAFPID-28",
            "CSAFPID-29",
            "CSAFPID-30",
            "CSAFPID-31",
            "CSAFPID-32",
            "CSAFPID-33",
            "CSAFPID-34",
            "CSAFPID-35",
            "CSAFPID-36",
            "CSAFPID-37",
            "CSAFPID-38",
            "CSAFPID-39",
            "CSAFPID-40",
            "CSAFPID-41",
            "CSAFPID-42",
            "CSAFPID-43",
            "CSAFPID-44",
            "CSAFPID-45",
            "CSAFPID-46",
            "CSAFPID-47",
            "CSAFPID-48",
            "CSAFPID-49",
            "CSAFPID-50",
            "CSAFPID-51",
            "CSAFPID-52",
            "CSAFPID-53",
            "CSAFPID-54",
            "CSAFPID-55",
            "CSAFPID-56",
            "CSAFPID-57",
            "CSAFPID-58",
            "CSAFPID-59",
            "CSAFPID-60",
            "CSAFPID-61",
            "CSAFPID-62",
            "CSAFPID-63",
            "CSAFPID-64",
            "CSAFPID-65",
            "CSAFPID-66",
            "CSAFPID-67",
            "CSAFPID-68",
            "CSAFPID-69",
            "CSAFPID-70",
            "CSAFPID-71",
            "CSAFPID-72",
            "CSAFPID-73",
            "CSAFPID-74",
            "CSAFPID-75",
            "CSAFPID-76",
            "CSAFPID-77",
            "CSAFPID-78",
            "CSAFPID-79",
            "CSAFPID-80",
            "CSAFPID-81",
            "CSAFPID-82",
            "CSAFPID-83",
            "CSAFPID-84",
            "CSAFPID-85",
            "CSAFPID-86",
            "CSAFPID-87",
            "CSAFPID-88",
            "CSAFPID-89",
            "CSAFPID-90",
            "CSAFPID-91",
            "CSAFPID-92",
            "CSAFPID-93",
            "CSAFPID-94",
            "CSAFPID-95",
            "CSAFPID-96",
            "CSAFPID-97",
            "CSAFPID-98",
            "CSAFPID-99",
            "CSAFPID-100",
            "CSAFPID-101",
            "CSAFPID-102",
            "CSAFPID-103",
            "CSAFPID-104",
            "CSAFPID-105",
            "CSAFPID-106",
            "CSAFPID-107",
            "CSAFPID-108",
            "CSAFPID-109",
            "CSAFPID-110",
            "CSAFPID-111",
            "CSAFPID-112",
            "CSAFPID-113",
            "CSAFPID-114",
            "CSAFPID-115",
            "CSAFPID-116",
            "CSAFPID-117",
            "CSAFPID-118",
            "CSAFPID-119",
            "CSAFPID-120",
            "CSAFPID-121",
            "CSAFPID-122",
            "CSAFPID-123",
            "CSAFPID-124",
            "CSAFPID-125",
            "CSAFPID-126"
          ]
        }
      ],
      "title": "CVE-2025-58752"
    },
    {
      "cve": "CVE-2025-58754",
      "cwe": {
        "id": "CWE-770",
        "name": "Allocation of Resources Without Limits or Throttling"
      },
      "notes": [
        {
          "category": "other",
          "text": "Allocation of Resources Without Limits or Throttling",
          "title": "CWE-770"
        },
        {
          "category": "other",
          "text": "CWE-1035",
          "title": "CWE-1035"
        },
        {
          "category": "other",
          "text": "CWE-937",
          "title": "CWE-937"
        },
        {
          "category": "description",
          "text": "Axios is vulnerable to denial of service attacks due to unbounded memory allocation for `data:` URIs in versions prior to 0.30.2 and 1.12.0, with additional security issues noted in HPE and Oracle products.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18",
          "CSAFPID-19",
          "CSAFPID-20",
          "CSAFPID-21",
          "CSAFPID-22",
          "CSAFPID-23",
          "CSAFPID-24",
          "CSAFPID-25",
          "CSAFPID-26",
          "CSAFPID-27",
          "CSAFPID-28",
          "CSAFPID-29",
          "CSAFPID-30",
          "CSAFPID-31",
          "CSAFPID-32",
          "CSAFPID-33",
          "CSAFPID-34",
          "CSAFPID-35",
          "CSAFPID-36",
          "CSAFPID-37",
          "CSAFPID-38",
          "CSAFPID-39",
          "CSAFPID-40",
          "CSAFPID-41",
          "CSAFPID-42",
          "CSAFPID-43",
          "CSAFPID-44",
          "CSAFPID-45",
          "CSAFPID-46",
          "CSAFPID-47",
          "CSAFPID-48",
          "CSAFPID-49",
          "CSAFPID-50",
          "CSAFPID-51",
          "CSAFPID-52",
          "CSAFPID-53",
          "CSAFPID-54",
          "CSAFPID-55",
          "CSAFPID-56",
          "CSAFPID-57",
          "CSAFPID-58",
          "CSAFPID-59",
          "CSAFPID-60",
          "CSAFPID-61",
          "CSAFPID-62",
          "CSAFPID-63",
          "CSAFPID-64",
          "CSAFPID-65",
          "CSAFPID-66",
          "CSAFPID-67",
          "CSAFPID-68",
          "CSAFPID-69",
          "CSAFPID-70",
          "CSAFPID-71",
          "CSAFPID-72",
          "CSAFPID-73",
          "CSAFPID-74",
          "CSAFPID-75",
          "CSAFPID-76",
          "CSAFPID-77",
          "CSAFPID-78",
          "CSAFPID-79",
          "CSAFPID-80",
          "CSAFPID-81",
          "CSAFPID-82",
          "CSAFPID-83",
          "CSAFPID-84",
          "CSAFPID-85",
          "CSAFPID-86",
          "CSAFPID-87",
          "CSAFPID-88",
          "CSAFPID-89",
          "CSAFPID-90",
          "CSAFPID-91",
          "CSAFPID-92",
          "CSAFPID-93",
          "CSAFPID-94",
          "CSAFPID-95",
          "CSAFPID-96",
          "CSAFPID-97",
          "CSAFPID-98",
          "CSAFPID-99",
          "CSAFPID-100",
          "CSAFPID-101",
          "CSAFPID-102",
          "CSAFPID-103",
          "CSAFPID-104",
          "CSAFPID-105",
          "CSAFPID-106",
          "CSAFPID-107",
          "CSAFPID-108",
          "CSAFPID-109",
          "CSAFPID-110",
          "CSAFPID-111",
          "CSAFPID-112",
          "CSAFPID-113",
          "CSAFPID-114",
          "CSAFPID-115",
          "CSAFPID-116",
          "CSAFPID-117",
          "CSAFPID-118",
          "CSAFPID-119",
          "CSAFPID-120",
          "CSAFPID-121",
          "CSAFPID-122",
          "CSAFPID-123",
          "CSAFPID-124",
          "CSAFPID-125",
          "CSAFPID-126"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-58754 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-58754.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18",
            "CSAFPID-19",
            "CSAFPID-20",
            "CSAFPID-21",
            "CSAFPID-22",
            "CSAFPID-23",
            "CSAFPID-24",
            "CSAFPID-25",
            "CSAFPID-26",
            "CSAFPID-27",
            "CSAFPID-28",
            "CSAFPID-29",
            "CSAFPID-30",
            "CSAFPID-31",
            "CSAFPID-32",
            "CSAFPID-33",
            "CSAFPID-34",
            "CSAFPID-35",
            "CSAFPID-36",
            "CSAFPID-37",
            "CSAFPID-38",
            "CSAFPID-39",
            "CSAFPID-40",
            "CSAFPID-41",
            "CSAFPID-42",
            "CSAFPID-43",
            "CSAFPID-44",
            "CSAFPID-45",
            "CSAFPID-46",
            "CSAFPID-47",
            "CSAFPID-48",
            "CSAFPID-49",
            "CSAFPID-50",
            "CSAFPID-51",
            "CSAFPID-52",
            "CSAFPID-53",
            "CSAFPID-54",
            "CSAFPID-55",
            "CSAFPID-56",
            "CSAFPID-57",
            "CSAFPID-58",
            "CSAFPID-59",
            "CSAFPID-60",
            "CSAFPID-61",
            "CSAFPID-62",
            "CSAFPID-63",
            "CSAFPID-64",
            "CSAFPID-65",
            "CSAFPID-66",
            "CSAFPID-67",
            "CSAFPID-68",
            "CSAFPID-69",
            "CSAFPID-70",
            "CSAFPID-71",
            "CSAFPID-72",
            "CSAFPID-73",
            "CSAFPID-74",
            "CSAFPID-75",
            "CSAFPID-76",
            "CSAFPID-77",
            "CSAFPID-78",
            "CSAFPID-79",
            "CSAFPID-80",
            "CSAFPID-81",
            "CSAFPID-82",
            "CSAFPID-83",
            "CSAFPID-84",
            "CSAFPID-85",
            "CSAFPID-86",
            "CSAFPID-87",
            "CSAFPID-88",
            "CSAFPID-89",
            "CSAFPID-90",
            "CSAFPID-91",
            "CSAFPID-92",
            "CSAFPID-93",
            "CSAFPID-94",
            "CSAFPID-95",
            "CSAFPID-96",
            "CSAFPID-97",
            "CSAFPID-98",
            "CSAFPID-99",
            "CSAFPID-100",
            "CSAFPID-101",
            "CSAFPID-102",
            "CSAFPID-103",
            "CSAFPID-104",
            "CSAFPID-105",
            "CSAFPID-106",
            "CSAFPID-107",
            "CSAFPID-108",
            "CSAFPID-109",
            "CSAFPID-110",
            "CSAFPID-111",
            "CSAFPID-112",
            "CSAFPID-113",
            "CSAFPID-114",
            "CSAFPID-115",
            "CSAFPID-116",
            "CSAFPID-117",
            "CSAFPID-118",
            "CSAFPID-119",
            "CSAFPID-120",
            "CSAFPID-121",
            "CSAFPID-122",
            "CSAFPID-123",
            "CSAFPID-124",
            "CSAFPID-125",
            "CSAFPID-126"
          ]
        }
      ],
      "title": "CVE-2025-58754"
    },
    {
      "cve": "CVE-2025-62439",
      "cwe": {
        "id": "CWE-940",
        "name": "Improper Verification of Source of a Communication Channel"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Verification of Source of a Communication Channel",
          "title": "CWE-940"
        },
        {
          "category": "description",
          "text": "A vulnerability in Fortinet FortiOS versions 7.0 through 7.6.4, specifically in the FSSO Terminal Services Agent, allows an authenticated user with knowledge of FSSO policy configurations to gain unauthorized access to protected network resources via crafted requests due to improper verification of the communication channel source.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18",
          "CSAFPID-19",
          "CSAFPID-20",
          "CSAFPID-21",
          "CSAFPID-22",
          "CSAFPID-23",
          "CSAFPID-24",
          "CSAFPID-25",
          "CSAFPID-26",
          "CSAFPID-27",
          "CSAFPID-28",
          "CSAFPID-29",
          "CSAFPID-30",
          "CSAFPID-31",
          "CSAFPID-32",
          "CSAFPID-33",
          "CSAFPID-34",
          "CSAFPID-35",
          "CSAFPID-36",
          "CSAFPID-37",
          "CSAFPID-38",
          "CSAFPID-39",
          "CSAFPID-40",
          "CSAFPID-41",
          "CSAFPID-42",
          "CSAFPID-43",
          "CSAFPID-44",
          "CSAFPID-45",
          "CSAFPID-46",
          "CSAFPID-47",
          "CSAFPID-48",
          "CSAFPID-49",
          "CSAFPID-50",
          "CSAFPID-51",
          "CSAFPID-52",
          "CSAFPID-53",
          "CSAFPID-54",
          "CSAFPID-55",
          "CSAFPID-56",
          "CSAFPID-57",
          "CSAFPID-58",
          "CSAFPID-59",
          "CSAFPID-60",
          "CSAFPID-61",
          "CSAFPID-62",
          "CSAFPID-63",
          "CSAFPID-64",
          "CSAFPID-65",
          "CSAFPID-66",
          "CSAFPID-67",
          "CSAFPID-68",
          "CSAFPID-69",
          "CSAFPID-70",
          "CSAFPID-71",
          "CSAFPID-72",
          "CSAFPID-73",
          "CSAFPID-74",
          "CSAFPID-75",
          "CSAFPID-76",
          "CSAFPID-77",
          "CSAFPID-78",
          "CSAFPID-79",
          "CSAFPID-80",
          "CSAFPID-81",
          "CSAFPID-82",
          "CSAFPID-83",
          "CSAFPID-84",
          "CSAFPID-85",
          "CSAFPID-86",
          "CSAFPID-87",
          "CSAFPID-88",
          "CSAFPID-89",
          "CSAFPID-90",
          "CSAFPID-91",
          "CSAFPID-92",
          "CSAFPID-93",
          "CSAFPID-94",
          "CSAFPID-95",
          "CSAFPID-96",
          "CSAFPID-97",
          "CSAFPID-98",
          "CSAFPID-99",
          "CSAFPID-100",
          "CSAFPID-101",
          "CSAFPID-102",
          "CSAFPID-103",
          "CSAFPID-104",
          "CSAFPID-105",
          "CSAFPID-106",
          "CSAFPID-107",
          "CSAFPID-108",
          "CSAFPID-109",
          "CSAFPID-110",
          "CSAFPID-111",
          "CSAFPID-112",
          "CSAFPID-113",
          "CSAFPID-114",
          "CSAFPID-115",
          "CSAFPID-116",
          "CSAFPID-117",
          "CSAFPID-118",
          "CSAFPID-119",
          "CSAFPID-120",
          "CSAFPID-121",
          "CSAFPID-122",
          "CSAFPID-123",
          "CSAFPID-124",
          "CSAFPID-125",
          "CSAFPID-126"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-62439 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-62439.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.2,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18",
            "CSAFPID-19",
            "CSAFPID-20",
            "CSAFPID-21",
            "CSAFPID-22",
            "CSAFPID-23",
            "CSAFPID-24",
            "CSAFPID-25",
            "CSAFPID-26",
            "CSAFPID-27",
            "CSAFPID-28",
            "CSAFPID-29",
            "CSAFPID-30",
            "CSAFPID-31",
            "CSAFPID-32",
            "CSAFPID-33",
            "CSAFPID-34",
            "CSAFPID-35",
            "CSAFPID-36",
            "CSAFPID-37",
            "CSAFPID-38",
            "CSAFPID-39",
            "CSAFPID-40",
            "CSAFPID-41",
            "CSAFPID-42",
            "CSAFPID-43",
            "CSAFPID-44",
            "CSAFPID-45",
            "CSAFPID-46",
            "CSAFPID-47",
            "CSAFPID-48",
            "CSAFPID-49",
            "CSAFPID-50",
            "CSAFPID-51",
            "CSAFPID-52",
            "CSAFPID-53",
            "CSAFPID-54",
            "CSAFPID-55",
            "CSAFPID-56",
            "CSAFPID-57",
            "CSAFPID-58",
            "CSAFPID-59",
            "CSAFPID-60",
            "CSAFPID-61",
            "CSAFPID-62",
            "CSAFPID-63",
            "CSAFPID-64",
            "CSAFPID-65",
            "CSAFPID-66",
            "CSAFPID-67",
            "CSAFPID-68",
            "CSAFPID-69",
            "CSAFPID-70",
            "CSAFPID-71",
            "CSAFPID-72",
            "CSAFPID-73",
            "CSAFPID-74",
            "CSAFPID-75",
            "CSAFPID-76",
            "CSAFPID-77",
            "CSAFPID-78",
            "CSAFPID-79",
            "CSAFPID-80",
            "CSAFPID-81",
            "CSAFPID-82",
            "CSAFPID-83",
            "CSAFPID-84",
            "CSAFPID-85",
            "CSAFPID-86",
            "CSAFPID-87",
            "CSAFPID-88",
            "CSAFPID-89",
            "CSAFPID-90",
            "CSAFPID-91",
            "CSAFPID-92",
            "CSAFPID-93",
            "CSAFPID-94",
            "CSAFPID-95",
            "CSAFPID-96",
            "CSAFPID-97",
            "CSAFPID-98",
            "CSAFPID-99",
            "CSAFPID-100",
            "CSAFPID-101",
            "CSAFPID-102",
            "CSAFPID-103",
            "CSAFPID-104",
            "CSAFPID-105",
            "CSAFPID-106",
            "CSAFPID-107",
            "CSAFPID-108",
            "CSAFPID-109",
            "CSAFPID-110",
            "CSAFPID-111",
            "CSAFPID-112",
            "CSAFPID-113",
            "CSAFPID-114",
            "CSAFPID-115",
            "CSAFPID-116",
            "CSAFPID-117",
            "CSAFPID-118",
            "CSAFPID-119",
            "CSAFPID-120",
            "CSAFPID-121",
            "CSAFPID-122",
            "CSAFPID-123",
            "CSAFPID-124",
            "CSAFPID-125",
            "CSAFPID-126"
          ]
        }
      ],
      "title": "CVE-2025-62439"
    },
    {
      "cve": "CVE-2025-62522",
      "cwe": {
        "id": "CWE-22",
        "name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
          "title": "CWE-22"
        },
        {
          "category": "other",
          "text": "CWE-1035",
          "title": "CWE-1035"
        },
        {
          "category": "other",
          "text": "CWE-937",
          "title": "CWE-937"
        },
        {
          "category": "description",
          "text": "Vite versions from 2.9.18 to 7.1.11 had a vulnerability on Windows allowing access to files denied by `server.fs.deny` if the URL ended with `\\\\`, which has been patched in later releases.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18",
          "CSAFPID-19",
          "CSAFPID-20",
          "CSAFPID-21",
          "CSAFPID-22",
          "CSAFPID-23",
          "CSAFPID-24",
          "CSAFPID-25",
          "CSAFPID-26",
          "CSAFPID-27",
          "CSAFPID-28",
          "CSAFPID-29",
          "CSAFPID-30",
          "CSAFPID-31",
          "CSAFPID-32",
          "CSAFPID-33",
          "CSAFPID-34",
          "CSAFPID-35",
          "CSAFPID-36",
          "CSAFPID-37",
          "CSAFPID-38",
          "CSAFPID-39",
          "CSAFPID-40",
          "CSAFPID-41",
          "CSAFPID-42",
          "CSAFPID-43",
          "CSAFPID-44",
          "CSAFPID-45",
          "CSAFPID-46",
          "CSAFPID-47",
          "CSAFPID-48",
          "CSAFPID-49",
          "CSAFPID-50",
          "CSAFPID-51",
          "CSAFPID-52",
          "CSAFPID-53",
          "CSAFPID-54",
          "CSAFPID-55",
          "CSAFPID-56",
          "CSAFPID-57",
          "CSAFPID-58",
          "CSAFPID-59",
          "CSAFPID-60",
          "CSAFPID-61",
          "CSAFPID-62",
          "CSAFPID-63",
          "CSAFPID-64",
          "CSAFPID-65",
          "CSAFPID-66",
          "CSAFPID-67",
          "CSAFPID-68",
          "CSAFPID-69",
          "CSAFPID-70",
          "CSAFPID-71",
          "CSAFPID-72",
          "CSAFPID-73",
          "CSAFPID-74",
          "CSAFPID-75",
          "CSAFPID-76",
          "CSAFPID-77",
          "CSAFPID-78",
          "CSAFPID-79",
          "CSAFPID-80",
          "CSAFPID-81",
          "CSAFPID-82",
          "CSAFPID-83",
          "CSAFPID-84",
          "CSAFPID-85",
          "CSAFPID-86",
          "CSAFPID-87",
          "CSAFPID-88",
          "CSAFPID-89",
          "CSAFPID-90",
          "CSAFPID-91",
          "CSAFPID-92",
          "CSAFPID-93",
          "CSAFPID-94",
          "CSAFPID-95",
          "CSAFPID-96",
          "CSAFPID-97",
          "CSAFPID-98",
          "CSAFPID-99",
          "CSAFPID-100",
          "CSAFPID-101",
          "CSAFPID-102",
          "CSAFPID-103",
          "CSAFPID-104",
          "CSAFPID-105",
          "CSAFPID-106",
          "CSAFPID-107",
          "CSAFPID-108",
          "CSAFPID-109",
          "CSAFPID-110",
          "CSAFPID-111",
          "CSAFPID-112",
          "CSAFPID-113",
          "CSAFPID-114",
          "CSAFPID-115",
          "CSAFPID-116",
          "CSAFPID-117",
          "CSAFPID-118",
          "CSAFPID-119",
          "CSAFPID-120",
          "CSAFPID-121",
          "CSAFPID-122",
          "CSAFPID-123",
          "CSAFPID-124",
          "CSAFPID-125",
          "CSAFPID-126"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-62522 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-62522.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18",
            "CSAFPID-19",
            "CSAFPID-20",
            "CSAFPID-21",
            "CSAFPID-22",
            "CSAFPID-23",
            "CSAFPID-24",
            "CSAFPID-25",
            "CSAFPID-26",
            "CSAFPID-27",
            "CSAFPID-28",
            "CSAFPID-29",
            "CSAFPID-30",
            "CSAFPID-31",
            "CSAFPID-32",
            "CSAFPID-33",
            "CSAFPID-34",
            "CSAFPID-35",
            "CSAFPID-36",
            "CSAFPID-37",
            "CSAFPID-38",
            "CSAFPID-39",
            "CSAFPID-40",
            "CSAFPID-41",
            "CSAFPID-42",
            "CSAFPID-43",
            "CSAFPID-44",
            "CSAFPID-45",
            "CSAFPID-46",
            "CSAFPID-47",
            "CSAFPID-48",
            "CSAFPID-49",
            "CSAFPID-50",
            "CSAFPID-51",
            "CSAFPID-52",
            "CSAFPID-53",
            "CSAFPID-54",
            "CSAFPID-55",
            "CSAFPID-56",
            "CSAFPID-57",
            "CSAFPID-58",
            "CSAFPID-59",
            "CSAFPID-60",
            "CSAFPID-61",
            "CSAFPID-62",
            "CSAFPID-63",
            "CSAFPID-64",
            "CSAFPID-65",
            "CSAFPID-66",
            "CSAFPID-67",
            "CSAFPID-68",
            "CSAFPID-69",
            "CSAFPID-70",
            "CSAFPID-71",
            "CSAFPID-72",
            "CSAFPID-73",
            "CSAFPID-74",
            "CSAFPID-75",
            "CSAFPID-76",
            "CSAFPID-77",
            "CSAFPID-78",
            "CSAFPID-79",
            "CSAFPID-80",
            "CSAFPID-81",
            "CSAFPID-82",
            "CSAFPID-83",
            "CSAFPID-84",
            "CSAFPID-85",
            "CSAFPID-86",
            "CSAFPID-87",
            "CSAFPID-88",
            "CSAFPID-89",
            "CSAFPID-90",
            "CSAFPID-91",
            "CSAFPID-92",
            "CSAFPID-93",
            "CSAFPID-94",
            "CSAFPID-95",
            "CSAFPID-96",
            "CSAFPID-97",
            "CSAFPID-98",
            "CSAFPID-99",
            "CSAFPID-100",
            "CSAFPID-101",
            "CSAFPID-102",
            "CSAFPID-103",
            "CSAFPID-104",
            "CSAFPID-105",
            "CSAFPID-106",
            "CSAFPID-107",
            "CSAFPID-108",
            "CSAFPID-109",
            "CSAFPID-110",
            "CSAFPID-111",
            "CSAFPID-112",
            "CSAFPID-113",
            "CSAFPID-114",
            "CSAFPID-115",
            "CSAFPID-116",
            "CSAFPID-117",
            "CSAFPID-118",
            "CSAFPID-119",
            "CSAFPID-120",
            "CSAFPID-121",
            "CSAFPID-122",
            "CSAFPID-123",
            "CSAFPID-124",
            "CSAFPID-125",
            "CSAFPID-126"
          ]
        }
      ],
      "title": "CVE-2025-62522"
    },
    {
      "cve": "CVE-2025-64157",
      "cwe": {
        "id": "CWE-134",
        "name": "Use of Externally-Controlled Format String"
      },
      "notes": [
        {
          "category": "other",
          "text": "Use of Externally-Controlled Format String",
          "title": "CWE-134"
        },
        {
          "category": "description",
          "text": "Fortinet FortiOS versions 7.0 through 7.6.4, including FortiGate devices, contain a CWE-134 externally-controlled format string vulnerability that allows an authenticated admin to execute unauthorized code or commands via crafted configurations.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18",
          "CSAFPID-19",
          "CSAFPID-20",
          "CSAFPID-21",
          "CSAFPID-22",
          "CSAFPID-23",
          "CSAFPID-24",
          "CSAFPID-25",
          "CSAFPID-26",
          "CSAFPID-27",
          "CSAFPID-28",
          "CSAFPID-29",
          "CSAFPID-30",
          "CSAFPID-31",
          "CSAFPID-32",
          "CSAFPID-33",
          "CSAFPID-34",
          "CSAFPID-35",
          "CSAFPID-36",
          "CSAFPID-37",
          "CSAFPID-38",
          "CSAFPID-39",
          "CSAFPID-40",
          "CSAFPID-41",
          "CSAFPID-42",
          "CSAFPID-43",
          "CSAFPID-44",
          "CSAFPID-45",
          "CSAFPID-46",
          "CSAFPID-47",
          "CSAFPID-48",
          "CSAFPID-49",
          "CSAFPID-50",
          "CSAFPID-51",
          "CSAFPID-52",
          "CSAFPID-53",
          "CSAFPID-54",
          "CSAFPID-55",
          "CSAFPID-56",
          "CSAFPID-57",
          "CSAFPID-58",
          "CSAFPID-59",
          "CSAFPID-60",
          "CSAFPID-61",
          "CSAFPID-62",
          "CSAFPID-63",
          "CSAFPID-64",
          "CSAFPID-65",
          "CSAFPID-66",
          "CSAFPID-67",
          "CSAFPID-68",
          "CSAFPID-69",
          "CSAFPID-70",
          "CSAFPID-71",
          "CSAFPID-72",
          "CSAFPID-73",
          "CSAFPID-74",
          "CSAFPID-75",
          "CSAFPID-76",
          "CSAFPID-77",
          "CSAFPID-78",
          "CSAFPID-79",
          "CSAFPID-80",
          "CSAFPID-81",
          "CSAFPID-82",
          "CSAFPID-83",
          "CSAFPID-84",
          "CSAFPID-85",
          "CSAFPID-86",
          "CSAFPID-87",
          "CSAFPID-88",
          "CSAFPID-89",
          "CSAFPID-90",
          "CSAFPID-91",
          "CSAFPID-92",
          "CSAFPID-93",
          "CSAFPID-94",
          "CSAFPID-95",
          "CSAFPID-96",
          "CSAFPID-97",
          "CSAFPID-98",
          "CSAFPID-99",
          "CSAFPID-100",
          "CSAFPID-101",
          "CSAFPID-102",
          "CSAFPID-103",
          "CSAFPID-104",
          "CSAFPID-105",
          "CSAFPID-106",
          "CSAFPID-107",
          "CSAFPID-108",
          "CSAFPID-109",
          "CSAFPID-110",
          "CSAFPID-111",
          "CSAFPID-112",
          "CSAFPID-113",
          "CSAFPID-114",
          "CSAFPID-115",
          "CSAFPID-116",
          "CSAFPID-117",
          "CSAFPID-118",
          "CSAFPID-119",
          "CSAFPID-120",
          "CSAFPID-121",
          "CSAFPID-122",
          "CSAFPID-123",
          "CSAFPID-124",
          "CSAFPID-125",
          "CSAFPID-126"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-64157 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-64157.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.7,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18",
            "CSAFPID-19",
            "CSAFPID-20",
            "CSAFPID-21",
            "CSAFPID-22",
            "CSAFPID-23",
            "CSAFPID-24",
            "CSAFPID-25",
            "CSAFPID-26",
            "CSAFPID-27",
            "CSAFPID-28",
            "CSAFPID-29",
            "CSAFPID-30",
            "CSAFPID-31",
            "CSAFPID-32",
            "CSAFPID-33",
            "CSAFPID-34",
            "CSAFPID-35",
            "CSAFPID-36",
            "CSAFPID-37",
            "CSAFPID-38",
            "CSAFPID-39",
            "CSAFPID-40",
            "CSAFPID-41",
            "CSAFPID-42",
            "CSAFPID-43",
            "CSAFPID-44",
            "CSAFPID-45",
            "CSAFPID-46",
            "CSAFPID-47",
            "CSAFPID-48",
            "CSAFPID-49",
            "CSAFPID-50",
            "CSAFPID-51",
            "CSAFPID-52",
            "CSAFPID-53",
            "CSAFPID-54",
            "CSAFPID-55",
            "CSAFPID-56",
            "CSAFPID-57",
            "CSAFPID-58",
            "CSAFPID-59",
            "CSAFPID-60",
            "CSAFPID-61",
            "CSAFPID-62",
            "CSAFPID-63",
            "CSAFPID-64",
            "CSAFPID-65",
            "CSAFPID-66",
            "CSAFPID-67",
            "CSAFPID-68",
            "CSAFPID-69",
            "CSAFPID-70",
            "CSAFPID-71",
            "CSAFPID-72",
            "CSAFPID-73",
            "CSAFPID-74",
            "CSAFPID-75",
            "CSAFPID-76",
            "CSAFPID-77",
            "CSAFPID-78",
            "CSAFPID-79",
            "CSAFPID-80",
            "CSAFPID-81",
            "CSAFPID-82",
            "CSAFPID-83",
            "CSAFPID-84",
            "CSAFPID-85",
            "CSAFPID-86",
            "CSAFPID-87",
            "CSAFPID-88",
            "CSAFPID-89",
            "CSAFPID-90",
            "CSAFPID-91",
            "CSAFPID-92",
            "CSAFPID-93",
            "CSAFPID-94",
            "CSAFPID-95",
            "CSAFPID-96",
            "CSAFPID-97",
            "CSAFPID-98",
            "CSAFPID-99",
            "CSAFPID-100",
            "CSAFPID-101",
            "CSAFPID-102",
            "CSAFPID-103",
            "CSAFPID-104",
            "CSAFPID-105",
            "CSAFPID-106",
            "CSAFPID-107",
            "CSAFPID-108",
            "CSAFPID-109",
            "CSAFPID-110",
            "CSAFPID-111",
            "CSAFPID-112",
            "CSAFPID-113",
            "CSAFPID-114",
            "CSAFPID-115",
            "CSAFPID-116",
            "CSAFPID-117",
            "CSAFPID-118",
            "CSAFPID-119",
            "CSAFPID-120",
            "CSAFPID-121",
            "CSAFPID-122",
            "CSAFPID-123",
            "CSAFPID-124",
            "CSAFPID-125",
            "CSAFPID-126"
          ]
        }
      ],
      "title": "CVE-2025-64157"
    },
    {
      "cve": "CVE-2025-64718",
      "cwe": {
        "id": "CWE-1321",
        "name": "Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)",
          "title": "CWE-1321"
        },
        {
          "category": "other",
          "text": "CWE-1035",
          "title": "CWE-1035"
        },
        {
          "category": "other",
          "text": "CWE-937",
          "title": "CWE-937"
        },
        {
          "category": "description",
          "text": "Multiple vulnerabilities have been identified in js-yaml, Oracle Communications Unified Assurance, and HPE Telco software, allowing for prototype pollution and unauthorized access, with varying severity and available patches.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18",
          "CSAFPID-19",
          "CSAFPID-20",
          "CSAFPID-21",
          "CSAFPID-22",
          "CSAFPID-23",
          "CSAFPID-24",
          "CSAFPID-25",
          "CSAFPID-26",
          "CSAFPID-27",
          "CSAFPID-28",
          "CSAFPID-29",
          "CSAFPID-30",
          "CSAFPID-31",
          "CSAFPID-32",
          "CSAFPID-33",
          "CSAFPID-34",
          "CSAFPID-35",
          "CSAFPID-36",
          "CSAFPID-37",
          "CSAFPID-38",
          "CSAFPID-39",
          "CSAFPID-40",
          "CSAFPID-41",
          "CSAFPID-42",
          "CSAFPID-43",
          "CSAFPID-44",
          "CSAFPID-45",
          "CSAFPID-46",
          "CSAFPID-47",
          "CSAFPID-48",
          "CSAFPID-49",
          "CSAFPID-50",
          "CSAFPID-51",
          "CSAFPID-52",
          "CSAFPID-53",
          "CSAFPID-54",
          "CSAFPID-55",
          "CSAFPID-56",
          "CSAFPID-57",
          "CSAFPID-58",
          "CSAFPID-59",
          "CSAFPID-60",
          "CSAFPID-61",
          "CSAFPID-62",
          "CSAFPID-63",
          "CSAFPID-64",
          "CSAFPID-65",
          "CSAFPID-66",
          "CSAFPID-67",
          "CSAFPID-68",
          "CSAFPID-69",
          "CSAFPID-70",
          "CSAFPID-71",
          "CSAFPID-72",
          "CSAFPID-73",
          "CSAFPID-74",
          "CSAFPID-75",
          "CSAFPID-76",
          "CSAFPID-77",
          "CSAFPID-78",
          "CSAFPID-79",
          "CSAFPID-80",
          "CSAFPID-81",
          "CSAFPID-82",
          "CSAFPID-83",
          "CSAFPID-84",
          "CSAFPID-85",
          "CSAFPID-86",
          "CSAFPID-87",
          "CSAFPID-88",
          "CSAFPID-89",
          "CSAFPID-90",
          "CSAFPID-91",
          "CSAFPID-92",
          "CSAFPID-93",
          "CSAFPID-94",
          "CSAFPID-95",
          "CSAFPID-96",
          "CSAFPID-97",
          "CSAFPID-98",
          "CSAFPID-99",
          "CSAFPID-100",
          "CSAFPID-101",
          "CSAFPID-102",
          "CSAFPID-103",
          "CSAFPID-104",
          "CSAFPID-105",
          "CSAFPID-106",
          "CSAFPID-107",
          "CSAFPID-108",
          "CSAFPID-109",
          "CSAFPID-110",
          "CSAFPID-111",
          "CSAFPID-112",
          "CSAFPID-113",
          "CSAFPID-114",
          "CSAFPID-115",
          "CSAFPID-116",
          "CSAFPID-117",
          "CSAFPID-118",
          "CSAFPID-119",
          "CSAFPID-120",
          "CSAFPID-121",
          "CSAFPID-122",
          "CSAFPID-123",
          "CSAFPID-124",
          "CSAFPID-125",
          "CSAFPID-126"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-64718 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-64718.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18",
            "CSAFPID-19",
            "CSAFPID-20",
            "CSAFPID-21",
            "CSAFPID-22",
            "CSAFPID-23",
            "CSAFPID-24",
            "CSAFPID-25",
            "CSAFPID-26",
            "CSAFPID-27",
            "CSAFPID-28",
            "CSAFPID-29",
            "CSAFPID-30",
            "CSAFPID-31",
            "CSAFPID-32",
            "CSAFPID-33",
            "CSAFPID-34",
            "CSAFPID-35",
            "CSAFPID-36",
            "CSAFPID-37",
            "CSAFPID-38",
            "CSAFPID-39",
            "CSAFPID-40",
            "CSAFPID-41",
            "CSAFPID-42",
            "CSAFPID-43",
            "CSAFPID-44",
            "CSAFPID-45",
            "CSAFPID-46",
            "CSAFPID-47",
            "CSAFPID-48",
            "CSAFPID-49",
            "CSAFPID-50",
            "CSAFPID-51",
            "CSAFPID-52",
            "CSAFPID-53",
            "CSAFPID-54",
            "CSAFPID-55",
            "CSAFPID-56",
            "CSAFPID-57",
            "CSAFPID-58",
            "CSAFPID-59",
            "CSAFPID-60",
            "CSAFPID-61",
            "CSAFPID-62",
            "CSAFPID-63",
            "CSAFPID-64",
            "CSAFPID-65",
            "CSAFPID-66",
            "CSAFPID-67",
            "CSAFPID-68",
            "CSAFPID-69",
            "CSAFPID-70",
            "CSAFPID-71",
            "CSAFPID-72",
            "CSAFPID-73",
            "CSAFPID-74",
            "CSAFPID-75",
            "CSAFPID-76",
            "CSAFPID-77",
            "CSAFPID-78",
            "CSAFPID-79",
            "CSAFPID-80",
            "CSAFPID-81",
            "CSAFPID-82",
            "CSAFPID-83",
            "CSAFPID-84",
            "CSAFPID-85",
            "CSAFPID-86",
            "CSAFPID-87",
            "CSAFPID-88",
            "CSAFPID-89",
            "CSAFPID-90",
            "CSAFPID-91",
            "CSAFPID-92",
            "CSAFPID-93",
            "CSAFPID-94",
            "CSAFPID-95",
            "CSAFPID-96",
            "CSAFPID-97",
            "CSAFPID-98",
            "CSAFPID-99",
            "CSAFPID-100",
            "CSAFPID-101",
            "CSAFPID-102",
            "CSAFPID-103",
            "CSAFPID-104",
            "CSAFPID-105",
            "CSAFPID-106",
            "CSAFPID-107",
            "CSAFPID-108",
            "CSAFPID-109",
            "CSAFPID-110",
            "CSAFPID-111",
            "CSAFPID-112",
            "CSAFPID-113",
            "CSAFPID-114",
            "CSAFPID-115",
            "CSAFPID-116",
            "CSAFPID-117",
            "CSAFPID-118",
            "CSAFPID-119",
            "CSAFPID-120",
            "CSAFPID-121",
            "CSAFPID-122",
            "CSAFPID-123",
            "CSAFPID-124",
            "CSAFPID-125",
            "CSAFPID-126"
          ]
        }
      ],
      "title": "CVE-2025-64718"
    },
    {
      "cve": "CVE-2025-64756",
      "cwe": {
        "id": "CWE-78",
        "name": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
          "title": "CWE-78"
        },
        {
          "category": "description",
          "text": "The glob CLI has a command injection vulnerability in its `-c/--cmd` option, allowing arbitrary command execution through malicious filenames, which has been patched in versions 10.5.0 and 11.1.0.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18",
          "CSAFPID-19",
          "CSAFPID-20",
          "CSAFPID-21",
          "CSAFPID-22",
          "CSAFPID-23",
          "CSAFPID-24",
          "CSAFPID-25",
          "CSAFPID-26",
          "CSAFPID-27",
          "CSAFPID-28",
          "CSAFPID-29",
          "CSAFPID-30",
          "CSAFPID-31",
          "CSAFPID-32",
          "CSAFPID-33",
          "CSAFPID-34",
          "CSAFPID-35",
          "CSAFPID-36",
          "CSAFPID-37",
          "CSAFPID-38",
          "CSAFPID-39",
          "CSAFPID-40",
          "CSAFPID-41",
          "CSAFPID-42",
          "CSAFPID-43",
          "CSAFPID-44",
          "CSAFPID-45",
          "CSAFPID-46",
          "CSAFPID-47",
          "CSAFPID-48",
          "CSAFPID-49",
          "CSAFPID-50",
          "CSAFPID-51",
          "CSAFPID-52",
          "CSAFPID-53",
          "CSAFPID-54",
          "CSAFPID-55",
          "CSAFPID-56",
          "CSAFPID-57",
          "CSAFPID-58",
          "CSAFPID-59",
          "CSAFPID-60",
          "CSAFPID-61",
          "CSAFPID-62",
          "CSAFPID-63",
          "CSAFPID-64",
          "CSAFPID-65",
          "CSAFPID-66",
          "CSAFPID-67",
          "CSAFPID-68",
          "CSAFPID-69",
          "CSAFPID-70",
          "CSAFPID-71",
          "CSAFPID-72",
          "CSAFPID-73",
          "CSAFPID-74",
          "CSAFPID-75",
          "CSAFPID-76",
          "CSAFPID-77",
          "CSAFPID-78",
          "CSAFPID-79",
          "CSAFPID-80",
          "CSAFPID-81",
          "CSAFPID-82",
          "CSAFPID-83",
          "CSAFPID-84",
          "CSAFPID-85",
          "CSAFPID-86",
          "CSAFPID-87",
          "CSAFPID-88",
          "CSAFPID-89",
          "CSAFPID-90",
          "CSAFPID-91",
          "CSAFPID-92",
          "CSAFPID-93",
          "CSAFPID-94",
          "CSAFPID-95",
          "CSAFPID-96",
          "CSAFPID-97",
          "CSAFPID-98",
          "CSAFPID-99",
          "CSAFPID-100",
          "CSAFPID-101",
          "CSAFPID-102",
          "CSAFPID-103",
          "CSAFPID-104",
          "CSAFPID-105",
          "CSAFPID-106",
          "CSAFPID-107",
          "CSAFPID-108",
          "CSAFPID-109",
          "CSAFPID-110",
          "CSAFPID-111",
          "CSAFPID-112",
          "CSAFPID-113",
          "CSAFPID-114",
          "CSAFPID-115",
          "CSAFPID-116",
          "CSAFPID-117",
          "CSAFPID-118",
          "CSAFPID-119",
          "CSAFPID-120",
          "CSAFPID-121",
          "CSAFPID-122",
          "CSAFPID-123",
          "CSAFPID-124",
          "CSAFPID-125",
          "CSAFPID-126"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-64756 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-64756.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18",
            "CSAFPID-19",
            "CSAFPID-20",
            "CSAFPID-21",
            "CSAFPID-22",
            "CSAFPID-23",
            "CSAFPID-24",
            "CSAFPID-25",
            "CSAFPID-26",
            "CSAFPID-27",
            "CSAFPID-28",
            "CSAFPID-29",
            "CSAFPID-30",
            "CSAFPID-31",
            "CSAFPID-32",
            "CSAFPID-33",
            "CSAFPID-34",
            "CSAFPID-35",
            "CSAFPID-36",
            "CSAFPID-37",
            "CSAFPID-38",
            "CSAFPID-39",
            "CSAFPID-40",
            "CSAFPID-41",
            "CSAFPID-42",
            "CSAFPID-43",
            "CSAFPID-44",
            "CSAFPID-45",
            "CSAFPID-46",
            "CSAFPID-47",
            "CSAFPID-48",
            "CSAFPID-49",
            "CSAFPID-50",
            "CSAFPID-51",
            "CSAFPID-52",
            "CSAFPID-53",
            "CSAFPID-54",
            "CSAFPID-55",
            "CSAFPID-56",
            "CSAFPID-57",
            "CSAFPID-58",
            "CSAFPID-59",
            "CSAFPID-60",
            "CSAFPID-61",
            "CSAFPID-62",
            "CSAFPID-63",
            "CSAFPID-64",
            "CSAFPID-65",
            "CSAFPID-66",
            "CSAFPID-67",
            "CSAFPID-68",
            "CSAFPID-69",
            "CSAFPID-70",
            "CSAFPID-71",
            "CSAFPID-72",
            "CSAFPID-73",
            "CSAFPID-74",
            "CSAFPID-75",
            "CSAFPID-76",
            "CSAFPID-77",
            "CSAFPID-78",
            "CSAFPID-79",
            "CSAFPID-80",
            "CSAFPID-81",
            "CSAFPID-82",
            "CSAFPID-83",
            "CSAFPID-84",
            "CSAFPID-85",
            "CSAFPID-86",
            "CSAFPID-87",
            "CSAFPID-88",
            "CSAFPID-89",
            "CSAFPID-90",
            "CSAFPID-91",
            "CSAFPID-92",
            "CSAFPID-93",
            "CSAFPID-94",
            "CSAFPID-95",
            "CSAFPID-96",
            "CSAFPID-97",
            "CSAFPID-98",
            "CSAFPID-99",
            "CSAFPID-100",
            "CSAFPID-101",
            "CSAFPID-102",
            "CSAFPID-103",
            "CSAFPID-104",
            "CSAFPID-105",
            "CSAFPID-106",
            "CSAFPID-107",
            "CSAFPID-108",
            "CSAFPID-109",
            "CSAFPID-110",
            "CSAFPID-111",
            "CSAFPID-112",
            "CSAFPID-113",
            "CSAFPID-114",
            "CSAFPID-115",
            "CSAFPID-116",
            "CSAFPID-117",
            "CSAFPID-118",
            "CSAFPID-119",
            "CSAFPID-120",
            "CSAFPID-121",
            "CSAFPID-122",
            "CSAFPID-123",
            "CSAFPID-124",
            "CSAFPID-125",
            "CSAFPID-126"
          ]
        }
      ],
      "title": "CVE-2025-64756"
    },
    {
      "cve": "CVE-2025-66030",
      "cwe": {
        "id": "CWE-190",
        "name": "Integer Overflow or Wraparound"
      },
      "notes": [
        {
          "category": "other",
          "text": "Integer Overflow or Wraparound",
          "title": "CWE-190"
        },
        {
          "category": "description",
          "text": "An Integer Overflow vulnerability in node-forge versions up to 1.3.1 allows remote attackers to craft ASN.1 OIDs with oversized arcs that bypass security controls via 32-bit truncation, fixed in version 1.3.2.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18",
          "CSAFPID-19",
          "CSAFPID-20",
          "CSAFPID-21",
          "CSAFPID-22",
          "CSAFPID-23",
          "CSAFPID-24",
          "CSAFPID-25",
          "CSAFPID-26",
          "CSAFPID-27",
          "CSAFPID-28",
          "CSAFPID-29",
          "CSAFPID-30",
          "CSAFPID-31",
          "CSAFPID-32",
          "CSAFPID-33",
          "CSAFPID-34",
          "CSAFPID-35",
          "CSAFPID-36",
          "CSAFPID-37",
          "CSAFPID-38",
          "CSAFPID-39",
          "CSAFPID-40",
          "CSAFPID-41",
          "CSAFPID-42",
          "CSAFPID-43",
          "CSAFPID-44",
          "CSAFPID-45",
          "CSAFPID-46",
          "CSAFPID-47",
          "CSAFPID-48",
          "CSAFPID-49",
          "CSAFPID-50",
          "CSAFPID-51",
          "CSAFPID-52",
          "CSAFPID-53",
          "CSAFPID-54",
          "CSAFPID-55",
          "CSAFPID-56",
          "CSAFPID-57",
          "CSAFPID-58",
          "CSAFPID-59",
          "CSAFPID-60",
          "CSAFPID-61",
          "CSAFPID-62",
          "CSAFPID-63",
          "CSAFPID-64",
          "CSAFPID-65",
          "CSAFPID-66",
          "CSAFPID-67",
          "CSAFPID-68",
          "CSAFPID-69",
          "CSAFPID-70",
          "CSAFPID-71",
          "CSAFPID-72",
          "CSAFPID-73",
          "CSAFPID-74",
          "CSAFPID-75",
          "CSAFPID-76",
          "CSAFPID-77",
          "CSAFPID-78",
          "CSAFPID-79",
          "CSAFPID-80",
          "CSAFPID-81",
          "CSAFPID-82",
          "CSAFPID-83",
          "CSAFPID-84",
          "CSAFPID-85",
          "CSAFPID-86",
          "CSAFPID-87",
          "CSAFPID-88",
          "CSAFPID-89",
          "CSAFPID-90",
          "CSAFPID-91",
          "CSAFPID-92",
          "CSAFPID-93",
          "CSAFPID-94",
          "CSAFPID-95",
          "CSAFPID-96",
          "CSAFPID-97",
          "CSAFPID-98",
          "CSAFPID-99",
          "CSAFPID-100",
          "CSAFPID-101",
          "CSAFPID-102",
          "CSAFPID-103",
          "CSAFPID-104",
          "CSAFPID-105",
          "CSAFPID-106",
          "CSAFPID-107",
          "CSAFPID-108",
          "CSAFPID-109",
          "CSAFPID-110",
          "CSAFPID-111",
          "CSAFPID-112",
          "CSAFPID-113",
          "CSAFPID-114",
          "CSAFPID-115",
          "CSAFPID-116",
          "CSAFPID-117",
          "CSAFPID-118",
          "CSAFPID-119",
          "CSAFPID-120",
          "CSAFPID-121",
          "CSAFPID-122",
          "CSAFPID-123",
          "CSAFPID-124",
          "CSAFPID-125",
          "CSAFPID-126"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-66030 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-66030.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18",
            "CSAFPID-19",
            "CSAFPID-20",
            "CSAFPID-21",
            "CSAFPID-22",
            "CSAFPID-23",
            "CSAFPID-24",
            "CSAFPID-25",
            "CSAFPID-26",
            "CSAFPID-27",
            "CSAFPID-28",
            "CSAFPID-29",
            "CSAFPID-30",
            "CSAFPID-31",
            "CSAFPID-32",
            "CSAFPID-33",
            "CSAFPID-34",
            "CSAFPID-35",
            "CSAFPID-36",
            "CSAFPID-37",
            "CSAFPID-38",
            "CSAFPID-39",
            "CSAFPID-40",
            "CSAFPID-41",
            "CSAFPID-42",
            "CSAFPID-43",
            "CSAFPID-44",
            "CSAFPID-45",
            "CSAFPID-46",
            "CSAFPID-47",
            "CSAFPID-48",
            "CSAFPID-49",
            "CSAFPID-50",
            "CSAFPID-51",
            "CSAFPID-52",
            "CSAFPID-53",
            "CSAFPID-54",
            "CSAFPID-55",
            "CSAFPID-56",
            "CSAFPID-57",
            "CSAFPID-58",
            "CSAFPID-59",
            "CSAFPID-60",
            "CSAFPID-61",
            "CSAFPID-62",
            "CSAFPID-63",
            "CSAFPID-64",
            "CSAFPID-65",
            "CSAFPID-66",
            "CSAFPID-67",
            "CSAFPID-68",
            "CSAFPID-69",
            "CSAFPID-70",
            "CSAFPID-71",
            "CSAFPID-72",
            "CSAFPID-73",
            "CSAFPID-74",
            "CSAFPID-75",
            "CSAFPID-76",
            "CSAFPID-77",
            "CSAFPID-78",
            "CSAFPID-79",
            "CSAFPID-80",
            "CSAFPID-81",
            "CSAFPID-82",
            "CSAFPID-83",
            "CSAFPID-84",
            "CSAFPID-85",
            "CSAFPID-86",
            "CSAFPID-87",
            "CSAFPID-88",
            "CSAFPID-89",
            "CSAFPID-90",
            "CSAFPID-91",
            "CSAFPID-92",
            "CSAFPID-93",
            "CSAFPID-94",
            "CSAFPID-95",
            "CSAFPID-96",
            "CSAFPID-97",
            "CSAFPID-98",
            "CSAFPID-99",
            "CSAFPID-100",
            "CSAFPID-101",
            "CSAFPID-102",
            "CSAFPID-103",
            "CSAFPID-104",
            "CSAFPID-105",
            "CSAFPID-106",
            "CSAFPID-107",
            "CSAFPID-108",
            "CSAFPID-109",
            "CSAFPID-110",
            "CSAFPID-111",
            "CSAFPID-112",
            "CSAFPID-113",
            "CSAFPID-114",
            "CSAFPID-115",
            "CSAFPID-116",
            "CSAFPID-117",
            "CSAFPID-118",
            "CSAFPID-119",
            "CSAFPID-120",
            "CSAFPID-121",
            "CSAFPID-122",
            "CSAFPID-123",
            "CSAFPID-124",
            "CSAFPID-125",
            "CSAFPID-126"
          ]
        }
      ],
      "title": "CVE-2025-66030"
    },
    {
      "cve": "CVE-2025-66031",
      "cwe": {
        "id": "CWE-674",
        "name": "Uncontrolled Recursion"
      },
      "notes": [
        {
          "category": "other",
          "text": "Uncontrolled Recursion",
          "title": "CWE-674"
        },
        {
          "category": "description",
          "text": "An Uncontrolled Recursion vulnerability in node-forge versions 1.3.1 and below allows remote attackers to exploit ASN.1 structures, leading to Denial-of-Service via stack exhaustion during TLS connections or certificate parsing.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18",
          "CSAFPID-19",
          "CSAFPID-20",
          "CSAFPID-21",
          "CSAFPID-22",
          "CSAFPID-23",
          "CSAFPID-24",
          "CSAFPID-25",
          "CSAFPID-26",
          "CSAFPID-27",
          "CSAFPID-28",
          "CSAFPID-29",
          "CSAFPID-30",
          "CSAFPID-31",
          "CSAFPID-32",
          "CSAFPID-33",
          "CSAFPID-34",
          "CSAFPID-35",
          "CSAFPID-36",
          "CSAFPID-37",
          "CSAFPID-38",
          "CSAFPID-39",
          "CSAFPID-40",
          "CSAFPID-41",
          "CSAFPID-42",
          "CSAFPID-43",
          "CSAFPID-44",
          "CSAFPID-45",
          "CSAFPID-46",
          "CSAFPID-47",
          "CSAFPID-48",
          "CSAFPID-49",
          "CSAFPID-50",
          "CSAFPID-51",
          "CSAFPID-52",
          "CSAFPID-53",
          "CSAFPID-54",
          "CSAFPID-55",
          "CSAFPID-56",
          "CSAFPID-57",
          "CSAFPID-58",
          "CSAFPID-59",
          "CSAFPID-60",
          "CSAFPID-61",
          "CSAFPID-62",
          "CSAFPID-63",
          "CSAFPID-64",
          "CSAFPID-65",
          "CSAFPID-66",
          "CSAFPID-67",
          "CSAFPID-68",
          "CSAFPID-69",
          "CSAFPID-70",
          "CSAFPID-71",
          "CSAFPID-72",
          "CSAFPID-73",
          "CSAFPID-74",
          "CSAFPID-75",
          "CSAFPID-76",
          "CSAFPID-77",
          "CSAFPID-78",
          "CSAFPID-79",
          "CSAFPID-80",
          "CSAFPID-81",
          "CSAFPID-82",
          "CSAFPID-83",
          "CSAFPID-84",
          "CSAFPID-85",
          "CSAFPID-86",
          "CSAFPID-87",
          "CSAFPID-88",
          "CSAFPID-89",
          "CSAFPID-90",
          "CSAFPID-91",
          "CSAFPID-92",
          "CSAFPID-93",
          "CSAFPID-94",
          "CSAFPID-95",
          "CSAFPID-96",
          "CSAFPID-97",
          "CSAFPID-98",
          "CSAFPID-99",
          "CSAFPID-100",
          "CSAFPID-101",
          "CSAFPID-102",
          "CSAFPID-103",
          "CSAFPID-104",
          "CSAFPID-105",
          "CSAFPID-106",
          "CSAFPID-107",
          "CSAFPID-108",
          "CSAFPID-109",
          "CSAFPID-110",
          "CSAFPID-111",
          "CSAFPID-112",
          "CSAFPID-113",
          "CSAFPID-114",
          "CSAFPID-115",
          "CSAFPID-116",
          "CSAFPID-117",
          "CSAFPID-118",
          "CSAFPID-119",
          "CSAFPID-120",
          "CSAFPID-121",
          "CSAFPID-122",
          "CSAFPID-123",
          "CSAFPID-124",
          "CSAFPID-125",
          "CSAFPID-126"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-66031 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-66031.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18",
            "CSAFPID-19",
            "CSAFPID-20",
            "CSAFPID-21",
            "CSAFPID-22",
            "CSAFPID-23",
            "CSAFPID-24",
            "CSAFPID-25",
            "CSAFPID-26",
            "CSAFPID-27",
            "CSAFPID-28",
            "CSAFPID-29",
            "CSAFPID-30",
            "CSAFPID-31",
            "CSAFPID-32",
            "CSAFPID-33",
            "CSAFPID-34",
            "CSAFPID-35",
            "CSAFPID-36",
            "CSAFPID-37",
            "CSAFPID-38",
            "CSAFPID-39",
            "CSAFPID-40",
            "CSAFPID-41",
            "CSAFPID-42",
            "CSAFPID-43",
            "CSAFPID-44",
            "CSAFPID-45",
            "CSAFPID-46",
            "CSAFPID-47",
            "CSAFPID-48",
            "CSAFPID-49",
            "CSAFPID-50",
            "CSAFPID-51",
            "CSAFPID-52",
            "CSAFPID-53",
            "CSAFPID-54",
            "CSAFPID-55",
            "CSAFPID-56",
            "CSAFPID-57",
            "CSAFPID-58",
            "CSAFPID-59",
            "CSAFPID-60",
            "CSAFPID-61",
            "CSAFPID-62",
            "CSAFPID-63",
            "CSAFPID-64",
            "CSAFPID-65",
            "CSAFPID-66",
            "CSAFPID-67",
            "CSAFPID-68",
            "CSAFPID-69",
            "CSAFPID-70",
            "CSAFPID-71",
            "CSAFPID-72",
            "CSAFPID-73",
            "CSAFPID-74",
            "CSAFPID-75",
            "CSAFPID-76",
            "CSAFPID-77",
            "CSAFPID-78",
            "CSAFPID-79",
            "CSAFPID-80",
            "CSAFPID-81",
            "CSAFPID-82",
            "CSAFPID-83",
            "CSAFPID-84",
            "CSAFPID-85",
            "CSAFPID-86",
            "CSAFPID-87",
            "CSAFPID-88",
            "CSAFPID-89",
            "CSAFPID-90",
            "CSAFPID-91",
            "CSAFPID-92",
            "CSAFPID-93",
            "CSAFPID-94",
            "CSAFPID-95",
            "CSAFPID-96",
            "CSAFPID-97",
            "CSAFPID-98",
            "CSAFPID-99",
            "CSAFPID-100",
            "CSAFPID-101",
            "CSAFPID-102",
            "CSAFPID-103",
            "CSAFPID-104",
            "CSAFPID-105",
            "CSAFPID-106",
            "CSAFPID-107",
            "CSAFPID-108",
            "CSAFPID-109",
            "CSAFPID-110",
            "CSAFPID-111",
            "CSAFPID-112",
            "CSAFPID-113",
            "CSAFPID-114",
            "CSAFPID-115",
            "CSAFPID-116",
            "CSAFPID-117",
            "CSAFPID-118",
            "CSAFPID-119",
            "CSAFPID-120",
            "CSAFPID-121",
            "CSAFPID-122",
            "CSAFPID-123",
            "CSAFPID-124",
            "CSAFPID-125",
            "CSAFPID-126"
          ]
        }
      ],
      "title": "CVE-2025-66031"
    },
    {
      "cve": "CVE-2025-66035",
      "cwe": {
        "id": "CWE-201",
        "name": "Insertion of Sensitive Information Into Sent Data"
      },
      "notes": [
        {
          "category": "other",
          "text": "Insertion of Sensitive Information Into Sent Data",
          "title": "CWE-201"
        },
        {
          "category": "other",
          "text": "Exposure of Private Personal Information to an Unauthorized Actor",
          "title": "CWE-359"
        },
        {
          "category": "other",
          "text": "CWE-1035",
          "title": "CWE-1035"
        },
        {
          "category": "other",
          "text": "CWE-937",
          "title": "CWE-937"
        },
        {
          "category": "description",
          "text": "The document outlines a vulnerability in Angular\u0027s HttpClient that allows unauthorized disclosure of the XSRF token due to improper handling of protocol-relative URLs, affecting versions prior to 19.2.16, 20.3.14, and 21.0.1.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18",
          "CSAFPID-19",
          "CSAFPID-20",
          "CSAFPID-21",
          "CSAFPID-22",
          "CSAFPID-23",
          "CSAFPID-24",
          "CSAFPID-25",
          "CSAFPID-26",
          "CSAFPID-27",
          "CSAFPID-28",
          "CSAFPID-29",
          "CSAFPID-30",
          "CSAFPID-31",
          "CSAFPID-32",
          "CSAFPID-33",
          "CSAFPID-34",
          "CSAFPID-35",
          "CSAFPID-36",
          "CSAFPID-37",
          "CSAFPID-38",
          "CSAFPID-39",
          "CSAFPID-40",
          "CSAFPID-41",
          "CSAFPID-42",
          "CSAFPID-43",
          "CSAFPID-44",
          "CSAFPID-45",
          "CSAFPID-46",
          "CSAFPID-47",
          "CSAFPID-48",
          "CSAFPID-49",
          "CSAFPID-50",
          "CSAFPID-51",
          "CSAFPID-52",
          "CSAFPID-53",
          "CSAFPID-54",
          "CSAFPID-55",
          "CSAFPID-56",
          "CSAFPID-57",
          "CSAFPID-58",
          "CSAFPID-59",
          "CSAFPID-60",
          "CSAFPID-61",
          "CSAFPID-62",
          "CSAFPID-63",
          "CSAFPID-64",
          "CSAFPID-65",
          "CSAFPID-66",
          "CSAFPID-67",
          "CSAFPID-68",
          "CSAFPID-69",
          "CSAFPID-70",
          "CSAFPID-71",
          "CSAFPID-72",
          "CSAFPID-73",
          "CSAFPID-74",
          "CSAFPID-75",
          "CSAFPID-76",
          "CSAFPID-77",
          "CSAFPID-78",
          "CSAFPID-79",
          "CSAFPID-80",
          "CSAFPID-81",
          "CSAFPID-82",
          "CSAFPID-83",
          "CSAFPID-84",
          "CSAFPID-85",
          "CSAFPID-86",
          "CSAFPID-87",
          "CSAFPID-88",
          "CSAFPID-89",
          "CSAFPID-90",
          "CSAFPID-91",
          "CSAFPID-92",
          "CSAFPID-93",
          "CSAFPID-94",
          "CSAFPID-95",
          "CSAFPID-96",
          "CSAFPID-97",
          "CSAFPID-98",
          "CSAFPID-99",
          "CSAFPID-100",
          "CSAFPID-101",
          "CSAFPID-102",
          "CSAFPID-103",
          "CSAFPID-104",
          "CSAFPID-105",
          "CSAFPID-106",
          "CSAFPID-107",
          "CSAFPID-108",
          "CSAFPID-109",
          "CSAFPID-110",
          "CSAFPID-111",
          "CSAFPID-112",
          "CSAFPID-113",
          "CSAFPID-114",
          "CSAFPID-115",
          "CSAFPID-116",
          "CSAFPID-117",
          "CSAFPID-118",
          "CSAFPID-119",
          "CSAFPID-120",
          "CSAFPID-121",
          "CSAFPID-122",
          "CSAFPID-123",
          "CSAFPID-124",
          "CSAFPID-125",
          "CSAFPID-126"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-66035 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-66035.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.6,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18",
            "CSAFPID-19",
            "CSAFPID-20",
            "CSAFPID-21",
            "CSAFPID-22",
            "CSAFPID-23",
            "CSAFPID-24",
            "CSAFPID-25",
            "CSAFPID-26",
            "CSAFPID-27",
            "CSAFPID-28",
            "CSAFPID-29",
            "CSAFPID-30",
            "CSAFPID-31",
            "CSAFPID-32",
            "CSAFPID-33",
            "CSAFPID-34",
            "CSAFPID-35",
            "CSAFPID-36",
            "CSAFPID-37",
            "CSAFPID-38",
            "CSAFPID-39",
            "CSAFPID-40",
            "CSAFPID-41",
            "CSAFPID-42",
            "CSAFPID-43",
            "CSAFPID-44",
            "CSAFPID-45",
            "CSAFPID-46",
            "CSAFPID-47",
            "CSAFPID-48",
            "CSAFPID-49",
            "CSAFPID-50",
            "CSAFPID-51",
            "CSAFPID-52",
            "CSAFPID-53",
            "CSAFPID-54",
            "CSAFPID-55",
            "CSAFPID-56",
            "CSAFPID-57",
            "CSAFPID-58",
            "CSAFPID-59",
            "CSAFPID-60",
            "CSAFPID-61",
            "CSAFPID-62",
            "CSAFPID-63",
            "CSAFPID-64",
            "CSAFPID-65",
            "CSAFPID-66",
            "CSAFPID-67",
            "CSAFPID-68",
            "CSAFPID-69",
            "CSAFPID-70",
            "CSAFPID-71",
            "CSAFPID-72",
            "CSAFPID-73",
            "CSAFPID-74",
            "CSAFPID-75",
            "CSAFPID-76",
            "CSAFPID-77",
            "CSAFPID-78",
            "CSAFPID-79",
            "CSAFPID-80",
            "CSAFPID-81",
            "CSAFPID-82",
            "CSAFPID-83",
            "CSAFPID-84",
            "CSAFPID-85",
            "CSAFPID-86",
            "CSAFPID-87",
            "CSAFPID-88",
            "CSAFPID-89",
            "CSAFPID-90",
            "CSAFPID-91",
            "CSAFPID-92",
            "CSAFPID-93",
            "CSAFPID-94",
            "CSAFPID-95",
            "CSAFPID-96",
            "CSAFPID-97",
            "CSAFPID-98",
            "CSAFPID-99",
            "CSAFPID-100",
            "CSAFPID-101",
            "CSAFPID-102",
            "CSAFPID-103",
            "CSAFPID-104",
            "CSAFPID-105",
            "CSAFPID-106",
            "CSAFPID-107",
            "CSAFPID-108",
            "CSAFPID-109",
            "CSAFPID-110",
            "CSAFPID-111",
            "CSAFPID-112",
            "CSAFPID-113",
            "CSAFPID-114",
            "CSAFPID-115",
            "CSAFPID-116",
            "CSAFPID-117",
            "CSAFPID-118",
            "CSAFPID-119",
            "CSAFPID-120",
            "CSAFPID-121",
            "CSAFPID-122",
            "CSAFPID-123",
            "CSAFPID-124",
            "CSAFPID-125",
            "CSAFPID-126"
          ]
        }
      ],
      "title": "CVE-2025-66035"
    },
    {
      "cve": "CVE-2025-66412",
      "cwe": {
        "id": "CWE-79",
        "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
          "title": "CWE-79"
        },
        {
          "category": "other",
          "text": "CWE-1035",
          "title": "CWE-1035"
        },
        {
          "category": "other",
          "text": "CWE-937",
          "title": "CWE-937"
        },
        {
          "category": "description",
          "text": "A Stored Cross-Site Scripting vulnerability in Angular Template Compiler prior to versions 21.0.2, 20.3.15, and 19.2.17 allows attackers to inject malicious scripts via improperly validated URL attributes and SVG elements.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18",
          "CSAFPID-19",
          "CSAFPID-20",
          "CSAFPID-21",
          "CSAFPID-22",
          "CSAFPID-23",
          "CSAFPID-24",
          "CSAFPID-25",
          "CSAFPID-26",
          "CSAFPID-27",
          "CSAFPID-28",
          "CSAFPID-29",
          "CSAFPID-30",
          "CSAFPID-31",
          "CSAFPID-32",
          "CSAFPID-33",
          "CSAFPID-34",
          "CSAFPID-35",
          "CSAFPID-36",
          "CSAFPID-37",
          "CSAFPID-38",
          "CSAFPID-39",
          "CSAFPID-40",
          "CSAFPID-41",
          "CSAFPID-42",
          "CSAFPID-43",
          "CSAFPID-44",
          "CSAFPID-45",
          "CSAFPID-46",
          "CSAFPID-47",
          "CSAFPID-48",
          "CSAFPID-49",
          "CSAFPID-50",
          "CSAFPID-51",
          "CSAFPID-52",
          "CSAFPID-53",
          "CSAFPID-54",
          "CSAFPID-55",
          "CSAFPID-56",
          "CSAFPID-57",
          "CSAFPID-58",
          "CSAFPID-59",
          "CSAFPID-60",
          "CSAFPID-61",
          "CSAFPID-62",
          "CSAFPID-63",
          "CSAFPID-64",
          "CSAFPID-65",
          "CSAFPID-66",
          "CSAFPID-67",
          "CSAFPID-68",
          "CSAFPID-69",
          "CSAFPID-70",
          "CSAFPID-71",
          "CSAFPID-72",
          "CSAFPID-73",
          "CSAFPID-74",
          "CSAFPID-75",
          "CSAFPID-76",
          "CSAFPID-77",
          "CSAFPID-78",
          "CSAFPID-79",
          "CSAFPID-80",
          "CSAFPID-81",
          "CSAFPID-82",
          "CSAFPID-83",
          "CSAFPID-84",
          "CSAFPID-85",
          "CSAFPID-86",
          "CSAFPID-87",
          "CSAFPID-88",
          "CSAFPID-89",
          "CSAFPID-90",
          "CSAFPID-91",
          "CSAFPID-92",
          "CSAFPID-93",
          "CSAFPID-94",
          "CSAFPID-95",
          "CSAFPID-96",
          "CSAFPID-97",
          "CSAFPID-98",
          "CSAFPID-99",
          "CSAFPID-100",
          "CSAFPID-101",
          "CSAFPID-102",
          "CSAFPID-103",
          "CSAFPID-104",
          "CSAFPID-105",
          "CSAFPID-106",
          "CSAFPID-107",
          "CSAFPID-108",
          "CSAFPID-109",
          "CSAFPID-110",
          "CSAFPID-111",
          "CSAFPID-112",
          "CSAFPID-113",
          "CSAFPID-114",
          "CSAFPID-115",
          "CSAFPID-116",
          "CSAFPID-117",
          "CSAFPID-118",
          "CSAFPID-119",
          "CSAFPID-120",
          "CSAFPID-121",
          "CSAFPID-122",
          "CSAFPID-123",
          "CSAFPID-124",
          "CSAFPID-125",
          "CSAFPID-126"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-66412 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-66412.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18",
            "CSAFPID-19",
            "CSAFPID-20",
            "CSAFPID-21",
            "CSAFPID-22",
            "CSAFPID-23",
            "CSAFPID-24",
            "CSAFPID-25",
            "CSAFPID-26",
            "CSAFPID-27",
            "CSAFPID-28",
            "CSAFPID-29",
            "CSAFPID-30",
            "CSAFPID-31",
            "CSAFPID-32",
            "CSAFPID-33",
            "CSAFPID-34",
            "CSAFPID-35",
            "CSAFPID-36",
            "CSAFPID-37",
            "CSAFPID-38",
            "CSAFPID-39",
            "CSAFPID-40",
            "CSAFPID-41",
            "CSAFPID-42",
            "CSAFPID-43",
            "CSAFPID-44",
            "CSAFPID-45",
            "CSAFPID-46",
            "CSAFPID-47",
            "CSAFPID-48",
            "CSAFPID-49",
            "CSAFPID-50",
            "CSAFPID-51",
            "CSAFPID-52",
            "CSAFPID-53",
            "CSAFPID-54",
            "CSAFPID-55",
            "CSAFPID-56",
            "CSAFPID-57",
            "CSAFPID-58",
            "CSAFPID-59",
            "CSAFPID-60",
            "CSAFPID-61",
            "CSAFPID-62",
            "CSAFPID-63",
            "CSAFPID-64",
            "CSAFPID-65",
            "CSAFPID-66",
            "CSAFPID-67",
            "CSAFPID-68",
            "CSAFPID-69",
            "CSAFPID-70",
            "CSAFPID-71",
            "CSAFPID-72",
            "CSAFPID-73",
            "CSAFPID-74",
            "CSAFPID-75",
            "CSAFPID-76",
            "CSAFPID-77",
            "CSAFPID-78",
            "CSAFPID-79",
            "CSAFPID-80",
            "CSAFPID-81",
            "CSAFPID-82",
            "CSAFPID-83",
            "CSAFPID-84",
            "CSAFPID-85",
            "CSAFPID-86",
            "CSAFPID-87",
            "CSAFPID-88",
            "CSAFPID-89",
            "CSAFPID-90",
            "CSAFPID-91",
            "CSAFPID-92",
            "CSAFPID-93",
            "CSAFPID-94",
            "CSAFPID-95",
            "CSAFPID-96",
            "CSAFPID-97",
            "CSAFPID-98",
            "CSAFPID-99",
            "CSAFPID-100",
            "CSAFPID-101",
            "CSAFPID-102",
            "CSAFPID-103",
            "CSAFPID-104",
            "CSAFPID-105",
            "CSAFPID-106",
            "CSAFPID-107",
            "CSAFPID-108",
            "CSAFPID-109",
            "CSAFPID-110",
            "CSAFPID-111",
            "CSAFPID-112",
            "CSAFPID-113",
            "CSAFPID-114",
            "CSAFPID-115",
            "CSAFPID-116",
            "CSAFPID-117",
            "CSAFPID-118",
            "CSAFPID-119",
            "CSAFPID-120",
            "CSAFPID-121",
            "CSAFPID-122",
            "CSAFPID-123",
            "CSAFPID-124",
            "CSAFPID-125",
            "CSAFPID-126"
          ]
        }
      ],
      "title": "CVE-2025-66412"
    },
    {
      "cve": "CVE-2025-69277",
      "cwe": {
        "id": "CWE-184",
        "name": "Incomplete List of Disallowed Inputs"
      },
      "notes": [
        {
          "category": "other",
          "text": "Incomplete List of Disallowed Inputs",
          "title": "CWE-184"
        },
        {
          "category": "other",
          "text": "CWE-1035",
          "title": "CWE-1035"
        },
        {
          "category": "other",
          "text": "CWE-937",
          "title": "CWE-937"
        },
        {
          "category": "description",
          "text": "Libsodium versions prior to ad3004e contain vulnerabilities in the crypto_core_ed25519_is_valid_point function that cause improper validation of elliptic curve points, potentially allowing security bypasses in custom cryptographic scenarios.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18",
          "CSAFPID-19",
          "CSAFPID-20",
          "CSAFPID-21",
          "CSAFPID-22",
          "CSAFPID-23",
          "CSAFPID-24",
          "CSAFPID-25",
          "CSAFPID-26",
          "CSAFPID-27",
          "CSAFPID-28",
          "CSAFPID-29",
          "CSAFPID-30",
          "CSAFPID-31",
          "CSAFPID-32",
          "CSAFPID-33",
          "CSAFPID-34",
          "CSAFPID-35",
          "CSAFPID-36",
          "CSAFPID-37",
          "CSAFPID-38",
          "CSAFPID-39",
          "CSAFPID-40",
          "CSAFPID-41",
          "CSAFPID-42",
          "CSAFPID-43",
          "CSAFPID-44",
          "CSAFPID-45",
          "CSAFPID-46",
          "CSAFPID-47",
          "CSAFPID-48",
          "CSAFPID-49",
          "CSAFPID-50",
          "CSAFPID-51",
          "CSAFPID-52",
          "CSAFPID-53",
          "CSAFPID-54",
          "CSAFPID-55",
          "CSAFPID-56",
          "CSAFPID-57",
          "CSAFPID-58",
          "CSAFPID-59",
          "CSAFPID-60",
          "CSAFPID-61",
          "CSAFPID-62",
          "CSAFPID-63",
          "CSAFPID-64",
          "CSAFPID-65",
          "CSAFPID-66",
          "CSAFPID-67",
          "CSAFPID-68",
          "CSAFPID-69",
          "CSAFPID-70",
          "CSAFPID-71",
          "CSAFPID-72",
          "CSAFPID-73",
          "CSAFPID-74",
          "CSAFPID-75",
          "CSAFPID-76",
          "CSAFPID-77",
          "CSAFPID-78",
          "CSAFPID-79",
          "CSAFPID-80",
          "CSAFPID-81",
          "CSAFPID-82",
          "CSAFPID-83",
          "CSAFPID-84",
          "CSAFPID-85",
          "CSAFPID-86",
          "CSAFPID-87",
          "CSAFPID-88",
          "CSAFPID-89",
          "CSAFPID-90",
          "CSAFPID-91",
          "CSAFPID-92",
          "CSAFPID-93",
          "CSAFPID-94",
          "CSAFPID-95",
          "CSAFPID-96",
          "CSAFPID-97",
          "CSAFPID-98",
          "CSAFPID-99",
          "CSAFPID-100",
          "CSAFPID-101",
          "CSAFPID-102",
          "CSAFPID-103",
          "CSAFPID-104",
          "CSAFPID-105",
          "CSAFPID-106",
          "CSAFPID-107",
          "CSAFPID-108",
          "CSAFPID-109",
          "CSAFPID-110",
          "CSAFPID-111",
          "CSAFPID-112",
          "CSAFPID-113",
          "CSAFPID-114",
          "CSAFPID-115",
          "CSAFPID-116",
          "CSAFPID-117",
          "CSAFPID-118",
          "CSAFPID-119",
          "CSAFPID-120",
          "CSAFPID-121",
          "CSAFPID-122",
          "CSAFPID-123",
          "CSAFPID-124",
          "CSAFPID-125",
          "CSAFPID-126"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-69277 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-69277.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18",
            "CSAFPID-19",
            "CSAFPID-20",
            "CSAFPID-21",
            "CSAFPID-22",
            "CSAFPID-23",
            "CSAFPID-24",
            "CSAFPID-25",
            "CSAFPID-26",
            "CSAFPID-27",
            "CSAFPID-28",
            "CSAFPID-29",
            "CSAFPID-30",
            "CSAFPID-31",
            "CSAFPID-32",
            "CSAFPID-33",
            "CSAFPID-34",
            "CSAFPID-35",
            "CSAFPID-36",
            "CSAFPID-37",
            "CSAFPID-38",
            "CSAFPID-39",
            "CSAFPID-40",
            "CSAFPID-41",
            "CSAFPID-42",
            "CSAFPID-43",
            "CSAFPID-44",
            "CSAFPID-45",
            "CSAFPID-46",
            "CSAFPID-47",
            "CSAFPID-48",
            "CSAFPID-49",
            "CSAFPID-50",
            "CSAFPID-51",
            "CSAFPID-52",
            "CSAFPID-53",
            "CSAFPID-54",
            "CSAFPID-55",
            "CSAFPID-56",
            "CSAFPID-57",
            "CSAFPID-58",
            "CSAFPID-59",
            "CSAFPID-60",
            "CSAFPID-61",
            "CSAFPID-62",
            "CSAFPID-63",
            "CSAFPID-64",
            "CSAFPID-65",
            "CSAFPID-66",
            "CSAFPID-67",
            "CSAFPID-68",
            "CSAFPID-69",
            "CSAFPID-70",
            "CSAFPID-71",
            "CSAFPID-72",
            "CSAFPID-73",
            "CSAFPID-74",
            "CSAFPID-75",
            "CSAFPID-76",
            "CSAFPID-77",
            "CSAFPID-78",
            "CSAFPID-79",
            "CSAFPID-80",
            "CSAFPID-81",
            "CSAFPID-82",
            "CSAFPID-83",
            "CSAFPID-84",
            "CSAFPID-85",
            "CSAFPID-86",
            "CSAFPID-87",
            "CSAFPID-88",
            "CSAFPID-89",
            "CSAFPID-90",
            "CSAFPID-91",
            "CSAFPID-92",
            "CSAFPID-93",
            "CSAFPID-94",
            "CSAFPID-95",
            "CSAFPID-96",
            "CSAFPID-97",
            "CSAFPID-98",
            "CSAFPID-99",
            "CSAFPID-100",
            "CSAFPID-101",
            "CSAFPID-102",
            "CSAFPID-103",
            "CSAFPID-104",
            "CSAFPID-105",
            "CSAFPID-106",
            "CSAFPID-107",
            "CSAFPID-108",
            "CSAFPID-109",
            "CSAFPID-110",
            "CSAFPID-111",
            "CSAFPID-112",
            "CSAFPID-113",
            "CSAFPID-114",
            "CSAFPID-115",
            "CSAFPID-116",
            "CSAFPID-117",
            "CSAFPID-118",
            "CSAFPID-119",
            "CSAFPID-120",
            "CSAFPID-121",
            "CSAFPID-122",
            "CSAFPID-123",
            "CSAFPID-124",
            "CSAFPID-125",
            "CSAFPID-126"
          ]
        }
      ],
      "title": "CVE-2025-69277"
    },
    {
      "cve": "CVE-2026-22610",
      "cwe": {
        "id": "CWE-79",
        "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
          "title": "CWE-79"
        },
        {
          "category": "other",
          "text": "CWE-1035",
          "title": "CWE-1035"
        },
        {
          "category": "other",
          "text": "CWE-937",
          "title": "CWE-937"
        },
        {
          "category": "description",
          "text": "A Cross-Site Scripting (XSS) vulnerability in the Angular Template Compiler allows for arbitrary JavaScript execution via improperly sanitized SVG `\u003cscript\u003e` attributes, affecting several Red Hat products with a moderate severity rating.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18",
          "CSAFPID-19",
          "CSAFPID-20",
          "CSAFPID-21",
          "CSAFPID-22",
          "CSAFPID-23",
          "CSAFPID-24",
          "CSAFPID-25",
          "CSAFPID-26",
          "CSAFPID-27",
          "CSAFPID-28",
          "CSAFPID-29",
          "CSAFPID-30",
          "CSAFPID-31",
          "CSAFPID-32",
          "CSAFPID-33",
          "CSAFPID-34",
          "CSAFPID-35",
          "CSAFPID-36",
          "CSAFPID-37",
          "CSAFPID-38",
          "CSAFPID-39",
          "CSAFPID-40",
          "CSAFPID-41",
          "CSAFPID-42",
          "CSAFPID-43",
          "CSAFPID-44",
          "CSAFPID-45",
          "CSAFPID-46",
          "CSAFPID-47",
          "CSAFPID-48",
          "CSAFPID-49",
          "CSAFPID-50",
          "CSAFPID-51",
          "CSAFPID-52",
          "CSAFPID-53",
          "CSAFPID-54",
          "CSAFPID-55",
          "CSAFPID-56",
          "CSAFPID-57",
          "CSAFPID-58",
          "CSAFPID-59",
          "CSAFPID-60",
          "CSAFPID-61",
          "CSAFPID-62",
          "CSAFPID-63",
          "CSAFPID-64",
          "CSAFPID-65",
          "CSAFPID-66",
          "CSAFPID-67",
          "CSAFPID-68",
          "CSAFPID-69",
          "CSAFPID-70",
          "CSAFPID-71",
          "CSAFPID-72",
          "CSAFPID-73",
          "CSAFPID-74",
          "CSAFPID-75",
          "CSAFPID-76",
          "CSAFPID-77",
          "CSAFPID-78",
          "CSAFPID-79",
          "CSAFPID-80",
          "CSAFPID-81",
          "CSAFPID-82",
          "CSAFPID-83",
          "CSAFPID-84",
          "CSAFPID-85",
          "CSAFPID-86",
          "CSAFPID-87",
          "CSAFPID-88",
          "CSAFPID-89",
          "CSAFPID-90",
          "CSAFPID-91",
          "CSAFPID-92",
          "CSAFPID-93",
          "CSAFPID-94",
          "CSAFPID-95",
          "CSAFPID-96",
          "CSAFPID-97",
          "CSAFPID-98",
          "CSAFPID-99",
          "CSAFPID-100",
          "CSAFPID-101",
          "CSAFPID-102",
          "CSAFPID-103",
          "CSAFPID-104",
          "CSAFPID-105",
          "CSAFPID-106",
          "CSAFPID-107",
          "CSAFPID-108",
          "CSAFPID-109",
          "CSAFPID-110",
          "CSAFPID-111",
          "CSAFPID-112",
          "CSAFPID-113",
          "CSAFPID-114",
          "CSAFPID-115",
          "CSAFPID-116",
          "CSAFPID-117",
          "CSAFPID-118",
          "CSAFPID-119",
          "CSAFPID-120",
          "CSAFPID-121",
          "CSAFPID-122",
          "CSAFPID-123",
          "CSAFPID-124",
          "CSAFPID-125",
          "CSAFPID-126"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-22610 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-22610.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.0,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18",
            "CSAFPID-19",
            "CSAFPID-20",
            "CSAFPID-21",
            "CSAFPID-22",
            "CSAFPID-23",
            "CSAFPID-24",
            "CSAFPID-25",
            "CSAFPID-26",
            "CSAFPID-27",
            "CSAFPID-28",
            "CSAFPID-29",
            "CSAFPID-30",
            "CSAFPID-31",
            "CSAFPID-32",
            "CSAFPID-33",
            "CSAFPID-34",
            "CSAFPID-35",
            "CSAFPID-36",
            "CSAFPID-37",
            "CSAFPID-38",
            "CSAFPID-39",
            "CSAFPID-40",
            "CSAFPID-41",
            "CSAFPID-42",
            "CSAFPID-43",
            "CSAFPID-44",
            "CSAFPID-45",
            "CSAFPID-46",
            "CSAFPID-47",
            "CSAFPID-48",
            "CSAFPID-49",
            "CSAFPID-50",
            "CSAFPID-51",
            "CSAFPID-52",
            "CSAFPID-53",
            "CSAFPID-54",
            "CSAFPID-55",
            "CSAFPID-56",
            "CSAFPID-57",
            "CSAFPID-58",
            "CSAFPID-59",
            "CSAFPID-60",
            "CSAFPID-61",
            "CSAFPID-62",
            "CSAFPID-63",
            "CSAFPID-64",
            "CSAFPID-65",
            "CSAFPID-66",
            "CSAFPID-67",
            "CSAFPID-68",
            "CSAFPID-69",
            "CSAFPID-70",
            "CSAFPID-71",
            "CSAFPID-72",
            "CSAFPID-73",
            "CSAFPID-74",
            "CSAFPID-75",
            "CSAFPID-76",
            "CSAFPID-77",
            "CSAFPID-78",
            "CSAFPID-79",
            "CSAFPID-80",
            "CSAFPID-81",
            "CSAFPID-82",
            "CSAFPID-83",
            "CSAFPID-84",
            "CSAFPID-85",
            "CSAFPID-86",
            "CSAFPID-87",
            "CSAFPID-88",
            "CSAFPID-89",
            "CSAFPID-90",
            "CSAFPID-91",
            "CSAFPID-92",
            "CSAFPID-93",
            "CSAFPID-94",
            "CSAFPID-95",
            "CSAFPID-96",
            "CSAFPID-97",
            "CSAFPID-98",
            "CSAFPID-99",
            "CSAFPID-100",
            "CSAFPID-101",
            "CSAFPID-102",
            "CSAFPID-103",
            "CSAFPID-104",
            "CSAFPID-105",
            "CSAFPID-106",
            "CSAFPID-107",
            "CSAFPID-108",
            "CSAFPID-109",
            "CSAFPID-110",
            "CSAFPID-111",
            "CSAFPID-112",
            "CSAFPID-113",
            "CSAFPID-114",
            "CSAFPID-115",
            "CSAFPID-116",
            "CSAFPID-117",
            "CSAFPID-118",
            "CSAFPID-119",
            "CSAFPID-120",
            "CSAFPID-121",
            "CSAFPID-122",
            "CSAFPID-123",
            "CSAFPID-124",
            "CSAFPID-125",
            "CSAFPID-126"
          ]
        }
      ],
      "title": "CVE-2026-22610"
    },
    {
      "cve": "CVE-2026-24858",
      "cwe": {
        "id": "CWE-288",
        "name": "Authentication Bypass Using an Alternate Path or Channel"
      },
      "notes": [
        {
          "category": "other",
          "text": "Authentication Bypass Using an Alternate Path or Channel",
          "title": "CWE-288"
        },
        {
          "category": "description",
          "text": "Multiple Fortinet products including FortiAnalyzer, FortiManager, FortiOS, and FortiProxy have an authentication bypass vulnerability exploitable via FortiCloud SSO, allowing attackers with FortiCloud credentials to access other users\u0027 devices.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18",
          "CSAFPID-19",
          "CSAFPID-20",
          "CSAFPID-21",
          "CSAFPID-22",
          "CSAFPID-23",
          "CSAFPID-24",
          "CSAFPID-25",
          "CSAFPID-26",
          "CSAFPID-27",
          "CSAFPID-28",
          "CSAFPID-29",
          "CSAFPID-30",
          "CSAFPID-31",
          "CSAFPID-32",
          "CSAFPID-33",
          "CSAFPID-34",
          "CSAFPID-35",
          "CSAFPID-36",
          "CSAFPID-37",
          "CSAFPID-38",
          "CSAFPID-39",
          "CSAFPID-40",
          "CSAFPID-41",
          "CSAFPID-42",
          "CSAFPID-43",
          "CSAFPID-44",
          "CSAFPID-45",
          "CSAFPID-46",
          "CSAFPID-47",
          "CSAFPID-48",
          "CSAFPID-49",
          "CSAFPID-50",
          "CSAFPID-51",
          "CSAFPID-52",
          "CSAFPID-53",
          "CSAFPID-54",
          "CSAFPID-55",
          "CSAFPID-56",
          "CSAFPID-57",
          "CSAFPID-58",
          "CSAFPID-59",
          "CSAFPID-60",
          "CSAFPID-61",
          "CSAFPID-62",
          "CSAFPID-63",
          "CSAFPID-64",
          "CSAFPID-65",
          "CSAFPID-66",
          "CSAFPID-67",
          "CSAFPID-68",
          "CSAFPID-69",
          "CSAFPID-70",
          "CSAFPID-71",
          "CSAFPID-72",
          "CSAFPID-73",
          "CSAFPID-74",
          "CSAFPID-75",
          "CSAFPID-76",
          "CSAFPID-77",
          "CSAFPID-78",
          "CSAFPID-79",
          "CSAFPID-80",
          "CSAFPID-81",
          "CSAFPID-82",
          "CSAFPID-83",
          "CSAFPID-84",
          "CSAFPID-85",
          "CSAFPID-86",
          "CSAFPID-87",
          "CSAFPID-88",
          "CSAFPID-89",
          "CSAFPID-90",
          "CSAFPID-91",
          "CSAFPID-92",
          "CSAFPID-93",
          "CSAFPID-94",
          "CSAFPID-95",
          "CSAFPID-96",
          "CSAFPID-97",
          "CSAFPID-98",
          "CSAFPID-99",
          "CSAFPID-100",
          "CSAFPID-101",
          "CSAFPID-102",
          "CSAFPID-103",
          "CSAFPID-104",
          "CSAFPID-105",
          "CSAFPID-106",
          "CSAFPID-107",
          "CSAFPID-108",
          "CSAFPID-109",
          "CSAFPID-110",
          "CSAFPID-111",
          "CSAFPID-112",
          "CSAFPID-113",
          "CSAFPID-114",
          "CSAFPID-115",
          "CSAFPID-116",
          "CSAFPID-117",
          "CSAFPID-118",
          "CSAFPID-119",
          "CSAFPID-120",
          "CSAFPID-121",
          "CSAFPID-122",
          "CSAFPID-123",
          "CSAFPID-124",
          "CSAFPID-125",
          "CSAFPID-126"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-24858 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-24858.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18",
            "CSAFPID-19",
            "CSAFPID-20",
            "CSAFPID-21",
            "CSAFPID-22",
            "CSAFPID-23",
            "CSAFPID-24",
            "CSAFPID-25",
            "CSAFPID-26",
            "CSAFPID-27",
            "CSAFPID-28",
            "CSAFPID-29",
            "CSAFPID-30",
            "CSAFPID-31",
            "CSAFPID-32",
            "CSAFPID-33",
            "CSAFPID-34",
            "CSAFPID-35",
            "CSAFPID-36",
            "CSAFPID-37",
            "CSAFPID-38",
            "CSAFPID-39",
            "CSAFPID-40",
            "CSAFPID-41",
            "CSAFPID-42",
            "CSAFPID-43",
            "CSAFPID-44",
            "CSAFPID-45",
            "CSAFPID-46",
            "CSAFPID-47",
            "CSAFPID-48",
            "CSAFPID-49",
            "CSAFPID-50",
            "CSAFPID-51",
            "CSAFPID-52",
            "CSAFPID-53",
            "CSAFPID-54",
            "CSAFPID-55",
            "CSAFPID-56",
            "CSAFPID-57",
            "CSAFPID-58",
            "CSAFPID-59",
            "CSAFPID-60",
            "CSAFPID-61",
            "CSAFPID-62",
            "CSAFPID-63",
            "CSAFPID-64",
            "CSAFPID-65",
            "CSAFPID-66",
            "CSAFPID-67",
            "CSAFPID-68",
            "CSAFPID-69",
            "CSAFPID-70",
            "CSAFPID-71",
            "CSAFPID-72",
            "CSAFPID-73",
            "CSAFPID-74",
            "CSAFPID-75",
            "CSAFPID-76",
            "CSAFPID-77",
            "CSAFPID-78",
            "CSAFPID-79",
            "CSAFPID-80",
            "CSAFPID-81",
            "CSAFPID-82",
            "CSAFPID-83",
            "CSAFPID-84",
            "CSAFPID-85",
            "CSAFPID-86",
            "CSAFPID-87",
            "CSAFPID-88",
            "CSAFPID-89",
            "CSAFPID-90",
            "CSAFPID-91",
            "CSAFPID-92",
            "CSAFPID-93",
            "CSAFPID-94",
            "CSAFPID-95",
            "CSAFPID-96",
            "CSAFPID-97",
            "CSAFPID-98",
            "CSAFPID-99",
            "CSAFPID-100",
            "CSAFPID-101",
            "CSAFPID-102",
            "CSAFPID-103",
            "CSAFPID-104",
            "CSAFPID-105",
            "CSAFPID-106",
            "CSAFPID-107",
            "CSAFPID-108",
            "CSAFPID-109",
            "CSAFPID-110",
            "CSAFPID-111",
            "CSAFPID-112",
            "CSAFPID-113",
            "CSAFPID-114",
            "CSAFPID-115",
            "CSAFPID-116",
            "CSAFPID-117",
            "CSAFPID-118",
            "CSAFPID-119",
            "CSAFPID-120",
            "CSAFPID-121",
            "CSAFPID-122",
            "CSAFPID-123",
            "CSAFPID-124",
            "CSAFPID-125",
            "CSAFPID-126"
          ]
        }
      ],
      "title": "CVE-2026-24858"
    },
    {
      "cve": "CVE-2026-25569",
      "cwe": {
        "id": "CWE-787",
        "name": "Out-of-bounds Write"
      },
      "notes": [
        {
          "category": "other",
          "text": "Out-of-bounds Write",
          "title": "CWE-787"
        },
        {
          "category": "description",
          "text": "An out-of-bounds write vulnerability in the SICAM SIAPP SDK could allow attackers to cause denial of service or execute arbitrary code, posing significant security risks.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18",
          "CSAFPID-19",
          "CSAFPID-20",
          "CSAFPID-21",
          "CSAFPID-22",
          "CSAFPID-23",
          "CSAFPID-24",
          "CSAFPID-25",
          "CSAFPID-26",
          "CSAFPID-27",
          "CSAFPID-28",
          "CSAFPID-29",
          "CSAFPID-30",
          "CSAFPID-31",
          "CSAFPID-32",
          "CSAFPID-33",
          "CSAFPID-34",
          "CSAFPID-35",
          "CSAFPID-36",
          "CSAFPID-37",
          "CSAFPID-38",
          "CSAFPID-39",
          "CSAFPID-40",
          "CSAFPID-41",
          "CSAFPID-42",
          "CSAFPID-43",
          "CSAFPID-44",
          "CSAFPID-45",
          "CSAFPID-46",
          "CSAFPID-47",
          "CSAFPID-48",
          "CSAFPID-49",
          "CSAFPID-50",
          "CSAFPID-51",
          "CSAFPID-52",
          "CSAFPID-53",
          "CSAFPID-54",
          "CSAFPID-55",
          "CSAFPID-56",
          "CSAFPID-57",
          "CSAFPID-58",
          "CSAFPID-59",
          "CSAFPID-60",
          "CSAFPID-61",
          "CSAFPID-62",
          "CSAFPID-63",
          "CSAFPID-64",
          "CSAFPID-65",
          "CSAFPID-66",
          "CSAFPID-67",
          "CSAFPID-68",
          "CSAFPID-69",
          "CSAFPID-70",
          "CSAFPID-71",
          "CSAFPID-72",
          "CSAFPID-73",
          "CSAFPID-74",
          "CSAFPID-75",
          "CSAFPID-76",
          "CSAFPID-77",
          "CSAFPID-78",
          "CSAFPID-79",
          "CSAFPID-80",
          "CSAFPID-81",
          "CSAFPID-82",
          "CSAFPID-83",
          "CSAFPID-84",
          "CSAFPID-85",
          "CSAFPID-86",
          "CSAFPID-87",
          "CSAFPID-88",
          "CSAFPID-89",
          "CSAFPID-90",
          "CSAFPID-91",
          "CSAFPID-92",
          "CSAFPID-93",
          "CSAFPID-94",
          "CSAFPID-95",
          "CSAFPID-96",
          "CSAFPID-97",
          "CSAFPID-98",
          "CSAFPID-99",
          "CSAFPID-100",
          "CSAFPID-101",
          "CSAFPID-102",
          "CSAFPID-103",
          "CSAFPID-104",
          "CSAFPID-105",
          "CSAFPID-106",
          "CSAFPID-107",
          "CSAFPID-108",
          "CSAFPID-109",
          "CSAFPID-110",
          "CSAFPID-111",
          "CSAFPID-112",
          "CSAFPID-113",
          "CSAFPID-114",
          "CSAFPID-115",
          "CSAFPID-116",
          "CSAFPID-117",
          "CSAFPID-118",
          "CSAFPID-119",
          "CSAFPID-120",
          "CSAFPID-121",
          "CSAFPID-122",
          "CSAFPID-123",
          "CSAFPID-124",
          "CSAFPID-125",
          "CSAFPID-126"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-25569 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-25569.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.4,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18",
            "CSAFPID-19",
            "CSAFPID-20",
            "CSAFPID-21",
            "CSAFPID-22",
            "CSAFPID-23",
            "CSAFPID-24",
            "CSAFPID-25",
            "CSAFPID-26",
            "CSAFPID-27",
            "CSAFPID-28",
            "CSAFPID-29",
            "CSAFPID-30",
            "CSAFPID-31",
            "CSAFPID-32",
            "CSAFPID-33",
            "CSAFPID-34",
            "CSAFPID-35",
            "CSAFPID-36",
            "CSAFPID-37",
            "CSAFPID-38",
            "CSAFPID-39",
            "CSAFPID-40",
            "CSAFPID-41",
            "CSAFPID-42",
            "CSAFPID-43",
            "CSAFPID-44",
            "CSAFPID-45",
            "CSAFPID-46",
            "CSAFPID-47",
            "CSAFPID-48",
            "CSAFPID-49",
            "CSAFPID-50",
            "CSAFPID-51",
            "CSAFPID-52",
            "CSAFPID-53",
            "CSAFPID-54",
            "CSAFPID-55",
            "CSAFPID-56",
            "CSAFPID-57",
            "CSAFPID-58",
            "CSAFPID-59",
            "CSAFPID-60",
            "CSAFPID-61",
            "CSAFPID-62",
            "CSAFPID-63",
            "CSAFPID-64",
            "CSAFPID-65",
            "CSAFPID-66",
            "CSAFPID-67",
            "CSAFPID-68",
            "CSAFPID-69",
            "CSAFPID-70",
            "CSAFPID-71",
            "CSAFPID-72",
            "CSAFPID-73",
            "CSAFPID-74",
            "CSAFPID-75",
            "CSAFPID-76",
            "CSAFPID-77",
            "CSAFPID-78",
            "CSAFPID-79",
            "CSAFPID-80",
            "CSAFPID-81",
            "CSAFPID-82",
            "CSAFPID-83",
            "CSAFPID-84",
            "CSAFPID-85",
            "CSAFPID-86",
            "CSAFPID-87",
            "CSAFPID-88",
            "CSAFPID-89",
            "CSAFPID-90",
            "CSAFPID-91",
            "CSAFPID-92",
            "CSAFPID-93",
            "CSAFPID-94",
            "CSAFPID-95",
            "CSAFPID-96",
            "CSAFPID-97",
            "CSAFPID-98",
            "CSAFPID-99",
            "CSAFPID-100",
            "CSAFPID-101",
            "CSAFPID-102",
            "CSAFPID-103",
            "CSAFPID-104",
            "CSAFPID-105",
            "CSAFPID-106",
            "CSAFPID-107",
            "CSAFPID-108",
            "CSAFPID-109",
            "CSAFPID-110",
            "CSAFPID-111",
            "CSAFPID-112",
            "CSAFPID-113",
            "CSAFPID-114",
            "CSAFPID-115",
            "CSAFPID-116",
            "CSAFPID-117",
            "CSAFPID-118",
            "CSAFPID-119",
            "CSAFPID-120",
            "CSAFPID-121",
            "CSAFPID-122",
            "CSAFPID-123",
            "CSAFPID-124",
            "CSAFPID-125",
            "CSAFPID-126"
          ]
        }
      ],
      "title": "CVE-2026-25569"
    },
    {
      "cve": "CVE-2026-25570",
      "cwe": {
        "id": "CWE-121",
        "name": "Stack-based Buffer Overflow"
      },
      "notes": [
        {
          "category": "other",
          "text": "Stack-based Buffer Overflow",
          "title": "CWE-121"
        },
        {
          "category": "description",
          "text": "The SICAM SIAPP SDK contains a vulnerability caused by insufficient input validation, which may result in stack overflow, enabling potential code execution and denial of service attacks.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18",
          "CSAFPID-19",
          "CSAFPID-20",
          "CSAFPID-21",
          "CSAFPID-22",
          "CSAFPID-23",
          "CSAFPID-24",
          "CSAFPID-25",
          "CSAFPID-26",
          "CSAFPID-27",
          "CSAFPID-28",
          "CSAFPID-29",
          "CSAFPID-30",
          "CSAFPID-31",
          "CSAFPID-32",
          "CSAFPID-33",
          "CSAFPID-34",
          "CSAFPID-35",
          "CSAFPID-36",
          "CSAFPID-37",
          "CSAFPID-38",
          "CSAFPID-39",
          "CSAFPID-40",
          "CSAFPID-41",
          "CSAFPID-42",
          "CSAFPID-43",
          "CSAFPID-44",
          "CSAFPID-45",
          "CSAFPID-46",
          "CSAFPID-47",
          "CSAFPID-48",
          "CSAFPID-49",
          "CSAFPID-50",
          "CSAFPID-51",
          "CSAFPID-52",
          "CSAFPID-53",
          "CSAFPID-54",
          "CSAFPID-55",
          "CSAFPID-56",
          "CSAFPID-57",
          "CSAFPID-58",
          "CSAFPID-59",
          "CSAFPID-60",
          "CSAFPID-61",
          "CSAFPID-62",
          "CSAFPID-63",
          "CSAFPID-64",
          "CSAFPID-65",
          "CSAFPID-66",
          "CSAFPID-67",
          "CSAFPID-68",
          "CSAFPID-69",
          "CSAFPID-70",
          "CSAFPID-71",
          "CSAFPID-72",
          "CSAFPID-73",
          "CSAFPID-74",
          "CSAFPID-75",
          "CSAFPID-76",
          "CSAFPID-77",
          "CSAFPID-78",
          "CSAFPID-79",
          "CSAFPID-80",
          "CSAFPID-81",
          "CSAFPID-82",
          "CSAFPID-83",
          "CSAFPID-84",
          "CSAFPID-85",
          "CSAFPID-86",
          "CSAFPID-87",
          "CSAFPID-88",
          "CSAFPID-89",
          "CSAFPID-90",
          "CSAFPID-91",
          "CSAFPID-92",
          "CSAFPID-93",
          "CSAFPID-94",
          "CSAFPID-95",
          "CSAFPID-96",
          "CSAFPID-97",
          "CSAFPID-98",
          "CSAFPID-99",
          "CSAFPID-100",
          "CSAFPID-101",
          "CSAFPID-102",
          "CSAFPID-103",
          "CSAFPID-104",
          "CSAFPID-105",
          "CSAFPID-106",
          "CSAFPID-107",
          "CSAFPID-108",
          "CSAFPID-109",
          "CSAFPID-110",
          "CSAFPID-111",
          "CSAFPID-112",
          "CSAFPID-113",
          "CSAFPID-114",
          "CSAFPID-115",
          "CSAFPID-116",
          "CSAFPID-117",
          "CSAFPID-118",
          "CSAFPID-119",
          "CSAFPID-120",
          "CSAFPID-121",
          "CSAFPID-122",
          "CSAFPID-123",
          "CSAFPID-124",
          "CSAFPID-125",
          "CSAFPID-126"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-25570 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-25570.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.4,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18",
            "CSAFPID-19",
            "CSAFPID-20",
            "CSAFPID-21",
            "CSAFPID-22",
            "CSAFPID-23",
            "CSAFPID-24",
            "CSAFPID-25",
            "CSAFPID-26",
            "CSAFPID-27",
            "CSAFPID-28",
            "CSAFPID-29",
            "CSAFPID-30",
            "CSAFPID-31",
            "CSAFPID-32",
            "CSAFPID-33",
            "CSAFPID-34",
            "CSAFPID-35",
            "CSAFPID-36",
            "CSAFPID-37",
            "CSAFPID-38",
            "CSAFPID-39",
            "CSAFPID-40",
            "CSAFPID-41",
            "CSAFPID-42",
            "CSAFPID-43",
            "CSAFPID-44",
            "CSAFPID-45",
            "CSAFPID-46",
            "CSAFPID-47",
            "CSAFPID-48",
            "CSAFPID-49",
            "CSAFPID-50",
            "CSAFPID-51",
            "CSAFPID-52",
            "CSAFPID-53",
            "CSAFPID-54",
            "CSAFPID-55",
            "CSAFPID-56",
            "CSAFPID-57",
            "CSAFPID-58",
            "CSAFPID-59",
            "CSAFPID-60",
            "CSAFPID-61",
            "CSAFPID-62",
            "CSAFPID-63",
            "CSAFPID-64",
            "CSAFPID-65",
            "CSAFPID-66",
            "CSAFPID-67",
            "CSAFPID-68",
            "CSAFPID-69",
            "CSAFPID-70",
            "CSAFPID-71",
            "CSAFPID-72",
            "CSAFPID-73",
            "CSAFPID-74",
            "CSAFPID-75",
            "CSAFPID-76",
            "CSAFPID-77",
            "CSAFPID-78",
            "CSAFPID-79",
            "CSAFPID-80",
            "CSAFPID-81",
            "CSAFPID-82",
            "CSAFPID-83",
            "CSAFPID-84",
            "CSAFPID-85",
            "CSAFPID-86",
            "CSAFPID-87",
            "CSAFPID-88",
            "CSAFPID-89",
            "CSAFPID-90",
            "CSAFPID-91",
            "CSAFPID-92",
            "CSAFPID-93",
            "CSAFPID-94",
            "CSAFPID-95",
            "CSAFPID-96",
            "CSAFPID-97",
            "CSAFPID-98",
            "CSAFPID-99",
            "CSAFPID-100",
            "CSAFPID-101",
            "CSAFPID-102",
            "CSAFPID-103",
            "CSAFPID-104",
            "CSAFPID-105",
            "CSAFPID-106",
            "CSAFPID-107",
            "CSAFPID-108",
            "CSAFPID-109",
            "CSAFPID-110",
            "CSAFPID-111",
            "CSAFPID-112",
            "CSAFPID-113",
            "CSAFPID-114",
            "CSAFPID-115",
            "CSAFPID-116",
            "CSAFPID-117",
            "CSAFPID-118",
            "CSAFPID-119",
            "CSAFPID-120",
            "CSAFPID-121",
            "CSAFPID-122",
            "CSAFPID-123",
            "CSAFPID-124",
            "CSAFPID-125",
            "CSAFPID-126"
          ]
        }
      ],
      "title": "CVE-2026-25570"
    },
    {
      "cve": "CVE-2026-25571",
      "cwe": {
        "id": "CWE-130",
        "name": "Improper Handling of Length Parameter Inconsistency"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Handling of Length Parameter Inconsistency",
          "title": "CWE-130"
        },
        {
          "category": "description",
          "text": "The SICAM SIAPP SDK client component contains a stack overflow vulnerability caused by insufficient maximum length checks on certain variables, which can result in process crashes and denial of service.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18",
          "CSAFPID-19",
          "CSAFPID-20",
          "CSAFPID-21",
          "CSAFPID-22",
          "CSAFPID-23",
          "CSAFPID-24",
          "CSAFPID-25",
          "CSAFPID-26",
          "CSAFPID-27",
          "CSAFPID-28",
          "CSAFPID-29",
          "CSAFPID-30",
          "CSAFPID-31",
          "CSAFPID-32",
          "CSAFPID-33",
          "CSAFPID-34",
          "CSAFPID-35",
          "CSAFPID-36",
          "CSAFPID-37",
          "CSAFPID-38",
          "CSAFPID-39",
          "CSAFPID-40",
          "CSAFPID-41",
          "CSAFPID-42",
          "CSAFPID-43",
          "CSAFPID-44",
          "CSAFPID-45",
          "CSAFPID-46",
          "CSAFPID-47",
          "CSAFPID-48",
          "CSAFPID-49",
          "CSAFPID-50",
          "CSAFPID-51",
          "CSAFPID-52",
          "CSAFPID-53",
          "CSAFPID-54",
          "CSAFPID-55",
          "CSAFPID-56",
          "CSAFPID-57",
          "CSAFPID-58",
          "CSAFPID-59",
          "CSAFPID-60",
          "CSAFPID-61",
          "CSAFPID-62",
          "CSAFPID-63",
          "CSAFPID-64",
          "CSAFPID-65",
          "CSAFPID-66",
          "CSAFPID-67",
          "CSAFPID-68",
          "CSAFPID-69",
          "CSAFPID-70",
          "CSAFPID-71",
          "CSAFPID-72",
          "CSAFPID-73",
          "CSAFPID-74",
          "CSAFPID-75",
          "CSAFPID-76",
          "CSAFPID-77",
          "CSAFPID-78",
          "CSAFPID-79",
          "CSAFPID-80",
          "CSAFPID-81",
          "CSAFPID-82",
          "CSAFPID-83",
          "CSAFPID-84",
          "CSAFPID-85",
          "CSAFPID-86",
          "CSAFPID-87",
          "CSAFPID-88",
          "CSAFPID-89",
          "CSAFPID-90",
          "CSAFPID-91",
          "CSAFPID-92",
          "CSAFPID-93",
          "CSAFPID-94",
          "CSAFPID-95",
          "CSAFPID-96",
          "CSAFPID-97",
          "CSAFPID-98",
          "CSAFPID-99",
          "CSAFPID-100",
          "CSAFPID-101",
          "CSAFPID-102",
          "CSAFPID-103",
          "CSAFPID-104",
          "CSAFPID-105",
          "CSAFPID-106",
          "CSAFPID-107",
          "CSAFPID-108",
          "CSAFPID-109",
          "CSAFPID-110",
          "CSAFPID-111",
          "CSAFPID-112",
          "CSAFPID-113",
          "CSAFPID-114",
          "CSAFPID-115",
          "CSAFPID-116",
          "CSAFPID-117",
          "CSAFPID-118",
          "CSAFPID-119",
          "CSAFPID-120",
          "CSAFPID-121",
          "CSAFPID-122",
          "CSAFPID-123",
          "CSAFPID-124",
          "CSAFPID-125",
          "CSAFPID-126"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-25571 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-25571.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.1,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18",
            "CSAFPID-19",
            "CSAFPID-20",
            "CSAFPID-21",
            "CSAFPID-22",
            "CSAFPID-23",
            "CSAFPID-24",
            "CSAFPID-25",
            "CSAFPID-26",
            "CSAFPID-27",
            "CSAFPID-28",
            "CSAFPID-29",
            "CSAFPID-30",
            "CSAFPID-31",
            "CSAFPID-32",
            "CSAFPID-33",
            "CSAFPID-34",
            "CSAFPID-35",
            "CSAFPID-36",
            "CSAFPID-37",
            "CSAFPID-38",
            "CSAFPID-39",
            "CSAFPID-40",
            "CSAFPID-41",
            "CSAFPID-42",
            "CSAFPID-43",
            "CSAFPID-44",
            "CSAFPID-45",
            "CSAFPID-46",
            "CSAFPID-47",
            "CSAFPID-48",
            "CSAFPID-49",
            "CSAFPID-50",
            "CSAFPID-51",
            "CSAFPID-52",
            "CSAFPID-53",
            "CSAFPID-54",
            "CSAFPID-55",
            "CSAFPID-56",
            "CSAFPID-57",
            "CSAFPID-58",
            "CSAFPID-59",
            "CSAFPID-60",
            "CSAFPID-61",
            "CSAFPID-62",
            "CSAFPID-63",
            "CSAFPID-64",
            "CSAFPID-65",
            "CSAFPID-66",
            "CSAFPID-67",
            "CSAFPID-68",
            "CSAFPID-69",
            "CSAFPID-70",
            "CSAFPID-71",
            "CSAFPID-72",
            "CSAFPID-73",
            "CSAFPID-74",
            "CSAFPID-75",
            "CSAFPID-76",
            "CSAFPID-77",
            "CSAFPID-78",
            "CSAFPID-79",
            "CSAFPID-80",
            "CSAFPID-81",
            "CSAFPID-82",
            "CSAFPID-83",
            "CSAFPID-84",
            "CSAFPID-85",
            "CSAFPID-86",
            "CSAFPID-87",
            "CSAFPID-88",
            "CSAFPID-89",
            "CSAFPID-90",
            "CSAFPID-91",
            "CSAFPID-92",
            "CSAFPID-93",
            "CSAFPID-94",
            "CSAFPID-95",
            "CSAFPID-96",
            "CSAFPID-97",
            "CSAFPID-98",
            "CSAFPID-99",
            "CSAFPID-100",
            "CSAFPID-101",
            "CSAFPID-102",
            "CSAFPID-103",
            "CSAFPID-104",
            "CSAFPID-105",
            "CSAFPID-106",
            "CSAFPID-107",
            "CSAFPID-108",
            "CSAFPID-109",
            "CSAFPID-110",
            "CSAFPID-111",
            "CSAFPID-112",
            "CSAFPID-113",
            "CSAFPID-114",
            "CSAFPID-115",
            "CSAFPID-116",
            "CSAFPID-117",
            "CSAFPID-118",
            "CSAFPID-119",
            "CSAFPID-120",
            "CSAFPID-121",
            "CSAFPID-122",
            "CSAFPID-123",
            "CSAFPID-124",
            "CSAFPID-125",
            "CSAFPID-126"
          ]
        }
      ],
      "title": "CVE-2026-25571"
    },
    {
      "cve": "CVE-2026-25572",
      "cwe": {
        "id": "CWE-130",
        "name": "Improper Handling of Length Parameter Inconsistency"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Handling of Length Parameter Inconsistency",
          "title": "CWE-130"
        },
        {
          "category": "description",
          "text": "The SICAM SIAPP SDK server component contains a stack overflow vulnerability caused by insufficient maximum length checks on certain variables, which can result in process crashes and denial of service.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18",
          "CSAFPID-19",
          "CSAFPID-20",
          "CSAFPID-21",
          "CSAFPID-22",
          "CSAFPID-23",
          "CSAFPID-24",
          "CSAFPID-25",
          "CSAFPID-26",
          "CSAFPID-27",
          "CSAFPID-28",
          "CSAFPID-29",
          "CSAFPID-30",
          "CSAFPID-31",
          "CSAFPID-32",
          "CSAFPID-33",
          "CSAFPID-34",
          "CSAFPID-35",
          "CSAFPID-36",
          "CSAFPID-37",
          "CSAFPID-38",
          "CSAFPID-39",
          "CSAFPID-40",
          "CSAFPID-41",
          "CSAFPID-42",
          "CSAFPID-43",
          "CSAFPID-44",
          "CSAFPID-45",
          "CSAFPID-46",
          "CSAFPID-47",
          "CSAFPID-48",
          "CSAFPID-49",
          "CSAFPID-50",
          "CSAFPID-51",
          "CSAFPID-52",
          "CSAFPID-53",
          "CSAFPID-54",
          "CSAFPID-55",
          "CSAFPID-56",
          "CSAFPID-57",
          "CSAFPID-58",
          "CSAFPID-59",
          "CSAFPID-60",
          "CSAFPID-61",
          "CSAFPID-62",
          "CSAFPID-63",
          "CSAFPID-64",
          "CSAFPID-65",
          "CSAFPID-66",
          "CSAFPID-67",
          "CSAFPID-68",
          "CSAFPID-69",
          "CSAFPID-70",
          "CSAFPID-71",
          "CSAFPID-72",
          "CSAFPID-73",
          "CSAFPID-74",
          "CSAFPID-75",
          "CSAFPID-76",
          "CSAFPID-77",
          "CSAFPID-78",
          "CSAFPID-79",
          "CSAFPID-80",
          "CSAFPID-81",
          "CSAFPID-82",
          "CSAFPID-83",
          "CSAFPID-84",
          "CSAFPID-85",
          "CSAFPID-86",
          "CSAFPID-87",
          "CSAFPID-88",
          "CSAFPID-89",
          "CSAFPID-90",
          "CSAFPID-91",
          "CSAFPID-92",
          "CSAFPID-93",
          "CSAFPID-94",
          "CSAFPID-95",
          "CSAFPID-96",
          "CSAFPID-97",
          "CSAFPID-98",
          "CSAFPID-99",
          "CSAFPID-100",
          "CSAFPID-101",
          "CSAFPID-102",
          "CSAFPID-103",
          "CSAFPID-104",
          "CSAFPID-105",
          "CSAFPID-106",
          "CSAFPID-107",
          "CSAFPID-108",
          "CSAFPID-109",
          "CSAFPID-110",
          "CSAFPID-111",
          "CSAFPID-112",
          "CSAFPID-113",
          "CSAFPID-114",
          "CSAFPID-115",
          "CSAFPID-116",
          "CSAFPID-117",
          "CSAFPID-118",
          "CSAFPID-119",
          "CSAFPID-120",
          "CSAFPID-121",
          "CSAFPID-122",
          "CSAFPID-123",
          "CSAFPID-124",
          "CSAFPID-125",
          "CSAFPID-126"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-25572 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-25572.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.1,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18",
            "CSAFPID-19",
            "CSAFPID-20",
            "CSAFPID-21",
            "CSAFPID-22",
            "CSAFPID-23",
            "CSAFPID-24",
            "CSAFPID-25",
            "CSAFPID-26",
            "CSAFPID-27",
            "CSAFPID-28",
            "CSAFPID-29",
            "CSAFPID-30",
            "CSAFPID-31",
            "CSAFPID-32",
            "CSAFPID-33",
            "CSAFPID-34",
            "CSAFPID-35",
            "CSAFPID-36",
            "CSAFPID-37",
            "CSAFPID-38",
            "CSAFPID-39",
            "CSAFPID-40",
            "CSAFPID-41",
            "CSAFPID-42",
            "CSAFPID-43",
            "CSAFPID-44",
            "CSAFPID-45",
            "CSAFPID-46",
            "CSAFPID-47",
            "CSAFPID-48",
            "CSAFPID-49",
            "CSAFPID-50",
            "CSAFPID-51",
            "CSAFPID-52",
            "CSAFPID-53",
            "CSAFPID-54",
            "CSAFPID-55",
            "CSAFPID-56",
            "CSAFPID-57",
            "CSAFPID-58",
            "CSAFPID-59",
            "CSAFPID-60",
            "CSAFPID-61",
            "CSAFPID-62",
            "CSAFPID-63",
            "CSAFPID-64",
            "CSAFPID-65",
            "CSAFPID-66",
            "CSAFPID-67",
            "CSAFPID-68",
            "CSAFPID-69",
            "CSAFPID-70",
            "CSAFPID-71",
            "CSAFPID-72",
            "CSAFPID-73",
            "CSAFPID-74",
            "CSAFPID-75",
            "CSAFPID-76",
            "CSAFPID-77",
            "CSAFPID-78",
            "CSAFPID-79",
            "CSAFPID-80",
            "CSAFPID-81",
            "CSAFPID-82",
            "CSAFPID-83",
            "CSAFPID-84",
            "CSAFPID-85",
            "CSAFPID-86",
            "CSAFPID-87",
            "CSAFPID-88",
            "CSAFPID-89",
            "CSAFPID-90",
            "CSAFPID-91",
            "CSAFPID-92",
            "CSAFPID-93",
            "CSAFPID-94",
            "CSAFPID-95",
            "CSAFPID-96",
            "CSAFPID-97",
            "CSAFPID-98",
            "CSAFPID-99",
            "CSAFPID-100",
            "CSAFPID-101",
            "CSAFPID-102",
            "CSAFPID-103",
            "CSAFPID-104",
            "CSAFPID-105",
            "CSAFPID-106",
            "CSAFPID-107",
            "CSAFPID-108",
            "CSAFPID-109",
            "CSAFPID-110",
            "CSAFPID-111",
            "CSAFPID-112",
            "CSAFPID-113",
            "CSAFPID-114",
            "CSAFPID-115",
            "CSAFPID-116",
            "CSAFPID-117",
            "CSAFPID-118",
            "CSAFPID-119",
            "CSAFPID-120",
            "CSAFPID-121",
            "CSAFPID-122",
            "CSAFPID-123",
            "CSAFPID-124",
            "CSAFPID-125",
            "CSAFPID-126"
          ]
        }
      ],
      "title": "CVE-2026-25572"
    },
    {
      "cve": "CVE-2026-25573",
      "cwe": {
        "id": "CWE-73",
        "name": "External Control of File Name or Path"
      },
      "notes": [
        {
          "category": "other",
          "text": "External Control of File Name or Path",
          "title": "CWE-73"
        },
        {
          "category": "description",
          "text": "The application executes shell commands constructed from user input, exposing it to command injection vulnerabilities that can lead to full system compromise.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18",
          "CSAFPID-19",
          "CSAFPID-20",
          "CSAFPID-21",
          "CSAFPID-22",
          "CSAFPID-23",
          "CSAFPID-24",
          "CSAFPID-25",
          "CSAFPID-26",
          "CSAFPID-27",
          "CSAFPID-28",
          "CSAFPID-29",
          "CSAFPID-30",
          "CSAFPID-31",
          "CSAFPID-32",
          "CSAFPID-33",
          "CSAFPID-34",
          "CSAFPID-35",
          "CSAFPID-36",
          "CSAFPID-37",
          "CSAFPID-38",
          "CSAFPID-39",
          "CSAFPID-40",
          "CSAFPID-41",
          "CSAFPID-42",
          "CSAFPID-43",
          "CSAFPID-44",
          "CSAFPID-45",
          "CSAFPID-46",
          "CSAFPID-47",
          "CSAFPID-48",
          "CSAFPID-49",
          "CSAFPID-50",
          "CSAFPID-51",
          "CSAFPID-52",
          "CSAFPID-53",
          "CSAFPID-54",
          "CSAFPID-55",
          "CSAFPID-56",
          "CSAFPID-57",
          "CSAFPID-58",
          "CSAFPID-59",
          "CSAFPID-60",
          "CSAFPID-61",
          "CSAFPID-62",
          "CSAFPID-63",
          "CSAFPID-64",
          "CSAFPID-65",
          "CSAFPID-66",
          "CSAFPID-67",
          "CSAFPID-68",
          "CSAFPID-69",
          "CSAFPID-70",
          "CSAFPID-71",
          "CSAFPID-72",
          "CSAFPID-73",
          "CSAFPID-74",
          "CSAFPID-75",
          "CSAFPID-76",
          "CSAFPID-77",
          "CSAFPID-78",
          "CSAFPID-79",
          "CSAFPID-80",
          "CSAFPID-81",
          "CSAFPID-82",
          "CSAFPID-83",
          "CSAFPID-84",
          "CSAFPID-85",
          "CSAFPID-86",
          "CSAFPID-87",
          "CSAFPID-88",
          "CSAFPID-89",
          "CSAFPID-90",
          "CSAFPID-91",
          "CSAFPID-92",
          "CSAFPID-93",
          "CSAFPID-94",
          "CSAFPID-95",
          "CSAFPID-96",
          "CSAFPID-97",
          "CSAFPID-98",
          "CSAFPID-99",
          "CSAFPID-100",
          "CSAFPID-101",
          "CSAFPID-102",
          "CSAFPID-103",
          "CSAFPID-104",
          "CSAFPID-105",
          "CSAFPID-106",
          "CSAFPID-107",
          "CSAFPID-108",
          "CSAFPID-109",
          "CSAFPID-110",
          "CSAFPID-111",
          "CSAFPID-112",
          "CSAFPID-113",
          "CSAFPID-114",
          "CSAFPID-115",
          "CSAFPID-116",
          "CSAFPID-117",
          "CSAFPID-118",
          "CSAFPID-119",
          "CSAFPID-120",
          "CSAFPID-121",
          "CSAFPID-122",
          "CSAFPID-123",
          "CSAFPID-124",
          "CSAFPID-125",
          "CSAFPID-126"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-25573 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-25573.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.4,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18",
            "CSAFPID-19",
            "CSAFPID-20",
            "CSAFPID-21",
            "CSAFPID-22",
            "CSAFPID-23",
            "CSAFPID-24",
            "CSAFPID-25",
            "CSAFPID-26",
            "CSAFPID-27",
            "CSAFPID-28",
            "CSAFPID-29",
            "CSAFPID-30",
            "CSAFPID-31",
            "CSAFPID-32",
            "CSAFPID-33",
            "CSAFPID-34",
            "CSAFPID-35",
            "CSAFPID-36",
            "CSAFPID-37",
            "CSAFPID-38",
            "CSAFPID-39",
            "CSAFPID-40",
            "CSAFPID-41",
            "CSAFPID-42",
            "CSAFPID-43",
            "CSAFPID-44",
            "CSAFPID-45",
            "CSAFPID-46",
            "CSAFPID-47",
            "CSAFPID-48",
            "CSAFPID-49",
            "CSAFPID-50",
            "CSAFPID-51",
            "CSAFPID-52",
            "CSAFPID-53",
            "CSAFPID-54",
            "CSAFPID-55",
            "CSAFPID-56",
            "CSAFPID-57",
            "CSAFPID-58",
            "CSAFPID-59",
            "CSAFPID-60",
            "CSAFPID-61",
            "CSAFPID-62",
            "CSAFPID-63",
            "CSAFPID-64",
            "CSAFPID-65",
            "CSAFPID-66",
            "CSAFPID-67",
            "CSAFPID-68",
            "CSAFPID-69",
            "CSAFPID-70",
            "CSAFPID-71",
            "CSAFPID-72",
            "CSAFPID-73",
            "CSAFPID-74",
            "CSAFPID-75",
            "CSAFPID-76",
            "CSAFPID-77",
            "CSAFPID-78",
            "CSAFPID-79",
            "CSAFPID-80",
            "CSAFPID-81",
            "CSAFPID-82",
            "CSAFPID-83",
            "CSAFPID-84",
            "CSAFPID-85",
            "CSAFPID-86",
            "CSAFPID-87",
            "CSAFPID-88",
            "CSAFPID-89",
            "CSAFPID-90",
            "CSAFPID-91",
            "CSAFPID-92",
            "CSAFPID-93",
            "CSAFPID-94",
            "CSAFPID-95",
            "CSAFPID-96",
            "CSAFPID-97",
            "CSAFPID-98",
            "CSAFPID-99",
            "CSAFPID-100",
            "CSAFPID-101",
            "CSAFPID-102",
            "CSAFPID-103",
            "CSAFPID-104",
            "CSAFPID-105",
            "CSAFPID-106",
            "CSAFPID-107",
            "CSAFPID-108",
            "CSAFPID-109",
            "CSAFPID-110",
            "CSAFPID-111",
            "CSAFPID-112",
            "CSAFPID-113",
            "CSAFPID-114",
            "CSAFPID-115",
            "CSAFPID-116",
            "CSAFPID-117",
            "CSAFPID-118",
            "CSAFPID-119",
            "CSAFPID-120",
            "CSAFPID-121",
            "CSAFPID-122",
            "CSAFPID-123",
            "CSAFPID-124",
            "CSAFPID-125",
            "CSAFPID-126"
          ]
        }
      ],
      "title": "CVE-2026-25573"
    },
    {
      "cve": "CVE-2026-25605",
      "cwe": {
        "id": "CWE-73",
        "name": "External Control of File Name or Path"
      },
      "notes": [
        {
          "category": "other",
          "text": "External Control of File Name or Path",
          "title": "CWE-73"
        },
        {
          "category": "description",
          "text": "The application fails to properly validate file paths during deletion, enabling attackers to delete authorized files or sockets, potentially causing service disruption or denial of service.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18",
          "CSAFPID-19",
          "CSAFPID-20",
          "CSAFPID-21",
          "CSAFPID-22",
          "CSAFPID-23",
          "CSAFPID-24",
          "CSAFPID-25",
          "CSAFPID-26",
          "CSAFPID-27",
          "CSAFPID-28",
          "CSAFPID-29",
          "CSAFPID-30",
          "CSAFPID-31",
          "CSAFPID-32",
          "CSAFPID-33",
          "CSAFPID-34",
          "CSAFPID-35",
          "CSAFPID-36",
          "CSAFPID-37",
          "CSAFPID-38",
          "CSAFPID-39",
          "CSAFPID-40",
          "CSAFPID-41",
          "CSAFPID-42",
          "CSAFPID-43",
          "CSAFPID-44",
          "CSAFPID-45",
          "CSAFPID-46",
          "CSAFPID-47",
          "CSAFPID-48",
          "CSAFPID-49",
          "CSAFPID-50",
          "CSAFPID-51",
          "CSAFPID-52",
          "CSAFPID-53",
          "CSAFPID-54",
          "CSAFPID-55",
          "CSAFPID-56",
          "CSAFPID-57",
          "CSAFPID-58",
          "CSAFPID-59",
          "CSAFPID-60",
          "CSAFPID-61",
          "CSAFPID-62",
          "CSAFPID-63",
          "CSAFPID-64",
          "CSAFPID-65",
          "CSAFPID-66",
          "CSAFPID-67",
          "CSAFPID-68",
          "CSAFPID-69",
          "CSAFPID-70",
          "CSAFPID-71",
          "CSAFPID-72",
          "CSAFPID-73",
          "CSAFPID-74",
          "CSAFPID-75",
          "CSAFPID-76",
          "CSAFPID-77",
          "CSAFPID-78",
          "CSAFPID-79",
          "CSAFPID-80",
          "CSAFPID-81",
          "CSAFPID-82",
          "CSAFPID-83",
          "CSAFPID-84",
          "CSAFPID-85",
          "CSAFPID-86",
          "CSAFPID-87",
          "CSAFPID-88",
          "CSAFPID-89",
          "CSAFPID-90",
          "CSAFPID-91",
          "CSAFPID-92",
          "CSAFPID-93",
          "CSAFPID-94",
          "CSAFPID-95",
          "CSAFPID-96",
          "CSAFPID-97",
          "CSAFPID-98",
          "CSAFPID-99",
          "CSAFPID-100",
          "CSAFPID-101",
          "CSAFPID-102",
          "CSAFPID-103",
          "CSAFPID-104",
          "CSAFPID-105",
          "CSAFPID-106",
          "CSAFPID-107",
          "CSAFPID-108",
          "CSAFPID-109",
          "CSAFPID-110",
          "CSAFPID-111",
          "CSAFPID-112",
          "CSAFPID-113",
          "CSAFPID-114",
          "CSAFPID-115",
          "CSAFPID-116",
          "CSAFPID-117",
          "CSAFPID-118",
          "CSAFPID-119",
          "CSAFPID-120",
          "CSAFPID-121",
          "CSAFPID-122",
          "CSAFPID-123",
          "CSAFPID-124",
          "CSAFPID-125",
          "CSAFPID-126"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-25605 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-25605.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.7,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18",
            "CSAFPID-19",
            "CSAFPID-20",
            "CSAFPID-21",
            "CSAFPID-22",
            "CSAFPID-23",
            "CSAFPID-24",
            "CSAFPID-25",
            "CSAFPID-26",
            "CSAFPID-27",
            "CSAFPID-28",
            "CSAFPID-29",
            "CSAFPID-30",
            "CSAFPID-31",
            "CSAFPID-32",
            "CSAFPID-33",
            "CSAFPID-34",
            "CSAFPID-35",
            "CSAFPID-36",
            "CSAFPID-37",
            "CSAFPID-38",
            "CSAFPID-39",
            "CSAFPID-40",
            "CSAFPID-41",
            "CSAFPID-42",
            "CSAFPID-43",
            "CSAFPID-44",
            "CSAFPID-45",
            "CSAFPID-46",
            "CSAFPID-47",
            "CSAFPID-48",
            "CSAFPID-49",
            "CSAFPID-50",
            "CSAFPID-51",
            "CSAFPID-52",
            "CSAFPID-53",
            "CSAFPID-54",
            "CSAFPID-55",
            "CSAFPID-56",
            "CSAFPID-57",
            "CSAFPID-58",
            "CSAFPID-59",
            "CSAFPID-60",
            "CSAFPID-61",
            "CSAFPID-62",
            "CSAFPID-63",
            "CSAFPID-64",
            "CSAFPID-65",
            "CSAFPID-66",
            "CSAFPID-67",
            "CSAFPID-68",
            "CSAFPID-69",
            "CSAFPID-70",
            "CSAFPID-71",
            "CSAFPID-72",
            "CSAFPID-73",
            "CSAFPID-74",
            "CSAFPID-75",
            "CSAFPID-76",
            "CSAFPID-77",
            "CSAFPID-78",
            "CSAFPID-79",
            "CSAFPID-80",
            "CSAFPID-81",
            "CSAFPID-82",
            "CSAFPID-83",
            "CSAFPID-84",
            "CSAFPID-85",
            "CSAFPID-86",
            "CSAFPID-87",
            "CSAFPID-88",
            "CSAFPID-89",
            "CSAFPID-90",
            "CSAFPID-91",
            "CSAFPID-92",
            "CSAFPID-93",
            "CSAFPID-94",
            "CSAFPID-95",
            "CSAFPID-96",
            "CSAFPID-97",
            "CSAFPID-98",
            "CSAFPID-99",
            "CSAFPID-100",
            "CSAFPID-101",
            "CSAFPID-102",
            "CSAFPID-103",
            "CSAFPID-104",
            "CSAFPID-105",
            "CSAFPID-106",
            "CSAFPID-107",
            "CSAFPID-108",
            "CSAFPID-109",
            "CSAFPID-110",
            "CSAFPID-111",
            "CSAFPID-112",
            "CSAFPID-113",
            "CSAFPID-114",
            "CSAFPID-115",
            "CSAFPID-116",
            "CSAFPID-117",
            "CSAFPID-118",
            "CSAFPID-119",
            "CSAFPID-120",
            "CSAFPID-121",
            "CSAFPID-122",
            "CSAFPID-123",
            "CSAFPID-124",
            "CSAFPID-125",
            "CSAFPID-126"
          ]
        }
      ],
      "title": "CVE-2026-25605"
    }
  ]
}

RHSA-2025:22861

Vulnerability from csaf_redhat - Published: 2025-12-08 15:17 - Updated: 2026-05-28 02:58

Summary

Red Hat Security Advisory: Red Hat Developer Hub 1.8.1 release.

Severity

Important

Notes

Topic: Red Hat Developer Hub 1.8.1 has been released.

Details: Red Hat Developer Hub (RHDH) is Red Hat's enterprise-grade, self-managed, customizable developer portal based on Backstage.io. RHDH is supported on OpenShift and other major Kubernetes clusters (AKS, EKS, GKE). The core features of RHDH include a single pane of glass, a centralized software catalog, self-service via golden path templates, and Tech Docs. RHDH is extensible by plugins.

Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

CVE-2025-60542

A flaw was found in TypeORM. When used with MySQL/mysql2 drivers, the repository.save or repository.update methods incorrectly handle nested JSON objects. This is due to an underlying setting (stringifyObjects: false) that allows an attacker to craft a malicious JSON payload and cause a SQL injection flaw, leading to a bypass of field-level restrictions, modification of columns in the database and potentially to privilege escalation.

8.2 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N

CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Unresolved product id: Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:27d08ffa1bc6a2270b5eab59aedaf866cf68ccb902503c2e58e2e2337a1236b9_amd64		—	Vendor Fix fix Workaround

Known not affected 2 products

Product	Identifier	Version	Remediation
Unresolved product id: Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:8b5ec4b6085ecb32ea52c33d97adecc313341681b41d891f5346e9b9f8b8a249_amd64		—	Workaround
Unresolved product id: Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:43839417363ec2910a4746050005f9fbe5efe5776d44a0bd36a8f4b8ecf71ffa_amd64		—	Workaround

Threats

Impact Important

CVE-2025-66031

An ASN.1 Denial of Service (Dos) vulnerability exists in the node-forge asn1.fromDer function within forge/lib/asn1.js. The ASN.1 DER parser implementation (_fromDer) recurses for every constructed ASN.1 value (SEQUENCE, SET, etc.) and lacks a guard limiting recursion depth. An attacker can craft a small DER blob containing a very large nesting depth of constructed TLVs which causes the Node.js V8 engine to exhaust its call stack and throw RangeError: Maximum call stack size exceeded, crashing or incapacitating the process handling the parse. This is a remote, low-cost Denial-of-Service against applications that parse untrusted ASN.1 objects.

5.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

CWE-674 - Uncontrolled Recursion

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Unresolved product id: Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:27d08ffa1bc6a2270b5eab59aedaf866cf68ccb902503c2e58e2e2337a1236b9_amd64		—	Vendor Fix fix Workaround

Known not affected 2 products

Product	Identifier	Version	Remediation
Unresolved product id: Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:8b5ec4b6085ecb32ea52c33d97adecc313341681b41d891f5346e9b9f8b8a249_amd64		—	Workaround
Unresolved product id: Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:43839417363ec2910a4746050005f9fbe5efe5776d44a0bd36a8f4b8ecf71ffa_amd64		—	Workaround

Threats

Impact Moderate

References

24 references

URL	Category
https://access.redhat.com/errata/RHSA-2025:22861	self
https://access.redhat.com/security/cve/CVE-2025-60542	external
https://access.redhat.com/security/cve/CVE-2025-66031	external
https://access.redhat.com/security/updates/classi…	external
https://catalog.redhat.com/search?gs&searchType=c…	external
https://developers.redhat.com/rhdh/overview	external
https://docs.redhat.com/en/documentation/red_hat_…	external
https://issues.redhat.com/browse/RHIDP-11025	external
https://issues.redhat.com/browse/RHIDP-9743	external
https://security.access.redhat.com/data/csaf/v2/a…	self
https://access.redhat.com/security/cve/CVE-2025-60542	self
https://bugzilla.redhat.com/show_bug.cgi?id=2407114	external
https://www.cve.org/CVERecord?id=CVE-2025-60542	external
https://nvd.nist.gov/vuln/detail/CVE-2025-60542	external
https://github.com/typeorm/typeorm/pull/11574	external
https://github.com/typeorm/typeorm/releases/tag/0.3.26	external
https://github.com/typeorm/typeorm/releases?q=sec…	external
https://medium.com/@alizada.cavad/cve-2025-60542-…	external
https://access.redhat.com/security/cve/CVE-2025-66031	self
https://bugzilla.redhat.com/show_bug.cgi?id=2417397	external
https://www.cve.org/CVERecord?id=CVE-2025-66031	external
https://nvd.nist.gov/vuln/detail/CVE-2025-66031	external
https://github.com/digitalbazaar/forge/commit/260…	external
https://github.com/digitalbazaar/forge/security/a…	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Red Hat Developer Hub 1.8.1 has been released.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "Red Hat Developer Hub (RHDH) is Red Hat\u0027s enterprise-grade, self-managed, customizable developer portal based on Backstage.io. RHDH is supported on OpenShift and other major Kubernetes clusters (AKS, EKS, GKE). The core features of RHDH include a single pane of glass, a centralized software catalog, self-service via golden path templates, and Tech Docs. RHDH is extensible by plugins.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2025:22861",
        "url": "https://access.redhat.com/errata/RHSA-2025:22861"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/CVE-2025-60542",
        "url": "https://access.redhat.com/security/cve/CVE-2025-60542"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/CVE-2025-66031",
        "url": "https://access.redhat.com/security/cve/CVE-2025-66031"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/",
        "url": "https://access.redhat.com/security/updates/classification/"
      },
      {
        "category": "external",
        "summary": "https://catalog.redhat.com/search?gs\u0026searchType=containers\u0026q=rhdh",
        "url": "https://catalog.redhat.com/search?gs\u0026searchType=containers\u0026q=rhdh"
      },
      {
        "category": "external",
        "summary": "https://developers.redhat.com/rhdh/overview",
        "url": "https://developers.redhat.com/rhdh/overview"
      },
      {
        "category": "external",
        "summary": "https://docs.redhat.com/en/documentation/red_hat_developer_hub",
        "url": "https://docs.redhat.com/en/documentation/red_hat_developer_hub"
      },
      {
        "category": "external",
        "summary": "https://issues.redhat.com/browse/RHIDP-11025",
        "url": "https://issues.redhat.com/browse/RHIDP-11025"
      },
      {
        "category": "external",
        "summary": "https://issues.redhat.com/browse/RHIDP-9743",
        "url": "https://issues.redhat.com/browse/RHIDP-9743"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_22861.json"
      }
    ],
    "title": "Red Hat Security Advisory: Red Hat Developer Hub 1.8.1 release.",
    "tracking": {
      "current_release_date": "2026-05-28T02:58:53+00:00",
      "generator": {
        "date": "2026-05-28T02:58:53+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.8.1"
        }
      },
      "id": "RHSA-2025:22861",
      "initial_release_date": "2025-12-08T15:17:40+00:00",
      "revision_history": [
        {
          "date": "2025-12-08T15:17:40+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2025-12-08T15:17:48+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2026-05-28T02:58:53+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Developer Hub 1.8",
                "product": {
                  "name": "Red Hat Developer Hub 1.8",
                  "product_id": "Red Hat Developer Hub 1.8",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhdh:1.8::el9"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Developer Hub"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:27d08ffa1bc6a2270b5eab59aedaf866cf68ccb902503c2e58e2e2337a1236b9_amd64",
                "product": {
                  "name": "registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:27d08ffa1bc6a2270b5eab59aedaf866cf68ccb902503c2e58e2e2337a1236b9_amd64",
                  "product_id": "registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:27d08ffa1bc6a2270b5eab59aedaf866cf68ccb902503c2e58e2e2337a1236b9_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/rhdh-hub-rhel9@sha256%3A27d08ffa1bc6a2270b5eab59aedaf866cf68ccb902503c2e58e2e2337a1236b9?arch=amd64\u0026repository_url=registry.redhat.io/rhdh\u0026tag=1.8.1-1764857949"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:43839417363ec2910a4746050005f9fbe5efe5776d44a0bd36a8f4b8ecf71ffa_amd64",
                "product": {
                  "name": "registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:43839417363ec2910a4746050005f9fbe5efe5776d44a0bd36a8f4b8ecf71ffa_amd64",
                  "product_id": "registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:43839417363ec2910a4746050005f9fbe5efe5776d44a0bd36a8f4b8ecf71ffa_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/rhdh-rhel9-operator@sha256%3A43839417363ec2910a4746050005f9fbe5efe5776d44a0bd36a8f4b8ecf71ffa?arch=amd64\u0026repository_url=registry.redhat.io/rhdh\u0026tag=1.8.1-1764708361"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:8b5ec4b6085ecb32ea52c33d97adecc313341681b41d891f5346e9b9f8b8a249_amd64",
                "product": {
                  "name": "registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:8b5ec4b6085ecb32ea52c33d97adecc313341681b41d891f5346e9b9f8b8a249_amd64",
                  "product_id": "registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:8b5ec4b6085ecb32ea52c33d97adecc313341681b41d891f5346e9b9f8b8a249_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/rhdh-operator-bundle@sha256%3A8b5ec4b6085ecb32ea52c33d97adecc313341681b41d891f5346e9b9f8b8a249?arch=amd64\u0026repository_url=registry.redhat.io/rhdh\u0026tag=1.8.1-1764862616"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "amd64"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:27d08ffa1bc6a2270b5eab59aedaf866cf68ccb902503c2e58e2e2337a1236b9_amd64 as a component of Red Hat Developer Hub 1.8",
          "product_id": "Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:27d08ffa1bc6a2270b5eab59aedaf866cf68ccb902503c2e58e2e2337a1236b9_amd64"
        },
        "product_reference": "registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:27d08ffa1bc6a2270b5eab59aedaf866cf68ccb902503c2e58e2e2337a1236b9_amd64",
        "relates_to_product_reference": "Red Hat Developer Hub 1.8"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:8b5ec4b6085ecb32ea52c33d97adecc313341681b41d891f5346e9b9f8b8a249_amd64 as a component of Red Hat Developer Hub 1.8",
          "product_id": "Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:8b5ec4b6085ecb32ea52c33d97adecc313341681b41d891f5346e9b9f8b8a249_amd64"
        },
        "product_reference": "registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:8b5ec4b6085ecb32ea52c33d97adecc313341681b41d891f5346e9b9f8b8a249_amd64",
        "relates_to_product_reference": "Red Hat Developer Hub 1.8"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:43839417363ec2910a4746050005f9fbe5efe5776d44a0bd36a8f4b8ecf71ffa_amd64 as a component of Red Hat Developer Hub 1.8",
          "product_id": "Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:43839417363ec2910a4746050005f9fbe5efe5776d44a0bd36a8f4b8ecf71ffa_amd64"
        },
        "product_reference": "registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:43839417363ec2910a4746050005f9fbe5efe5776d44a0bd36a8f4b8ecf71ffa_amd64",
        "relates_to_product_reference": "Red Hat Developer Hub 1.8"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2025-60542",
      "cwe": {
        "id": "CWE-89",
        "name": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)"
      },
      "discovery_date": "2025-10-29T16:01:34.709224+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:8b5ec4b6085ecb32ea52c33d97adecc313341681b41d891f5346e9b9f8b8a249_amd64",
            "Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:43839417363ec2910a4746050005f9fbe5efe5776d44a0bd36a8f4b8ecf71ffa_amd64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2407114"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in TypeORM. When used with MySQL/mysql2 drivers, the repository.save or repository.update methods incorrectly handle nested JSON objects. This is due to an underlying setting (stringifyObjects: false) that allows an attacker to craft a malicious JSON payload and cause a SQL injection flaw, leading to a bypass of field-level restrictions, modification of columns in the database and potentially to privilege escalation.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "TypeORM: SQL Injection via crafted request to repository.save or repository.update",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "An attacker able to send a specially crafted JSON payload to an application using the repository.save or repository.update methods can exploit this vulnerability. Additionally, the stringifyObjects option used by TypeORM is set to false by default, increasing the exposure of this issue. Due to these reasons, this flaw has been rated with an important severity.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:27d08ffa1bc6a2270b5eab59aedaf866cf68ccb902503c2e58e2e2337a1236b9_amd64"
        ],
        "known_not_affected": [
          "Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:8b5ec4b6085ecb32ea52c33d97adecc313341681b41d891f5346e9b9f8b8a249_amd64",
          "Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:43839417363ec2910a4746050005f9fbe5efe5776d44a0bd36a8f4b8ecf71ffa_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2025-60542"
        },
        {
          "category": "external",
          "summary": "RHBZ#2407114",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2407114"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2025-60542",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-60542"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-60542",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-60542"
        },
        {
          "category": "external",
          "summary": "https://github.com/typeorm/typeorm/pull/11574",
          "url": "https://github.com/typeorm/typeorm/pull/11574"
        },
        {
          "category": "external",
          "summary": "https://github.com/typeorm/typeorm/releases/tag/0.3.26",
          "url": "https://github.com/typeorm/typeorm/releases/tag/0.3.26"
        },
        {
          "category": "external",
          "summary": "https://github.com/typeorm/typeorm/releases?q=security\u0026expanded=true",
          "url": "https://github.com/typeorm/typeorm/releases?q=security\u0026expanded=true"
        },
        {
          "category": "external",
          "summary": "https://medium.com/@alizada.cavad/cve-2025-60542-typeorm-mysql-sqli-0-3-25-a1b32bc60453",
          "url": "https://medium.com/@alizada.cavad/cve-2025-60542-typeorm-mysql-sqli-0-3-25-a1b32bc60453"
        }
      ],
      "release_date": "2025-10-29T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2025-12-08T15:17:40+00:00",
          "details": "For more about Red Hat Developer Hub, see References links",
          "product_ids": [
            "Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:27d08ffa1bc6a2270b5eab59aedaf866cf68ccb902503c2e58e2e2337a1236b9_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2025:22861"
        },
        {
          "category": "workaround",
          "details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.",
          "product_ids": [
            "Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:27d08ffa1bc6a2270b5eab59aedaf866cf68ccb902503c2e58e2e2337a1236b9_amd64",
            "Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:8b5ec4b6085ecb32ea52c33d97adecc313341681b41d891f5346e9b9f8b8a249_amd64",
            "Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:43839417363ec2910a4746050005f9fbe5efe5776d44a0bd36a8f4b8ecf71ffa_amd64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 8.2,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "LOW",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:27d08ffa1bc6a2270b5eab59aedaf866cf68ccb902503c2e58e2e2337a1236b9_amd64",
            "Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:8b5ec4b6085ecb32ea52c33d97adecc313341681b41d891f5346e9b9f8b8a249_amd64",
            "Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:43839417363ec2910a4746050005f9fbe5efe5776d44a0bd36a8f4b8ecf71ffa_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "TypeORM: SQL Injection via crafted request to repository.save or repository.update"
    },
    {
      "cve": "CVE-2025-66031",
      "cwe": {
        "id": "CWE-674",
        "name": "Uncontrolled Recursion"
      },
      "discovery_date": "2025-11-26T23:01:36.363253+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:8b5ec4b6085ecb32ea52c33d97adecc313341681b41d891f5346e9b9f8b8a249_amd64",
            "Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:43839417363ec2910a4746050005f9fbe5efe5776d44a0bd36a8f4b8ecf71ffa_amd64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2417397"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "An ASN.1 Denial of Service (Dos) vulnerability exists in the node-forge asn1.fromDer function within forge/lib/asn1.js. The ASN.1 DER parser implementation (_fromDer) recurses for every constructed ASN.1 value (SEQUENCE, SET, etc.) and lacks a guard limiting recursion depth. An attacker can craft a small DER blob containing a very large nesting depth of constructed TLVs which causes the Node.js V8 engine to exhaust its call stack and throw RangeError: Maximum call stack size exceeded, crashing or incapacitating the process handling the parse. This is a remote, low-cost Denial-of-Service against applications that parse untrusted ASN.1 objects.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "node-forge: node-forge ASN.1 Unbounded Recursion",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:27d08ffa1bc6a2270b5eab59aedaf866cf68ccb902503c2e58e2e2337a1236b9_amd64"
        ],
        "known_not_affected": [
          "Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:8b5ec4b6085ecb32ea52c33d97adecc313341681b41d891f5346e9b9f8b8a249_amd64",
          "Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:43839417363ec2910a4746050005f9fbe5efe5776d44a0bd36a8f4b8ecf71ffa_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2025-66031"
        },
        {
          "category": "external",
          "summary": "RHBZ#2417397",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2417397"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2025-66031",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-66031"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-66031",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66031"
        },
        {
          "category": "external",
          "summary": "https://github.com/digitalbazaar/forge/commit/260425c6167a38aae038697132483b5517b26451",
          "url": "https://github.com/digitalbazaar/forge/commit/260425c6167a38aae038697132483b5517b26451"
        },
        {
          "category": "external",
          "summary": "https://github.com/digitalbazaar/forge/security/advisories/GHSA-554w-wpv2-vw27",
          "url": "https://github.com/digitalbazaar/forge/security/advisories/GHSA-554w-wpv2-vw27"
        }
      ],
      "release_date": "2025-11-26T22:23:26.013000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2025-12-08T15:17:40+00:00",
          "details": "For more about Red Hat Developer Hub, see References links",
          "product_ids": [
            "Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:27d08ffa1bc6a2270b5eab59aedaf866cf68ccb902503c2e58e2e2337a1236b9_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2025:22861"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
          "product_ids": [
            "Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:27d08ffa1bc6a2270b5eab59aedaf866cf68ccb902503c2e58e2e2337a1236b9_amd64",
            "Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:8b5ec4b6085ecb32ea52c33d97adecc313341681b41d891f5346e9b9f8b8a249_amd64",
            "Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:43839417363ec2910a4746050005f9fbe5efe5776d44a0bd36a8f4b8ecf71ffa_amd64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          },
          "products": [
            "Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:27d08ffa1bc6a2270b5eab59aedaf866cf68ccb902503c2e58e2e2337a1236b9_amd64",
            "Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:8b5ec4b6085ecb32ea52c33d97adecc313341681b41d891f5346e9b9f8b8a249_amd64",
            "Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:43839417363ec2910a4746050005f9fbe5efe5776d44a0bd36a8f4b8ecf71ffa_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "node-forge: node-forge ASN.1 Unbounded Recursion"
    }
  ]
}

RHSA-2025:22936

Vulnerability from csaf_redhat - Published: 2025-12-09 14:58 - Updated: 2026-06-03 17:07

Summary

Red Hat Security Advisory: Kiali 1.73.25 for Red Hat OpenShift Service Mesh 2.6

Severity

Important

Notes

Topic: Kiali 1.73.25 for Red Hat OpenShift Service Mesh 2.6

Details: Kiali 1.73.25, for Red Hat OpenShift Service Mesh 2.6, provides observability for the service mesh by offering a visual representation of the mesh topology and metrics, helping users monitor, trace, and manage efficiently Security Fix(es): * kiali-ossmc-rhel9: node-forge ASN.1 Unbounded Recursion (CVE-2025-66031) * kiali-rhel9: node-forge ASN.1 Unbounded Recursion (CVE-2025-66031) * kiali-ossmc-rhel9: glob CLI: Command injection via -c/--cmd executes matches with shell:true (CVE-2025-64756) * kiali-rhel9: glob CLI: Command injection via -c/--cmd executes matches with shell:true (CVE-2025-64756)

CVE-2025-12816

A flaw was found in node-forge. This vulnerability allows unauthenticated attackers to bypass downstream cryptographic verifications and security decisions via crafting ASN.1 (Abstract Syntax Notation One) structures to desynchronize schema validations, yielding a semantic divergence.

8.7 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N

CWE-179 - Incorrect Behavior Order: Early Validation

Affected products

Fixed 8 products

Product	Version	Remediation
Unresolved product id: Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:7ac05f2197eeba5533ad6ad6360e817d57de2f6893c260c20a7484945fceda92_arm64	—	Vendor Fix fix Workaround
Unresolved product id: Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:ab2b4a1a2d1e5230e3c092af3827a21c0838702ae227afd786925d1704002afd_ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:c34b5d86b07705fd0d610ba37bb54a5612b6aba81f04e661b207a2eb0209bea2_s390x	—	Vendor Fix fix Workaround
Unresolved product id: Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:ecd14b0b642cfcac1030a22e2f57a05ae0fd2d63a1f41c975487f30e34fef5d8_amd64	—	Vendor Fix fix Workaround
Unresolved product id: Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:29e6ecab0c0f10c17b752d30978dbda4892b3cf471344faa182ac0b86ee76928_s390x	—	Vendor Fix fix Workaround
Unresolved product id: Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:5fa584e152eb852c9f9dd2ec07c4857924a87470bb92934cbd48efdb0ca238ba_arm64	—	Vendor Fix fix Workaround
Unresolved product id: Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:accf357afa34ff4573ec5a538edfdd37b35f3aeabf786bd6a469f1f457498654_ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:add09864ea186e10cbf36efa26c5e2be626c6e2a47726379d209e5a6cc5698fe_amd64	—	Vendor Fix fix Workaround

Threats

Impact Important

CVE-2025-64756

A flaw was found in glob. This vulnerability allows arbitrary command execution via processing files with malicious names when the glob command-line interface (CLI) is used with the -c/--cmd option, enabling shell metacharacters to trigger command injection.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Affected products

Fixed 8 products

Product	Version	Remediation
Unresolved product id: Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:7ac05f2197eeba5533ad6ad6360e817d57de2f6893c260c20a7484945fceda92_arm64	—	Vendor Fix fix Workaround
Unresolved product id: Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:ab2b4a1a2d1e5230e3c092af3827a21c0838702ae227afd786925d1704002afd_ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:c34b5d86b07705fd0d610ba37bb54a5612b6aba81f04e661b207a2eb0209bea2_s390x	—	Vendor Fix fix Workaround
Unresolved product id: Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:ecd14b0b642cfcac1030a22e2f57a05ae0fd2d63a1f41c975487f30e34fef5d8_amd64	—	Vendor Fix fix Workaround
Unresolved product id: Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:29e6ecab0c0f10c17b752d30978dbda4892b3cf471344faa182ac0b86ee76928_s390x	—	Vendor Fix fix Workaround
Unresolved product id: Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:5fa584e152eb852c9f9dd2ec07c4857924a87470bb92934cbd48efdb0ca238ba_arm64	—	Vendor Fix fix Workaround
Unresolved product id: Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:accf357afa34ff4573ec5a538edfdd37b35f3aeabf786bd6a469f1f457498654_ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:add09864ea186e10cbf36efa26c5e2be626c6e2a47726379d209e5a6cc5698fe_amd64	—	Vendor Fix fix Workaround

Threats

Impact Important

CVE-2025-66031

5.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

CWE-674 - Uncontrolled Recursion

Affected products

Fixed 8 products

Product	Version	Remediation
Unresolved product id: Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:7ac05f2197eeba5533ad6ad6360e817d57de2f6893c260c20a7484945fceda92_arm64	—	Vendor Fix fix Workaround
Unresolved product id: Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:ab2b4a1a2d1e5230e3c092af3827a21c0838702ae227afd786925d1704002afd_ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:c34b5d86b07705fd0d610ba37bb54a5612b6aba81f04e661b207a2eb0209bea2_s390x	—	Vendor Fix fix Workaround
Unresolved product id: Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:ecd14b0b642cfcac1030a22e2f57a05ae0fd2d63a1f41c975487f30e34fef5d8_amd64	—	Vendor Fix fix Workaround
Unresolved product id: Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:29e6ecab0c0f10c17b752d30978dbda4892b3cf471344faa182ac0b86ee76928_s390x	—	Vendor Fix fix Workaround
Unresolved product id: Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:5fa584e152eb852c9f9dd2ec07c4857924a87470bb92934cbd48efdb0ca238ba_arm64	—	Vendor Fix fix Workaround
Unresolved product id: Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:accf357afa34ff4573ec5a538edfdd37b35f3aeabf786bd6a469f1f457498654_ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:add09864ea186e10cbf36efa26c5e2be626c6e2a47726379d209e5a6cc5698fe_amd64	—	Vendor Fix fix Workaround

Threats

Impact Moderate

References

30 references

URL	Category
https://access.redhat.com/errata/RHSA-2025:22936	self
https://access.redhat.com/security/cve/CVE-2025-64756	external
https://access.redhat.com/security/cve/CVE-2025-66031	external
https://access.redhat.com/security/cve/cve-2025-64756	external
https://access.redhat.com/security/cve/cve-2025-66031	external
https://access.redhat.com/security/cve/cve-2025-12816	external
https://access.redhat.com/security/updates/classi…	external
https://access.redhat.com/security/updates/classi…	external
https://security.access.redhat.com/data/csaf/v2/a…	self
https://access.redhat.com/security/cve/CVE-2025-12816	self
https://bugzilla.redhat.com/show_bug.cgi?id=2417097	external
https://www.cve.org/CVERecord?id=CVE-2025-12816	external
https://nvd.nist.gov/vuln/detail/CVE-2025-12816	external
https://github.com/digitalbazaar/forge	external
https://github.com/digitalbazaar/forge/pull/1124	external
https://github.com/digitalbazaar/forge/security/a…	external
https://kb.cert.org/vuls/id/521113	external
https://www.npmjs.com/package/node-forge	external
https://access.redhat.com/security/cve/CVE-2025-64756	self
https://bugzilla.redhat.com/show_bug.cgi?id=2415451	external
https://www.cve.org/CVERecord?id=CVE-2025-64756	external
https://nvd.nist.gov/vuln/detail/CVE-2025-64756	external
https://github.com/isaacs/node-glob/commit/47473c…	external
https://github.com/isaacs/node-glob/security/advi…	external
https://access.redhat.com/security/cve/CVE-2025-66031	self
https://bugzilla.redhat.com/show_bug.cgi?id=2417397	external
https://www.cve.org/CVERecord?id=CVE-2025-66031	external
https://nvd.nist.gov/vuln/detail/CVE-2025-66031	external
https://github.com/digitalbazaar/forge/commit/260…	external
https://github.com/digitalbazaar/forge/security/a…	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Kiali 1.73.25 for Red Hat OpenShift Service Mesh 2.6",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "Kiali 1.73.25, for Red Hat OpenShift Service Mesh 2.6, provides observability for the service mesh by offering a visual representation of the mesh topology and metrics, helping users monitor, trace, and manage efficiently\n\nSecurity Fix(es):\n\n* kiali-ossmc-rhel9: node-forge ASN.1 Unbounded Recursion (CVE-2025-66031)\n\n* kiali-rhel9: node-forge ASN.1 Unbounded Recursion (CVE-2025-66031)\n\n* kiali-ossmc-rhel9: glob CLI: Command injection via -c/--cmd executes matches with shell:true (CVE-2025-64756)\n\n* kiali-rhel9: glob CLI: Command injection via -c/--cmd executes matches with shell:true (CVE-2025-64756)",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2025:22936",
        "url": "https://access.redhat.com/errata/RHSA-2025:22936"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/CVE-2025-64756",
        "url": "https://access.redhat.com/security/cve/CVE-2025-64756"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/CVE-2025-66031",
        "url": "https://access.redhat.com/security/cve/CVE-2025-66031"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/cve-2025-64756",
        "url": "https://access.redhat.com/security/cve/cve-2025-64756"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/cve-2025-66031",
        "url": "https://access.redhat.com/security/cve/cve-2025-66031"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/cve-2025-12816",
        "url": "https://access.redhat.com/security/cve/cve-2025-12816"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification",
        "url": "https://access.redhat.com/security/updates/classification"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/",
        "url": "https://access.redhat.com/security/updates/classification/"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_22936.json"
      }
    ],
    "title": "Red Hat Security Advisory: Kiali 1.73.25 for Red Hat OpenShift Service Mesh 2.6",
    "tracking": {
      "current_release_date": "2026-06-03T17:07:43+00:00",
      "generator": {
        "date": "2026-06-03T17:07:43+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.8.1"
        }
      },
      "id": "RHSA-2025:22936",
      "initial_release_date": "2025-12-09T14:58:58+00:00",
      "revision_history": [
        {
          "date": "2025-12-09T14:58:58+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2025-12-12T21:35:51+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2026-06-03T17:07:43+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat OpenShift Service Mesh 2.6",
                "product": {
                  "name": "Red Hat OpenShift Service Mesh 2.6",
                  "product_id": "Red Hat OpenShift Service Mesh 2.6",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:service_mesh:2.6::el8"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat OpenShift Service Mesh"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:add09864ea186e10cbf36efa26c5e2be626c6e2a47726379d209e5a6cc5698fe_amd64",
                "product": {
                  "name": "registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:add09864ea186e10cbf36efa26c5e2be626c6e2a47726379d209e5a6cc5698fe_amd64",
                  "product_id": "registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:add09864ea186e10cbf36efa26c5e2be626c6e2a47726379d209e5a6cc5698fe_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/kiali-rhel8@sha256%3Aadd09864ea186e10cbf36efa26c5e2be626c6e2a47726379d209e5a6cc5698fe?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1.73.25-1764836020"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:ecd14b0b642cfcac1030a22e2f57a05ae0fd2d63a1f41c975487f30e34fef5d8_amd64",
                "product": {
                  "name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:ecd14b0b642cfcac1030a22e2f57a05ae0fd2d63a1f41c975487f30e34fef5d8_amd64",
                  "product_id": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:ecd14b0b642cfcac1030a22e2f57a05ae0fd2d63a1f41c975487f30e34fef5d8_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/kiali-ossmc-rhel8@sha256%3Aecd14b0b642cfcac1030a22e2f57a05ae0fd2d63a1f41c975487f30e34fef5d8?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1.73.25-1764836138"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "amd64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:5fa584e152eb852c9f9dd2ec07c4857924a87470bb92934cbd48efdb0ca238ba_arm64",
                "product": {
                  "name": "registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:5fa584e152eb852c9f9dd2ec07c4857924a87470bb92934cbd48efdb0ca238ba_arm64",
                  "product_id": "registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:5fa584e152eb852c9f9dd2ec07c4857924a87470bb92934cbd48efdb0ca238ba_arm64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/kiali-rhel8@sha256%3A5fa584e152eb852c9f9dd2ec07c4857924a87470bb92934cbd48efdb0ca238ba?arch=arm64\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1.73.25-1764836020"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:7ac05f2197eeba5533ad6ad6360e817d57de2f6893c260c20a7484945fceda92_arm64",
                "product": {
                  "name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:7ac05f2197eeba5533ad6ad6360e817d57de2f6893c260c20a7484945fceda92_arm64",
                  "product_id": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:7ac05f2197eeba5533ad6ad6360e817d57de2f6893c260c20a7484945fceda92_arm64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/kiali-ossmc-rhel8@sha256%3A7ac05f2197eeba5533ad6ad6360e817d57de2f6893c260c20a7484945fceda92?arch=arm64\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1.73.25-1764836138"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "arm64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:accf357afa34ff4573ec5a538edfdd37b35f3aeabf786bd6a469f1f457498654_ppc64le",
                "product": {
                  "name": "registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:accf357afa34ff4573ec5a538edfdd37b35f3aeabf786bd6a469f1f457498654_ppc64le",
                  "product_id": "registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:accf357afa34ff4573ec5a538edfdd37b35f3aeabf786bd6a469f1f457498654_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/kiali-rhel8@sha256%3Aaccf357afa34ff4573ec5a538edfdd37b35f3aeabf786bd6a469f1f457498654?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1.73.25-1764836020"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:ab2b4a1a2d1e5230e3c092af3827a21c0838702ae227afd786925d1704002afd_ppc64le",
                "product": {
                  "name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:ab2b4a1a2d1e5230e3c092af3827a21c0838702ae227afd786925d1704002afd_ppc64le",
                  "product_id": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:ab2b4a1a2d1e5230e3c092af3827a21c0838702ae227afd786925d1704002afd_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/kiali-ossmc-rhel8@sha256%3Aab2b4a1a2d1e5230e3c092af3827a21c0838702ae227afd786925d1704002afd?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1.73.25-1764836138"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:29e6ecab0c0f10c17b752d30978dbda4892b3cf471344faa182ac0b86ee76928_s390x",
                "product": {
                  "name": "registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:29e6ecab0c0f10c17b752d30978dbda4892b3cf471344faa182ac0b86ee76928_s390x",
                  "product_id": "registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:29e6ecab0c0f10c17b752d30978dbda4892b3cf471344faa182ac0b86ee76928_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/kiali-rhel8@sha256%3A29e6ecab0c0f10c17b752d30978dbda4892b3cf471344faa182ac0b86ee76928?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1.73.25-1764836020"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:c34b5d86b07705fd0d610ba37bb54a5612b6aba81f04e661b207a2eb0209bea2_s390x",
                "product": {
                  "name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:c34b5d86b07705fd0d610ba37bb54a5612b6aba81f04e661b207a2eb0209bea2_s390x",
                  "product_id": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:c34b5d86b07705fd0d610ba37bb54a5612b6aba81f04e661b207a2eb0209bea2_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/kiali-ossmc-rhel8@sha256%3Ac34b5d86b07705fd0d610ba37bb54a5612b6aba81f04e661b207a2eb0209bea2?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1.73.25-1764836138"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:7ac05f2197eeba5533ad6ad6360e817d57de2f6893c260c20a7484945fceda92_arm64 as a component of Red Hat OpenShift Service Mesh 2.6",
          "product_id": "Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:7ac05f2197eeba5533ad6ad6360e817d57de2f6893c260c20a7484945fceda92_arm64"
        },
        "product_reference": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:7ac05f2197eeba5533ad6ad6360e817d57de2f6893c260c20a7484945fceda92_arm64",
        "relates_to_product_reference": "Red Hat OpenShift Service Mesh 2.6"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:ab2b4a1a2d1e5230e3c092af3827a21c0838702ae227afd786925d1704002afd_ppc64le as a component of Red Hat OpenShift Service Mesh 2.6",
          "product_id": "Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:ab2b4a1a2d1e5230e3c092af3827a21c0838702ae227afd786925d1704002afd_ppc64le"
        },
        "product_reference": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:ab2b4a1a2d1e5230e3c092af3827a21c0838702ae227afd786925d1704002afd_ppc64le",
        "relates_to_product_reference": "Red Hat OpenShift Service Mesh 2.6"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:c34b5d86b07705fd0d610ba37bb54a5612b6aba81f04e661b207a2eb0209bea2_s390x as a component of Red Hat OpenShift Service Mesh 2.6",
          "product_id": "Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:c34b5d86b07705fd0d610ba37bb54a5612b6aba81f04e661b207a2eb0209bea2_s390x"
        },
        "product_reference": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:c34b5d86b07705fd0d610ba37bb54a5612b6aba81f04e661b207a2eb0209bea2_s390x",
        "relates_to_product_reference": "Red Hat OpenShift Service Mesh 2.6"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:ecd14b0b642cfcac1030a22e2f57a05ae0fd2d63a1f41c975487f30e34fef5d8_amd64 as a component of Red Hat OpenShift Service Mesh 2.6",
          "product_id": "Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:ecd14b0b642cfcac1030a22e2f57a05ae0fd2d63a1f41c975487f30e34fef5d8_amd64"
        },
        "product_reference": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:ecd14b0b642cfcac1030a22e2f57a05ae0fd2d63a1f41c975487f30e34fef5d8_amd64",
        "relates_to_product_reference": "Red Hat OpenShift Service Mesh 2.6"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:29e6ecab0c0f10c17b752d30978dbda4892b3cf471344faa182ac0b86ee76928_s390x as a component of Red Hat OpenShift Service Mesh 2.6",
          "product_id": "Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:29e6ecab0c0f10c17b752d30978dbda4892b3cf471344faa182ac0b86ee76928_s390x"
        },
        "product_reference": "registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:29e6ecab0c0f10c17b752d30978dbda4892b3cf471344faa182ac0b86ee76928_s390x",
        "relates_to_product_reference": "Red Hat OpenShift Service Mesh 2.6"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:5fa584e152eb852c9f9dd2ec07c4857924a87470bb92934cbd48efdb0ca238ba_arm64 as a component of Red Hat OpenShift Service Mesh 2.6",
          "product_id": "Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:5fa584e152eb852c9f9dd2ec07c4857924a87470bb92934cbd48efdb0ca238ba_arm64"
        },
        "product_reference": "registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:5fa584e152eb852c9f9dd2ec07c4857924a87470bb92934cbd48efdb0ca238ba_arm64",
        "relates_to_product_reference": "Red Hat OpenShift Service Mesh 2.6"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:accf357afa34ff4573ec5a538edfdd37b35f3aeabf786bd6a469f1f457498654_ppc64le as a component of Red Hat OpenShift Service Mesh 2.6",
          "product_id": "Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:accf357afa34ff4573ec5a538edfdd37b35f3aeabf786bd6a469f1f457498654_ppc64le"
        },
        "product_reference": "registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:accf357afa34ff4573ec5a538edfdd37b35f3aeabf786bd6a469f1f457498654_ppc64le",
        "relates_to_product_reference": "Red Hat OpenShift Service Mesh 2.6"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:add09864ea186e10cbf36efa26c5e2be626c6e2a47726379d209e5a6cc5698fe_amd64 as a component of Red Hat OpenShift Service Mesh 2.6",
          "product_id": "Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:add09864ea186e10cbf36efa26c5e2be626c6e2a47726379d209e5a6cc5698fe_amd64"
        },
        "product_reference": "registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:add09864ea186e10cbf36efa26c5e2be626c6e2a47726379d209e5a6cc5698fe_amd64",
        "relates_to_product_reference": "Red Hat OpenShift Service Mesh 2.6"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2025-12816",
      "cwe": {
        "id": "CWE-179",
        "name": "Incorrect Behavior Order: Early Validation"
      },
      "discovery_date": "2025-11-25T20:01:05.875196+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2417097"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in node-forge. This vulnerability allows unauthenticated attackers to bypass downstream cryptographic verifications and security decisions via crafting ASN.1 (Abstract Syntax Notation One) structures to desynchronize schema validations, yielding a semantic divergence.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "node-forge: node-forge: Interpretation conflict vulnerability allows bypassing cryptographic verifications",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This vulnerability is rated Important for Red Hat products due to an interpretation conflict in the node-forge library. An unauthenticated attacker could exploit this flaw by crafting malicious ASN.1 structures, leading to a bypass of cryptographic verifications and security decisions in affected applications. This impacts various Red Hat products that utilize node-forge for cryptographic operations.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:7ac05f2197eeba5533ad6ad6360e817d57de2f6893c260c20a7484945fceda92_arm64",
          "Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:ab2b4a1a2d1e5230e3c092af3827a21c0838702ae227afd786925d1704002afd_ppc64le",
          "Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:c34b5d86b07705fd0d610ba37bb54a5612b6aba81f04e661b207a2eb0209bea2_s390x",
          "Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:ecd14b0b642cfcac1030a22e2f57a05ae0fd2d63a1f41c975487f30e34fef5d8_amd64",
          "Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:29e6ecab0c0f10c17b752d30978dbda4892b3cf471344faa182ac0b86ee76928_s390x",
          "Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:5fa584e152eb852c9f9dd2ec07c4857924a87470bb92934cbd48efdb0ca238ba_arm64",
          "Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:accf357afa34ff4573ec5a538edfdd37b35f3aeabf786bd6a469f1f457498654_ppc64le",
          "Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:add09864ea186e10cbf36efa26c5e2be626c6e2a47726379d209e5a6cc5698fe_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2025-12816"
        },
        {
          "category": "external",
          "summary": "RHBZ#2417097",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2417097"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2025-12816",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-12816"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-12816",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-12816"
        },
        {
          "category": "external",
          "summary": "https://github.com/digitalbazaar/forge",
          "url": "https://github.com/digitalbazaar/forge"
        },
        {
          "category": "external",
          "summary": "https://github.com/digitalbazaar/forge/pull/1124",
          "url": "https://github.com/digitalbazaar/forge/pull/1124"
        },
        {
          "category": "external",
          "summary": "https://github.com/digitalbazaar/forge/security/advisories/GHSA-5gfm-wpxj-wjgq",
          "url": "https://github.com/digitalbazaar/forge/security/advisories/GHSA-5gfm-wpxj-wjgq"
        },
        {
          "category": "external",
          "summary": "https://kb.cert.org/vuls/id/521113",
          "url": "https://kb.cert.org/vuls/id/521113"
        },
        {
          "category": "external",
          "summary": "https://www.npmjs.com/package/node-forge",
          "url": "https://www.npmjs.com/package/node-forge"
        }
      ],
      "release_date": "2025-11-25T19:15:50.243000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2025-12-09T14:58:58+00:00",
          "details": "See Kiali 1.73.25 documentation at https://docs.redhat.com/en/documentation/openshift_container_platform/4.18/html/service_mesh/service-mesh-2-x",
          "product_ids": [
            "Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:7ac05f2197eeba5533ad6ad6360e817d57de2f6893c260c20a7484945fceda92_arm64",
            "Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:ab2b4a1a2d1e5230e3c092af3827a21c0838702ae227afd786925d1704002afd_ppc64le",
            "Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:c34b5d86b07705fd0d610ba37bb54a5612b6aba81f04e661b207a2eb0209bea2_s390x",
            "Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:ecd14b0b642cfcac1030a22e2f57a05ae0fd2d63a1f41c975487f30e34fef5d8_amd64",
            "Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:29e6ecab0c0f10c17b752d30978dbda4892b3cf471344faa182ac0b86ee76928_s390x",
            "Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:5fa584e152eb852c9f9dd2ec07c4857924a87470bb92934cbd48efdb0ca238ba_arm64",
            "Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:accf357afa34ff4573ec5a538edfdd37b35f3aeabf786bd6a469f1f457498654_ppc64le",
            "Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:add09864ea186e10cbf36efa26c5e2be626c6e2a47726379d209e5a6cc5698fe_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2025:22936"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
          "product_ids": [
            "Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:7ac05f2197eeba5533ad6ad6360e817d57de2f6893c260c20a7484945fceda92_arm64",
            "Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:ab2b4a1a2d1e5230e3c092af3827a21c0838702ae227afd786925d1704002afd_ppc64le",
            "Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:c34b5d86b07705fd0d610ba37bb54a5612b6aba81f04e661b207a2eb0209bea2_s390x",
            "Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:ecd14b0b642cfcac1030a22e2f57a05ae0fd2d63a1f41c975487f30e34fef5d8_amd64",
            "Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:29e6ecab0c0f10c17b752d30978dbda4892b3cf471344faa182ac0b86ee76928_s390x",
            "Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:5fa584e152eb852c9f9dd2ec07c4857924a87470bb92934cbd48efdb0ca238ba_arm64",
            "Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:accf357afa34ff4573ec5a538edfdd37b35f3aeabf786bd6a469f1f457498654_ppc64le",
            "Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:add09864ea186e10cbf36efa26c5e2be626c6e2a47726379d209e5a6cc5698fe_amd64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 8.7,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:7ac05f2197eeba5533ad6ad6360e817d57de2f6893c260c20a7484945fceda92_arm64",
            "Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:ab2b4a1a2d1e5230e3c092af3827a21c0838702ae227afd786925d1704002afd_ppc64le",
            "Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:c34b5d86b07705fd0d610ba37bb54a5612b6aba81f04e661b207a2eb0209bea2_s390x",
            "Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:ecd14b0b642cfcac1030a22e2f57a05ae0fd2d63a1f41c975487f30e34fef5d8_amd64",
            "Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:29e6ecab0c0f10c17b752d30978dbda4892b3cf471344faa182ac0b86ee76928_s390x",
            "Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:5fa584e152eb852c9f9dd2ec07c4857924a87470bb92934cbd48efdb0ca238ba_arm64",
            "Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:accf357afa34ff4573ec5a538edfdd37b35f3aeabf786bd6a469f1f457498654_ppc64le",
            "Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:add09864ea186e10cbf36efa26c5e2be626c6e2a47726379d209e5a6cc5698fe_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "node-forge: node-forge: Interpretation conflict vulnerability allows bypassing cryptographic verifications"
    },
    {
      "cve": "CVE-2025-64756",
      "cwe": {
        "id": "CWE-78",
        "name": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)"
      },
      "discovery_date": "2025-11-17T18:01:28.077927+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2415451"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in glob. This vulnerability allows arbitrary command execution via processing files with malicious names when the glob command-line interface (CLI) is used with the -c/--cmd option, enabling shell metacharacters to trigger command injection.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "glob: glob: Command Injection Vulnerability via Malicious Filenames",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This flaw in glob allows arbitrary command execution when the `glob` command-line interface is used with the `-c/--cmd` option to process files with malicious names. The vulnerability is triggered by shell metacharacters in filenames, leading to command injection. The glob CLI tool utilizes the -c option to execute shell commands over the files which matched the searched pattern by using the shell:true parameter when creating the subprocess which will further execute the command informed via \u0027-c\u0027 option, this parameter allows the shell meta characters to be used and processed when executing the command. Given that information glob misses to sanitize the file name to eliminate such characters and expressions from the filename, leading to code execution as when performing the shell expansion such characters will be interpreted as shell commands.\n\nTo exploit this vulnerability the targeted system should run the glob CLI over a file with a maliciously crafted filename, additionally the attacker needs to have enough permission to create such file or trick the user to download and process the required file with the glob CLI.\n\nThis flaw is present in the command line interface of the nodejs-glob package. When the package is used by npm, the command line interface is not used at all, so it cannot be triggered. However, the command line interface implementation is still present on the system, but not directly exposed to the user\u0027s $PATH. To reflect this condition, nodejs packages have been rated with a low severity.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:7ac05f2197eeba5533ad6ad6360e817d57de2f6893c260c20a7484945fceda92_arm64",
          "Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:ab2b4a1a2d1e5230e3c092af3827a21c0838702ae227afd786925d1704002afd_ppc64le",
          "Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:c34b5d86b07705fd0d610ba37bb54a5612b6aba81f04e661b207a2eb0209bea2_s390x",
          "Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:ecd14b0b642cfcac1030a22e2f57a05ae0fd2d63a1f41c975487f30e34fef5d8_amd64",
          "Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:29e6ecab0c0f10c17b752d30978dbda4892b3cf471344faa182ac0b86ee76928_s390x",
          "Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:5fa584e152eb852c9f9dd2ec07c4857924a87470bb92934cbd48efdb0ca238ba_arm64",
          "Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:accf357afa34ff4573ec5a538edfdd37b35f3aeabf786bd6a469f1f457498654_ppc64le",
          "Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:add09864ea186e10cbf36efa26c5e2be626c6e2a47726379d209e5a6cc5698fe_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2025-64756"
        },
        {
          "category": "external",
          "summary": "RHBZ#2415451",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2415451"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2025-64756",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-64756"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-64756",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-64756"
        },
        {
          "category": "external",
          "summary": "https://github.com/isaacs/node-glob/commit/47473c046b91c67269df7a66eab782a6c2716146",
          "url": "https://github.com/isaacs/node-glob/commit/47473c046b91c67269df7a66eab782a6c2716146"
        },
        {
          "category": "external",
          "summary": "https://github.com/isaacs/node-glob/security/advisories/GHSA-5j98-mcp5-4vw2",
          "url": "https://github.com/isaacs/node-glob/security/advisories/GHSA-5j98-mcp5-4vw2"
        }
      ],
      "release_date": "2025-11-17T17:29:08.029000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2025-12-09T14:58:58+00:00",
          "details": "See Kiali 1.73.25 documentation at https://docs.redhat.com/en/documentation/openshift_container_platform/4.18/html/service_mesh/service-mesh-2-x",
          "product_ids": [
            "Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:7ac05f2197eeba5533ad6ad6360e817d57de2f6893c260c20a7484945fceda92_arm64",
            "Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:ab2b4a1a2d1e5230e3c092af3827a21c0838702ae227afd786925d1704002afd_ppc64le",
            "Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:c34b5d86b07705fd0d610ba37bb54a5612b6aba81f04e661b207a2eb0209bea2_s390x",
            "Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:ecd14b0b642cfcac1030a22e2f57a05ae0fd2d63a1f41c975487f30e34fef5d8_amd64",
            "Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:29e6ecab0c0f10c17b752d30978dbda4892b3cf471344faa182ac0b86ee76928_s390x",
            "Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:5fa584e152eb852c9f9dd2ec07c4857924a87470bb92934cbd48efdb0ca238ba_arm64",
            "Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:accf357afa34ff4573ec5a538edfdd37b35f3aeabf786bd6a469f1f457498654_ppc64le",
            "Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:add09864ea186e10cbf36efa26c5e2be626c6e2a47726379d209e5a6cc5698fe_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2025:22936"
        },
        {
          "category": "workaround",
          "details": "To mitigate this issue, avoid using the `glob` command-line interface with the `-c` or `--cmd` option when processing filenames from untrusted sources. If programmatic use of `glob` is necessary, ensure that filenames are thoroughly sanitized before being passed to commands executed with shell interpretation enabled.",
          "product_ids": [
            "Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:7ac05f2197eeba5533ad6ad6360e817d57de2f6893c260c20a7484945fceda92_arm64",
            "Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:ab2b4a1a2d1e5230e3c092af3827a21c0838702ae227afd786925d1704002afd_ppc64le",
            "Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:c34b5d86b07705fd0d610ba37bb54a5612b6aba81f04e661b207a2eb0209bea2_s390x",
            "Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:ecd14b0b642cfcac1030a22e2f57a05ae0fd2d63a1f41c975487f30e34fef5d8_amd64",
            "Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:29e6ecab0c0f10c17b752d30978dbda4892b3cf471344faa182ac0b86ee76928_s390x",
            "Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:5fa584e152eb852c9f9dd2ec07c4857924a87470bb92934cbd48efdb0ca238ba_arm64",
            "Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:accf357afa34ff4573ec5a538edfdd37b35f3aeabf786bd6a469f1f457498654_ppc64le",
            "Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:add09864ea186e10cbf36efa26c5e2be626c6e2a47726379d209e5a6cc5698fe_amd64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:7ac05f2197eeba5533ad6ad6360e817d57de2f6893c260c20a7484945fceda92_arm64",
            "Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:ab2b4a1a2d1e5230e3c092af3827a21c0838702ae227afd786925d1704002afd_ppc64le",
            "Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:c34b5d86b07705fd0d610ba37bb54a5612b6aba81f04e661b207a2eb0209bea2_s390x",
            "Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:ecd14b0b642cfcac1030a22e2f57a05ae0fd2d63a1f41c975487f30e34fef5d8_amd64",
            "Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:29e6ecab0c0f10c17b752d30978dbda4892b3cf471344faa182ac0b86ee76928_s390x",
            "Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:5fa584e152eb852c9f9dd2ec07c4857924a87470bb92934cbd48efdb0ca238ba_arm64",
            "Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:accf357afa34ff4573ec5a538edfdd37b35f3aeabf786bd6a469f1f457498654_ppc64le",
            "Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:add09864ea186e10cbf36efa26c5e2be626c6e2a47726379d209e5a6cc5698fe_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "glob: glob: Command Injection Vulnerability via Malicious Filenames"
    },
    {
      "cve": "CVE-2025-66031",
      "cwe": {
        "id": "CWE-674",
        "name": "Uncontrolled Recursion"
      },
      "discovery_date": "2025-11-26T23:01:36.363253+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2417397"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "An ASN.1 Denial of Service (Dos) vulnerability exists in the node-forge asn1.fromDer function within forge/lib/asn1.js. The ASN.1 DER parser implementation (_fromDer) recurses for every constructed ASN.1 value (SEQUENCE, SET, etc.) and lacks a guard limiting recursion depth. An attacker can craft a small DER blob containing a very large nesting depth of constructed TLVs which causes the Node.js V8 engine to exhaust its call stack and throw RangeError: Maximum call stack size exceeded, crashing or incapacitating the process handling the parse. This is a remote, low-cost Denial-of-Service against applications that parse untrusted ASN.1 objects.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "node-forge: node-forge ASN.1 Unbounded Recursion",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:7ac05f2197eeba5533ad6ad6360e817d57de2f6893c260c20a7484945fceda92_arm64",
          "Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:ab2b4a1a2d1e5230e3c092af3827a21c0838702ae227afd786925d1704002afd_ppc64le",
          "Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:c34b5d86b07705fd0d610ba37bb54a5612b6aba81f04e661b207a2eb0209bea2_s390x",
          "Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:ecd14b0b642cfcac1030a22e2f57a05ae0fd2d63a1f41c975487f30e34fef5d8_amd64",
          "Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:29e6ecab0c0f10c17b752d30978dbda4892b3cf471344faa182ac0b86ee76928_s390x",
          "Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:5fa584e152eb852c9f9dd2ec07c4857924a87470bb92934cbd48efdb0ca238ba_arm64",
          "Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:accf357afa34ff4573ec5a538edfdd37b35f3aeabf786bd6a469f1f457498654_ppc64le",
          "Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:add09864ea186e10cbf36efa26c5e2be626c6e2a47726379d209e5a6cc5698fe_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2025-66031"
        },
        {
          "category": "external",
          "summary": "RHBZ#2417397",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2417397"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2025-66031",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-66031"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-66031",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66031"
        },
        {
          "category": "external",
          "summary": "https://github.com/digitalbazaar/forge/commit/260425c6167a38aae038697132483b5517b26451",
          "url": "https://github.com/digitalbazaar/forge/commit/260425c6167a38aae038697132483b5517b26451"
        },
        {
          "category": "external",
          "summary": "https://github.com/digitalbazaar/forge/security/advisories/GHSA-554w-wpv2-vw27",
          "url": "https://github.com/digitalbazaar/forge/security/advisories/GHSA-554w-wpv2-vw27"
        }
      ],
      "release_date": "2025-11-26T22:23:26.013000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2025-12-09T14:58:58+00:00",
          "details": "See Kiali 1.73.25 documentation at https://docs.redhat.com/en/documentation/openshift_container_platform/4.18/html/service_mesh/service-mesh-2-x",
          "product_ids": [
            "Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:7ac05f2197eeba5533ad6ad6360e817d57de2f6893c260c20a7484945fceda92_arm64",
            "Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:ab2b4a1a2d1e5230e3c092af3827a21c0838702ae227afd786925d1704002afd_ppc64le",
            "Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:c34b5d86b07705fd0d610ba37bb54a5612b6aba81f04e661b207a2eb0209bea2_s390x",
            "Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:ecd14b0b642cfcac1030a22e2f57a05ae0fd2d63a1f41c975487f30e34fef5d8_amd64",
            "Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:29e6ecab0c0f10c17b752d30978dbda4892b3cf471344faa182ac0b86ee76928_s390x",
            "Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:5fa584e152eb852c9f9dd2ec07c4857924a87470bb92934cbd48efdb0ca238ba_arm64",
            "Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:accf357afa34ff4573ec5a538edfdd37b35f3aeabf786bd6a469f1f457498654_ppc64le",
            "Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:add09864ea186e10cbf36efa26c5e2be626c6e2a47726379d209e5a6cc5698fe_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2025:22936"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
          "product_ids": [
            "Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:7ac05f2197eeba5533ad6ad6360e817d57de2f6893c260c20a7484945fceda92_arm64",
            "Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:ab2b4a1a2d1e5230e3c092af3827a21c0838702ae227afd786925d1704002afd_ppc64le",
            "Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:c34b5d86b07705fd0d610ba37bb54a5612b6aba81f04e661b207a2eb0209bea2_s390x",
            "Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:ecd14b0b642cfcac1030a22e2f57a05ae0fd2d63a1f41c975487f30e34fef5d8_amd64",
            "Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:29e6ecab0c0f10c17b752d30978dbda4892b3cf471344faa182ac0b86ee76928_s390x",
            "Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:5fa584e152eb852c9f9dd2ec07c4857924a87470bb92934cbd48efdb0ca238ba_arm64",
            "Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:accf357afa34ff4573ec5a538edfdd37b35f3aeabf786bd6a469f1f457498654_ppc64le",
            "Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:add09864ea186e10cbf36efa26c5e2be626c6e2a47726379d209e5a6cc5698fe_amd64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          },
          "products": [
            "Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:7ac05f2197eeba5533ad6ad6360e817d57de2f6893c260c20a7484945fceda92_arm64",
            "Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:ab2b4a1a2d1e5230e3c092af3827a21c0838702ae227afd786925d1704002afd_ppc64le",
            "Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:c34b5d86b07705fd0d610ba37bb54a5612b6aba81f04e661b207a2eb0209bea2_s390x",
            "Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:ecd14b0b642cfcac1030a22e2f57a05ae0fd2d63a1f41c975487f30e34fef5d8_amd64",
            "Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:29e6ecab0c0f10c17b752d30978dbda4892b3cf471344faa182ac0b86ee76928_s390x",
            "Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:5fa584e152eb852c9f9dd2ec07c4857924a87470bb92934cbd48efdb0ca238ba_arm64",
            "Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:accf357afa34ff4573ec5a538edfdd37b35f3aeabf786bd6a469f1f457498654_ppc64le",
            "Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:add09864ea186e10cbf36efa26c5e2be626c6e2a47726379d209e5a6cc5698fe_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "node-forge: node-forge ASN.1 Unbounded Recursion"
    }
  ]
}

RHSA-2025:22937

Vulnerability from csaf_redhat - Published: 2025-12-09 14:59 - Updated: 2026-06-03 17:07

Summary

Red Hat Security Advisory: Kiali 2.4.11 for Red Hat OpenShift Service Mesh 3.0

Severity

Important

Notes

Topic: Kiali 2.4.11 for Red Hat OpenShift Service Mesh 3.0

Details: Kiali 2.4.11, for Red Hat OpenShift Service Mesh 3.0, provides observability for the service mesh by offering a visual representation of the mesh topology and metrics, helping users monitor, trace, and manage efficiently Security Fix(es): * kiali-ossmc-rhel9: node-forge ASN.1 Unbounded Recursion (CVE-2025-66031) * kiali-rhel9: node-forge ASN.1 Unbounded Recursion (CVE-2025-66031) * kiali-ossmc-rhel9: glob CLI: Command injection via -c/--cmd executes matches with shell:true (CVE-2025-64756) * kiali-rhel9: glob CLI: Command injection via -c/--cmd executes matches with shell:true (CVE-2025-64756)

CVE-2025-12816

8.7 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N

CWE-179 - Incorrect Behavior Order: Early Validation

Affected products

Fixed 8 products

Product	Version	Remediation
Unresolved product id: Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:284ba4bea2d340c325d183b866efb72527d297ab6c866b7b18c9e82af43d6af3_ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:7e2b22107128f05f40773095ae2b01ae6c65df0539677ea0d5b8f90c7f907f98_amd64	—	Vendor Fix fix Workaround
Unresolved product id: Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:a529baf5f8aef4932058b377ded468cc291c1c04a326c8e1d6275ad0bde495a2_arm64	—	Vendor Fix fix Workaround
Unresolved product id: Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:e00f3b28e62c2ac90d836d7673183b1b391b76ce1b272861e49571f345cfa6a4_s390x	—	Vendor Fix fix Workaround
Unresolved product id: Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:76d016722febb26186803476d1479339130eb5911299b01955e5449488910447_amd64	—	Vendor Fix fix Workaround
Unresolved product id: Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:8d99058fce52a3208855359c8c1d2e90b010145dac3403177791925471005a1e_s390x	—	Vendor Fix fix Workaround
Unresolved product id: Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:9ab887b31e9d45ef89acd26b0d2bd9aeb5fc7c87d0f296d605ed9fa5d8c6a50e_arm64	—	Vendor Fix fix Workaround
Unresolved product id: Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:c012e5fdf21c90d8d504164ddec9b294c5c347df078049fcd4e20a9ebe2f76cc_ppc64le	—	Vendor Fix fix Workaround

Threats

Impact Important

CVE-2025-64756

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Affected products

Fixed 8 products

Product	Version	Remediation
Unresolved product id: Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:284ba4bea2d340c325d183b866efb72527d297ab6c866b7b18c9e82af43d6af3_ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:7e2b22107128f05f40773095ae2b01ae6c65df0539677ea0d5b8f90c7f907f98_amd64	—	Vendor Fix fix Workaround
Unresolved product id: Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:a529baf5f8aef4932058b377ded468cc291c1c04a326c8e1d6275ad0bde495a2_arm64	—	Vendor Fix fix Workaround
Unresolved product id: Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:e00f3b28e62c2ac90d836d7673183b1b391b76ce1b272861e49571f345cfa6a4_s390x	—	Vendor Fix fix Workaround
Unresolved product id: Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:76d016722febb26186803476d1479339130eb5911299b01955e5449488910447_amd64	—	Vendor Fix fix Workaround
Unresolved product id: Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:8d99058fce52a3208855359c8c1d2e90b010145dac3403177791925471005a1e_s390x	—	Vendor Fix fix Workaround
Unresolved product id: Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:9ab887b31e9d45ef89acd26b0d2bd9aeb5fc7c87d0f296d605ed9fa5d8c6a50e_arm64	—	Vendor Fix fix Workaround
Unresolved product id: Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:c012e5fdf21c90d8d504164ddec9b294c5c347df078049fcd4e20a9ebe2f76cc_ppc64le	—	Vendor Fix fix Workaround

Threats

Impact Important

CVE-2025-66031

5.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

CWE-674 - Uncontrolled Recursion

Affected products

Fixed 8 products

Product	Version	Remediation
Unresolved product id: Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:284ba4bea2d340c325d183b866efb72527d297ab6c866b7b18c9e82af43d6af3_ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:7e2b22107128f05f40773095ae2b01ae6c65df0539677ea0d5b8f90c7f907f98_amd64	—	Vendor Fix fix Workaround
Unresolved product id: Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:a529baf5f8aef4932058b377ded468cc291c1c04a326c8e1d6275ad0bde495a2_arm64	—	Vendor Fix fix Workaround
Unresolved product id: Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:e00f3b28e62c2ac90d836d7673183b1b391b76ce1b272861e49571f345cfa6a4_s390x	—	Vendor Fix fix Workaround
Unresolved product id: Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:76d016722febb26186803476d1479339130eb5911299b01955e5449488910447_amd64	—	Vendor Fix fix Workaround
Unresolved product id: Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:8d99058fce52a3208855359c8c1d2e90b010145dac3403177791925471005a1e_s390x	—	Vendor Fix fix Workaround
Unresolved product id: Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:9ab887b31e9d45ef89acd26b0d2bd9aeb5fc7c87d0f296d605ed9fa5d8c6a50e_arm64	—	Vendor Fix fix Workaround
Unresolved product id: Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:c012e5fdf21c90d8d504164ddec9b294c5c347df078049fcd4e20a9ebe2f76cc_ppc64le	—	Vendor Fix fix Workaround

Threats

Impact Moderate

References

30 references

URL	Category
https://access.redhat.com/errata/RHSA-2025:22937	self
https://access.redhat.com/security/cve/CVE-2025-64756	external
https://access.redhat.com/security/cve/CVE-2025-66031	external
https://access.redhat.com/security/cve/cve-2025-64756	external
https://access.redhat.com/security/cve/cve-2025-66031	external
https://access.redhat.com/security/cve/cve-2025-12816	external
https://access.redhat.com/security/updates/classi…	external
https://access.redhat.com/security/updates/classi…	external
https://security.access.redhat.com/data/csaf/v2/a…	self
https://access.redhat.com/security/cve/CVE-2025-12816	self
https://bugzilla.redhat.com/show_bug.cgi?id=2417097	external
https://www.cve.org/CVERecord?id=CVE-2025-12816	external
https://nvd.nist.gov/vuln/detail/CVE-2025-12816	external
https://github.com/digitalbazaar/forge	external
https://github.com/digitalbazaar/forge/pull/1124	external
https://github.com/digitalbazaar/forge/security/a…	external
https://kb.cert.org/vuls/id/521113	external
https://www.npmjs.com/package/node-forge	external
https://access.redhat.com/security/cve/CVE-2025-64756	self
https://bugzilla.redhat.com/show_bug.cgi?id=2415451	external
https://www.cve.org/CVERecord?id=CVE-2025-64756	external
https://nvd.nist.gov/vuln/detail/CVE-2025-64756	external
https://github.com/isaacs/node-glob/commit/47473c…	external
https://github.com/isaacs/node-glob/security/advi…	external
https://access.redhat.com/security/cve/CVE-2025-66031	self
https://bugzilla.redhat.com/show_bug.cgi?id=2417397	external
https://www.cve.org/CVERecord?id=CVE-2025-66031	external
https://nvd.nist.gov/vuln/detail/CVE-2025-66031	external
https://github.com/digitalbazaar/forge/commit/260…	external
https://github.com/digitalbazaar/forge/security/a…	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Kiali 2.4.11 for Red Hat OpenShift Service Mesh 3.0",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "Kiali 2.4.11, for Red Hat OpenShift Service Mesh 3.0, provides observability for the service mesh by offering a visual representation of the mesh topology and metrics, helping users monitor, trace, and manage efficiently\n\nSecurity Fix(es):\n\n* kiali-ossmc-rhel9: node-forge ASN.1 Unbounded Recursion (CVE-2025-66031)\n\n* kiali-rhel9: node-forge ASN.1 Unbounded Recursion (CVE-2025-66031)\n\n* kiali-ossmc-rhel9: glob CLI: Command injection via -c/--cmd executes matches with shell:true (CVE-2025-64756)\n\n* kiali-rhel9: glob CLI: Command injection via -c/--cmd executes matches with shell:true (CVE-2025-64756)",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2025:22937",
        "url": "https://access.redhat.com/errata/RHSA-2025:22937"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/CVE-2025-64756",
        "url": "https://access.redhat.com/security/cve/CVE-2025-64756"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/CVE-2025-66031",
        "url": "https://access.redhat.com/security/cve/CVE-2025-66031"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/cve-2025-64756",
        "url": "https://access.redhat.com/security/cve/cve-2025-64756"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/cve-2025-66031",
        "url": "https://access.redhat.com/security/cve/cve-2025-66031"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/cve-2025-12816",
        "url": "https://access.redhat.com/security/cve/cve-2025-12816"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification",
        "url": "https://access.redhat.com/security/updates/classification"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/",
        "url": "https://access.redhat.com/security/updates/classification/"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_22937.json"
      }
    ],
    "title": "Red Hat Security Advisory: Kiali 2.4.11 for Red Hat OpenShift Service Mesh 3.0",
    "tracking": {
      "current_release_date": "2026-06-03T17:07:43+00:00",
      "generator": {
        "date": "2026-06-03T17:07:43+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.8.1"
        }
      },
      "id": "RHSA-2025:22937",
      "initial_release_date": "2025-12-09T14:59:02+00:00",
      "revision_history": [
        {
          "date": "2025-12-09T14:59:02+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2025-12-12T21:35:51+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2026-06-03T17:07:43+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat OpenShift Service Mesh 3",
                "product": {
                  "name": "Red Hat OpenShift Service Mesh 3",
                  "product_id": "Red Hat OpenShift Service Mesh 3",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:service_mesh:3.0::el9"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat OpenShift Service Mesh"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:76d016722febb26186803476d1479339130eb5911299b01955e5449488910447_amd64",
                "product": {
                  "name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:76d016722febb26186803476d1479339130eb5911299b01955e5449488910447_amd64",
                  "product_id": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:76d016722febb26186803476d1479339130eb5911299b01955e5449488910447_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/kiali-rhel9@sha256%3A76d016722febb26186803476d1479339130eb5911299b01955e5449488910447?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=2.4.11-1764836335"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:7e2b22107128f05f40773095ae2b01ae6c65df0539677ea0d5b8f90c7f907f98_amd64",
                "product": {
                  "name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:7e2b22107128f05f40773095ae2b01ae6c65df0539677ea0d5b8f90c7f907f98_amd64",
                  "product_id": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:7e2b22107128f05f40773095ae2b01ae6c65df0539677ea0d5b8f90c7f907f98_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/kiali-ossmc-rhel9@sha256%3A7e2b22107128f05f40773095ae2b01ae6c65df0539677ea0d5b8f90c7f907f98?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=2.4.11-1764844423"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "amd64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:9ab887b31e9d45ef89acd26b0d2bd9aeb5fc7c87d0f296d605ed9fa5d8c6a50e_arm64",
                "product": {
                  "name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:9ab887b31e9d45ef89acd26b0d2bd9aeb5fc7c87d0f296d605ed9fa5d8c6a50e_arm64",
                  "product_id": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:9ab887b31e9d45ef89acd26b0d2bd9aeb5fc7c87d0f296d605ed9fa5d8c6a50e_arm64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/kiali-rhel9@sha256%3A9ab887b31e9d45ef89acd26b0d2bd9aeb5fc7c87d0f296d605ed9fa5d8c6a50e?arch=arm64\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=2.4.11-1764836335"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:a529baf5f8aef4932058b377ded468cc291c1c04a326c8e1d6275ad0bde495a2_arm64",
                "product": {
                  "name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:a529baf5f8aef4932058b377ded468cc291c1c04a326c8e1d6275ad0bde495a2_arm64",
                  "product_id": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:a529baf5f8aef4932058b377ded468cc291c1c04a326c8e1d6275ad0bde495a2_arm64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/kiali-ossmc-rhel9@sha256%3Aa529baf5f8aef4932058b377ded468cc291c1c04a326c8e1d6275ad0bde495a2?arch=arm64\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=2.4.11-1764844423"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "arm64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:c012e5fdf21c90d8d504164ddec9b294c5c347df078049fcd4e20a9ebe2f76cc_ppc64le",
                "product": {
                  "name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:c012e5fdf21c90d8d504164ddec9b294c5c347df078049fcd4e20a9ebe2f76cc_ppc64le",
                  "product_id": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:c012e5fdf21c90d8d504164ddec9b294c5c347df078049fcd4e20a9ebe2f76cc_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/kiali-rhel9@sha256%3Ac012e5fdf21c90d8d504164ddec9b294c5c347df078049fcd4e20a9ebe2f76cc?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=2.4.11-1764836335"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:284ba4bea2d340c325d183b866efb72527d297ab6c866b7b18c9e82af43d6af3_ppc64le",
                "product": {
                  "name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:284ba4bea2d340c325d183b866efb72527d297ab6c866b7b18c9e82af43d6af3_ppc64le",
                  "product_id": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:284ba4bea2d340c325d183b866efb72527d297ab6c866b7b18c9e82af43d6af3_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/kiali-ossmc-rhel9@sha256%3A284ba4bea2d340c325d183b866efb72527d297ab6c866b7b18c9e82af43d6af3?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=2.4.11-1764844423"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:8d99058fce52a3208855359c8c1d2e90b010145dac3403177791925471005a1e_s390x",
                "product": {
                  "name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:8d99058fce52a3208855359c8c1d2e90b010145dac3403177791925471005a1e_s390x",
                  "product_id": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:8d99058fce52a3208855359c8c1d2e90b010145dac3403177791925471005a1e_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/kiali-rhel9@sha256%3A8d99058fce52a3208855359c8c1d2e90b010145dac3403177791925471005a1e?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=2.4.11-1764836335"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:e00f3b28e62c2ac90d836d7673183b1b391b76ce1b272861e49571f345cfa6a4_s390x",
                "product": {
                  "name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:e00f3b28e62c2ac90d836d7673183b1b391b76ce1b272861e49571f345cfa6a4_s390x",
                  "product_id": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:e00f3b28e62c2ac90d836d7673183b1b391b76ce1b272861e49571f345cfa6a4_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/kiali-ossmc-rhel9@sha256%3Ae00f3b28e62c2ac90d836d7673183b1b391b76ce1b272861e49571f345cfa6a4?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=2.4.11-1764844423"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:284ba4bea2d340c325d183b866efb72527d297ab6c866b7b18c9e82af43d6af3_ppc64le as a component of Red Hat OpenShift Service Mesh 3",
          "product_id": "Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:284ba4bea2d340c325d183b866efb72527d297ab6c866b7b18c9e82af43d6af3_ppc64le"
        },
        "product_reference": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:284ba4bea2d340c325d183b866efb72527d297ab6c866b7b18c9e82af43d6af3_ppc64le",
        "relates_to_product_reference": "Red Hat OpenShift Service Mesh 3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:7e2b22107128f05f40773095ae2b01ae6c65df0539677ea0d5b8f90c7f907f98_amd64 as a component of Red Hat OpenShift Service Mesh 3",
          "product_id": "Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:7e2b22107128f05f40773095ae2b01ae6c65df0539677ea0d5b8f90c7f907f98_amd64"
        },
        "product_reference": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:7e2b22107128f05f40773095ae2b01ae6c65df0539677ea0d5b8f90c7f907f98_amd64",
        "relates_to_product_reference": "Red Hat OpenShift Service Mesh 3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:a529baf5f8aef4932058b377ded468cc291c1c04a326c8e1d6275ad0bde495a2_arm64 as a component of Red Hat OpenShift Service Mesh 3",
          "product_id": "Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:a529baf5f8aef4932058b377ded468cc291c1c04a326c8e1d6275ad0bde495a2_arm64"
        },
        "product_reference": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:a529baf5f8aef4932058b377ded468cc291c1c04a326c8e1d6275ad0bde495a2_arm64",
        "relates_to_product_reference": "Red Hat OpenShift Service Mesh 3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:e00f3b28e62c2ac90d836d7673183b1b391b76ce1b272861e49571f345cfa6a4_s390x as a component of Red Hat OpenShift Service Mesh 3",
          "product_id": "Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:e00f3b28e62c2ac90d836d7673183b1b391b76ce1b272861e49571f345cfa6a4_s390x"
        },
        "product_reference": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:e00f3b28e62c2ac90d836d7673183b1b391b76ce1b272861e49571f345cfa6a4_s390x",
        "relates_to_product_reference": "Red Hat OpenShift Service Mesh 3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:76d016722febb26186803476d1479339130eb5911299b01955e5449488910447_amd64 as a component of Red Hat OpenShift Service Mesh 3",
          "product_id": "Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:76d016722febb26186803476d1479339130eb5911299b01955e5449488910447_amd64"
        },
        "product_reference": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:76d016722febb26186803476d1479339130eb5911299b01955e5449488910447_amd64",
        "relates_to_product_reference": "Red Hat OpenShift Service Mesh 3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:8d99058fce52a3208855359c8c1d2e90b010145dac3403177791925471005a1e_s390x as a component of Red Hat OpenShift Service Mesh 3",
          "product_id": "Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:8d99058fce52a3208855359c8c1d2e90b010145dac3403177791925471005a1e_s390x"
        },
        "product_reference": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:8d99058fce52a3208855359c8c1d2e90b010145dac3403177791925471005a1e_s390x",
        "relates_to_product_reference": "Red Hat OpenShift Service Mesh 3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:9ab887b31e9d45ef89acd26b0d2bd9aeb5fc7c87d0f296d605ed9fa5d8c6a50e_arm64 as a component of Red Hat OpenShift Service Mesh 3",
          "product_id": "Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:9ab887b31e9d45ef89acd26b0d2bd9aeb5fc7c87d0f296d605ed9fa5d8c6a50e_arm64"
        },
        "product_reference": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:9ab887b31e9d45ef89acd26b0d2bd9aeb5fc7c87d0f296d605ed9fa5d8c6a50e_arm64",
        "relates_to_product_reference": "Red Hat OpenShift Service Mesh 3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:c012e5fdf21c90d8d504164ddec9b294c5c347df078049fcd4e20a9ebe2f76cc_ppc64le as a component of Red Hat OpenShift Service Mesh 3",
          "product_id": "Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:c012e5fdf21c90d8d504164ddec9b294c5c347df078049fcd4e20a9ebe2f76cc_ppc64le"
        },
        "product_reference": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:c012e5fdf21c90d8d504164ddec9b294c5c347df078049fcd4e20a9ebe2f76cc_ppc64le",
        "relates_to_product_reference": "Red Hat OpenShift Service Mesh 3"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2025-12816",
      "cwe": {
        "id": "CWE-179",
        "name": "Incorrect Behavior Order: Early Validation"
      },
      "discovery_date": "2025-11-25T20:01:05.875196+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2417097"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in node-forge. This vulnerability allows unauthenticated attackers to bypass downstream cryptographic verifications and security decisions via crafting ASN.1 (Abstract Syntax Notation One) structures to desynchronize schema validations, yielding a semantic divergence.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "node-forge: node-forge: Interpretation conflict vulnerability allows bypassing cryptographic verifications",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This vulnerability is rated Important for Red Hat products due to an interpretation conflict in the node-forge library. An unauthenticated attacker could exploit this flaw by crafting malicious ASN.1 structures, leading to a bypass of cryptographic verifications and security decisions in affected applications. This impacts various Red Hat products that utilize node-forge for cryptographic operations.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:284ba4bea2d340c325d183b866efb72527d297ab6c866b7b18c9e82af43d6af3_ppc64le",
          "Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:7e2b22107128f05f40773095ae2b01ae6c65df0539677ea0d5b8f90c7f907f98_amd64",
          "Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:a529baf5f8aef4932058b377ded468cc291c1c04a326c8e1d6275ad0bde495a2_arm64",
          "Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:e00f3b28e62c2ac90d836d7673183b1b391b76ce1b272861e49571f345cfa6a4_s390x",
          "Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:76d016722febb26186803476d1479339130eb5911299b01955e5449488910447_amd64",
          "Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:8d99058fce52a3208855359c8c1d2e90b010145dac3403177791925471005a1e_s390x",
          "Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:9ab887b31e9d45ef89acd26b0d2bd9aeb5fc7c87d0f296d605ed9fa5d8c6a50e_arm64",
          "Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:c012e5fdf21c90d8d504164ddec9b294c5c347df078049fcd4e20a9ebe2f76cc_ppc64le"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2025-12816"
        },
        {
          "category": "external",
          "summary": "RHBZ#2417097",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2417097"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2025-12816",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-12816"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-12816",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-12816"
        },
        {
          "category": "external",
          "summary": "https://github.com/digitalbazaar/forge",
          "url": "https://github.com/digitalbazaar/forge"
        },
        {
          "category": "external",
          "summary": "https://github.com/digitalbazaar/forge/pull/1124",
          "url": "https://github.com/digitalbazaar/forge/pull/1124"
        },
        {
          "category": "external",
          "summary": "https://github.com/digitalbazaar/forge/security/advisories/GHSA-5gfm-wpxj-wjgq",
          "url": "https://github.com/digitalbazaar/forge/security/advisories/GHSA-5gfm-wpxj-wjgq"
        },
        {
          "category": "external",
          "summary": "https://kb.cert.org/vuls/id/521113",
          "url": "https://kb.cert.org/vuls/id/521113"
        },
        {
          "category": "external",
          "summary": "https://www.npmjs.com/package/node-forge",
          "url": "https://www.npmjs.com/package/node-forge"
        }
      ],
      "release_date": "2025-11-25T19:15:50.243000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2025-12-09T14:59:02+00:00",
          "details": "See Kiali 2.4.11 documentation at https://docs.redhat.com/en/documentation/red_hat_openshift_service_mesh/3.0/html/observability/kiali-operator-provided-by-red-hat",
          "product_ids": [
            "Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:284ba4bea2d340c325d183b866efb72527d297ab6c866b7b18c9e82af43d6af3_ppc64le",
            "Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:7e2b22107128f05f40773095ae2b01ae6c65df0539677ea0d5b8f90c7f907f98_amd64",
            "Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:a529baf5f8aef4932058b377ded468cc291c1c04a326c8e1d6275ad0bde495a2_arm64",
            "Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:e00f3b28e62c2ac90d836d7673183b1b391b76ce1b272861e49571f345cfa6a4_s390x",
            "Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:76d016722febb26186803476d1479339130eb5911299b01955e5449488910447_amd64",
            "Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:8d99058fce52a3208855359c8c1d2e90b010145dac3403177791925471005a1e_s390x",
            "Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:9ab887b31e9d45ef89acd26b0d2bd9aeb5fc7c87d0f296d605ed9fa5d8c6a50e_arm64",
            "Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:c012e5fdf21c90d8d504164ddec9b294c5c347df078049fcd4e20a9ebe2f76cc_ppc64le"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2025:22937"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
          "product_ids": [
            "Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:284ba4bea2d340c325d183b866efb72527d297ab6c866b7b18c9e82af43d6af3_ppc64le",
            "Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:7e2b22107128f05f40773095ae2b01ae6c65df0539677ea0d5b8f90c7f907f98_amd64",
            "Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:a529baf5f8aef4932058b377ded468cc291c1c04a326c8e1d6275ad0bde495a2_arm64",
            "Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:e00f3b28e62c2ac90d836d7673183b1b391b76ce1b272861e49571f345cfa6a4_s390x",
            "Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:76d016722febb26186803476d1479339130eb5911299b01955e5449488910447_amd64",
            "Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:8d99058fce52a3208855359c8c1d2e90b010145dac3403177791925471005a1e_s390x",
            "Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:9ab887b31e9d45ef89acd26b0d2bd9aeb5fc7c87d0f296d605ed9fa5d8c6a50e_arm64",
            "Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:c012e5fdf21c90d8d504164ddec9b294c5c347df078049fcd4e20a9ebe2f76cc_ppc64le"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 8.7,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:284ba4bea2d340c325d183b866efb72527d297ab6c866b7b18c9e82af43d6af3_ppc64le",
            "Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:7e2b22107128f05f40773095ae2b01ae6c65df0539677ea0d5b8f90c7f907f98_amd64",
            "Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:a529baf5f8aef4932058b377ded468cc291c1c04a326c8e1d6275ad0bde495a2_arm64",
            "Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:e00f3b28e62c2ac90d836d7673183b1b391b76ce1b272861e49571f345cfa6a4_s390x",
            "Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:76d016722febb26186803476d1479339130eb5911299b01955e5449488910447_amd64",
            "Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:8d99058fce52a3208855359c8c1d2e90b010145dac3403177791925471005a1e_s390x",
            "Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:9ab887b31e9d45ef89acd26b0d2bd9aeb5fc7c87d0f296d605ed9fa5d8c6a50e_arm64",
            "Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:c012e5fdf21c90d8d504164ddec9b294c5c347df078049fcd4e20a9ebe2f76cc_ppc64le"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "node-forge: node-forge: Interpretation conflict vulnerability allows bypassing cryptographic verifications"
    },
    {
      "cve": "CVE-2025-64756",
      "cwe": {
        "id": "CWE-78",
        "name": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)"
      },
      "discovery_date": "2025-11-17T18:01:28.077927+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2415451"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in glob. This vulnerability allows arbitrary command execution via processing files with malicious names when the glob command-line interface (CLI) is used with the -c/--cmd option, enabling shell metacharacters to trigger command injection.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "glob: glob: Command Injection Vulnerability via Malicious Filenames",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This flaw in glob allows arbitrary command execution when the `glob` command-line interface is used with the `-c/--cmd` option to process files with malicious names. The vulnerability is triggered by shell metacharacters in filenames, leading to command injection. The glob CLI tool utilizes the -c option to execute shell commands over the files which matched the searched pattern by using the shell:true parameter when creating the subprocess which will further execute the command informed via \u0027-c\u0027 option, this parameter allows the shell meta characters to be used and processed when executing the command. Given that information glob misses to sanitize the file name to eliminate such characters and expressions from the filename, leading to code execution as when performing the shell expansion such characters will be interpreted as shell commands.\n\nTo exploit this vulnerability the targeted system should run the glob CLI over a file with a maliciously crafted filename, additionally the attacker needs to have enough permission to create such file or trick the user to download and process the required file with the glob CLI.\n\nThis flaw is present in the command line interface of the nodejs-glob package. When the package is used by npm, the command line interface is not used at all, so it cannot be triggered. However, the command line interface implementation is still present on the system, but not directly exposed to the user\u0027s $PATH. To reflect this condition, nodejs packages have been rated with a low severity.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:284ba4bea2d340c325d183b866efb72527d297ab6c866b7b18c9e82af43d6af3_ppc64le",
          "Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:7e2b22107128f05f40773095ae2b01ae6c65df0539677ea0d5b8f90c7f907f98_amd64",
          "Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:a529baf5f8aef4932058b377ded468cc291c1c04a326c8e1d6275ad0bde495a2_arm64",
          "Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:e00f3b28e62c2ac90d836d7673183b1b391b76ce1b272861e49571f345cfa6a4_s390x",
          "Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:76d016722febb26186803476d1479339130eb5911299b01955e5449488910447_amd64",
          "Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:8d99058fce52a3208855359c8c1d2e90b010145dac3403177791925471005a1e_s390x",
          "Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:9ab887b31e9d45ef89acd26b0d2bd9aeb5fc7c87d0f296d605ed9fa5d8c6a50e_arm64",
          "Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:c012e5fdf21c90d8d504164ddec9b294c5c347df078049fcd4e20a9ebe2f76cc_ppc64le"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2025-64756"
        },
        {
          "category": "external",
          "summary": "RHBZ#2415451",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2415451"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2025-64756",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-64756"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-64756",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-64756"
        },
        {
          "category": "external",
          "summary": "https://github.com/isaacs/node-glob/commit/47473c046b91c67269df7a66eab782a6c2716146",
          "url": "https://github.com/isaacs/node-glob/commit/47473c046b91c67269df7a66eab782a6c2716146"
        },
        {
          "category": "external",
          "summary": "https://github.com/isaacs/node-glob/security/advisories/GHSA-5j98-mcp5-4vw2",
          "url": "https://github.com/isaacs/node-glob/security/advisories/GHSA-5j98-mcp5-4vw2"
        }
      ],
      "release_date": "2025-11-17T17:29:08.029000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2025-12-09T14:59:02+00:00",
          "details": "See Kiali 2.4.11 documentation at https://docs.redhat.com/en/documentation/red_hat_openshift_service_mesh/3.0/html/observability/kiali-operator-provided-by-red-hat",
          "product_ids": [
            "Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:284ba4bea2d340c325d183b866efb72527d297ab6c866b7b18c9e82af43d6af3_ppc64le",
            "Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:7e2b22107128f05f40773095ae2b01ae6c65df0539677ea0d5b8f90c7f907f98_amd64",
            "Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:a529baf5f8aef4932058b377ded468cc291c1c04a326c8e1d6275ad0bde495a2_arm64",
            "Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:e00f3b28e62c2ac90d836d7673183b1b391b76ce1b272861e49571f345cfa6a4_s390x",
            "Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:76d016722febb26186803476d1479339130eb5911299b01955e5449488910447_amd64",
            "Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:8d99058fce52a3208855359c8c1d2e90b010145dac3403177791925471005a1e_s390x",
            "Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:9ab887b31e9d45ef89acd26b0d2bd9aeb5fc7c87d0f296d605ed9fa5d8c6a50e_arm64",
            "Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:c012e5fdf21c90d8d504164ddec9b294c5c347df078049fcd4e20a9ebe2f76cc_ppc64le"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2025:22937"
        },
        {
          "category": "workaround",
          "details": "To mitigate this issue, avoid using the `glob` command-line interface with the `-c` or `--cmd` option when processing filenames from untrusted sources. If programmatic use of `glob` is necessary, ensure that filenames are thoroughly sanitized before being passed to commands executed with shell interpretation enabled.",
          "product_ids": [
            "Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:284ba4bea2d340c325d183b866efb72527d297ab6c866b7b18c9e82af43d6af3_ppc64le",
            "Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:7e2b22107128f05f40773095ae2b01ae6c65df0539677ea0d5b8f90c7f907f98_amd64",
            "Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:a529baf5f8aef4932058b377ded468cc291c1c04a326c8e1d6275ad0bde495a2_arm64",
            "Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:e00f3b28e62c2ac90d836d7673183b1b391b76ce1b272861e49571f345cfa6a4_s390x",
            "Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:76d016722febb26186803476d1479339130eb5911299b01955e5449488910447_amd64",
            "Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:8d99058fce52a3208855359c8c1d2e90b010145dac3403177791925471005a1e_s390x",
            "Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:9ab887b31e9d45ef89acd26b0d2bd9aeb5fc7c87d0f296d605ed9fa5d8c6a50e_arm64",
            "Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:c012e5fdf21c90d8d504164ddec9b294c5c347df078049fcd4e20a9ebe2f76cc_ppc64le"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:284ba4bea2d340c325d183b866efb72527d297ab6c866b7b18c9e82af43d6af3_ppc64le",
            "Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:7e2b22107128f05f40773095ae2b01ae6c65df0539677ea0d5b8f90c7f907f98_amd64",
            "Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:a529baf5f8aef4932058b377ded468cc291c1c04a326c8e1d6275ad0bde495a2_arm64",
            "Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:e00f3b28e62c2ac90d836d7673183b1b391b76ce1b272861e49571f345cfa6a4_s390x",
            "Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:76d016722febb26186803476d1479339130eb5911299b01955e5449488910447_amd64",
            "Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:8d99058fce52a3208855359c8c1d2e90b010145dac3403177791925471005a1e_s390x",
            "Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:9ab887b31e9d45ef89acd26b0d2bd9aeb5fc7c87d0f296d605ed9fa5d8c6a50e_arm64",
            "Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:c012e5fdf21c90d8d504164ddec9b294c5c347df078049fcd4e20a9ebe2f76cc_ppc64le"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "glob: glob: Command Injection Vulnerability via Malicious Filenames"
    },
    {
      "cve": "CVE-2025-66031",
      "cwe": {
        "id": "CWE-674",
        "name": "Uncontrolled Recursion"
      },
      "discovery_date": "2025-11-26T23:01:36.363253+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2417397"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "An ASN.1 Denial of Service (Dos) vulnerability exists in the node-forge asn1.fromDer function within forge/lib/asn1.js. The ASN.1 DER parser implementation (_fromDer) recurses for every constructed ASN.1 value (SEQUENCE, SET, etc.) and lacks a guard limiting recursion depth. An attacker can craft a small DER blob containing a very large nesting depth of constructed TLVs which causes the Node.js V8 engine to exhaust its call stack and throw RangeError: Maximum call stack size exceeded, crashing or incapacitating the process handling the parse. This is a remote, low-cost Denial-of-Service against applications that parse untrusted ASN.1 objects.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "node-forge: node-forge ASN.1 Unbounded Recursion",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:284ba4bea2d340c325d183b866efb72527d297ab6c866b7b18c9e82af43d6af3_ppc64le",
          "Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:7e2b22107128f05f40773095ae2b01ae6c65df0539677ea0d5b8f90c7f907f98_amd64",
          "Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:a529baf5f8aef4932058b377ded468cc291c1c04a326c8e1d6275ad0bde495a2_arm64",
          "Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:e00f3b28e62c2ac90d836d7673183b1b391b76ce1b272861e49571f345cfa6a4_s390x",
          "Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:76d016722febb26186803476d1479339130eb5911299b01955e5449488910447_amd64",
          "Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:8d99058fce52a3208855359c8c1d2e90b010145dac3403177791925471005a1e_s390x",
          "Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:9ab887b31e9d45ef89acd26b0d2bd9aeb5fc7c87d0f296d605ed9fa5d8c6a50e_arm64",
          "Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:c012e5fdf21c90d8d504164ddec9b294c5c347df078049fcd4e20a9ebe2f76cc_ppc64le"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2025-66031"
        },
        {
          "category": "external",
          "summary": "RHBZ#2417397",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2417397"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2025-66031",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-66031"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-66031",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66031"
        },
        {
          "category": "external",
          "summary": "https://github.com/digitalbazaar/forge/commit/260425c6167a38aae038697132483b5517b26451",
          "url": "https://github.com/digitalbazaar/forge/commit/260425c6167a38aae038697132483b5517b26451"
        },
        {
          "category": "external",
          "summary": "https://github.com/digitalbazaar/forge/security/advisories/GHSA-554w-wpv2-vw27",
          "url": "https://github.com/digitalbazaar/forge/security/advisories/GHSA-554w-wpv2-vw27"
        }
      ],
      "release_date": "2025-11-26T22:23:26.013000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2025-12-09T14:59:02+00:00",
          "details": "See Kiali 2.4.11 documentation at https://docs.redhat.com/en/documentation/red_hat_openshift_service_mesh/3.0/html/observability/kiali-operator-provided-by-red-hat",
          "product_ids": [
            "Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:284ba4bea2d340c325d183b866efb72527d297ab6c866b7b18c9e82af43d6af3_ppc64le",
            "Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:7e2b22107128f05f40773095ae2b01ae6c65df0539677ea0d5b8f90c7f907f98_amd64",
            "Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:a529baf5f8aef4932058b377ded468cc291c1c04a326c8e1d6275ad0bde495a2_arm64",
            "Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:e00f3b28e62c2ac90d836d7673183b1b391b76ce1b272861e49571f345cfa6a4_s390x",
            "Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:76d016722febb26186803476d1479339130eb5911299b01955e5449488910447_amd64",
            "Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:8d99058fce52a3208855359c8c1d2e90b010145dac3403177791925471005a1e_s390x",
            "Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:9ab887b31e9d45ef89acd26b0d2bd9aeb5fc7c87d0f296d605ed9fa5d8c6a50e_arm64",
            "Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:c012e5fdf21c90d8d504164ddec9b294c5c347df078049fcd4e20a9ebe2f76cc_ppc64le"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2025:22937"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
          "product_ids": [
            "Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:284ba4bea2d340c325d183b866efb72527d297ab6c866b7b18c9e82af43d6af3_ppc64le",
            "Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:7e2b22107128f05f40773095ae2b01ae6c65df0539677ea0d5b8f90c7f907f98_amd64",
            "Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:a529baf5f8aef4932058b377ded468cc291c1c04a326c8e1d6275ad0bde495a2_arm64",
            "Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:e00f3b28e62c2ac90d836d7673183b1b391b76ce1b272861e49571f345cfa6a4_s390x",
            "Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:76d016722febb26186803476d1479339130eb5911299b01955e5449488910447_amd64",
            "Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:8d99058fce52a3208855359c8c1d2e90b010145dac3403177791925471005a1e_s390x",
            "Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:9ab887b31e9d45ef89acd26b0d2bd9aeb5fc7c87d0f296d605ed9fa5d8c6a50e_arm64",
            "Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:c012e5fdf21c90d8d504164ddec9b294c5c347df078049fcd4e20a9ebe2f76cc_ppc64le"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          },
          "products": [
            "Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:284ba4bea2d340c325d183b866efb72527d297ab6c866b7b18c9e82af43d6af3_ppc64le",
            "Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:7e2b22107128f05f40773095ae2b01ae6c65df0539677ea0d5b8f90c7f907f98_amd64",
            "Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:a529baf5f8aef4932058b377ded468cc291c1c04a326c8e1d6275ad0bde495a2_arm64",
            "Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:e00f3b28e62c2ac90d836d7673183b1b391b76ce1b272861e49571f345cfa6a4_s390x",
            "Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:76d016722febb26186803476d1479339130eb5911299b01955e5449488910447_amd64",
            "Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:8d99058fce52a3208855359c8c1d2e90b010145dac3403177791925471005a1e_s390x",
            "Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:9ab887b31e9d45ef89acd26b0d2bd9aeb5fc7c87d0f296d605ed9fa5d8c6a50e_arm64",
            "Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:c012e5fdf21c90d8d504164ddec9b294c5c347df078049fcd4e20a9ebe2f76cc_ppc64le"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "node-forge: node-forge ASN.1 Unbounded Recursion"
    }
  ]
}

RHSA-2025:22938

Vulnerability from csaf_redhat - Published: 2025-12-09 14:59 - Updated: 2026-06-03 17:07

Summary

Red Hat Security Advisory: Kiali 2.11.5 for Red Hat OpenShift Service Mesh 3.1

Severity

Important

Notes

Topic: Kiali 2.11.5 for Red Hat OpenShift Service Mesh 3.1 This update has a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Details: Kiali 2.11.5, for Red Hat OpenShift Service Mesh 3.1, provides observability for the service mesh by offering a visual representation of the mesh topology and metrics, helping users monitor, trace, and manage efficiently. Security Fix(es): * kiali-ossmc-rhel9: node-forge ASN.1 Unbounded Recursion (CVE-2025-66031) * kiali-rhel9: node-forge ASN.1 Unbounded Recursion (CVE-2025-66031) * kiali-ossmc-rhel9: glob CLI: Command injection via -c/--cmd executes matches with shell:true (CVE-2025-64756) * kiali-rhel9: glob CLI: Command injection via -c/--cmd executes matches with shell:true (CVE-2025-64756)

CVE-2025-12816

8.7 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N

CWE-179 - Incorrect Behavior Order: Early Validation

Affected products

Fixed 8 products

Product	Version	Remediation
Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:502dcba52460677c5d20f2649216e62c426acb83fbfb38bd630e942b9c0c2733_ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:53f1ed0ec0b57f5d35c51dda8d3490649c91c2596658f91e9e206c6fb476ee1a_amd64	—	Vendor Fix fix Workaround
Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:75b9064c9e83a08e0147ff97fd45ca8b3adb6f16bccedf66c146a74a8c769b25_s390x	—	Vendor Fix fix Workaround
Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:928ed23934eae4e9c16ac23eaa828cc09f2d0ae539f330454ad6222e8cec3250_arm64	—	Vendor Fix fix Workaround
Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:00743a84647ebaac732100a5e224ec024d3dfa22a9a942b4df81d1042eac2493_amd64	—	Vendor Fix fix Workaround
Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:85b7d05d935a5d86fc0695ef7ab7edefd27c2674bd35a4e5997b6ac7bbbaa2a8_arm64	—	Vendor Fix fix Workaround
Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:9d884a817a1a1e8924b6405e694ffae05f78664f4e00f355ec2ddd7c05446e53_ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:ef0ddf23bae41b1c9aad0b05c90aecc2a21b45e125013a139e705c27285907c5_s390x	—	Vendor Fix fix Workaround

Threats

Impact Important

CVE-2025-64756

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Affected products

Fixed 8 products

Product	Version	Remediation
Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:502dcba52460677c5d20f2649216e62c426acb83fbfb38bd630e942b9c0c2733_ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:53f1ed0ec0b57f5d35c51dda8d3490649c91c2596658f91e9e206c6fb476ee1a_amd64	—	Vendor Fix fix Workaround
Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:75b9064c9e83a08e0147ff97fd45ca8b3adb6f16bccedf66c146a74a8c769b25_s390x	—	Vendor Fix fix Workaround
Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:928ed23934eae4e9c16ac23eaa828cc09f2d0ae539f330454ad6222e8cec3250_arm64	—	Vendor Fix fix Workaround
Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:00743a84647ebaac732100a5e224ec024d3dfa22a9a942b4df81d1042eac2493_amd64	—	Vendor Fix fix Workaround
Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:85b7d05d935a5d86fc0695ef7ab7edefd27c2674bd35a4e5997b6ac7bbbaa2a8_arm64	—	Vendor Fix fix Workaround
Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:9d884a817a1a1e8924b6405e694ffae05f78664f4e00f355ec2ddd7c05446e53_ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:ef0ddf23bae41b1c9aad0b05c90aecc2a21b45e125013a139e705c27285907c5_s390x	—	Vendor Fix fix Workaround

Threats

Impact Important

CVE-2025-66031

5.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

CWE-674 - Uncontrolled Recursion

Affected products

Fixed 8 products

Product	Version	Remediation
Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:502dcba52460677c5d20f2649216e62c426acb83fbfb38bd630e942b9c0c2733_ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:53f1ed0ec0b57f5d35c51dda8d3490649c91c2596658f91e9e206c6fb476ee1a_amd64	—	Vendor Fix fix Workaround
Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:75b9064c9e83a08e0147ff97fd45ca8b3adb6f16bccedf66c146a74a8c769b25_s390x	—	Vendor Fix fix Workaround
Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:928ed23934eae4e9c16ac23eaa828cc09f2d0ae539f330454ad6222e8cec3250_arm64	—	Vendor Fix fix Workaround
Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:00743a84647ebaac732100a5e224ec024d3dfa22a9a942b4df81d1042eac2493_amd64	—	Vendor Fix fix Workaround
Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:85b7d05d935a5d86fc0695ef7ab7edefd27c2674bd35a4e5997b6ac7bbbaa2a8_arm64	—	Vendor Fix fix Workaround
Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:9d884a817a1a1e8924b6405e694ffae05f78664f4e00f355ec2ddd7c05446e53_ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:ef0ddf23bae41b1c9aad0b05c90aecc2a21b45e125013a139e705c27285907c5_s390x	—	Vendor Fix fix Workaround

Threats

Impact Moderate

References

30 references

URL	Category
https://access.redhat.com/errata/RHSA-2025:22938	self
https://access.redhat.com/security/cve/CVE-2025-64756	external
https://access.redhat.com/security/cve/CVE-2025-66031	external
https://access.redhat.com/security/cve/cve-2025-64756	external
https://access.redhat.com/security/cve/cve-2025-66031	external
https://access.redhat.com/security/cve/cve-2025-12816	external
https://access.redhat.com/security/updates/classi…	external
https://access.redhat.com/security/updates/classi…	external
https://security.access.redhat.com/data/csaf/v2/a…	self
https://access.redhat.com/security/cve/CVE-2025-12816	self
https://bugzilla.redhat.com/show_bug.cgi?id=2417097	external
https://www.cve.org/CVERecord?id=CVE-2025-12816	external
https://nvd.nist.gov/vuln/detail/CVE-2025-12816	external
https://github.com/digitalbazaar/forge	external
https://github.com/digitalbazaar/forge/pull/1124	external
https://github.com/digitalbazaar/forge/security/a…	external
https://kb.cert.org/vuls/id/521113	external
https://www.npmjs.com/package/node-forge	external
https://access.redhat.com/security/cve/CVE-2025-64756	self
https://bugzilla.redhat.com/show_bug.cgi?id=2415451	external
https://www.cve.org/CVERecord?id=CVE-2025-64756	external
https://nvd.nist.gov/vuln/detail/CVE-2025-64756	external
https://github.com/isaacs/node-glob/commit/47473c…	external
https://github.com/isaacs/node-glob/security/advi…	external
https://access.redhat.com/security/cve/CVE-2025-66031	self
https://bugzilla.redhat.com/show_bug.cgi?id=2417397	external
https://www.cve.org/CVERecord?id=CVE-2025-66031	external
https://nvd.nist.gov/vuln/detail/CVE-2025-66031	external
https://github.com/digitalbazaar/forge/commit/260…	external
https://github.com/digitalbazaar/forge/security/a…	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Kiali 2.11.5 for Red Hat OpenShift Service Mesh 3.1\n\nThis update has a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "Kiali 2.11.5, for Red Hat OpenShift Service Mesh 3.1, provides observability for the service mesh by offering a visual representation of the mesh topology and metrics, helping users monitor, trace, and manage efficiently.\n\nSecurity Fix(es):\n\n* kiali-ossmc-rhel9: node-forge ASN.1 Unbounded Recursion (CVE-2025-66031)\n\n* kiali-rhel9: node-forge ASN.1 Unbounded Recursion (CVE-2025-66031)\n\n* kiali-ossmc-rhel9: glob CLI: Command injection via -c/--cmd executes matches with shell:true (CVE-2025-64756)\n\n* kiali-rhel9: glob CLI: Command injection via -c/--cmd executes matches with shell:true (CVE-2025-64756)",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2025:22938",
        "url": "https://access.redhat.com/errata/RHSA-2025:22938"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/CVE-2025-64756",
        "url": "https://access.redhat.com/security/cve/CVE-2025-64756"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/CVE-2025-66031",
        "url": "https://access.redhat.com/security/cve/CVE-2025-66031"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/cve-2025-64756",
        "url": "https://access.redhat.com/security/cve/cve-2025-64756"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/cve-2025-66031",
        "url": "https://access.redhat.com/security/cve/cve-2025-66031"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/cve-2025-12816",
        "url": "https://access.redhat.com/security/cve/cve-2025-12816"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification",
        "url": "https://access.redhat.com/security/updates/classification"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/",
        "url": "https://access.redhat.com/security/updates/classification/"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_22938.json"
      }
    ],
    "title": "Red Hat Security Advisory: Kiali 2.11.5 for Red Hat OpenShift Service Mesh 3.1",
    "tracking": {
      "current_release_date": "2026-06-03T17:07:43+00:00",
      "generator": {
        "date": "2026-06-03T17:07:43+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.8.1"
        }
      },
      "id": "RHSA-2025:22938",
      "initial_release_date": "2025-12-09T14:59:35+00:00",
      "revision_history": [
        {
          "date": "2025-12-09T14:59:35+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2025-12-12T21:35:51+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2026-06-03T17:07:43+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat OpenShift Service Mesh 3.1",
                "product": {
                  "name": "Red Hat OpenShift Service Mesh 3.1",
                  "product_id": "Red Hat OpenShift Service Mesh 3.1",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:service_mesh:3.1::el9"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat OpenShift Service Mesh"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:00743a84647ebaac732100a5e224ec024d3dfa22a9a942b4df81d1042eac2493_amd64",
                "product": {
                  "name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:00743a84647ebaac732100a5e224ec024d3dfa22a9a942b4df81d1042eac2493_amd64",
                  "product_id": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:00743a84647ebaac732100a5e224ec024d3dfa22a9a942b4df81d1042eac2493_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/kiali-rhel9@sha256%3A00743a84647ebaac732100a5e224ec024d3dfa22a9a942b4df81d1042eac2493?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=2.11.5-1764836235"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:53f1ed0ec0b57f5d35c51dda8d3490649c91c2596658f91e9e206c6fb476ee1a_amd64",
                "product": {
                  "name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:53f1ed0ec0b57f5d35c51dda8d3490649c91c2596658f91e9e206c6fb476ee1a_amd64",
                  "product_id": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:53f1ed0ec0b57f5d35c51dda8d3490649c91c2596658f91e9e206c6fb476ee1a_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/kiali-ossmc-rhel9@sha256%3A53f1ed0ec0b57f5d35c51dda8d3490649c91c2596658f91e9e206c6fb476ee1a?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=2.11.5-1764835957"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "amd64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:85b7d05d935a5d86fc0695ef7ab7edefd27c2674bd35a4e5997b6ac7bbbaa2a8_arm64",
                "product": {
                  "name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:85b7d05d935a5d86fc0695ef7ab7edefd27c2674bd35a4e5997b6ac7bbbaa2a8_arm64",
                  "product_id": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:85b7d05d935a5d86fc0695ef7ab7edefd27c2674bd35a4e5997b6ac7bbbaa2a8_arm64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/kiali-rhel9@sha256%3A85b7d05d935a5d86fc0695ef7ab7edefd27c2674bd35a4e5997b6ac7bbbaa2a8?arch=arm64\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=2.11.5-1764836235"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:928ed23934eae4e9c16ac23eaa828cc09f2d0ae539f330454ad6222e8cec3250_arm64",
                "product": {
                  "name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:928ed23934eae4e9c16ac23eaa828cc09f2d0ae539f330454ad6222e8cec3250_arm64",
                  "product_id": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:928ed23934eae4e9c16ac23eaa828cc09f2d0ae539f330454ad6222e8cec3250_arm64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/kiali-ossmc-rhel9@sha256%3A928ed23934eae4e9c16ac23eaa828cc09f2d0ae539f330454ad6222e8cec3250?arch=arm64\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=2.11.5-1764835957"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "arm64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:9d884a817a1a1e8924b6405e694ffae05f78664f4e00f355ec2ddd7c05446e53_ppc64le",
                "product": {
                  "name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:9d884a817a1a1e8924b6405e694ffae05f78664f4e00f355ec2ddd7c05446e53_ppc64le",
                  "product_id": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:9d884a817a1a1e8924b6405e694ffae05f78664f4e00f355ec2ddd7c05446e53_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/kiali-rhel9@sha256%3A9d884a817a1a1e8924b6405e694ffae05f78664f4e00f355ec2ddd7c05446e53?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=2.11.5-1764836235"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:502dcba52460677c5d20f2649216e62c426acb83fbfb38bd630e942b9c0c2733_ppc64le",
                "product": {
                  "name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:502dcba52460677c5d20f2649216e62c426acb83fbfb38bd630e942b9c0c2733_ppc64le",
                  "product_id": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:502dcba52460677c5d20f2649216e62c426acb83fbfb38bd630e942b9c0c2733_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/kiali-ossmc-rhel9@sha256%3A502dcba52460677c5d20f2649216e62c426acb83fbfb38bd630e942b9c0c2733?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=2.11.5-1764835957"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:ef0ddf23bae41b1c9aad0b05c90aecc2a21b45e125013a139e705c27285907c5_s390x",
                "product": {
                  "name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:ef0ddf23bae41b1c9aad0b05c90aecc2a21b45e125013a139e705c27285907c5_s390x",
                  "product_id": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:ef0ddf23bae41b1c9aad0b05c90aecc2a21b45e125013a139e705c27285907c5_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/kiali-rhel9@sha256%3Aef0ddf23bae41b1c9aad0b05c90aecc2a21b45e125013a139e705c27285907c5?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=2.11.5-1764836235"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:75b9064c9e83a08e0147ff97fd45ca8b3adb6f16bccedf66c146a74a8c769b25_s390x",
                "product": {
                  "name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:75b9064c9e83a08e0147ff97fd45ca8b3adb6f16bccedf66c146a74a8c769b25_s390x",
                  "product_id": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:75b9064c9e83a08e0147ff97fd45ca8b3adb6f16bccedf66c146a74a8c769b25_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/kiali-ossmc-rhel9@sha256%3A75b9064c9e83a08e0147ff97fd45ca8b3adb6f16bccedf66c146a74a8c769b25?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=2.11.5-1764835957"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:502dcba52460677c5d20f2649216e62c426acb83fbfb38bd630e942b9c0c2733_ppc64le as a component of Red Hat OpenShift Service Mesh 3.1",
          "product_id": "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:502dcba52460677c5d20f2649216e62c426acb83fbfb38bd630e942b9c0c2733_ppc64le"
        },
        "product_reference": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:502dcba52460677c5d20f2649216e62c426acb83fbfb38bd630e942b9c0c2733_ppc64le",
        "relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:53f1ed0ec0b57f5d35c51dda8d3490649c91c2596658f91e9e206c6fb476ee1a_amd64 as a component of Red Hat OpenShift Service Mesh 3.1",
          "product_id": "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:53f1ed0ec0b57f5d35c51dda8d3490649c91c2596658f91e9e206c6fb476ee1a_amd64"
        },
        "product_reference": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:53f1ed0ec0b57f5d35c51dda8d3490649c91c2596658f91e9e206c6fb476ee1a_amd64",
        "relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:75b9064c9e83a08e0147ff97fd45ca8b3adb6f16bccedf66c146a74a8c769b25_s390x as a component of Red Hat OpenShift Service Mesh 3.1",
          "product_id": "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:75b9064c9e83a08e0147ff97fd45ca8b3adb6f16bccedf66c146a74a8c769b25_s390x"
        },
        "product_reference": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:75b9064c9e83a08e0147ff97fd45ca8b3adb6f16bccedf66c146a74a8c769b25_s390x",
        "relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:928ed23934eae4e9c16ac23eaa828cc09f2d0ae539f330454ad6222e8cec3250_arm64 as a component of Red Hat OpenShift Service Mesh 3.1",
          "product_id": "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:928ed23934eae4e9c16ac23eaa828cc09f2d0ae539f330454ad6222e8cec3250_arm64"
        },
        "product_reference": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:928ed23934eae4e9c16ac23eaa828cc09f2d0ae539f330454ad6222e8cec3250_arm64",
        "relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:00743a84647ebaac732100a5e224ec024d3dfa22a9a942b4df81d1042eac2493_amd64 as a component of Red Hat OpenShift Service Mesh 3.1",
          "product_id": "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:00743a84647ebaac732100a5e224ec024d3dfa22a9a942b4df81d1042eac2493_amd64"
        },
        "product_reference": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:00743a84647ebaac732100a5e224ec024d3dfa22a9a942b4df81d1042eac2493_amd64",
        "relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:85b7d05d935a5d86fc0695ef7ab7edefd27c2674bd35a4e5997b6ac7bbbaa2a8_arm64 as a component of Red Hat OpenShift Service Mesh 3.1",
          "product_id": "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:85b7d05d935a5d86fc0695ef7ab7edefd27c2674bd35a4e5997b6ac7bbbaa2a8_arm64"
        },
        "product_reference": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:85b7d05d935a5d86fc0695ef7ab7edefd27c2674bd35a4e5997b6ac7bbbaa2a8_arm64",
        "relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:9d884a817a1a1e8924b6405e694ffae05f78664f4e00f355ec2ddd7c05446e53_ppc64le as a component of Red Hat OpenShift Service Mesh 3.1",
          "product_id": "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:9d884a817a1a1e8924b6405e694ffae05f78664f4e00f355ec2ddd7c05446e53_ppc64le"
        },
        "product_reference": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:9d884a817a1a1e8924b6405e694ffae05f78664f4e00f355ec2ddd7c05446e53_ppc64le",
        "relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:ef0ddf23bae41b1c9aad0b05c90aecc2a21b45e125013a139e705c27285907c5_s390x as a component of Red Hat OpenShift Service Mesh 3.1",
          "product_id": "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:ef0ddf23bae41b1c9aad0b05c90aecc2a21b45e125013a139e705c27285907c5_s390x"
        },
        "product_reference": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:ef0ddf23bae41b1c9aad0b05c90aecc2a21b45e125013a139e705c27285907c5_s390x",
        "relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.1"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2025-12816",
      "cwe": {
        "id": "CWE-179",
        "name": "Incorrect Behavior Order: Early Validation"
      },
      "discovery_date": "2025-11-25T20:01:05.875196+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2417097"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in node-forge. This vulnerability allows unauthenticated attackers to bypass downstream cryptographic verifications and security decisions via crafting ASN.1 (Abstract Syntax Notation One) structures to desynchronize schema validations, yielding a semantic divergence.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "node-forge: node-forge: Interpretation conflict vulnerability allows bypassing cryptographic verifications",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This vulnerability is rated Important for Red Hat products due to an interpretation conflict in the node-forge library. An unauthenticated attacker could exploit this flaw by crafting malicious ASN.1 structures, leading to a bypass of cryptographic verifications and security decisions in affected applications. This impacts various Red Hat products that utilize node-forge for cryptographic operations.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:502dcba52460677c5d20f2649216e62c426acb83fbfb38bd630e942b9c0c2733_ppc64le",
          "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:53f1ed0ec0b57f5d35c51dda8d3490649c91c2596658f91e9e206c6fb476ee1a_amd64",
          "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:75b9064c9e83a08e0147ff97fd45ca8b3adb6f16bccedf66c146a74a8c769b25_s390x",
          "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:928ed23934eae4e9c16ac23eaa828cc09f2d0ae539f330454ad6222e8cec3250_arm64",
          "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:00743a84647ebaac732100a5e224ec024d3dfa22a9a942b4df81d1042eac2493_amd64",
          "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:85b7d05d935a5d86fc0695ef7ab7edefd27c2674bd35a4e5997b6ac7bbbaa2a8_arm64",
          "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:9d884a817a1a1e8924b6405e694ffae05f78664f4e00f355ec2ddd7c05446e53_ppc64le",
          "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:ef0ddf23bae41b1c9aad0b05c90aecc2a21b45e125013a139e705c27285907c5_s390x"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2025-12816"
        },
        {
          "category": "external",
          "summary": "RHBZ#2417097",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2417097"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2025-12816",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-12816"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-12816",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-12816"
        },
        {
          "category": "external",
          "summary": "https://github.com/digitalbazaar/forge",
          "url": "https://github.com/digitalbazaar/forge"
        },
        {
          "category": "external",
          "summary": "https://github.com/digitalbazaar/forge/pull/1124",
          "url": "https://github.com/digitalbazaar/forge/pull/1124"
        },
        {
          "category": "external",
          "summary": "https://github.com/digitalbazaar/forge/security/advisories/GHSA-5gfm-wpxj-wjgq",
          "url": "https://github.com/digitalbazaar/forge/security/advisories/GHSA-5gfm-wpxj-wjgq"
        },
        {
          "category": "external",
          "summary": "https://kb.cert.org/vuls/id/521113",
          "url": "https://kb.cert.org/vuls/id/521113"
        },
        {
          "category": "external",
          "summary": "https://www.npmjs.com/package/node-forge",
          "url": "https://www.npmjs.com/package/node-forge"
        }
      ],
      "release_date": "2025-11-25T19:15:50.243000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2025-12-09T14:59:35+00:00",
          "details": "See Kiali 2.11.5 documentation at https://docs.redhat.com/en/documentation/red_hat_openshift_service_mesh/3.1/html/observability/kiali-operator-provided-by-red-hat",
          "product_ids": [
            "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:502dcba52460677c5d20f2649216e62c426acb83fbfb38bd630e942b9c0c2733_ppc64le",
            "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:53f1ed0ec0b57f5d35c51dda8d3490649c91c2596658f91e9e206c6fb476ee1a_amd64",
            "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:75b9064c9e83a08e0147ff97fd45ca8b3adb6f16bccedf66c146a74a8c769b25_s390x",
            "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:928ed23934eae4e9c16ac23eaa828cc09f2d0ae539f330454ad6222e8cec3250_arm64",
            "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:00743a84647ebaac732100a5e224ec024d3dfa22a9a942b4df81d1042eac2493_amd64",
            "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:85b7d05d935a5d86fc0695ef7ab7edefd27c2674bd35a4e5997b6ac7bbbaa2a8_arm64",
            "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:9d884a817a1a1e8924b6405e694ffae05f78664f4e00f355ec2ddd7c05446e53_ppc64le",
            "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:ef0ddf23bae41b1c9aad0b05c90aecc2a21b45e125013a139e705c27285907c5_s390x"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2025:22938"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
          "product_ids": [
            "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:502dcba52460677c5d20f2649216e62c426acb83fbfb38bd630e942b9c0c2733_ppc64le",
            "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:53f1ed0ec0b57f5d35c51dda8d3490649c91c2596658f91e9e206c6fb476ee1a_amd64",
            "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:75b9064c9e83a08e0147ff97fd45ca8b3adb6f16bccedf66c146a74a8c769b25_s390x",
            "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:928ed23934eae4e9c16ac23eaa828cc09f2d0ae539f330454ad6222e8cec3250_arm64",
            "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:00743a84647ebaac732100a5e224ec024d3dfa22a9a942b4df81d1042eac2493_amd64",
            "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:85b7d05d935a5d86fc0695ef7ab7edefd27c2674bd35a4e5997b6ac7bbbaa2a8_arm64",
            "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:9d884a817a1a1e8924b6405e694ffae05f78664f4e00f355ec2ddd7c05446e53_ppc64le",
            "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:ef0ddf23bae41b1c9aad0b05c90aecc2a21b45e125013a139e705c27285907c5_s390x"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 8.7,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:502dcba52460677c5d20f2649216e62c426acb83fbfb38bd630e942b9c0c2733_ppc64le",
            "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:53f1ed0ec0b57f5d35c51dda8d3490649c91c2596658f91e9e206c6fb476ee1a_amd64",
            "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:75b9064c9e83a08e0147ff97fd45ca8b3adb6f16bccedf66c146a74a8c769b25_s390x",
            "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:928ed23934eae4e9c16ac23eaa828cc09f2d0ae539f330454ad6222e8cec3250_arm64",
            "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:00743a84647ebaac732100a5e224ec024d3dfa22a9a942b4df81d1042eac2493_amd64",
            "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:85b7d05d935a5d86fc0695ef7ab7edefd27c2674bd35a4e5997b6ac7bbbaa2a8_arm64",
            "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:9d884a817a1a1e8924b6405e694ffae05f78664f4e00f355ec2ddd7c05446e53_ppc64le",
            "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:ef0ddf23bae41b1c9aad0b05c90aecc2a21b45e125013a139e705c27285907c5_s390x"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "node-forge: node-forge: Interpretation conflict vulnerability allows bypassing cryptographic verifications"
    },
    {
      "cve": "CVE-2025-64756",
      "cwe": {
        "id": "CWE-78",
        "name": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)"
      },
      "discovery_date": "2025-11-17T18:01:28.077927+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2415451"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in glob. This vulnerability allows arbitrary command execution via processing files with malicious names when the glob command-line interface (CLI) is used with the -c/--cmd option, enabling shell metacharacters to trigger command injection.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "glob: glob: Command Injection Vulnerability via Malicious Filenames",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This flaw in glob allows arbitrary command execution when the `glob` command-line interface is used with the `-c/--cmd` option to process files with malicious names. The vulnerability is triggered by shell metacharacters in filenames, leading to command injection. The glob CLI tool utilizes the -c option to execute shell commands over the files which matched the searched pattern by using the shell:true parameter when creating the subprocess which will further execute the command informed via \u0027-c\u0027 option, this parameter allows the shell meta characters to be used and processed when executing the command. Given that information glob misses to sanitize the file name to eliminate such characters and expressions from the filename, leading to code execution as when performing the shell expansion such characters will be interpreted as shell commands.\n\nTo exploit this vulnerability the targeted system should run the glob CLI over a file with a maliciously crafted filename, additionally the attacker needs to have enough permission to create such file or trick the user to download and process the required file with the glob CLI.\n\nThis flaw is present in the command line interface of the nodejs-glob package. When the package is used by npm, the command line interface is not used at all, so it cannot be triggered. However, the command line interface implementation is still present on the system, but not directly exposed to the user\u0027s $PATH. To reflect this condition, nodejs packages have been rated with a low severity.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:502dcba52460677c5d20f2649216e62c426acb83fbfb38bd630e942b9c0c2733_ppc64le",
          "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:53f1ed0ec0b57f5d35c51dda8d3490649c91c2596658f91e9e206c6fb476ee1a_amd64",
          "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:75b9064c9e83a08e0147ff97fd45ca8b3adb6f16bccedf66c146a74a8c769b25_s390x",
          "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:928ed23934eae4e9c16ac23eaa828cc09f2d0ae539f330454ad6222e8cec3250_arm64",
          "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:00743a84647ebaac732100a5e224ec024d3dfa22a9a942b4df81d1042eac2493_amd64",
          "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:85b7d05d935a5d86fc0695ef7ab7edefd27c2674bd35a4e5997b6ac7bbbaa2a8_arm64",
          "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:9d884a817a1a1e8924b6405e694ffae05f78664f4e00f355ec2ddd7c05446e53_ppc64le",
          "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:ef0ddf23bae41b1c9aad0b05c90aecc2a21b45e125013a139e705c27285907c5_s390x"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2025-64756"
        },
        {
          "category": "external",
          "summary": "RHBZ#2415451",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2415451"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2025-64756",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-64756"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-64756",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-64756"
        },
        {
          "category": "external",
          "summary": "https://github.com/isaacs/node-glob/commit/47473c046b91c67269df7a66eab782a6c2716146",
          "url": "https://github.com/isaacs/node-glob/commit/47473c046b91c67269df7a66eab782a6c2716146"
        },
        {
          "category": "external",
          "summary": "https://github.com/isaacs/node-glob/security/advisories/GHSA-5j98-mcp5-4vw2",
          "url": "https://github.com/isaacs/node-glob/security/advisories/GHSA-5j98-mcp5-4vw2"
        }
      ],
      "release_date": "2025-11-17T17:29:08.029000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2025-12-09T14:59:35+00:00",
          "details": "See Kiali 2.11.5 documentation at https://docs.redhat.com/en/documentation/red_hat_openshift_service_mesh/3.1/html/observability/kiali-operator-provided-by-red-hat",
          "product_ids": [
            "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:502dcba52460677c5d20f2649216e62c426acb83fbfb38bd630e942b9c0c2733_ppc64le",
            "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:53f1ed0ec0b57f5d35c51dda8d3490649c91c2596658f91e9e206c6fb476ee1a_amd64",
            "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:75b9064c9e83a08e0147ff97fd45ca8b3adb6f16bccedf66c146a74a8c769b25_s390x",
            "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:928ed23934eae4e9c16ac23eaa828cc09f2d0ae539f330454ad6222e8cec3250_arm64",
            "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:00743a84647ebaac732100a5e224ec024d3dfa22a9a942b4df81d1042eac2493_amd64",
            "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:85b7d05d935a5d86fc0695ef7ab7edefd27c2674bd35a4e5997b6ac7bbbaa2a8_arm64",
            "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:9d884a817a1a1e8924b6405e694ffae05f78664f4e00f355ec2ddd7c05446e53_ppc64le",
            "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:ef0ddf23bae41b1c9aad0b05c90aecc2a21b45e125013a139e705c27285907c5_s390x"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2025:22938"
        },
        {
          "category": "workaround",
          "details": "To mitigate this issue, avoid using the `glob` command-line interface with the `-c` or `--cmd` option when processing filenames from untrusted sources. If programmatic use of `glob` is necessary, ensure that filenames are thoroughly sanitized before being passed to commands executed with shell interpretation enabled.",
          "product_ids": [
            "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:502dcba52460677c5d20f2649216e62c426acb83fbfb38bd630e942b9c0c2733_ppc64le",
            "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:53f1ed0ec0b57f5d35c51dda8d3490649c91c2596658f91e9e206c6fb476ee1a_amd64",
            "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:75b9064c9e83a08e0147ff97fd45ca8b3adb6f16bccedf66c146a74a8c769b25_s390x",
            "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:928ed23934eae4e9c16ac23eaa828cc09f2d0ae539f330454ad6222e8cec3250_arm64",
            "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:00743a84647ebaac732100a5e224ec024d3dfa22a9a942b4df81d1042eac2493_amd64",
            "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:85b7d05d935a5d86fc0695ef7ab7edefd27c2674bd35a4e5997b6ac7bbbaa2a8_arm64",
            "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:9d884a817a1a1e8924b6405e694ffae05f78664f4e00f355ec2ddd7c05446e53_ppc64le",
            "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:ef0ddf23bae41b1c9aad0b05c90aecc2a21b45e125013a139e705c27285907c5_s390x"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:502dcba52460677c5d20f2649216e62c426acb83fbfb38bd630e942b9c0c2733_ppc64le",
            "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:53f1ed0ec0b57f5d35c51dda8d3490649c91c2596658f91e9e206c6fb476ee1a_amd64",
            "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:75b9064c9e83a08e0147ff97fd45ca8b3adb6f16bccedf66c146a74a8c769b25_s390x",
            "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:928ed23934eae4e9c16ac23eaa828cc09f2d0ae539f330454ad6222e8cec3250_arm64",
            "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:00743a84647ebaac732100a5e224ec024d3dfa22a9a942b4df81d1042eac2493_amd64",
            "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:85b7d05d935a5d86fc0695ef7ab7edefd27c2674bd35a4e5997b6ac7bbbaa2a8_arm64",
            "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:9d884a817a1a1e8924b6405e694ffae05f78664f4e00f355ec2ddd7c05446e53_ppc64le",
            "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:ef0ddf23bae41b1c9aad0b05c90aecc2a21b45e125013a139e705c27285907c5_s390x"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "glob: glob: Command Injection Vulnerability via Malicious Filenames"
    },
    {
      "cve": "CVE-2025-66031",
      "cwe": {
        "id": "CWE-674",
        "name": "Uncontrolled Recursion"
      },
      "discovery_date": "2025-11-26T23:01:36.363253+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2417397"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "An ASN.1 Denial of Service (Dos) vulnerability exists in the node-forge asn1.fromDer function within forge/lib/asn1.js. The ASN.1 DER parser implementation (_fromDer) recurses for every constructed ASN.1 value (SEQUENCE, SET, etc.) and lacks a guard limiting recursion depth. An attacker can craft a small DER blob containing a very large nesting depth of constructed TLVs which causes the Node.js V8 engine to exhaust its call stack and throw RangeError: Maximum call stack size exceeded, crashing or incapacitating the process handling the parse. This is a remote, low-cost Denial-of-Service against applications that parse untrusted ASN.1 objects.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "node-forge: node-forge ASN.1 Unbounded Recursion",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:502dcba52460677c5d20f2649216e62c426acb83fbfb38bd630e942b9c0c2733_ppc64le",
          "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:53f1ed0ec0b57f5d35c51dda8d3490649c91c2596658f91e9e206c6fb476ee1a_amd64",
          "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:75b9064c9e83a08e0147ff97fd45ca8b3adb6f16bccedf66c146a74a8c769b25_s390x",
          "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:928ed23934eae4e9c16ac23eaa828cc09f2d0ae539f330454ad6222e8cec3250_arm64",
          "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:00743a84647ebaac732100a5e224ec024d3dfa22a9a942b4df81d1042eac2493_amd64",
          "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:85b7d05d935a5d86fc0695ef7ab7edefd27c2674bd35a4e5997b6ac7bbbaa2a8_arm64",
          "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:9d884a817a1a1e8924b6405e694ffae05f78664f4e00f355ec2ddd7c05446e53_ppc64le",
          "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:ef0ddf23bae41b1c9aad0b05c90aecc2a21b45e125013a139e705c27285907c5_s390x"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2025-66031"
        },
        {
          "category": "external",
          "summary": "RHBZ#2417397",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2417397"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2025-66031",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-66031"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-66031",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66031"
        },
        {
          "category": "external",
          "summary": "https://github.com/digitalbazaar/forge/commit/260425c6167a38aae038697132483b5517b26451",
          "url": "https://github.com/digitalbazaar/forge/commit/260425c6167a38aae038697132483b5517b26451"
        },
        {
          "category": "external",
          "summary": "https://github.com/digitalbazaar/forge/security/advisories/GHSA-554w-wpv2-vw27",
          "url": "https://github.com/digitalbazaar/forge/security/advisories/GHSA-554w-wpv2-vw27"
        }
      ],
      "release_date": "2025-11-26T22:23:26.013000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2025-12-09T14:59:35+00:00",
          "details": "See Kiali 2.11.5 documentation at https://docs.redhat.com/en/documentation/red_hat_openshift_service_mesh/3.1/html/observability/kiali-operator-provided-by-red-hat",
          "product_ids": [
            "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:502dcba52460677c5d20f2649216e62c426acb83fbfb38bd630e942b9c0c2733_ppc64le",
            "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:53f1ed0ec0b57f5d35c51dda8d3490649c91c2596658f91e9e206c6fb476ee1a_amd64",
            "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:75b9064c9e83a08e0147ff97fd45ca8b3adb6f16bccedf66c146a74a8c769b25_s390x",
            "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:928ed23934eae4e9c16ac23eaa828cc09f2d0ae539f330454ad6222e8cec3250_arm64",
            "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:00743a84647ebaac732100a5e224ec024d3dfa22a9a942b4df81d1042eac2493_amd64",
            "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:85b7d05d935a5d86fc0695ef7ab7edefd27c2674bd35a4e5997b6ac7bbbaa2a8_arm64",
            "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:9d884a817a1a1e8924b6405e694ffae05f78664f4e00f355ec2ddd7c05446e53_ppc64le",
            "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:ef0ddf23bae41b1c9aad0b05c90aecc2a21b45e125013a139e705c27285907c5_s390x"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2025:22938"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
          "product_ids": [
            "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:502dcba52460677c5d20f2649216e62c426acb83fbfb38bd630e942b9c0c2733_ppc64le",
            "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:53f1ed0ec0b57f5d35c51dda8d3490649c91c2596658f91e9e206c6fb476ee1a_amd64",
            "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:75b9064c9e83a08e0147ff97fd45ca8b3adb6f16bccedf66c146a74a8c769b25_s390x",
            "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:928ed23934eae4e9c16ac23eaa828cc09f2d0ae539f330454ad6222e8cec3250_arm64",
            "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:00743a84647ebaac732100a5e224ec024d3dfa22a9a942b4df81d1042eac2493_amd64",
            "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:85b7d05d935a5d86fc0695ef7ab7edefd27c2674bd35a4e5997b6ac7bbbaa2a8_arm64",
            "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:9d884a817a1a1e8924b6405e694ffae05f78664f4e00f355ec2ddd7c05446e53_ppc64le",
            "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:ef0ddf23bae41b1c9aad0b05c90aecc2a21b45e125013a139e705c27285907c5_s390x"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          },
          "products": [
            "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:502dcba52460677c5d20f2649216e62c426acb83fbfb38bd630e942b9c0c2733_ppc64le",
            "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:53f1ed0ec0b57f5d35c51dda8d3490649c91c2596658f91e9e206c6fb476ee1a_amd64",
            "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:75b9064c9e83a08e0147ff97fd45ca8b3adb6f16bccedf66c146a74a8c769b25_s390x",
            "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:928ed23934eae4e9c16ac23eaa828cc09f2d0ae539f330454ad6222e8cec3250_arm64",
            "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:00743a84647ebaac732100a5e224ec024d3dfa22a9a942b4df81d1042eac2493_amd64",
            "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:85b7d05d935a5d86fc0695ef7ab7edefd27c2674bd35a4e5997b6ac7bbbaa2a8_arm64",
            "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:9d884a817a1a1e8924b6405e694ffae05f78664f4e00f355ec2ddd7c05446e53_ppc64le",
            "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:ef0ddf23bae41b1c9aad0b05c90aecc2a21b45e125013a139e705c27285907c5_s390x"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "node-forge: node-forge ASN.1 Unbounded Recursion"
    }
  ]
}

RHSA-2025:22941

Vulnerability from csaf_redhat - Published: 2025-12-09 15:24 - Updated: 2026-06-03 17:07

Summary

Red Hat Security Advisory: Kiali 2.17.2 for Red Hat OpenShift Service Mesh 3.2

Severity

Important

Notes

Topic: Kiali 2.17.2 for Red Hat OpenShift Service Mesh 3.2

Details: Kiali 2.17.2, for Red Hat OpenShift Service Mesh 3.2, provides observability for the service mesh by offering a visual representation of the mesh topology and metrics, helping users monitor, trace, and manage efficiently. Security Fix(es): * kiali-ossmc-rhel9: node-forge ASN.1 Unbounded Recursion (CVE-2025-66031) * kiali-rhel9: node-forge ASN.1 Unbounded Recursion (CVE-2025-66031) * kiali-ossmc-rhel9: glob CLI: Command injection via -c/--cmd executes matches with shell:true (CVE-2025-64756) * kiali-rhel9: glob CLI: Command injection via -c/--cmd executes matches with shell:true (CVE-2025-64756)

CVE-2025-12816

8.7 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N

CWE-179 - Incorrect Behavior Order: Early Validation

Affected products

Fixed 8 products

Product	Version	Remediation
Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:64308943c63d677df745451e7a9b9136e23b815c9d1950d6cf46b53859834655_s390x	—	Vendor Fix fix Workaround
Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:7d670f57a84d17b7be55c897a286654b44f75abeafd81669f89467320018b4ef_arm64	—	Vendor Fix fix Workaround
Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:8075a2d2d3d00efdce0280e00fa2724d339703a236ef7c74e546c4f0ce023d9b_ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:94c2091f1a4fad7ec534e36a2ae0f791e1519cc8f74b294c75fa70745503c619_amd64	—	Vendor Fix fix Workaround
Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:04c798a54632613681f4ff9d07b88b79722dba1cdba1a6e8166ec94a252a81e6_arm64	—	Vendor Fix fix Workaround
Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:078340c685503fbb211a66d8016d795a647881e735f5d9f9e89a39e64f21b5cd_amd64	—	Vendor Fix fix Workaround
Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:2de7e4731db7bb2181168aba0de859a06ab1ae13ff8c7b175cde337541925c5d_s390x	—	Vendor Fix fix Workaround
Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:7300cdba75b669bad1039d5b816e82b48cd3d7f5763b187e5a23538c6c98ff27_ppc64le	—	Vendor Fix fix Workaround

Known not affected 5 products

Product	Version	Remediation
Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-operator-bundle@sha256:35096e1737e500ad148e9f5ca2a14554a5e1b4f3104782f00e8322352e365833_amd64	—	Workaround
Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:2610bd2778ce5d510b897730832b5c50fa23cc795e2830359bf93d3bcbc1fbcf_ppc64le	—	Workaround
Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:682b27706746f68c4afd33a69b9a0c930bdcf87f34eaafe75d1c2f9fe9b49718_arm64	—	Workaround
Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:9881a311d7f2b6e50f92bfc86716c4aecd215d2a85f54baaa8930904bf93d06e_s390x	—	Workaround
Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:9cbb0a22e03aad2e8d773c5e919706a303e7b4cbdbfc5853d310afe2f0d73f3c_amd64	—	Workaround

Threats

Impact Important

CVE-2025-64756

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Affected products

Fixed 8 products

Product	Version	Remediation
Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:64308943c63d677df745451e7a9b9136e23b815c9d1950d6cf46b53859834655_s390x	—	Vendor Fix fix Workaround
Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:7d670f57a84d17b7be55c897a286654b44f75abeafd81669f89467320018b4ef_arm64	—	Vendor Fix fix Workaround
Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:8075a2d2d3d00efdce0280e00fa2724d339703a236ef7c74e546c4f0ce023d9b_ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:94c2091f1a4fad7ec534e36a2ae0f791e1519cc8f74b294c75fa70745503c619_amd64	—	Vendor Fix fix Workaround
Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:04c798a54632613681f4ff9d07b88b79722dba1cdba1a6e8166ec94a252a81e6_arm64	—	Vendor Fix fix Workaround
Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:078340c685503fbb211a66d8016d795a647881e735f5d9f9e89a39e64f21b5cd_amd64	—	Vendor Fix fix Workaround
Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:2de7e4731db7bb2181168aba0de859a06ab1ae13ff8c7b175cde337541925c5d_s390x	—	Vendor Fix fix Workaround
Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:7300cdba75b669bad1039d5b816e82b48cd3d7f5763b187e5a23538c6c98ff27_ppc64le	—	Vendor Fix fix Workaround

Known not affected 5 products

Product	Version	Remediation
Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-operator-bundle@sha256:35096e1737e500ad148e9f5ca2a14554a5e1b4f3104782f00e8322352e365833_amd64	—	Workaround
Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:2610bd2778ce5d510b897730832b5c50fa23cc795e2830359bf93d3bcbc1fbcf_ppc64le	—	Workaround
Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:682b27706746f68c4afd33a69b9a0c930bdcf87f34eaafe75d1c2f9fe9b49718_arm64	—	Workaround
Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:9881a311d7f2b6e50f92bfc86716c4aecd215d2a85f54baaa8930904bf93d06e_s390x	—	Workaround
Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:9cbb0a22e03aad2e8d773c5e919706a303e7b4cbdbfc5853d310afe2f0d73f3c_amd64	—	Workaround

Threats

Impact Important

CVE-2025-66031

5.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

CWE-674 - Uncontrolled Recursion

Affected products

Fixed 8 products

Product	Version	Remediation
Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:64308943c63d677df745451e7a9b9136e23b815c9d1950d6cf46b53859834655_s390x	—	Vendor Fix fix Workaround
Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:7d670f57a84d17b7be55c897a286654b44f75abeafd81669f89467320018b4ef_arm64	—	Vendor Fix fix Workaround
Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:8075a2d2d3d00efdce0280e00fa2724d339703a236ef7c74e546c4f0ce023d9b_ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:94c2091f1a4fad7ec534e36a2ae0f791e1519cc8f74b294c75fa70745503c619_amd64	—	Vendor Fix fix Workaround
Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:04c798a54632613681f4ff9d07b88b79722dba1cdba1a6e8166ec94a252a81e6_arm64	—	Vendor Fix fix Workaround
Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:078340c685503fbb211a66d8016d795a647881e735f5d9f9e89a39e64f21b5cd_amd64	—	Vendor Fix fix Workaround
Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:2de7e4731db7bb2181168aba0de859a06ab1ae13ff8c7b175cde337541925c5d_s390x	—	Vendor Fix fix Workaround
Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:7300cdba75b669bad1039d5b816e82b48cd3d7f5763b187e5a23538c6c98ff27_ppc64le	—	Vendor Fix fix Workaround

Known not affected 5 products

Product	Version	Remediation
Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-operator-bundle@sha256:35096e1737e500ad148e9f5ca2a14554a5e1b4f3104782f00e8322352e365833_amd64	—	Workaround
Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:2610bd2778ce5d510b897730832b5c50fa23cc795e2830359bf93d3bcbc1fbcf_ppc64le	—	Workaround
Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:682b27706746f68c4afd33a69b9a0c930bdcf87f34eaafe75d1c2f9fe9b49718_arm64	—	Workaround
Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:9881a311d7f2b6e50f92bfc86716c4aecd215d2a85f54baaa8930904bf93d06e_s390x	—	Workaround
Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:9cbb0a22e03aad2e8d773c5e919706a303e7b4cbdbfc5853d310afe2f0d73f3c_amd64	—	Workaround

Threats

Impact Moderate

References

30 references

URL	Category
https://access.redhat.com/errata/RHSA-2025:22941	self
https://access.redhat.com/security/cve/CVE-2025-64756	external
https://access.redhat.com/security/cve/CVE-2025-66031	external
https://access.redhat.com/security/cve/cve-2025-64756	external
https://access.redhat.com/security/cve/cve-2025-66031	external
https://access.redhat.com/security/cve/cve-2025-12816	external
https://access.redhat.com/security/updates/classi…	external
https://access.redhat.com/security/updates/classi…	external
https://security.access.redhat.com/data/csaf/v2/a…	self
https://access.redhat.com/security/cve/CVE-2025-12816	self
https://bugzilla.redhat.com/show_bug.cgi?id=2417097	external
https://www.cve.org/CVERecord?id=CVE-2025-12816	external
https://nvd.nist.gov/vuln/detail/CVE-2025-12816	external
https://github.com/digitalbazaar/forge	external
https://github.com/digitalbazaar/forge/pull/1124	external
https://github.com/digitalbazaar/forge/security/a…	external
https://kb.cert.org/vuls/id/521113	external
https://www.npmjs.com/package/node-forge	external
https://access.redhat.com/security/cve/CVE-2025-64756	self
https://bugzilla.redhat.com/show_bug.cgi?id=2415451	external
https://www.cve.org/CVERecord?id=CVE-2025-64756	external
https://nvd.nist.gov/vuln/detail/CVE-2025-64756	external
https://github.com/isaacs/node-glob/commit/47473c…	external
https://github.com/isaacs/node-glob/security/advi…	external
https://access.redhat.com/security/cve/CVE-2025-66031	self
https://bugzilla.redhat.com/show_bug.cgi?id=2417397	external
https://www.cve.org/CVERecord?id=CVE-2025-66031	external
https://nvd.nist.gov/vuln/detail/CVE-2025-66031	external
https://github.com/digitalbazaar/forge/commit/260…	external
https://github.com/digitalbazaar/forge/security/a…	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Kiali 2.17.2 for Red Hat OpenShift Service Mesh 3.2",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "Kiali 2.17.2, for Red Hat OpenShift Service Mesh 3.2, provides observability for the service mesh by offering a visual representation of the mesh topology and metrics, helping users monitor, trace, and manage efficiently.\n\nSecurity Fix(es):\n\n* kiali-ossmc-rhel9: node-forge ASN.1 Unbounded Recursion (CVE-2025-66031)\n\n* kiali-rhel9: node-forge ASN.1 Unbounded Recursion (CVE-2025-66031)\n\n* kiali-ossmc-rhel9: glob CLI: Command injection via -c/--cmd executes matches with shell:true (CVE-2025-64756)\n\n* kiali-rhel9: glob CLI: Command injection via -c/--cmd executes matches with shell:true (CVE-2025-64756)",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2025:22941",
        "url": "https://access.redhat.com/errata/RHSA-2025:22941"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/CVE-2025-64756",
        "url": "https://access.redhat.com/security/cve/CVE-2025-64756"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/CVE-2025-66031",
        "url": "https://access.redhat.com/security/cve/CVE-2025-66031"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/cve-2025-64756",
        "url": "https://access.redhat.com/security/cve/cve-2025-64756"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/cve-2025-66031",
        "url": "https://access.redhat.com/security/cve/cve-2025-66031"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/cve-2025-12816",
        "url": "https://access.redhat.com/security/cve/cve-2025-12816"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification",
        "url": "https://access.redhat.com/security/updates/classification"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/",
        "url": "https://access.redhat.com/security/updates/classification/"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_22941.json"
      }
    ],
    "title": "Red Hat Security Advisory: Kiali 2.17.2 for Red Hat OpenShift Service Mesh 3.2",
    "tracking": {
      "current_release_date": "2026-06-03T17:07:44+00:00",
      "generator": {
        "date": "2026-06-03T17:07:44+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.8.1"
        }
      },
      "id": "RHSA-2025:22941",
      "initial_release_date": "2025-12-09T15:24:58+00:00",
      "revision_history": [
        {
          "date": "2025-12-09T15:24:58+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2025-12-12T21:35:51+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2026-06-03T17:07:44+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat OpenShift Service Mesh 3.2",
                "product": {
                  "name": "Red Hat OpenShift Service Mesh 3.2",
                  "product_id": "Red Hat OpenShift Service Mesh 3.2",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:service_mesh:3.2::el9"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat OpenShift Service Mesh"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:078340c685503fbb211a66d8016d795a647881e735f5d9f9e89a39e64f21b5cd_amd64",
                "product": {
                  "name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:078340c685503fbb211a66d8016d795a647881e735f5d9f9e89a39e64f21b5cd_amd64",
                  "product_id": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:078340c685503fbb211a66d8016d795a647881e735f5d9f9e89a39e64f21b5cd_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/kiali-rhel9@sha256%3A078340c685503fbb211a66d8016d795a647881e735f5d9f9e89a39e64f21b5cd?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=2.17.2-1764836459"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "registry.redhat.io/openshift-service-mesh/kiali-operator-bundle@sha256:35096e1737e500ad148e9f5ca2a14554a5e1b4f3104782f00e8322352e365833_amd64",
                "product": {
                  "name": "registry.redhat.io/openshift-service-mesh/kiali-operator-bundle@sha256:35096e1737e500ad148e9f5ca2a14554a5e1b4f3104782f00e8322352e365833_amd64",
                  "product_id": "registry.redhat.io/openshift-service-mesh/kiali-operator-bundle@sha256:35096e1737e500ad148e9f5ca2a14554a5e1b4f3104782f00e8322352e365833_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/kiali-operator-bundle@sha256%3A35096e1737e500ad148e9f5ca2a14554a5e1b4f3104782f00e8322352e365833?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=2.17.2-1764846196"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:9cbb0a22e03aad2e8d773c5e919706a303e7b4cbdbfc5853d310afe2f0d73f3c_amd64",
                "product": {
                  "name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:9cbb0a22e03aad2e8d773c5e919706a303e7b4cbdbfc5853d310afe2f0d73f3c_amd64",
                  "product_id": "registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:9cbb0a22e03aad2e8d773c5e919706a303e7b4cbdbfc5853d310afe2f0d73f3c_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/kiali-rhel9-operator@sha256%3A9cbb0a22e03aad2e8d773c5e919706a303e7b4cbdbfc5853d310afe2f0d73f3c?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=2.17.2-1764756143"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:94c2091f1a4fad7ec534e36a2ae0f791e1519cc8f74b294c75fa70745503c619_amd64",
                "product": {
                  "name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:94c2091f1a4fad7ec534e36a2ae0f791e1519cc8f74b294c75fa70745503c619_amd64",
                  "product_id": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:94c2091f1a4fad7ec534e36a2ae0f791e1519cc8f74b294c75fa70745503c619_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/kiali-ossmc-rhel9@sha256%3A94c2091f1a4fad7ec534e36a2ae0f791e1519cc8f74b294c75fa70745503c619?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=2.17.2-1764788140"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "amd64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:04c798a54632613681f4ff9d07b88b79722dba1cdba1a6e8166ec94a252a81e6_arm64",
                "product": {
                  "name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:04c798a54632613681f4ff9d07b88b79722dba1cdba1a6e8166ec94a252a81e6_arm64",
                  "product_id": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:04c798a54632613681f4ff9d07b88b79722dba1cdba1a6e8166ec94a252a81e6_arm64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/kiali-rhel9@sha256%3A04c798a54632613681f4ff9d07b88b79722dba1cdba1a6e8166ec94a252a81e6?arch=arm64\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=2.17.2-1764836459"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:682b27706746f68c4afd33a69b9a0c930bdcf87f34eaafe75d1c2f9fe9b49718_arm64",
                "product": {
                  "name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:682b27706746f68c4afd33a69b9a0c930bdcf87f34eaafe75d1c2f9fe9b49718_arm64",
                  "product_id": "registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:682b27706746f68c4afd33a69b9a0c930bdcf87f34eaafe75d1c2f9fe9b49718_arm64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/kiali-rhel9-operator@sha256%3A682b27706746f68c4afd33a69b9a0c930bdcf87f34eaafe75d1c2f9fe9b49718?arch=arm64\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=2.17.2-1764756143"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:7d670f57a84d17b7be55c897a286654b44f75abeafd81669f89467320018b4ef_arm64",
                "product": {
                  "name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:7d670f57a84d17b7be55c897a286654b44f75abeafd81669f89467320018b4ef_arm64",
                  "product_id": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:7d670f57a84d17b7be55c897a286654b44f75abeafd81669f89467320018b4ef_arm64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/kiali-ossmc-rhel9@sha256%3A7d670f57a84d17b7be55c897a286654b44f75abeafd81669f89467320018b4ef?arch=arm64\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=2.17.2-1764788140"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "arm64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:7300cdba75b669bad1039d5b816e82b48cd3d7f5763b187e5a23538c6c98ff27_ppc64le",
                "product": {
                  "name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:7300cdba75b669bad1039d5b816e82b48cd3d7f5763b187e5a23538c6c98ff27_ppc64le",
                  "product_id": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:7300cdba75b669bad1039d5b816e82b48cd3d7f5763b187e5a23538c6c98ff27_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/kiali-rhel9@sha256%3A7300cdba75b669bad1039d5b816e82b48cd3d7f5763b187e5a23538c6c98ff27?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=2.17.2-1764836459"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:2610bd2778ce5d510b897730832b5c50fa23cc795e2830359bf93d3bcbc1fbcf_ppc64le",
                "product": {
                  "name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:2610bd2778ce5d510b897730832b5c50fa23cc795e2830359bf93d3bcbc1fbcf_ppc64le",
                  "product_id": "registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:2610bd2778ce5d510b897730832b5c50fa23cc795e2830359bf93d3bcbc1fbcf_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/kiali-rhel9-operator@sha256%3A2610bd2778ce5d510b897730832b5c50fa23cc795e2830359bf93d3bcbc1fbcf?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=2.17.2-1764756143"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:8075a2d2d3d00efdce0280e00fa2724d339703a236ef7c74e546c4f0ce023d9b_ppc64le",
                "product": {
                  "name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:8075a2d2d3d00efdce0280e00fa2724d339703a236ef7c74e546c4f0ce023d9b_ppc64le",
                  "product_id": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:8075a2d2d3d00efdce0280e00fa2724d339703a236ef7c74e546c4f0ce023d9b_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/kiali-ossmc-rhel9@sha256%3A8075a2d2d3d00efdce0280e00fa2724d339703a236ef7c74e546c4f0ce023d9b?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=2.17.2-1764788140"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:2de7e4731db7bb2181168aba0de859a06ab1ae13ff8c7b175cde337541925c5d_s390x",
                "product": {
                  "name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:2de7e4731db7bb2181168aba0de859a06ab1ae13ff8c7b175cde337541925c5d_s390x",
                  "product_id": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:2de7e4731db7bb2181168aba0de859a06ab1ae13ff8c7b175cde337541925c5d_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/kiali-rhel9@sha256%3A2de7e4731db7bb2181168aba0de859a06ab1ae13ff8c7b175cde337541925c5d?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=2.17.2-1764836459"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:9881a311d7f2b6e50f92bfc86716c4aecd215d2a85f54baaa8930904bf93d06e_s390x",
                "product": {
                  "name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:9881a311d7f2b6e50f92bfc86716c4aecd215d2a85f54baaa8930904bf93d06e_s390x",
                  "product_id": "registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:9881a311d7f2b6e50f92bfc86716c4aecd215d2a85f54baaa8930904bf93d06e_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/kiali-rhel9-operator@sha256%3A9881a311d7f2b6e50f92bfc86716c4aecd215d2a85f54baaa8930904bf93d06e?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=2.17.2-1764756143"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:64308943c63d677df745451e7a9b9136e23b815c9d1950d6cf46b53859834655_s390x",
                "product": {
                  "name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:64308943c63d677df745451e7a9b9136e23b815c9d1950d6cf46b53859834655_s390x",
                  "product_id": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:64308943c63d677df745451e7a9b9136e23b815c9d1950d6cf46b53859834655_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/kiali-ossmc-rhel9@sha256%3A64308943c63d677df745451e7a9b9136e23b815c9d1950d6cf46b53859834655?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=2.17.2-1764788140"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "registry.redhat.io/openshift-service-mesh/kiali-operator-bundle@sha256:35096e1737e500ad148e9f5ca2a14554a5e1b4f3104782f00e8322352e365833_amd64 as a component of Red Hat OpenShift Service Mesh 3.2",
          "product_id": "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-operator-bundle@sha256:35096e1737e500ad148e9f5ca2a14554a5e1b4f3104782f00e8322352e365833_amd64"
        },
        "product_reference": "registry.redhat.io/openshift-service-mesh/kiali-operator-bundle@sha256:35096e1737e500ad148e9f5ca2a14554a5e1b4f3104782f00e8322352e365833_amd64",
        "relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:64308943c63d677df745451e7a9b9136e23b815c9d1950d6cf46b53859834655_s390x as a component of Red Hat OpenShift Service Mesh 3.2",
          "product_id": "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:64308943c63d677df745451e7a9b9136e23b815c9d1950d6cf46b53859834655_s390x"
        },
        "product_reference": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:64308943c63d677df745451e7a9b9136e23b815c9d1950d6cf46b53859834655_s390x",
        "relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:7d670f57a84d17b7be55c897a286654b44f75abeafd81669f89467320018b4ef_arm64 as a component of Red Hat OpenShift Service Mesh 3.2",
          "product_id": "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:7d670f57a84d17b7be55c897a286654b44f75abeafd81669f89467320018b4ef_arm64"
        },
        "product_reference": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:7d670f57a84d17b7be55c897a286654b44f75abeafd81669f89467320018b4ef_arm64",
        "relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:8075a2d2d3d00efdce0280e00fa2724d339703a236ef7c74e546c4f0ce023d9b_ppc64le as a component of Red Hat OpenShift Service Mesh 3.2",
          "product_id": "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:8075a2d2d3d00efdce0280e00fa2724d339703a236ef7c74e546c4f0ce023d9b_ppc64le"
        },
        "product_reference": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:8075a2d2d3d00efdce0280e00fa2724d339703a236ef7c74e546c4f0ce023d9b_ppc64le",
        "relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:94c2091f1a4fad7ec534e36a2ae0f791e1519cc8f74b294c75fa70745503c619_amd64 as a component of Red Hat OpenShift Service Mesh 3.2",
          "product_id": "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:94c2091f1a4fad7ec534e36a2ae0f791e1519cc8f74b294c75fa70745503c619_amd64"
        },
        "product_reference": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:94c2091f1a4fad7ec534e36a2ae0f791e1519cc8f74b294c75fa70745503c619_amd64",
        "relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:2610bd2778ce5d510b897730832b5c50fa23cc795e2830359bf93d3bcbc1fbcf_ppc64le as a component of Red Hat OpenShift Service Mesh 3.2",
          "product_id": "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:2610bd2778ce5d510b897730832b5c50fa23cc795e2830359bf93d3bcbc1fbcf_ppc64le"
        },
        "product_reference": "registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:2610bd2778ce5d510b897730832b5c50fa23cc795e2830359bf93d3bcbc1fbcf_ppc64le",
        "relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:682b27706746f68c4afd33a69b9a0c930bdcf87f34eaafe75d1c2f9fe9b49718_arm64 as a component of Red Hat OpenShift Service Mesh 3.2",
          "product_id": "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:682b27706746f68c4afd33a69b9a0c930bdcf87f34eaafe75d1c2f9fe9b49718_arm64"
        },
        "product_reference": "registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:682b27706746f68c4afd33a69b9a0c930bdcf87f34eaafe75d1c2f9fe9b49718_arm64",
        "relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:9881a311d7f2b6e50f92bfc86716c4aecd215d2a85f54baaa8930904bf93d06e_s390x as a component of Red Hat OpenShift Service Mesh 3.2",
          "product_id": "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:9881a311d7f2b6e50f92bfc86716c4aecd215d2a85f54baaa8930904bf93d06e_s390x"
        },
        "product_reference": "registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:9881a311d7f2b6e50f92bfc86716c4aecd215d2a85f54baaa8930904bf93d06e_s390x",
        "relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:9cbb0a22e03aad2e8d773c5e919706a303e7b4cbdbfc5853d310afe2f0d73f3c_amd64 as a component of Red Hat OpenShift Service Mesh 3.2",
          "product_id": "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:9cbb0a22e03aad2e8d773c5e919706a303e7b4cbdbfc5853d310afe2f0d73f3c_amd64"
        },
        "product_reference": "registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:9cbb0a22e03aad2e8d773c5e919706a303e7b4cbdbfc5853d310afe2f0d73f3c_amd64",
        "relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:04c798a54632613681f4ff9d07b88b79722dba1cdba1a6e8166ec94a252a81e6_arm64 as a component of Red Hat OpenShift Service Mesh 3.2",
          "product_id": "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:04c798a54632613681f4ff9d07b88b79722dba1cdba1a6e8166ec94a252a81e6_arm64"
        },
        "product_reference": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:04c798a54632613681f4ff9d07b88b79722dba1cdba1a6e8166ec94a252a81e6_arm64",
        "relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:078340c685503fbb211a66d8016d795a647881e735f5d9f9e89a39e64f21b5cd_amd64 as a component of Red Hat OpenShift Service Mesh 3.2",
          "product_id": "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:078340c685503fbb211a66d8016d795a647881e735f5d9f9e89a39e64f21b5cd_amd64"
        },
        "product_reference": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:078340c685503fbb211a66d8016d795a647881e735f5d9f9e89a39e64f21b5cd_amd64",
        "relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:2de7e4731db7bb2181168aba0de859a06ab1ae13ff8c7b175cde337541925c5d_s390x as a component of Red Hat OpenShift Service Mesh 3.2",
          "product_id": "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:2de7e4731db7bb2181168aba0de859a06ab1ae13ff8c7b175cde337541925c5d_s390x"
        },
        "product_reference": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:2de7e4731db7bb2181168aba0de859a06ab1ae13ff8c7b175cde337541925c5d_s390x",
        "relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:7300cdba75b669bad1039d5b816e82b48cd3d7f5763b187e5a23538c6c98ff27_ppc64le as a component of Red Hat OpenShift Service Mesh 3.2",
          "product_id": "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:7300cdba75b669bad1039d5b816e82b48cd3d7f5763b187e5a23538c6c98ff27_ppc64le"
        },
        "product_reference": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:7300cdba75b669bad1039d5b816e82b48cd3d7f5763b187e5a23538c6c98ff27_ppc64le",
        "relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.2"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2025-12816",
      "cwe": {
        "id": "CWE-179",
        "name": "Incorrect Behavior Order: Early Validation"
      },
      "discovery_date": "2025-11-25T20:01:05.875196+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-operator-bundle@sha256:35096e1737e500ad148e9f5ca2a14554a5e1b4f3104782f00e8322352e365833_amd64",
            "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:2610bd2778ce5d510b897730832b5c50fa23cc795e2830359bf93d3bcbc1fbcf_ppc64le",
            "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:682b27706746f68c4afd33a69b9a0c930bdcf87f34eaafe75d1c2f9fe9b49718_arm64",
            "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:9881a311d7f2b6e50f92bfc86716c4aecd215d2a85f54baaa8930904bf93d06e_s390x",
            "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:9cbb0a22e03aad2e8d773c5e919706a303e7b4cbdbfc5853d310afe2f0d73f3c_amd64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2417097"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in node-forge. This vulnerability allows unauthenticated attackers to bypass downstream cryptographic verifications and security decisions via crafting ASN.1 (Abstract Syntax Notation One) structures to desynchronize schema validations, yielding a semantic divergence.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "node-forge: node-forge: Interpretation conflict vulnerability allows bypassing cryptographic verifications",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This vulnerability is rated Important for Red Hat products due to an interpretation conflict in the node-forge library. An unauthenticated attacker could exploit this flaw by crafting malicious ASN.1 structures, leading to a bypass of cryptographic verifications and security decisions in affected applications. This impacts various Red Hat products that utilize node-forge for cryptographic operations.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:64308943c63d677df745451e7a9b9136e23b815c9d1950d6cf46b53859834655_s390x",
          "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:7d670f57a84d17b7be55c897a286654b44f75abeafd81669f89467320018b4ef_arm64",
          "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:8075a2d2d3d00efdce0280e00fa2724d339703a236ef7c74e546c4f0ce023d9b_ppc64le",
          "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:94c2091f1a4fad7ec534e36a2ae0f791e1519cc8f74b294c75fa70745503c619_amd64",
          "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:04c798a54632613681f4ff9d07b88b79722dba1cdba1a6e8166ec94a252a81e6_arm64",
          "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:078340c685503fbb211a66d8016d795a647881e735f5d9f9e89a39e64f21b5cd_amd64",
          "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:2de7e4731db7bb2181168aba0de859a06ab1ae13ff8c7b175cde337541925c5d_s390x",
          "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:7300cdba75b669bad1039d5b816e82b48cd3d7f5763b187e5a23538c6c98ff27_ppc64le"
        ],
        "known_not_affected": [
          "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-operator-bundle@sha256:35096e1737e500ad148e9f5ca2a14554a5e1b4f3104782f00e8322352e365833_amd64",
          "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:2610bd2778ce5d510b897730832b5c50fa23cc795e2830359bf93d3bcbc1fbcf_ppc64le",
          "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:682b27706746f68c4afd33a69b9a0c930bdcf87f34eaafe75d1c2f9fe9b49718_arm64",
          "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:9881a311d7f2b6e50f92bfc86716c4aecd215d2a85f54baaa8930904bf93d06e_s390x",
          "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:9cbb0a22e03aad2e8d773c5e919706a303e7b4cbdbfc5853d310afe2f0d73f3c_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2025-12816"
        },
        {
          "category": "external",
          "summary": "RHBZ#2417097",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2417097"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2025-12816",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-12816"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-12816",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-12816"
        },
        {
          "category": "external",
          "summary": "https://github.com/digitalbazaar/forge",
          "url": "https://github.com/digitalbazaar/forge"
        },
        {
          "category": "external",
          "summary": "https://github.com/digitalbazaar/forge/pull/1124",
          "url": "https://github.com/digitalbazaar/forge/pull/1124"
        },
        {
          "category": "external",
          "summary": "https://github.com/digitalbazaar/forge/security/advisories/GHSA-5gfm-wpxj-wjgq",
          "url": "https://github.com/digitalbazaar/forge/security/advisories/GHSA-5gfm-wpxj-wjgq"
        },
        {
          "category": "external",
          "summary": "https://kb.cert.org/vuls/id/521113",
          "url": "https://kb.cert.org/vuls/id/521113"
        },
        {
          "category": "external",
          "summary": "https://www.npmjs.com/package/node-forge",
          "url": "https://www.npmjs.com/package/node-forge"
        }
      ],
      "release_date": "2025-11-25T19:15:50.243000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2025-12-09T15:24:58+00:00",
          "details": "See Kiali 2.17.2 documentation at https://docs.redhat.com/en/documentation/red_hat_openshift_service_mesh/3.2/html/observability/kiali-operator-provided-by-red-hat",
          "product_ids": [
            "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:64308943c63d677df745451e7a9b9136e23b815c9d1950d6cf46b53859834655_s390x",
            "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:7d670f57a84d17b7be55c897a286654b44f75abeafd81669f89467320018b4ef_arm64",
            "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:8075a2d2d3d00efdce0280e00fa2724d339703a236ef7c74e546c4f0ce023d9b_ppc64le",
            "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:94c2091f1a4fad7ec534e36a2ae0f791e1519cc8f74b294c75fa70745503c619_amd64",
            "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:04c798a54632613681f4ff9d07b88b79722dba1cdba1a6e8166ec94a252a81e6_arm64",
            "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:078340c685503fbb211a66d8016d795a647881e735f5d9f9e89a39e64f21b5cd_amd64",
            "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:2de7e4731db7bb2181168aba0de859a06ab1ae13ff8c7b175cde337541925c5d_s390x",
            "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:7300cdba75b669bad1039d5b816e82b48cd3d7f5763b187e5a23538c6c98ff27_ppc64le"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2025:22941"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
          "product_ids": [
            "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-operator-bundle@sha256:35096e1737e500ad148e9f5ca2a14554a5e1b4f3104782f00e8322352e365833_amd64",
            "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:64308943c63d677df745451e7a9b9136e23b815c9d1950d6cf46b53859834655_s390x",
            "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:7d670f57a84d17b7be55c897a286654b44f75abeafd81669f89467320018b4ef_arm64",
            "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:8075a2d2d3d00efdce0280e00fa2724d339703a236ef7c74e546c4f0ce023d9b_ppc64le",
            "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:94c2091f1a4fad7ec534e36a2ae0f791e1519cc8f74b294c75fa70745503c619_amd64",
            "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:2610bd2778ce5d510b897730832b5c50fa23cc795e2830359bf93d3bcbc1fbcf_ppc64le",
            "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:682b27706746f68c4afd33a69b9a0c930bdcf87f34eaafe75d1c2f9fe9b49718_arm64",
            "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:9881a311d7f2b6e50f92bfc86716c4aecd215d2a85f54baaa8930904bf93d06e_s390x",
            "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:9cbb0a22e03aad2e8d773c5e919706a303e7b4cbdbfc5853d310afe2f0d73f3c_amd64",
            "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:04c798a54632613681f4ff9d07b88b79722dba1cdba1a6e8166ec94a252a81e6_arm64",
            "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:078340c685503fbb211a66d8016d795a647881e735f5d9f9e89a39e64f21b5cd_amd64",
            "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:2de7e4731db7bb2181168aba0de859a06ab1ae13ff8c7b175cde337541925c5d_s390x",
            "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:7300cdba75b669bad1039d5b816e82b48cd3d7f5763b187e5a23538c6c98ff27_ppc64le"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 8.7,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-operator-bundle@sha256:35096e1737e500ad148e9f5ca2a14554a5e1b4f3104782f00e8322352e365833_amd64",
            "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:64308943c63d677df745451e7a9b9136e23b815c9d1950d6cf46b53859834655_s390x",
            "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:7d670f57a84d17b7be55c897a286654b44f75abeafd81669f89467320018b4ef_arm64",
            "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:8075a2d2d3d00efdce0280e00fa2724d339703a236ef7c74e546c4f0ce023d9b_ppc64le",
            "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:94c2091f1a4fad7ec534e36a2ae0f791e1519cc8f74b294c75fa70745503c619_amd64",
            "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:2610bd2778ce5d510b897730832b5c50fa23cc795e2830359bf93d3bcbc1fbcf_ppc64le",
            "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:682b27706746f68c4afd33a69b9a0c930bdcf87f34eaafe75d1c2f9fe9b49718_arm64",
            "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:9881a311d7f2b6e50f92bfc86716c4aecd215d2a85f54baaa8930904bf93d06e_s390x",
            "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:9cbb0a22e03aad2e8d773c5e919706a303e7b4cbdbfc5853d310afe2f0d73f3c_amd64",
            "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:04c798a54632613681f4ff9d07b88b79722dba1cdba1a6e8166ec94a252a81e6_arm64",
            "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:078340c685503fbb211a66d8016d795a647881e735f5d9f9e89a39e64f21b5cd_amd64",
            "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:2de7e4731db7bb2181168aba0de859a06ab1ae13ff8c7b175cde337541925c5d_s390x",
            "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:7300cdba75b669bad1039d5b816e82b48cd3d7f5763b187e5a23538c6c98ff27_ppc64le"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "node-forge: node-forge: Interpretation conflict vulnerability allows bypassing cryptographic verifications"
    },
    {
      "cve": "CVE-2025-64756",
      "cwe": {
        "id": "CWE-78",
        "name": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)"
      },
      "discovery_date": "2025-11-17T18:01:28.077927+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-operator-bundle@sha256:35096e1737e500ad148e9f5ca2a14554a5e1b4f3104782f00e8322352e365833_amd64",
            "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:2610bd2778ce5d510b897730832b5c50fa23cc795e2830359bf93d3bcbc1fbcf_ppc64le",
            "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:682b27706746f68c4afd33a69b9a0c930bdcf87f34eaafe75d1c2f9fe9b49718_arm64",
            "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:9881a311d7f2b6e50f92bfc86716c4aecd215d2a85f54baaa8930904bf93d06e_s390x",
            "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:9cbb0a22e03aad2e8d773c5e919706a303e7b4cbdbfc5853d310afe2f0d73f3c_amd64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2415451"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in glob. This vulnerability allows arbitrary command execution via processing files with malicious names when the glob command-line interface (CLI) is used with the -c/--cmd option, enabling shell metacharacters to trigger command injection.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "glob: glob: Command Injection Vulnerability via Malicious Filenames",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This flaw in glob allows arbitrary command execution when the `glob` command-line interface is used with the `-c/--cmd` option to process files with malicious names. The vulnerability is triggered by shell metacharacters in filenames, leading to command injection. The glob CLI tool utilizes the -c option to execute shell commands over the files which matched the searched pattern by using the shell:true parameter when creating the subprocess which will further execute the command informed via \u0027-c\u0027 option, this parameter allows the shell meta characters to be used and processed when executing the command. Given that information glob misses to sanitize the file name to eliminate such characters and expressions from the filename, leading to code execution as when performing the shell expansion such characters will be interpreted as shell commands.\n\nTo exploit this vulnerability the targeted system should run the glob CLI over a file with a maliciously crafted filename, additionally the attacker needs to have enough permission to create such file or trick the user to download and process the required file with the glob CLI.\n\nThis flaw is present in the command line interface of the nodejs-glob package. When the package is used by npm, the command line interface is not used at all, so it cannot be triggered. However, the command line interface implementation is still present on the system, but not directly exposed to the user\u0027s $PATH. To reflect this condition, nodejs packages have been rated with a low severity.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:64308943c63d677df745451e7a9b9136e23b815c9d1950d6cf46b53859834655_s390x",
          "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:7d670f57a84d17b7be55c897a286654b44f75abeafd81669f89467320018b4ef_arm64",
          "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:8075a2d2d3d00efdce0280e00fa2724d339703a236ef7c74e546c4f0ce023d9b_ppc64le",
          "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:94c2091f1a4fad7ec534e36a2ae0f791e1519cc8f74b294c75fa70745503c619_amd64",
          "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:04c798a54632613681f4ff9d07b88b79722dba1cdba1a6e8166ec94a252a81e6_arm64",
          "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:078340c685503fbb211a66d8016d795a647881e735f5d9f9e89a39e64f21b5cd_amd64",
          "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:2de7e4731db7bb2181168aba0de859a06ab1ae13ff8c7b175cde337541925c5d_s390x",
          "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:7300cdba75b669bad1039d5b816e82b48cd3d7f5763b187e5a23538c6c98ff27_ppc64le"
        ],
        "known_not_affected": [
          "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-operator-bundle@sha256:35096e1737e500ad148e9f5ca2a14554a5e1b4f3104782f00e8322352e365833_amd64",
          "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:2610bd2778ce5d510b897730832b5c50fa23cc795e2830359bf93d3bcbc1fbcf_ppc64le",
          "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:682b27706746f68c4afd33a69b9a0c930bdcf87f34eaafe75d1c2f9fe9b49718_arm64",
          "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:9881a311d7f2b6e50f92bfc86716c4aecd215d2a85f54baaa8930904bf93d06e_s390x",
          "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:9cbb0a22e03aad2e8d773c5e919706a303e7b4cbdbfc5853d310afe2f0d73f3c_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2025-64756"
        },
        {
          "category": "external",
          "summary": "RHBZ#2415451",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2415451"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2025-64756",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-64756"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-64756",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-64756"
        },
        {
          "category": "external",
          "summary": "https://github.com/isaacs/node-glob/commit/47473c046b91c67269df7a66eab782a6c2716146",
          "url": "https://github.com/isaacs/node-glob/commit/47473c046b91c67269df7a66eab782a6c2716146"
        },
        {
          "category": "external",
          "summary": "https://github.com/isaacs/node-glob/security/advisories/GHSA-5j98-mcp5-4vw2",
          "url": "https://github.com/isaacs/node-glob/security/advisories/GHSA-5j98-mcp5-4vw2"
        }
      ],
      "release_date": "2025-11-17T17:29:08.029000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2025-12-09T15:24:58+00:00",
          "details": "See Kiali 2.17.2 documentation at https://docs.redhat.com/en/documentation/red_hat_openshift_service_mesh/3.2/html/observability/kiali-operator-provided-by-red-hat",
          "product_ids": [
            "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:64308943c63d677df745451e7a9b9136e23b815c9d1950d6cf46b53859834655_s390x",
            "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:7d670f57a84d17b7be55c897a286654b44f75abeafd81669f89467320018b4ef_arm64",
            "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:8075a2d2d3d00efdce0280e00fa2724d339703a236ef7c74e546c4f0ce023d9b_ppc64le",
            "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:94c2091f1a4fad7ec534e36a2ae0f791e1519cc8f74b294c75fa70745503c619_amd64",
            "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:04c798a54632613681f4ff9d07b88b79722dba1cdba1a6e8166ec94a252a81e6_arm64",
            "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:078340c685503fbb211a66d8016d795a647881e735f5d9f9e89a39e64f21b5cd_amd64",
            "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:2de7e4731db7bb2181168aba0de859a06ab1ae13ff8c7b175cde337541925c5d_s390x",
            "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:7300cdba75b669bad1039d5b816e82b48cd3d7f5763b187e5a23538c6c98ff27_ppc64le"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2025:22941"
        },
        {
          "category": "workaround",
          "details": "To mitigate this issue, avoid using the `glob` command-line interface with the `-c` or `--cmd` option when processing filenames from untrusted sources. If programmatic use of `glob` is necessary, ensure that filenames are thoroughly sanitized before being passed to commands executed with shell interpretation enabled.",
          "product_ids": [
            "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-operator-bundle@sha256:35096e1737e500ad148e9f5ca2a14554a5e1b4f3104782f00e8322352e365833_amd64",
            "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:64308943c63d677df745451e7a9b9136e23b815c9d1950d6cf46b53859834655_s390x",
            "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:7d670f57a84d17b7be55c897a286654b44f75abeafd81669f89467320018b4ef_arm64",
            "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:8075a2d2d3d00efdce0280e00fa2724d339703a236ef7c74e546c4f0ce023d9b_ppc64le",
            "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:94c2091f1a4fad7ec534e36a2ae0f791e1519cc8f74b294c75fa70745503c619_amd64",
            "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:2610bd2778ce5d510b897730832b5c50fa23cc795e2830359bf93d3bcbc1fbcf_ppc64le",
            "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:682b27706746f68c4afd33a69b9a0c930bdcf87f34eaafe75d1c2f9fe9b49718_arm64",
            "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:9881a311d7f2b6e50f92bfc86716c4aecd215d2a85f54baaa8930904bf93d06e_s390x",
            "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:9cbb0a22e03aad2e8d773c5e919706a303e7b4cbdbfc5853d310afe2f0d73f3c_amd64",
            "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:04c798a54632613681f4ff9d07b88b79722dba1cdba1a6e8166ec94a252a81e6_arm64",
            "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:078340c685503fbb211a66d8016d795a647881e735f5d9f9e89a39e64f21b5cd_amd64",
            "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:2de7e4731db7bb2181168aba0de859a06ab1ae13ff8c7b175cde337541925c5d_s390x",
            "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:7300cdba75b669bad1039d5b816e82b48cd3d7f5763b187e5a23538c6c98ff27_ppc64le"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-operator-bundle@sha256:35096e1737e500ad148e9f5ca2a14554a5e1b4f3104782f00e8322352e365833_amd64",
            "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:64308943c63d677df745451e7a9b9136e23b815c9d1950d6cf46b53859834655_s390x",
            "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:7d670f57a84d17b7be55c897a286654b44f75abeafd81669f89467320018b4ef_arm64",
            "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:8075a2d2d3d00efdce0280e00fa2724d339703a236ef7c74e546c4f0ce023d9b_ppc64le",
            "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:94c2091f1a4fad7ec534e36a2ae0f791e1519cc8f74b294c75fa70745503c619_amd64",
            "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:2610bd2778ce5d510b897730832b5c50fa23cc795e2830359bf93d3bcbc1fbcf_ppc64le",
            "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:682b27706746f68c4afd33a69b9a0c930bdcf87f34eaafe75d1c2f9fe9b49718_arm64",
            "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:9881a311d7f2b6e50f92bfc86716c4aecd215d2a85f54baaa8930904bf93d06e_s390x",
            "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:9cbb0a22e03aad2e8d773c5e919706a303e7b4cbdbfc5853d310afe2f0d73f3c_amd64",
            "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:04c798a54632613681f4ff9d07b88b79722dba1cdba1a6e8166ec94a252a81e6_arm64",
            "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:078340c685503fbb211a66d8016d795a647881e735f5d9f9e89a39e64f21b5cd_amd64",
            "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:2de7e4731db7bb2181168aba0de859a06ab1ae13ff8c7b175cde337541925c5d_s390x",
            "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:7300cdba75b669bad1039d5b816e82b48cd3d7f5763b187e5a23538c6c98ff27_ppc64le"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "glob: glob: Command Injection Vulnerability via Malicious Filenames"
    },
    {
      "cve": "CVE-2025-66031",
      "cwe": {
        "id": "CWE-674",
        "name": "Uncontrolled Recursion"
      },
      "discovery_date": "2025-11-26T23:01:36.363253+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-operator-bundle@sha256:35096e1737e500ad148e9f5ca2a14554a5e1b4f3104782f00e8322352e365833_amd64",
            "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:2610bd2778ce5d510b897730832b5c50fa23cc795e2830359bf93d3bcbc1fbcf_ppc64le",
            "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:682b27706746f68c4afd33a69b9a0c930bdcf87f34eaafe75d1c2f9fe9b49718_arm64",
            "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:9881a311d7f2b6e50f92bfc86716c4aecd215d2a85f54baaa8930904bf93d06e_s390x",
            "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:9cbb0a22e03aad2e8d773c5e919706a303e7b4cbdbfc5853d310afe2f0d73f3c_amd64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2417397"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "An ASN.1 Denial of Service (Dos) vulnerability exists in the node-forge asn1.fromDer function within forge/lib/asn1.js. The ASN.1 DER parser implementation (_fromDer) recurses for every constructed ASN.1 value (SEQUENCE, SET, etc.) and lacks a guard limiting recursion depth. An attacker can craft a small DER blob containing a very large nesting depth of constructed TLVs which causes the Node.js V8 engine to exhaust its call stack and throw RangeError: Maximum call stack size exceeded, crashing or incapacitating the process handling the parse. This is a remote, low-cost Denial-of-Service against applications that parse untrusted ASN.1 objects.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "node-forge: node-forge ASN.1 Unbounded Recursion",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:64308943c63d677df745451e7a9b9136e23b815c9d1950d6cf46b53859834655_s390x",
          "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:7d670f57a84d17b7be55c897a286654b44f75abeafd81669f89467320018b4ef_arm64",
          "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:8075a2d2d3d00efdce0280e00fa2724d339703a236ef7c74e546c4f0ce023d9b_ppc64le",
          "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:94c2091f1a4fad7ec534e36a2ae0f791e1519cc8f74b294c75fa70745503c619_amd64",
          "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:04c798a54632613681f4ff9d07b88b79722dba1cdba1a6e8166ec94a252a81e6_arm64",
          "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:078340c685503fbb211a66d8016d795a647881e735f5d9f9e89a39e64f21b5cd_amd64",
          "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:2de7e4731db7bb2181168aba0de859a06ab1ae13ff8c7b175cde337541925c5d_s390x",
          "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:7300cdba75b669bad1039d5b816e82b48cd3d7f5763b187e5a23538c6c98ff27_ppc64le"
        ],
        "known_not_affected": [
          "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-operator-bundle@sha256:35096e1737e500ad148e9f5ca2a14554a5e1b4f3104782f00e8322352e365833_amd64",
          "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:2610bd2778ce5d510b897730832b5c50fa23cc795e2830359bf93d3bcbc1fbcf_ppc64le",
          "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:682b27706746f68c4afd33a69b9a0c930bdcf87f34eaafe75d1c2f9fe9b49718_arm64",
          "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:9881a311d7f2b6e50f92bfc86716c4aecd215d2a85f54baaa8930904bf93d06e_s390x",
          "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:9cbb0a22e03aad2e8d773c5e919706a303e7b4cbdbfc5853d310afe2f0d73f3c_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2025-66031"
        },
        {
          "category": "external",
          "summary": "RHBZ#2417397",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2417397"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2025-66031",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-66031"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-66031",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66031"
        },
        {
          "category": "external",
          "summary": "https://github.com/digitalbazaar/forge/commit/260425c6167a38aae038697132483b5517b26451",
          "url": "https://github.com/digitalbazaar/forge/commit/260425c6167a38aae038697132483b5517b26451"
        },
        {
          "category": "external",
          "summary": "https://github.com/digitalbazaar/forge/security/advisories/GHSA-554w-wpv2-vw27",
          "url": "https://github.com/digitalbazaar/forge/security/advisories/GHSA-554w-wpv2-vw27"
        }
      ],
      "release_date": "2025-11-26T22:23:26.013000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2025-12-09T15:24:58+00:00",
          "details": "See Kiali 2.17.2 documentation at https://docs.redhat.com/en/documentation/red_hat_openshift_service_mesh/3.2/html/observability/kiali-operator-provided-by-red-hat",
          "product_ids": [
            "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:64308943c63d677df745451e7a9b9136e23b815c9d1950d6cf46b53859834655_s390x",
            "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:7d670f57a84d17b7be55c897a286654b44f75abeafd81669f89467320018b4ef_arm64",
            "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:8075a2d2d3d00efdce0280e00fa2724d339703a236ef7c74e546c4f0ce023d9b_ppc64le",
            "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:94c2091f1a4fad7ec534e36a2ae0f791e1519cc8f74b294c75fa70745503c619_amd64",
            "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:04c798a54632613681f4ff9d07b88b79722dba1cdba1a6e8166ec94a252a81e6_arm64",
            "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:078340c685503fbb211a66d8016d795a647881e735f5d9f9e89a39e64f21b5cd_amd64",
            "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:2de7e4731db7bb2181168aba0de859a06ab1ae13ff8c7b175cde337541925c5d_s390x",
            "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:7300cdba75b669bad1039d5b816e82b48cd3d7f5763b187e5a23538c6c98ff27_ppc64le"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2025:22941"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
          "product_ids": [
            "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-operator-bundle@sha256:35096e1737e500ad148e9f5ca2a14554a5e1b4f3104782f00e8322352e365833_amd64",
            "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:64308943c63d677df745451e7a9b9136e23b815c9d1950d6cf46b53859834655_s390x",
            "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:7d670f57a84d17b7be55c897a286654b44f75abeafd81669f89467320018b4ef_arm64",
            "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:8075a2d2d3d00efdce0280e00fa2724d339703a236ef7c74e546c4f0ce023d9b_ppc64le",
            "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:94c2091f1a4fad7ec534e36a2ae0f791e1519cc8f74b294c75fa70745503c619_amd64",
            "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:2610bd2778ce5d510b897730832b5c50fa23cc795e2830359bf93d3bcbc1fbcf_ppc64le",
            "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:682b27706746f68c4afd33a69b9a0c930bdcf87f34eaafe75d1c2f9fe9b49718_arm64",
            "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:9881a311d7f2b6e50f92bfc86716c4aecd215d2a85f54baaa8930904bf93d06e_s390x",
            "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:9cbb0a22e03aad2e8d773c5e919706a303e7b4cbdbfc5853d310afe2f0d73f3c_amd64",
            "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:04c798a54632613681f4ff9d07b88b79722dba1cdba1a6e8166ec94a252a81e6_arm64",
            "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:078340c685503fbb211a66d8016d795a647881e735f5d9f9e89a39e64f21b5cd_amd64",
            "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:2de7e4731db7bb2181168aba0de859a06ab1ae13ff8c7b175cde337541925c5d_s390x",
            "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:7300cdba75b669bad1039d5b816e82b48cd3d7f5763b187e5a23538c6c98ff27_ppc64le"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          },
          "products": [
            "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-operator-bundle@sha256:35096e1737e500ad148e9f5ca2a14554a5e1b4f3104782f00e8322352e365833_amd64",
            "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:64308943c63d677df745451e7a9b9136e23b815c9d1950d6cf46b53859834655_s390x",
            "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:7d670f57a84d17b7be55c897a286654b44f75abeafd81669f89467320018b4ef_arm64",
            "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:8075a2d2d3d00efdce0280e00fa2724d339703a236ef7c74e546c4f0ce023d9b_ppc64le",
            "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:94c2091f1a4fad7ec534e36a2ae0f791e1519cc8f74b294c75fa70745503c619_amd64",
            "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:2610bd2778ce5d510b897730832b5c50fa23cc795e2830359bf93d3bcbc1fbcf_ppc64le",
            "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:682b27706746f68c4afd33a69b9a0c930bdcf87f34eaafe75d1c2f9fe9b49718_arm64",
            "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:9881a311d7f2b6e50f92bfc86716c4aecd215d2a85f54baaa8930904bf93d06e_s390x",
            "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:9cbb0a22e03aad2e8d773c5e919706a303e7b4cbdbfc5853d310afe2f0d73f3c_amd64",
            "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:04c798a54632613681f4ff9d07b88b79722dba1cdba1a6e8166ec94a252a81e6_arm64",
            "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:078340c685503fbb211a66d8016d795a647881e735f5d9f9e89a39e64f21b5cd_amd64",
            "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:2de7e4731db7bb2181168aba0de859a06ab1ae13ff8c7b175cde337541925c5d_s390x",
            "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:7300cdba75b669bad1039d5b816e82b48cd3d7f5763b187e5a23538c6c98ff27_ppc64le"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "node-forge: node-forge ASN.1 Unbounded Recursion"
    }
  ]
}

RHSA-2026:0261

Vulnerability from csaf_redhat - Published: 2026-01-07 18:34 - Updated: 2026-06-03 17:09

Summary

Red Hat Security Advisory: Red Hat Developer Hub 1.7.4 release.

Severity

Important

Notes

Topic: Red Hat Developer Hub 1.7.4 has been released.

CVE-2025-12816

8.7 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N

CWE-179 - Incorrect Behavior Order: Early Validation

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Unresolved product id: Red Hat Developer Hub 1.7:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:29ada5e84c6b204cf518191a21bbd22de5cb53a61bc1812b1072ce5c28a235b2_amd64		—	Vendor Fix fix Workaround

Known not affected 2 products

Product	Identifier	Version	Remediation
Unresolved product id: Red Hat Developer Hub 1.7:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:e191728df327f9e904c981f7f92bb2ca03fc4555094e0f53b12d86a367831b7b_amd64		—	Workaround
Unresolved product id: Red Hat Developer Hub 1.7:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:91549345e194052fa0248082962e552ea46548a5981f9975e439791ee1ecbe23_amd64		—	Workaround

Threats

Impact Important

CVE-2025-15284

A flaw was found in qs, a module used for parsing query strings. A remote attacker can exploit an improper input validation vulnerability by sending specially crafted HTTP requests that use bracket notation (e.g., `a[]=value`). This bypasses the `arrayLimit` option, which is designed to limit the size of parsed arrays and prevent resource exhaustion. Successful exploitation can lead to memory exhaustion, causing a Denial of Service (DoS) where the application crashes or becomes unresponsive, making the service unavailable to users.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-770 - Allocation of Resources Without Limits or Throttling

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Unresolved product id: Red Hat Developer Hub 1.7:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:29ada5e84c6b204cf518191a21bbd22de5cb53a61bc1812b1072ce5c28a235b2_amd64		—	Vendor Fix fix Workaround

Known not affected 2 products

Product	Identifier	Version	Remediation
Unresolved product id: Red Hat Developer Hub 1.7:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:e191728df327f9e904c981f7f92bb2ca03fc4555094e0f53b12d86a367831b7b_amd64		—	Workaround
Unresolved product id: Red Hat Developer Hub 1.7:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:91549345e194052fa0248082962e552ea46548a5981f9975e439791ee1ecbe23_amd64		—	Workaround

Threats

Impact Important

CVE-2025-64756

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Unresolved product id: Red Hat Developer Hub 1.7:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:29ada5e84c6b204cf518191a21bbd22de5cb53a61bc1812b1072ce5c28a235b2_amd64		—	Vendor Fix fix Workaround

Known not affected 2 products

Product	Identifier	Version	Remediation
Unresolved product id: Red Hat Developer Hub 1.7:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:e191728df327f9e904c981f7f92bb2ca03fc4555094e0f53b12d86a367831b7b_amd64		—	Workaround
Unresolved product id: Red Hat Developer Hub 1.7:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:91549345e194052fa0248082962e552ea46548a5981f9975e439791ee1ecbe23_amd64		—	Workaround

Threats

Impact Important

CVE-2025-65945

A flaw was found in auth0/node-jws. This vulnerability allows improper signature verification via using the HS256 (Hash-based Message Authentication Code using SHA-256) algorithm under specific conditions, where applications use the jws.createVerify() function for HMAC (Keyed-Hash Message Authentication Code) algorithms and user-provided data from the JSON (JavaScript Object Notation) Web Signature protected header or payload in HMAC secret lookup routines.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

CWE-347 - Improper Verification of Cryptographic Signature

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Unresolved product id: Red Hat Developer Hub 1.7:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:29ada5e84c6b204cf518191a21bbd22de5cb53a61bc1812b1072ce5c28a235b2_amd64		—	Vendor Fix fix Workaround

Known not affected 2 products

Product	Identifier	Version	Remediation
Unresolved product id: Red Hat Developer Hub 1.7:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:e191728df327f9e904c981f7f92bb2ca03fc4555094e0f53b12d86a367831b7b_amd64		—	Workaround
Unresolved product id: Red Hat Developer Hub 1.7:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:91549345e194052fa0248082962e552ea46548a5981f9975e439791ee1ecbe23_amd64		—	Workaround

Threats

Impact Important

CVE-2025-66031

5.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

CWE-674 - Uncontrolled Recursion

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Unresolved product id: Red Hat Developer Hub 1.7:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:29ada5e84c6b204cf518191a21bbd22de5cb53a61bc1812b1072ce5c28a235b2_amd64		—	Vendor Fix fix Workaround

Known not affected 2 products

Product	Identifier	Version	Remediation
Unresolved product id: Red Hat Developer Hub 1.7:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:e191728df327f9e904c981f7f92bb2ca03fc4555094e0f53b12d86a367831b7b_amd64		—	Workaround
Unresolved product id: Red Hat Developer Hub 1.7:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:91549345e194052fa0248082962e552ea46548a5981f9975e439791ee1ecbe23_amd64		—	Workaround

Threats

Impact Moderate

References

49 references

URL	Category
https://access.redhat.com/errata/RHSA-2026:0261	self
https://access.redhat.com/security/cve/CVE-2025-12816	external
https://access.redhat.com/security/cve/CVE-2025-15284	external
https://access.redhat.com/security/cve/CVE-2025-64756	external
https://access.redhat.com/security/cve/CVE-2025-65945	external
https://access.redhat.com/security/cve/CVE-2025-66031	external
https://access.redhat.com/security/updates/classi…	external
https://catalog.redhat.com/search?gs&searchType=c…	external
https://developers.redhat.com/rhdh/overview	external
https://docs.redhat.com/en/documentation/red_hat_…	external
https://issues.redhat.com/browse/RHIDP-11024	external
https://issues.redhat.com/browse/RHIDP-11112	external
https://issues.redhat.com/browse/RHIDP-11115	external
https://issues.redhat.com/browse/RHIDP-11117	external
https://issues.redhat.com/browse/RHIDP-11241	external
https://security.access.redhat.com/data/csaf/v2/a…	self
https://access.redhat.com/security/cve/CVE-2025-12816	self
https://bugzilla.redhat.com/show_bug.cgi?id=2417097	external
https://www.cve.org/CVERecord?id=CVE-2025-12816	external
https://nvd.nist.gov/vuln/detail/CVE-2025-12816	external
https://github.com/digitalbazaar/forge	external
https://github.com/digitalbazaar/forge/pull/1124	external
https://github.com/digitalbazaar/forge/security/a…	external
https://kb.cert.org/vuls/id/521113	external
https://www.npmjs.com/package/node-forge	external
https://access.redhat.com/security/cve/CVE-2025-15284	self
https://bugzilla.redhat.com/show_bug.cgi?id=2425946	external
https://www.cve.org/CVERecord?id=CVE-2025-15284	external
https://nvd.nist.gov/vuln/detail/CVE-2025-15284	external
https://github.com/ljharb/qs/commit/3086902ecf7f0…	external
https://github.com/ljharb/qs/security/advisories/…	external
https://access.redhat.com/security/cve/CVE-2025-64756	self
https://bugzilla.redhat.com/show_bug.cgi?id=2415451	external
https://www.cve.org/CVERecord?id=CVE-2025-64756	external
https://nvd.nist.gov/vuln/detail/CVE-2025-64756	external
https://github.com/isaacs/node-glob/commit/47473c…	external
https://github.com/isaacs/node-glob/security/advi…	external
https://access.redhat.com/security/cve/CVE-2025-65945	self
https://bugzilla.redhat.com/show_bug.cgi?id=2418904	external
https://www.cve.org/CVERecord?id=CVE-2025-65945	external
https://nvd.nist.gov/vuln/detail/CVE-2025-65945	external
https://github.com/auth0/node-jws/commit/34c45b2c…	external
https://github.com/auth0/node-jws/security/adviso…	external
https://access.redhat.com/security/cve/CVE-2025-66031	self
https://bugzilla.redhat.com/show_bug.cgi?id=2417397	external
https://www.cve.org/CVERecord?id=CVE-2025-66031	external
https://nvd.nist.gov/vuln/detail/CVE-2025-66031	external
https://github.com/digitalbazaar/forge/commit/260…	external
https://github.com/digitalbazaar/forge/security/a…	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Red Hat Developer Hub 1.7.4 has been released.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "Red Hat Developer Hub (RHDH) is Red Hat\u0027s enterprise-grade, self-managed, customizable developer portal based on Backstage.io. RHDH is supported on OpenShift and other major Kubernetes clusters (AKS, EKS, GKE). The core features of RHDH include a single pane of glass, a centralized software catalog, self-service via golden path templates, and Tech Docs. RHDH is extensible by plugins.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2026:0261",
        "url": "https://access.redhat.com/errata/RHSA-2026:0261"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/CVE-2025-12816",
        "url": "https://access.redhat.com/security/cve/CVE-2025-12816"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/CVE-2025-15284",
        "url": "https://access.redhat.com/security/cve/CVE-2025-15284"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/CVE-2025-64756",
        "url": "https://access.redhat.com/security/cve/CVE-2025-64756"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/CVE-2025-65945",
        "url": "https://access.redhat.com/security/cve/CVE-2025-65945"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/CVE-2025-66031",
        "url": "https://access.redhat.com/security/cve/CVE-2025-66031"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/",
        "url": "https://access.redhat.com/security/updates/classification/"
      },
      {
        "category": "external",
        "summary": "https://catalog.redhat.com/search?gs\u0026searchType=containers\u0026q=rhdh",
        "url": "https://catalog.redhat.com/search?gs\u0026searchType=containers\u0026q=rhdh"
      },
      {
        "category": "external",
        "summary": "https://developers.redhat.com/rhdh/overview",
        "url": "https://developers.redhat.com/rhdh/overview"
      },
      {
        "category": "external",
        "summary": "https://docs.redhat.com/en/documentation/red_hat_developer_hub",
        "url": "https://docs.redhat.com/en/documentation/red_hat_developer_hub"
      },
      {
        "category": "external",
        "summary": "https://issues.redhat.com/browse/RHIDP-11024",
        "url": "https://issues.redhat.com/browse/RHIDP-11024"
      },
      {
        "category": "external",
        "summary": "https://issues.redhat.com/browse/RHIDP-11112",
        "url": "https://issues.redhat.com/browse/RHIDP-11112"
      },
      {
        "category": "external",
        "summary": "https://issues.redhat.com/browse/RHIDP-11115",
        "url": "https://issues.redhat.com/browse/RHIDP-11115"
      },
      {
        "category": "external",
        "summary": "https://issues.redhat.com/browse/RHIDP-11117",
        "url": "https://issues.redhat.com/browse/RHIDP-11117"
      },
      {
        "category": "external",
        "summary": "https://issues.redhat.com/browse/RHIDP-11241",
        "url": "https://issues.redhat.com/browse/RHIDP-11241"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_0261.json"
      }
    ],
    "title": "Red Hat Security Advisory: Red Hat Developer Hub 1.7.4 release.",
    "tracking": {
      "current_release_date": "2026-06-03T17:09:04+00:00",
      "generator": {
        "date": "2026-06-03T17:09:04+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.8.1"
        }
      },
      "id": "RHSA-2026:0261",
      "initial_release_date": "2026-01-07T18:34:52+00:00",
      "revision_history": [
        {
          "date": "2026-01-07T18:34:52+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2026-01-07T18:34:55+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2026-06-03T17:09:04+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Developer Hub 1.7",
                "product": {
                  "name": "Red Hat Developer Hub 1.7",
                  "product_id": "Red Hat Developer Hub 1.7",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhdh:1.7::el9"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Developer Hub"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:29ada5e84c6b204cf518191a21bbd22de5cb53a61bc1812b1072ce5c28a235b2_amd64",
                "product": {
                  "name": "registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:29ada5e84c6b204cf518191a21bbd22de5cb53a61bc1812b1072ce5c28a235b2_amd64",
                  "product_id": "registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:29ada5e84c6b204cf518191a21bbd22de5cb53a61bc1812b1072ce5c28a235b2_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/rhdh-hub-rhel9@sha256%3A29ada5e84c6b204cf518191a21bbd22de5cb53a61bc1812b1072ce5c28a235b2?arch=amd64\u0026repository_url=registry.redhat.io/rhdh\u0026tag=1.7.4-1767715042"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:91549345e194052fa0248082962e552ea46548a5981f9975e439791ee1ecbe23_amd64",
                "product": {
                  "name": "registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:91549345e194052fa0248082962e552ea46548a5981f9975e439791ee1ecbe23_amd64",
                  "product_id": "registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:91549345e194052fa0248082962e552ea46548a5981f9975e439791ee1ecbe23_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/rhdh-rhel9-operator@sha256%3A91549345e194052fa0248082962e552ea46548a5981f9975e439791ee1ecbe23?arch=amd64\u0026repository_url=registry.redhat.io/rhdh\u0026tag=1.7.4-1767620808"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:e191728df327f9e904c981f7f92bb2ca03fc4555094e0f53b12d86a367831b7b_amd64",
                "product": {
                  "name": "registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:e191728df327f9e904c981f7f92bb2ca03fc4555094e0f53b12d86a367831b7b_amd64",
                  "product_id": "registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:e191728df327f9e904c981f7f92bb2ca03fc4555094e0f53b12d86a367831b7b_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/rhdh-operator-bundle@sha256%3Ae191728df327f9e904c981f7f92bb2ca03fc4555094e0f53b12d86a367831b7b?arch=amd64\u0026repository_url=registry.redhat.io/rhdh\u0026tag=1.7.4-1767730186"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "amd64"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:29ada5e84c6b204cf518191a21bbd22de5cb53a61bc1812b1072ce5c28a235b2_amd64 as a component of Red Hat Developer Hub 1.7",
          "product_id": "Red Hat Developer Hub 1.7:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:29ada5e84c6b204cf518191a21bbd22de5cb53a61bc1812b1072ce5c28a235b2_amd64"
        },
        "product_reference": "registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:29ada5e84c6b204cf518191a21bbd22de5cb53a61bc1812b1072ce5c28a235b2_amd64",
        "relates_to_product_reference": "Red Hat Developer Hub 1.7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:e191728df327f9e904c981f7f92bb2ca03fc4555094e0f53b12d86a367831b7b_amd64 as a component of Red Hat Developer Hub 1.7",
          "product_id": "Red Hat Developer Hub 1.7:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:e191728df327f9e904c981f7f92bb2ca03fc4555094e0f53b12d86a367831b7b_amd64"
        },
        "product_reference": "registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:e191728df327f9e904c981f7f92bb2ca03fc4555094e0f53b12d86a367831b7b_amd64",
        "relates_to_product_reference": "Red Hat Developer Hub 1.7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:91549345e194052fa0248082962e552ea46548a5981f9975e439791ee1ecbe23_amd64 as a component of Red Hat Developer Hub 1.7",
          "product_id": "Red Hat Developer Hub 1.7:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:91549345e194052fa0248082962e552ea46548a5981f9975e439791ee1ecbe23_amd64"
        },
        "product_reference": "registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:91549345e194052fa0248082962e552ea46548a5981f9975e439791ee1ecbe23_amd64",
        "relates_to_product_reference": "Red Hat Developer Hub 1.7"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2025-12816",
      "cwe": {
        "id": "CWE-179",
        "name": "Incorrect Behavior Order: Early Validation"
      },
      "discovery_date": "2025-11-25T20:01:05.875196+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "Red Hat Developer Hub 1.7:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:e191728df327f9e904c981f7f92bb2ca03fc4555094e0f53b12d86a367831b7b_amd64",
            "Red Hat Developer Hub 1.7:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:91549345e194052fa0248082962e552ea46548a5981f9975e439791ee1ecbe23_amd64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2417097"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in node-forge. This vulnerability allows unauthenticated attackers to bypass downstream cryptographic verifications and security decisions via crafting ASN.1 (Abstract Syntax Notation One) structures to desynchronize schema validations, yielding a semantic divergence.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "node-forge: node-forge: Interpretation conflict vulnerability allows bypassing cryptographic verifications",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This vulnerability is rated Important for Red Hat products due to an interpretation conflict in the node-forge library. An unauthenticated attacker could exploit this flaw by crafting malicious ASN.1 structures, leading to a bypass of cryptographic verifications and security decisions in affected applications. This impacts various Red Hat products that utilize node-forge for cryptographic operations.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Developer Hub 1.7:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:29ada5e84c6b204cf518191a21bbd22de5cb53a61bc1812b1072ce5c28a235b2_amd64"
        ],
        "known_not_affected": [
          "Red Hat Developer Hub 1.7:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:e191728df327f9e904c981f7f92bb2ca03fc4555094e0f53b12d86a367831b7b_amd64",
          "Red Hat Developer Hub 1.7:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:91549345e194052fa0248082962e552ea46548a5981f9975e439791ee1ecbe23_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2025-12816"
        },
        {
          "category": "external",
          "summary": "RHBZ#2417097",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2417097"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2025-12816",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-12816"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-12816",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-12816"
        },
        {
          "category": "external",
          "summary": "https://github.com/digitalbazaar/forge",
          "url": "https://github.com/digitalbazaar/forge"
        },
        {
          "category": "external",
          "summary": "https://github.com/digitalbazaar/forge/pull/1124",
          "url": "https://github.com/digitalbazaar/forge/pull/1124"
        },
        {
          "category": "external",
          "summary": "https://github.com/digitalbazaar/forge/security/advisories/GHSA-5gfm-wpxj-wjgq",
          "url": "https://github.com/digitalbazaar/forge/security/advisories/GHSA-5gfm-wpxj-wjgq"
        },
        {
          "category": "external",
          "summary": "https://kb.cert.org/vuls/id/521113",
          "url": "https://kb.cert.org/vuls/id/521113"
        },
        {
          "category": "external",
          "summary": "https://www.npmjs.com/package/node-forge",
          "url": "https://www.npmjs.com/package/node-forge"
        }
      ],
      "release_date": "2025-11-25T19:15:50.243000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-01-07T18:34:52+00:00",
          "details": "For more about Red Hat Developer Hub, see References links",
          "product_ids": [
            "Red Hat Developer Hub 1.7:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:29ada5e84c6b204cf518191a21bbd22de5cb53a61bc1812b1072ce5c28a235b2_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:0261"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
          "product_ids": [
            "Red Hat Developer Hub 1.7:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:29ada5e84c6b204cf518191a21bbd22de5cb53a61bc1812b1072ce5c28a235b2_amd64",
            "Red Hat Developer Hub 1.7:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:e191728df327f9e904c981f7f92bb2ca03fc4555094e0f53b12d86a367831b7b_amd64",
            "Red Hat Developer Hub 1.7:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:91549345e194052fa0248082962e552ea46548a5981f9975e439791ee1ecbe23_amd64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 8.7,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "Red Hat Developer Hub 1.7:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:29ada5e84c6b204cf518191a21bbd22de5cb53a61bc1812b1072ce5c28a235b2_amd64",
            "Red Hat Developer Hub 1.7:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:e191728df327f9e904c981f7f92bb2ca03fc4555094e0f53b12d86a367831b7b_amd64",
            "Red Hat Developer Hub 1.7:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:91549345e194052fa0248082962e552ea46548a5981f9975e439791ee1ecbe23_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "node-forge: node-forge: Interpretation conflict vulnerability allows bypassing cryptographic verifications"
    },
    {
      "cve": "CVE-2025-15284",
      "cwe": {
        "id": "CWE-770",
        "name": "Allocation of Resources Without Limits or Throttling"
      },
      "discovery_date": "2025-12-29T23:00:58.541337+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "Red Hat Developer Hub 1.7:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:e191728df327f9e904c981f7f92bb2ca03fc4555094e0f53b12d86a367831b7b_amd64",
            "Red Hat Developer Hub 1.7:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:91549345e194052fa0248082962e552ea46548a5981f9975e439791ee1ecbe23_amd64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2425946"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in qs, a module used for parsing query strings. A remote attacker can exploit an improper input validation vulnerability by sending specially crafted HTTP requests that use bracket notation (e.g., `a[]=value`). This bypasses the `arrayLimit` option, which is designed to limit the size of parsed arrays and prevent resource exhaustion. Successful exploitation can lead to memory exhaustion, causing a Denial of Service (DoS) where the application crashes or becomes unresponsive, making the service unavailable to users.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "qs: qs: Denial of Service via improper input validation in array parsing",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This vulnerability is rated Important for Red Hat products that utilize the `qs` module for parsing query strings, particularly when processing user-controlled input with bracket notation. The `arrayLimit` option, intended to prevent resource exhaustion, is bypassed when bracket notation (`a[]=value`) is used, allowing a remote attacker to cause a denial of service through memory exhaustion. This can lead to application crashes or unresponsiveness, making the service unavailable.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Developer Hub 1.7:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:29ada5e84c6b204cf518191a21bbd22de5cb53a61bc1812b1072ce5c28a235b2_amd64"
        ],
        "known_not_affected": [
          "Red Hat Developer Hub 1.7:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:e191728df327f9e904c981f7f92bb2ca03fc4555094e0f53b12d86a367831b7b_amd64",
          "Red Hat Developer Hub 1.7:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:91549345e194052fa0248082962e552ea46548a5981f9975e439791ee1ecbe23_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2025-15284"
        },
        {
          "category": "external",
          "summary": "RHBZ#2425946",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2425946"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2025-15284",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-15284"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-15284",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-15284"
        },
        {
          "category": "external",
          "summary": "https://github.com/ljharb/qs/commit/3086902ecf7f088d0d1803887643ac6c03d415b9",
          "url": "https://github.com/ljharb/qs/commit/3086902ecf7f088d0d1803887643ac6c03d415b9"
        },
        {
          "category": "external",
          "summary": "https://github.com/ljharb/qs/security/advisories/GHSA-6rw7-vpxm-498p",
          "url": "https://github.com/ljharb/qs/security/advisories/GHSA-6rw7-vpxm-498p"
        }
      ],
      "release_date": "2025-12-29T22:56:45.240000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-01-07T18:34:52+00:00",
          "details": "For more about Red Hat Developer Hub, see References links",
          "product_ids": [
            "Red Hat Developer Hub 1.7:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:29ada5e84c6b204cf518191a21bbd22de5cb53a61bc1812b1072ce5c28a235b2_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:0261"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
          "product_ids": [
            "Red Hat Developer Hub 1.7:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:29ada5e84c6b204cf518191a21bbd22de5cb53a61bc1812b1072ce5c28a235b2_amd64",
            "Red Hat Developer Hub 1.7:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:e191728df327f9e904c981f7f92bb2ca03fc4555094e0f53b12d86a367831b7b_amd64",
            "Red Hat Developer Hub 1.7:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:91549345e194052fa0248082962e552ea46548a5981f9975e439791ee1ecbe23_amd64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "Red Hat Developer Hub 1.7:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:29ada5e84c6b204cf518191a21bbd22de5cb53a61bc1812b1072ce5c28a235b2_amd64",
            "Red Hat Developer Hub 1.7:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:e191728df327f9e904c981f7f92bb2ca03fc4555094e0f53b12d86a367831b7b_amd64",
            "Red Hat Developer Hub 1.7:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:91549345e194052fa0248082962e552ea46548a5981f9975e439791ee1ecbe23_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "qs: qs: Denial of Service via improper input validation in array parsing"
    },
    {
      "cve": "CVE-2025-64756",
      "cwe": {
        "id": "CWE-78",
        "name": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)"
      },
      "discovery_date": "2025-11-17T18:01:28.077927+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "Red Hat Developer Hub 1.7:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:e191728df327f9e904c981f7f92bb2ca03fc4555094e0f53b12d86a367831b7b_amd64",
            "Red Hat Developer Hub 1.7:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:91549345e194052fa0248082962e552ea46548a5981f9975e439791ee1ecbe23_amd64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2415451"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in glob. This vulnerability allows arbitrary command execution via processing files with malicious names when the glob command-line interface (CLI) is used with the -c/--cmd option, enabling shell metacharacters to trigger command injection.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "glob: glob: Command Injection Vulnerability via Malicious Filenames",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This flaw in glob allows arbitrary command execution when the `glob` command-line interface is used with the `-c/--cmd` option to process files with malicious names. The vulnerability is triggered by shell metacharacters in filenames, leading to command injection. The glob CLI tool utilizes the -c option to execute shell commands over the files which matched the searched pattern by using the shell:true parameter when creating the subprocess which will further execute the command informed via \u0027-c\u0027 option, this parameter allows the shell meta characters to be used and processed when executing the command. Given that information glob misses to sanitize the file name to eliminate such characters and expressions from the filename, leading to code execution as when performing the shell expansion such characters will be interpreted as shell commands.\n\nTo exploit this vulnerability the targeted system should run the glob CLI over a file with a maliciously crafted filename, additionally the attacker needs to have enough permission to create such file or trick the user to download and process the required file with the glob CLI.\n\nThis flaw is present in the command line interface of the nodejs-glob package. When the package is used by npm, the command line interface is not used at all, so it cannot be triggered. However, the command line interface implementation is still present on the system, but not directly exposed to the user\u0027s $PATH. To reflect this condition, nodejs packages have been rated with a low severity.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Developer Hub 1.7:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:29ada5e84c6b204cf518191a21bbd22de5cb53a61bc1812b1072ce5c28a235b2_amd64"
        ],
        "known_not_affected": [
          "Red Hat Developer Hub 1.7:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:e191728df327f9e904c981f7f92bb2ca03fc4555094e0f53b12d86a367831b7b_amd64",
          "Red Hat Developer Hub 1.7:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:91549345e194052fa0248082962e552ea46548a5981f9975e439791ee1ecbe23_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2025-64756"
        },
        {
          "category": "external",
          "summary": "RHBZ#2415451",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2415451"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2025-64756",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-64756"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-64756",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-64756"
        },
        {
          "category": "external",
          "summary": "https://github.com/isaacs/node-glob/commit/47473c046b91c67269df7a66eab782a6c2716146",
          "url": "https://github.com/isaacs/node-glob/commit/47473c046b91c67269df7a66eab782a6c2716146"
        },
        {
          "category": "external",
          "summary": "https://github.com/isaacs/node-glob/security/advisories/GHSA-5j98-mcp5-4vw2",
          "url": "https://github.com/isaacs/node-glob/security/advisories/GHSA-5j98-mcp5-4vw2"
        }
      ],
      "release_date": "2025-11-17T17:29:08.029000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-01-07T18:34:52+00:00",
          "details": "For more about Red Hat Developer Hub, see References links",
          "product_ids": [
            "Red Hat Developer Hub 1.7:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:29ada5e84c6b204cf518191a21bbd22de5cb53a61bc1812b1072ce5c28a235b2_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:0261"
        },
        {
          "category": "workaround",
          "details": "To mitigate this issue, avoid using the `glob` command-line interface with the `-c` or `--cmd` option when processing filenames from untrusted sources. If programmatic use of `glob` is necessary, ensure that filenames are thoroughly sanitized before being passed to commands executed with shell interpretation enabled.",
          "product_ids": [
            "Red Hat Developer Hub 1.7:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:29ada5e84c6b204cf518191a21bbd22de5cb53a61bc1812b1072ce5c28a235b2_amd64",
            "Red Hat Developer Hub 1.7:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:e191728df327f9e904c981f7f92bb2ca03fc4555094e0f53b12d86a367831b7b_amd64",
            "Red Hat Developer Hub 1.7:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:91549345e194052fa0248082962e552ea46548a5981f9975e439791ee1ecbe23_amd64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "Red Hat Developer Hub 1.7:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:29ada5e84c6b204cf518191a21bbd22de5cb53a61bc1812b1072ce5c28a235b2_amd64",
            "Red Hat Developer Hub 1.7:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:e191728df327f9e904c981f7f92bb2ca03fc4555094e0f53b12d86a367831b7b_amd64",
            "Red Hat Developer Hub 1.7:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:91549345e194052fa0248082962e552ea46548a5981f9975e439791ee1ecbe23_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "glob: glob: Command Injection Vulnerability via Malicious Filenames"
    },
    {
      "cve": "CVE-2025-65945",
      "cwe": {
        "id": "CWE-347",
        "name": "Improper Verification of Cryptographic Signature"
      },
      "discovery_date": "2025-12-04T19:01:14.733682+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "Red Hat Developer Hub 1.7:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:e191728df327f9e904c981f7f92bb2ca03fc4555094e0f53b12d86a367831b7b_amd64",
            "Red Hat Developer Hub 1.7:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:91549345e194052fa0248082962e552ea46548a5981f9975e439791ee1ecbe23_amd64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2418904"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in auth0/node-jws. This vulnerability allows improper signature verification via using the HS256 (Hash-based Message Authentication Code using SHA-256) algorithm under specific conditions, where applications use the jws.createVerify() function for HMAC (Keyed-Hash Message Authentication Code) algorithms and user-provided data from the JSON (JavaScript Object Notation) Web Signature protected header or payload in HMAC secret lookup routines.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "node-jws: auth0/node-jws: Improper signature verification in HS256 algorithm",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Developer Hub 1.7:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:29ada5e84c6b204cf518191a21bbd22de5cb53a61bc1812b1072ce5c28a235b2_amd64"
        ],
        "known_not_affected": [
          "Red Hat Developer Hub 1.7:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:e191728df327f9e904c981f7f92bb2ca03fc4555094e0f53b12d86a367831b7b_amd64",
          "Red Hat Developer Hub 1.7:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:91549345e194052fa0248082962e552ea46548a5981f9975e439791ee1ecbe23_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2025-65945"
        },
        {
          "category": "external",
          "summary": "RHBZ#2418904",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2418904"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2025-65945",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-65945"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-65945",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-65945"
        },
        {
          "category": "external",
          "summary": "https://github.com/auth0/node-jws/commit/34c45b2c04434f925b638de6a061de9339c0ea2e",
          "url": "https://github.com/auth0/node-jws/commit/34c45b2c04434f925b638de6a061de9339c0ea2e"
        },
        {
          "category": "external",
          "summary": "https://github.com/auth0/node-jws/security/advisories/GHSA-869p-cjfg-cm3x",
          "url": "https://github.com/auth0/node-jws/security/advisories/GHSA-869p-cjfg-cm3x"
        }
      ],
      "release_date": "2025-12-04T18:45:37.517000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-01-07T18:34:52+00:00",
          "details": "For more about Red Hat Developer Hub, see References links",
          "product_ids": [
            "Red Hat Developer Hub 1.7:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:29ada5e84c6b204cf518191a21bbd22de5cb53a61bc1812b1072ce5c28a235b2_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:0261"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
          "product_ids": [
            "Red Hat Developer Hub 1.7:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:29ada5e84c6b204cf518191a21bbd22de5cb53a61bc1812b1072ce5c28a235b2_amd64",
            "Red Hat Developer Hub 1.7:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:e191728df327f9e904c981f7f92bb2ca03fc4555094e0f53b12d86a367831b7b_amd64",
            "Red Hat Developer Hub 1.7:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:91549345e194052fa0248082962e552ea46548a5981f9975e439791ee1ecbe23_amd64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "Red Hat Developer Hub 1.7:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:29ada5e84c6b204cf518191a21bbd22de5cb53a61bc1812b1072ce5c28a235b2_amd64",
            "Red Hat Developer Hub 1.7:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:e191728df327f9e904c981f7f92bb2ca03fc4555094e0f53b12d86a367831b7b_amd64",
            "Red Hat Developer Hub 1.7:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:91549345e194052fa0248082962e552ea46548a5981f9975e439791ee1ecbe23_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "node-jws: auth0/node-jws: Improper signature verification in HS256 algorithm"
    },
    {
      "cve": "CVE-2025-66031",
      "cwe": {
        "id": "CWE-674",
        "name": "Uncontrolled Recursion"
      },
      "discovery_date": "2025-11-26T23:01:36.363253+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "Red Hat Developer Hub 1.7:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:e191728df327f9e904c981f7f92bb2ca03fc4555094e0f53b12d86a367831b7b_amd64",
            "Red Hat Developer Hub 1.7:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:91549345e194052fa0248082962e552ea46548a5981f9975e439791ee1ecbe23_amd64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2417397"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "An ASN.1 Denial of Service (Dos) vulnerability exists in the node-forge asn1.fromDer function within forge/lib/asn1.js. The ASN.1 DER parser implementation (_fromDer) recurses for every constructed ASN.1 value (SEQUENCE, SET, etc.) and lacks a guard limiting recursion depth. An attacker can craft a small DER blob containing a very large nesting depth of constructed TLVs which causes the Node.js V8 engine to exhaust its call stack and throw RangeError: Maximum call stack size exceeded, crashing or incapacitating the process handling the parse. This is a remote, low-cost Denial-of-Service against applications that parse untrusted ASN.1 objects.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "node-forge: node-forge ASN.1 Unbounded Recursion",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Developer Hub 1.7:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:29ada5e84c6b204cf518191a21bbd22de5cb53a61bc1812b1072ce5c28a235b2_amd64"
        ],
        "known_not_affected": [
          "Red Hat Developer Hub 1.7:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:e191728df327f9e904c981f7f92bb2ca03fc4555094e0f53b12d86a367831b7b_amd64",
          "Red Hat Developer Hub 1.7:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:91549345e194052fa0248082962e552ea46548a5981f9975e439791ee1ecbe23_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2025-66031"
        },
        {
          "category": "external",
          "summary": "RHBZ#2417397",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2417397"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2025-66031",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-66031"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-66031",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66031"
        },
        {
          "category": "external",
          "summary": "https://github.com/digitalbazaar/forge/commit/260425c6167a38aae038697132483b5517b26451",
          "url": "https://github.com/digitalbazaar/forge/commit/260425c6167a38aae038697132483b5517b26451"
        },
        {
          "category": "external",
          "summary": "https://github.com/digitalbazaar/forge/security/advisories/GHSA-554w-wpv2-vw27",
          "url": "https://github.com/digitalbazaar/forge/security/advisories/GHSA-554w-wpv2-vw27"
        }
      ],
      "release_date": "2025-11-26T22:23:26.013000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-01-07T18:34:52+00:00",
          "details": "For more about Red Hat Developer Hub, see References links",
          "product_ids": [
            "Red Hat Developer Hub 1.7:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:29ada5e84c6b204cf518191a21bbd22de5cb53a61bc1812b1072ce5c28a235b2_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:0261"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
          "product_ids": [
            "Red Hat Developer Hub 1.7:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:29ada5e84c6b204cf518191a21bbd22de5cb53a61bc1812b1072ce5c28a235b2_amd64",
            "Red Hat Developer Hub 1.7:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:e191728df327f9e904c981f7f92bb2ca03fc4555094e0f53b12d86a367831b7b_amd64",
            "Red Hat Developer Hub 1.7:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:91549345e194052fa0248082962e552ea46548a5981f9975e439791ee1ecbe23_amd64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          },
          "products": [
            "Red Hat Developer Hub 1.7:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:29ada5e84c6b204cf518191a21bbd22de5cb53a61bc1812b1072ce5c28a235b2_amd64",
            "Red Hat Developer Hub 1.7:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:e191728df327f9e904c981f7f92bb2ca03fc4555094e0f53b12d86a367831b7b_amd64",
            "Red Hat Developer Hub 1.7:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:91549345e194052fa0248082962e552ea46548a5981f9975e439791ee1ecbe23_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "node-forge: node-forge ASN.1 Unbounded Recursion"
    }
  ]
}

RHSA-2026:0414

Vulnerability from csaf_redhat - Published: 2026-01-08 22:34 - Updated: 2026-06-03 17:09

Summary

Red Hat Security Advisory: A Subscription Management tool for finding and reporting Red Hat product usage

Severity

Important

Notes

Topic: A Subscription Management tool for finding and reporting Red Hat product usage

Details: Red Hat Discovery, also known as Discovery, is an inspection and reporting tool that finds, identifies, and reports environment data, or facts, such as the number of physical and virtual systems on a network, their operating systems, and relevant configuration data stored within them. Discovery also identifies and reports more detailed facts for some versions of key Red Hat packages and products that it finds in the network.

CVE-2024-5642

A vulnerability was found in Python/CPython that does not disallow configuring an empty list ("[]") for SSLContext.set_npn_protocols(), which is an invalid value for the underlying OpenSSL API. This issue results in a buffer over-read when NPN is used. See CVE -2024-5535 for OpenSSL for more information.

2.7 (Low)


                        
                          CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L

CWE-20 - Improper Input Validation

Affected products

Fixed 4 products

Product	Version	Remediation
Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64	—	Vendor Fix fix
Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64	—	Vendor Fix fix
Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64	—	Vendor Fix fix
Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64	—	Vendor Fix fix

Threats

Impact Low

CVE-2025-4598

A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process. A SUID binary or process has a special type of permission, which allows the process to run with the file owner's permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original's SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality.

4.7 (Medium)


                        
                          CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

CWE-364 - Signal Handler Race Condition

Affected products

Fixed 4 products

Product	Version	Remediation
Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64	—	Vendor Fix fix Workaround
Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64	—	Vendor Fix fix Workaround
Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64	—	Vendor Fix fix Workaround
Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64	—	Vendor Fix fix Workaround

Threats

Impact Moderate

CVE-2025-6069

A denial-of-service (DoS) vulnerability has been discovered in Python's html.parser.HTMLParser class. When processing specially malformed HTML input, the parsing runtime can become quadratic with respect to the input size. This significantly increased processing time can lead to excessive resource consumption, ultimately causing a denial-of-service condition in applications that rely on this parser.

4.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

CWE-1333 - Inefficient Regular Expression Complexity

Affected products

Fixed 4 products

Product	Version	Remediation
Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64	—	Vendor Fix fix Workaround
Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64	—	Vendor Fix fix Workaround
Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64	—	Vendor Fix fix Workaround
Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64	—	Vendor Fix fix Workaround

Threats

Impact Moderate

CVE-2025-6075

A vulnerability in Python’s os.path.expandvars() function that can cause performance degradation. When processing specially crafted, user-controlled input with nested environment variable patterns, the function exhibits quadratic time complexity, potentially leading to excessive CPU usage and denial of service (DoS) conditions. No code execution or data exposure occurs, so the impact is limited to performance slowdown.

4.0 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

CWE-770 - Allocation of Resources Without Limits or Throttling

Affected products

Fixed 4 products

Product	Version	Remediation
Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64	—	Vendor Fix fix Workaround
Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64	—	Vendor Fix fix Workaround
Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64	—	Vendor Fix fix Workaround
Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64	—	Vendor Fix fix Workaround

Threats

Impact Low

CVE-2025-8291

A zip file handling flaw has been discovered in the python standard library `zipfile` module. The 'zipfile' module would not check the validity of the ZIP64 End of Central Directory (EOCD) Locator record offset value would not be used to locate the ZIP64 EOCD record, instead the ZIP64 EOCD record would be assumed to be the previous record in the ZIP archive. This could be abused to create ZIP archives that are handled differently by the 'zipfile' module compared to other ZIP implementations.

4.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

CWE-130 - Improper Handling of Length Parameter Inconsistency

Affected products

Fixed 4 products

Product	Version	Remediation
Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64	—	Vendor Fix fix Workaround
Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64	—	Vendor Fix fix Workaround
Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64	—	Vendor Fix fix Workaround
Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64	—	Vendor Fix fix Workaround

Threats

Impact Moderate

CVE-2025-9714

A flaw was found in libxstl/libxml2. The 'exsltDynMapFunction' function in libexslt/dynamic.c does not contain a recursion depth check, which may cause an infinite loop via a specially crafted XSLT document while handling 'dyn:map()', leading to stack exhaustion and a local denial of service.

6.2 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-606 - Unchecked Input for Loop Condition

Affected products

Fixed 4 products

Product	Version	Remediation
Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64	—	Vendor Fix fix Workaround
Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64	—	Vendor Fix fix Workaround
Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64	—	Vendor Fix fix Workaround
Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64	—	Vendor Fix fix Workaround

Threats

Impact Moderate

CVE-2025-12816

8.7 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N

CWE-179 - Incorrect Behavior Order: Early Validation

Affected products

Fixed 2 products

Product	Identifier	Version	Remediation
Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64		—	Vendor Fix fix Workaround
Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64		—	Vendor Fix fix Workaround

Known not affected 2 products

Product	Identifier	Version	Remediation
Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64		—	Workaround
Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64		—	Workaround

Threats

Impact Important

CVE-2025-15284

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-770 - Allocation of Resources Without Limits or Throttling

Affected products

Fixed 2 products

Product	Identifier	Version	Remediation
Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64		—	Vendor Fix fix Workaround
Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64		—	Vendor Fix fix Workaround

Known not affected 2 products

Product	Identifier	Version	Remediation
Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64		—	Workaround
Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64		—	Workaround

Threats

Impact Important

CVE-2025-45582

A relative path traversal flaw was found in the gnu tar utility. When archives with relative paths are extracted without the ‘--keep-old-files’ (‘-k’), the extraction process may overwrite existing files that the current user has access to. The server may be impacted if these files are critical to the operation of some service.

5.6 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

CWE-24 - Path Traversal: '../filedir'

Affected products

Fixed 4 products

Product	Version	Remediation
Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64	—	Vendor Fix fix Workaround
Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64	—	Vendor Fix fix Workaround
Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64	—	Vendor Fix fix Workaround
Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64	—	Vendor Fix fix Workaround

Threats

Impact Moderate

CVE-2025-59375

A memory amplification vulnerability in libexpat allows attackers to trigger excessive dynamic memory allocations by submitting specially crafted XML input. A small input (~250 KiB) can cause the parser to allocate hundreds of megabytes, leading to denial-of-service (DoS) through memory exhaustion.

5.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

CWE-770 - Allocation of Resources Without Limits or Throttling

Affected products

Fixed 4 products

Product	Version	Remediation
Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64	—	Vendor Fix fix Workaround
Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64	—	Vendor Fix fix Workaround
Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64	—	Vendor Fix fix Workaround
Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64	—	Vendor Fix fix Workaround

Threats

Impact Important

CVE-2025-59682

A flaw was found in Django. The django.utils.archive.extract() function, used by startapp --templateand startproject --template, allowed partial directory-traversal via an archive with file paths sharing a common prefix with the target directory.

8.8 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Affected products

Fixed 2 products

Product	Identifier	Version	Remediation
Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64		—	Vendor Fix fix Workaround
Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64		—	Vendor Fix fix Workaround

Known not affected 2 products

Product	Identifier	Version	Remediation
Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64		—	Workaround
Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64		—	Workaround

Threats

Impact Important

CVE-2025-61984

A flaw was found in OpenSSH where control characters in usernames were not properly validated when sourced from untrusted inputs like the command line or configuration expansion. If a ProxyCommand is used, these control characters could modify command behavior, potentially leading to code execution.

5.3 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

CWE-159 - Improper Handling of Invalid Use of Special Elements

Affected products

Fixed 2 products

Product	Identifier	Version	Remediation
Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64		—	Vendor Fix fix
Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64		—	Vendor Fix fix

Known not affected 2 products

Product	Identifier	Version	Remediation
Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64		—
Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64		—

Threats

Impact Moderate

CVE-2025-61985

A flaw was found in OpenSSH where the SSH client accepted \0 (null) characters in ssh:// URIs. When a ProxyCommand is configured, these characters could alter how the command is parsed, potentially leading to code execution depending on how the proxy is set up.

5.3 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

CWE-158 - Improper Neutralization of Null Byte or NUL Character

Affected products

Fixed 2 products

Product	Identifier	Version	Remediation
Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64		—	Vendor Fix fix
Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64		—	Vendor Fix fix

Known not affected 2 products

Product	Identifier	Version	Remediation
Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64		—
Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64		—

Threats

Impact Moderate

CVE-2025-64460

A flaw was found in Django. This vulnerability allows a remote attacker to cause a potential denial-of-service (DoS) attack triggering Central Processing Unit (CPU) and memory exhaustion via specially crafted Extensible Markup Language (XML) input processed by the XML Deserializer.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-407 - Inefficient Algorithmic Complexity

Affected products

Fixed 2 products

Product	Identifier	Version	Remediation
Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64		—	Vendor Fix fix Workaround
Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64		—	Vendor Fix fix Workaround

Known not affected 2 products

Product	Identifier	Version	Remediation
Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64		—	Workaround
Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64		—	Workaround

Threats

Impact Important

CVE-2025-64720

A buffer overflow flaw has been discovered in libpng. An out-of-bounds read vulnerability exists in png_image_read_composite when processing palette images with PNG_FLAG_OPTIMIZE_ALPHA enabled. The palette compositing code in png_init_read_transformations incorrectly applies background compositing during premultiplication, violating the invariant component ≤ alpha × 257 required by the simplified PNG API.

7.1 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H

CWE-125 - Out-of-bounds Read

Affected products

Fixed 2 products

Product	Identifier	Version	Remediation
Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64		—	Vendor Fix fix Workaround
Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64		—	Vendor Fix fix Workaround

Known not affected 2 products

Product	Identifier	Version	Remediation
Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64		—	Workaround
Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64		—	Workaround

Threats

Impact Important

CVE-2025-64756

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Affected products

Fixed 2 products

Product	Identifier	Version	Remediation
Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64		—	Vendor Fix fix Workaround
Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64		—	Vendor Fix fix Workaround

Known not affected 2 products

Product	Identifier	Version	Remediation
Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64		—	Workaround
Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64		—	Workaround

Threats

Impact Important

CVE-2025-65018

A buffer overflow flaw has been discovered in libpng. There is a heap buffer overflow vulnerability in the libpng simplified API function png_image_finish_read when processing 16-bit interlaced PNGs with 8-bit output format. Attacker-crafted interlaced PNG files cause heap writes beyond allocated buffer bounds.

7.1 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H

CWE-787 - Out-of-bounds Write

Affected products

Fixed 2 products

Product	Identifier	Version	Remediation
Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64		—	Vendor Fix fix Workaround
Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64		—	Vendor Fix fix Workaround

Known not affected 2 products

Product	Identifier	Version	Remediation
Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64		—	Workaround
Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64		—	Workaround

Threats

Impact Important

CVE-2025-66031

5.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

CWE-674 - Uncontrolled Recursion

Affected products

Fixed 2 products

Product	Identifier	Version	Remediation
Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64		—	Vendor Fix fix Workaround
Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64		—	Vendor Fix fix Workaround

Known not affected 2 products

Product	Identifier	Version	Remediation
Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64		—	Workaround
Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64		—	Workaround

Threats

Impact Moderate

CVE-2025-66293

An out of bounds read vulnerability has been discovered in libpng. This vulnerability is in libpng's simplified API allows reading up to 1012 bytes beyond the png_sRGB_base[512] array when processing valid palette PNG images with partial transparency and gamma correction. The PNG files that trigger this vulnerability are valid per the PNG specification; the bug is in libpng's internal state management.

7.1 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H

CWE-125 - Out-of-bounds Read

Affected products

Fixed 2 products

Product	Identifier	Version	Remediation
Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64		—	Vendor Fix fix Workaround
Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64		—	Vendor Fix fix Workaround

Known not affected 2 products

Product	Identifier	Version	Remediation
Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64		—	Workaround
Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64		—	Workaround

Threats

Impact Important

CVE-2025-66418

A flaw was found in urllib3 Python library that could lead to a Denial of Service condition. A remote, malicious server can exploit this flaw by responding to a client request with an HTTP message that uses an excessive number of chained compression algorithms. This unlimited decompression chain causes the client system to consume a virtually unbounded amount of CPU resources and memory. The high resource usage leads to service disruption, making the application unresponsive.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-770 - Allocation of Resources Without Limits or Throttling

Affected products

Fixed 4 products

Product	Version	Remediation
Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64	—	Vendor Fix fix
Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64	—	Vendor Fix fix
Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64	—	Vendor Fix fix
Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64	—	Vendor Fix fix

Threats

Impact Important

References

157 references

URL	Category
https://access.redhat.com/errata/RHSA-2026:0414	self
https://access.redhat.com/security/cve/CVE-2024-5642	external
https://access.redhat.com/security/cve/CVE-2025-12816	external
https://access.redhat.com/security/cve/CVE-2025-15284	external
https://access.redhat.com/security/cve/CVE-2025-45582	external
https://access.redhat.com/security/cve/CVE-2025-4598	external
https://access.redhat.com/security/cve/CVE-2025-59375	external
https://access.redhat.com/security/cve/CVE-2025-59682	external
https://access.redhat.com/security/cve/CVE-2025-6069	external
https://access.redhat.com/security/cve/CVE-2025-6075	external
https://access.redhat.com/security/cve/CVE-2025-61984	external
https://access.redhat.com/security/cve/CVE-2025-61985	external
https://access.redhat.com/security/cve/CVE-2025-64460	external
https://access.redhat.com/security/cve/CVE-2025-64720	external
https://access.redhat.com/security/cve/CVE-2025-64756	external
https://access.redhat.com/security/cve/CVE-2025-65018	external
https://access.redhat.com/security/cve/CVE-2025-66031	external
https://access.redhat.com/security/cve/CVE-2025-66293	external
https://access.redhat.com/security/cve/CVE-2025-66418	external
https://access.redhat.com/security/cve/CVE-2025-8291	external
https://access.redhat.com/security/cve/CVE-2025-9714	external
https://access.redhat.com/security/updates/classi…	external
https://docs.redhat.com/en/documentation/subscrip…	external
https://security.access.redhat.com/data/csaf/v2/a…	self
https://access.redhat.com/security/cve/CVE-2024-5642	self
https://bugzilla.redhat.com/show_bug.cgi?id=2294682	external
https://www.cve.org/CVERecord?id=CVE-2024-5642	external
https://nvd.nist.gov/vuln/detail/CVE-2024-5642	external
https://mail.python.org/archives/list/security-an…	external
https://access.redhat.com/security/cve/CVE-2025-4598	self
https://bugzilla.redhat.com/show_bug.cgi?id=2369242	external
https://www.cve.org/CVERecord?id=CVE-2025-4598	external
https://nvd.nist.gov/vuln/detail/CVE-2025-4598	external
https://www.openwall.com/lists/oss-security/2025/…	external
https://access.redhat.com/security/cve/CVE-2025-6069	self
https://bugzilla.redhat.com/show_bug.cgi?id=2373234	external
https://www.cve.org/CVERecord?id=CVE-2025-6069	external
https://nvd.nist.gov/vuln/detail/CVE-2025-6069	external
https://github.com/python/cpython/commit/4455cbab…	external
https://github.com/python/cpython/commit/6eb6c5db…	external
https://github.com/python/cpython/commit/d851f8e2…	external
https://github.com/python/cpython/issues/135462	external
https://github.com/python/cpython/pull/135464	external
https://access.redhat.com/security/cve/CVE-2025-6075	self
https://bugzilla.redhat.com/show_bug.cgi?id=2408891	external
https://www.cve.org/CVERecord?id=CVE-2025-6075	external
https://nvd.nist.gov/vuln/detail/CVE-2025-6075	external
https://github.com/python/cpython/issues/136065	external
https://mail.python.org/archives/list/security-an…	external
https://access.redhat.com/security/cve/CVE-2025-8291	self
https://bugzilla.redhat.com/show_bug.cgi?id=2402342	external
https://www.cve.org/CVERecord?id=CVE-2025-8291	external
https://nvd.nist.gov/vuln/detail/CVE-2025-8291	external
https://github.com/python/cpython/commit/162997bb…	external
https://github.com/python/cpython/commit/333d4a6f…	external
https://github.com/python/cpython/issues/139700	external
https://github.com/python/cpython/pull/139702	external
https://mail.python.org/archives/list/security-an…	external
https://access.redhat.com/security/cve/CVE-2025-9714	self
https://bugzilla.redhat.com/show_bug.cgi?id=2392605	external
https://www.cve.org/CVERecord?id=CVE-2025-9714	external
https://nvd.nist.gov/vuln/detail/CVE-2025-9714	external
https://gitlab.gnome.org/GNOME/libxml2/-/commit/6…	external
https://gitlab.gnome.org/GNOME/libxslt/-/issues/148	external
https://access.redhat.com/security/cve/CVE-2025-12816	self
https://bugzilla.redhat.com/show_bug.cgi?id=2417097	external
https://www.cve.org/CVERecord?id=CVE-2025-12816	external
https://nvd.nist.gov/vuln/detail/CVE-2025-12816	external
https://github.com/digitalbazaar/forge	external
https://github.com/digitalbazaar/forge/pull/1124	external
https://github.com/digitalbazaar/forge/security/a…	external
https://kb.cert.org/vuls/id/521113	external
https://www.npmjs.com/package/node-forge	external
https://access.redhat.com/security/cve/CVE-2025-15284	self
https://bugzilla.redhat.com/show_bug.cgi?id=2425946	external
https://www.cve.org/CVERecord?id=CVE-2025-15284	external
https://nvd.nist.gov/vuln/detail/CVE-2025-15284	external
https://github.com/ljharb/qs/commit/3086902ecf7f0…	external
https://github.com/ljharb/qs/security/advisories/…	external
https://access.redhat.com/security/cve/CVE-2025-45582	self
https://bugzilla.redhat.com/show_bug.cgi?id=2379592	external
https://www.cve.org/CVERecord?id=CVE-2025-45582	external
https://nvd.nist.gov/vuln/detail/CVE-2025-45582	external
https://github.com/i900008/vulndb/blob/main/Gnu_t…	external
https://www.gnu.org/software/tar/	external
https://www.gnu.org/software/tar/manual/html_node…	external
https://access.redhat.com/security/cve/CVE-2025-59375	self
https://bugzilla.redhat.com/show_bug.cgi?id=2395108	external
https://www.cve.org/CVERecord?id=CVE-2025-59375	external
https://nvd.nist.gov/vuln/detail/CVE-2025-59375	external
https://www.mozilla.org/security/advisories/mfsa2…	external
https://www.mozilla.org/security/advisories/mfsa2…	external
https://access.redhat.com/security/cve/CVE-2025-59682	self
https://bugzilla.redhat.com/show_bug.cgi?id=2400450	external
https://www.cve.org/CVERecord?id=CVE-2025-59682	external
https://nvd.nist.gov/vuln/detail/CVE-2025-59682	external
https://access.redhat.com/security/cve/CVE-2025-61984	self
https://bugzilla.redhat.com/show_bug.cgi?id=2401960	external
https://www.cve.org/CVERecord?id=CVE-2025-61984	external
https://nvd.nist.gov/vuln/detail/CVE-2025-61984	external
https://marc.info/?l=openssh-unix-dev&m=175974522…	external
https://www.openssh.com/releasenotes.html#10.1p1	external
https://www.openwall.com/lists/oss-security/2025/…	external
https://access.redhat.com/security/cve/CVE-2025-61985	self
https://bugzilla.redhat.com/show_bug.cgi?id=2401962	external
https://www.cve.org/CVERecord?id=CVE-2025-61985	external
https://nvd.nist.gov/vuln/detail/CVE-2025-61985	external
https://access.redhat.com/security/cve/CVE-2025-64460	self
https://bugzilla.redhat.com/show_bug.cgi?id=2418366	external
https://www.cve.org/CVERecord?id=CVE-2025-64460	external
https://nvd.nist.gov/vuln/detail/CVE-2025-64460	external
https://docs.djangoproject.com/en/dev/releases/se…	external
https://groups.google.com/g/django-announce	external
https://www.djangoproject.com/weblog/2025/dec/02/…	external
https://access.redhat.com/security/cve/CVE-2025-64720	self
https://bugzilla.redhat.com/show_bug.cgi?id=2416904	external
https://www.cve.org/CVERecord?id=CVE-2025-64720	external
https://nvd.nist.gov/vuln/detail/CVE-2025-64720	external
https://github.com/pnggroup/libpng/commit/08da33b…	external
https://github.com/pnggroup/libpng/issues/686	external
https://github.com/pnggroup/libpng/pull/751	external
https://github.com/pnggroup/libpng/security/advis…	external
https://access.redhat.com/security/cve/CVE-2025-64756	self
https://bugzilla.redhat.com/show_bug.cgi?id=2415451	external
https://www.cve.org/CVERecord?id=CVE-2025-64756	external
https://nvd.nist.gov/vuln/detail/CVE-2025-64756	external
https://github.com/isaacs/node-glob/commit/47473c…	external
https://github.com/isaacs/node-glob/security/advi…	external
https://access.redhat.com/security/cve/CVE-2025-65018	self
https://bugzilla.redhat.com/show_bug.cgi?id=2416907	external
https://www.cve.org/CVERecord?id=CVE-2025-65018	external
https://nvd.nist.gov/vuln/detail/CVE-2025-65018	external
https://github.com/pnggroup/libpng/commit/16b5e38…	external
https://github.com/pnggroup/libpng/commit/218612d…	external
https://github.com/pnggroup/libpng/issues/755	external
https://github.com/pnggroup/libpng/pull/757	external
https://github.com/pnggroup/libpng/security/advis…	external
https://access.redhat.com/security/cve/CVE-2025-66031	self
https://bugzilla.redhat.com/show_bug.cgi?id=2417397	external
https://www.cve.org/CVERecord?id=CVE-2025-66031	external
https://nvd.nist.gov/vuln/detail/CVE-2025-66031	external
https://github.com/digitalbazaar/forge/commit/260…	external
https://github.com/digitalbazaar/forge/security/a…	external
https://access.redhat.com/security/cve/CVE-2025-66293	self
https://bugzilla.redhat.com/show_bug.cgi?id=2418711	external
https://www.cve.org/CVERecord?id=CVE-2025-66293	external
https://nvd.nist.gov/vuln/detail/CVE-2025-66293	external
https://github.com/pnggroup/libpng/commit/788a624…	external
https://github.com/pnggroup/libpng/commit/a05a48b…	external
https://github.com/pnggroup/libpng/issues/764	external
https://github.com/pnggroup/libpng/security/advis…	external
https://access.redhat.com/security/cve/CVE-2025-66418	self
https://bugzilla.redhat.com/show_bug.cgi?id=2419455	external
https://www.cve.org/CVERecord?id=CVE-2025-66418	external
https://nvd.nist.gov/vuln/detail/CVE-2025-66418	external
https://github.com/urllib3/urllib3/commit/24d7b67…	external
https://github.com/urllib3/urllib3/security/advis…	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "A Subscription Management tool for finding and reporting Red Hat product usage",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "Red Hat Discovery, also known as Discovery, is an inspection and reporting tool that finds,\nidentifies, and reports environment data, or facts, such as the number of physical and virtual\nsystems on a network, their operating systems, and relevant configuration data stored within\nthem. Discovery also identifies and reports more detailed facts for some versions of key\nRed Hat packages and products that it finds in the network.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2026:0414",
        "url": "https://access.redhat.com/errata/RHSA-2026:0414"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/CVE-2024-5642",
        "url": "https://access.redhat.com/security/cve/CVE-2024-5642"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/CVE-2025-12816",
        "url": "https://access.redhat.com/security/cve/CVE-2025-12816"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/CVE-2025-15284",
        "url": "https://access.redhat.com/security/cve/CVE-2025-15284"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/CVE-2025-45582",
        "url": "https://access.redhat.com/security/cve/CVE-2025-45582"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/CVE-2025-4598",
        "url": "https://access.redhat.com/security/cve/CVE-2025-4598"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/CVE-2025-59375",
        "url": "https://access.redhat.com/security/cve/CVE-2025-59375"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/CVE-2025-59682",
        "url": "https://access.redhat.com/security/cve/CVE-2025-59682"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/CVE-2025-6069",
        "url": "https://access.redhat.com/security/cve/CVE-2025-6069"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/CVE-2025-6075",
        "url": "https://access.redhat.com/security/cve/CVE-2025-6075"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/CVE-2025-61984",
        "url": "https://access.redhat.com/security/cve/CVE-2025-61984"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/CVE-2025-61985",
        "url": "https://access.redhat.com/security/cve/CVE-2025-61985"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/CVE-2025-64460",
        "url": "https://access.redhat.com/security/cve/CVE-2025-64460"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/CVE-2025-64720",
        "url": "https://access.redhat.com/security/cve/CVE-2025-64720"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/CVE-2025-64756",
        "url": "https://access.redhat.com/security/cve/CVE-2025-64756"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/CVE-2025-65018",
        "url": "https://access.redhat.com/security/cve/CVE-2025-65018"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/CVE-2025-66031",
        "url": "https://access.redhat.com/security/cve/CVE-2025-66031"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/CVE-2025-66293",
        "url": "https://access.redhat.com/security/cve/CVE-2025-66293"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/CVE-2025-66418",
        "url": "https://access.redhat.com/security/cve/CVE-2025-66418"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/CVE-2025-8291",
        "url": "https://access.redhat.com/security/cve/CVE-2025-8291"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/CVE-2025-9714",
        "url": "https://access.redhat.com/security/cve/CVE-2025-9714"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/",
        "url": "https://access.redhat.com/security/updates/classification/"
      },
      {
        "category": "external",
        "summary": "https://docs.redhat.com/en/documentation/subscription_central/1-latest/#Discovery",
        "url": "https://docs.redhat.com/en/documentation/subscription_central/1-latest/#Discovery"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_0414.json"
      }
    ],
    "title": "Red Hat Security Advisory: A Subscription Management tool for finding and reporting Red Hat product usage",
    "tracking": {
      "current_release_date": "2026-06-03T17:09:07+00:00",
      "generator": {
        "date": "2026-06-03T17:09:07+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.8.1"
        }
      },
      "id": "RHSA-2026:0414",
      "initial_release_date": "2026-01-08T22:34:17+00:00",
      "revision_history": [
        {
          "date": "2026-01-08T22:34:17+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2026-01-08T22:34:21+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2026-06-03T17:09:07+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Discovery 2",
                "product": {
                  "name": "Red Hat Discovery 2",
                  "product_id": "Red Hat Discovery 2",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:discovery:2::el9"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Discovery"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64",
                "product": {
                  "name": "registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64",
                  "product_id": "registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/discovery-server-rhel9@sha256%3Ad4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf?arch=amd64\u0026repository_url=registry.redhat.io/discovery\u0026tag=1767888970"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
                "product": {
                  "name": "registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
                  "product_id": "registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/discovery-ui-rhel9@sha256%3A899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee?arch=amd64\u0026repository_url=registry.redhat.io/discovery\u0026tag=1767904573"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "amd64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
                "product": {
                  "name": "registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
                  "product_id": "registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/discovery-server-rhel9@sha256%3A75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543?arch=arm64\u0026repository_url=registry.redhat.io/discovery\u0026tag=1767888970"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64",
                "product": {
                  "name": "registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64",
                  "product_id": "registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/discovery-ui-rhel9@sha256%3A8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e?arch=arm64\u0026repository_url=registry.redhat.io/discovery\u0026tag=1767904573"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "arm64"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64 as a component of Red Hat Discovery 2",
          "product_id": "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64"
        },
        "product_reference": "registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
        "relates_to_product_reference": "Red Hat Discovery 2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64 as a component of Red Hat Discovery 2",
          "product_id": "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64"
        },
        "product_reference": "registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64",
        "relates_to_product_reference": "Red Hat Discovery 2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64 as a component of Red Hat Discovery 2",
          "product_id": "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64"
        },
        "product_reference": "registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
        "relates_to_product_reference": "Red Hat Discovery 2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64 as a component of Red Hat Discovery 2",
          "product_id": "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
        },
        "product_reference": "registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64",
        "relates_to_product_reference": "Red Hat Discovery 2"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2024-5642",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "discovery_date": "2024-06-28T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2294682"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A vulnerability was found in Python/CPython that does not disallow configuring an empty list (\"[]\") for SSLContext.set_npn_protocols(), which is an invalid value for the underlying OpenSSL API. This issue results in a buffer over-read when NPN is used. See CVE -2024-5535 for OpenSSL for more information.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "python: Invalid value for OpenSSL API may cause Buffer over-read when NPN is used",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This vulnerability is rated with a Low severity due to NPN not being widely used and specifying an empty list is likely uncommon in practice. Typically, a protocol name would be configured.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
          "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64",
          "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
          "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2024-5642"
        },
        {
          "category": "external",
          "summary": "RHBZ#2294682",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2294682"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2024-5642",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-5642"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-5642",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-5642"
        },
        {
          "category": "external",
          "summary": "https://mail.python.org/archives/list/security-announce@python.org/thread/PLP2JI3PJY33YG6P5BZYSSNU66HASXBQ/",
          "url": "https://mail.python.org/archives/list/security-announce@python.org/thread/PLP2JI3PJY33YG6P5BZYSSNU66HASXBQ/"
        }
      ],
      "release_date": "2024-06-27T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-01-08T22:34:17+00:00",
          "details": "The containers required to run Discovery can be installed through discovery-installer\nRPM. See the official documentation for more details.",
          "product_ids": [
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64",
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:0414"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 2.7,
            "baseSeverity": "LOW",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          },
          "products": [
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64",
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "python: Invalid value for OpenSSL API may cause Buffer over-read when NPN is used"
    },
    {
      "cve": "CVE-2025-4598",
      "cwe": {
        "id": "CWE-364",
        "name": "Signal Handler Race Condition"
      },
      "discovery_date": "2025-05-29T19:04:54.578000+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2369242"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original\u0027s privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process.\n\nA SUID binary or process has a special type of permission, which allows the process to run with the file owner\u0027s permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original\u0027s SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "systemd-coredump: race condition that allows a local attacker to crash a SUID program and gain read access to the resulting core dump",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This flaw was rated as having a severity of Moderate due to the complexity to exploit this flaw. The attacker needs to setup a way to win the race condition and have an unprivileged local account to successfully exploit this vulnerability.\n\nBy default Red Hat Enterprise Linux 8 doesn\u0027t allow systemd-coredump to create dumps of SUID programs as the /proc/sys/fs/suid_dumpable is set to 0, disabling by default this capability.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
          "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64",
          "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
          "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2025-4598"
        },
        {
          "category": "external",
          "summary": "RHBZ#2369242",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2369242"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2025-4598",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-4598"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-4598",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-4598"
        },
        {
          "category": "external",
          "summary": "https://www.openwall.com/lists/oss-security/2025/05/29/3",
          "url": "https://www.openwall.com/lists/oss-security/2025/05/29/3"
        }
      ],
      "release_date": "2025-05-29T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-01-08T22:34:17+00:00",
          "details": "The containers required to run Discovery can be installed through discovery-installer\nRPM. See the official documentation for more details.",
          "product_ids": [
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64",
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:0414"
        },
        {
          "category": "workaround",
          "details": "This issue can be mitigated by disabling the capability of the system to generate a coredump for SUID binaries. The perform that, the following command can be ran as `root` user:\n\n~~~\necho 0 \u003e /proc/sys/fs/suid_dumpable\n~~~\n\nWhile this mitigates this vulnerability while it\u0027s not possible to update the systemd package, it disables the capability of analyzing crashes for such binaries.",
          "product_ids": [
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64",
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 4.7,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64",
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "systemd-coredump: race condition that allows a local attacker to crash a SUID program and gain read access to the resulting core dump"
    },
    {
      "cve": "CVE-2025-6069",
      "cwe": {
        "id": "CWE-1333",
        "name": "Inefficient Regular Expression Complexity"
      },
      "discovery_date": "2025-06-17T14:00:45.339399+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2373234"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A denial-of-service (DoS) vulnerability has been discovered in Python\u0027s html.parser.HTMLParser class. When processing specially malformed HTML input, the parsing runtime can become quadratic with respect to the input size. This significantly increased processing time can lead to excessive resource consumption, ultimately causing a denial-of-service condition in applications that rely on this parser.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "cpython: Python HTMLParser quadratic complexity",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
          "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64",
          "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
          "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2025-6069"
        },
        {
          "category": "external",
          "summary": "RHBZ#2373234",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2373234"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2025-6069",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-6069"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-6069",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-6069"
        },
        {
          "category": "external",
          "summary": "https://github.com/python/cpython/commit/4455cbabf991e202185a25a631af206f60bbc949",
          "url": "https://github.com/python/cpython/commit/4455cbabf991e202185a25a631af206f60bbc949"
        },
        {
          "category": "external",
          "summary": "https://github.com/python/cpython/commit/6eb6c5dbfb528bd07d77b60fd71fd05d81d45c41",
          "url": "https://github.com/python/cpython/commit/6eb6c5dbfb528bd07d77b60fd71fd05d81d45c41"
        },
        {
          "category": "external",
          "summary": "https://github.com/python/cpython/commit/d851f8e258c7328814943e923a7df81bca15df4b",
          "url": "https://github.com/python/cpython/commit/d851f8e258c7328814943e923a7df81bca15df4b"
        },
        {
          "category": "external",
          "summary": "https://github.com/python/cpython/issues/135462",
          "url": "https://github.com/python/cpython/issues/135462"
        },
        {
          "category": "external",
          "summary": "https://github.com/python/cpython/pull/135464",
          "url": "https://github.com/python/cpython/pull/135464"
        }
      ],
      "release_date": "2025-06-17T13:39:46.058000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-01-08T22:34:17+00:00",
          "details": "The containers required to run Discovery can be installed through discovery-installer\nRPM. See the official documentation for more details.",
          "product_ids": [
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64",
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:0414"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
          "product_ids": [
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64",
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          },
          "products": [
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64",
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "cpython: Python HTMLParser quadratic complexity"
    },
    {
      "cve": "CVE-2025-6075",
      "cwe": {
        "id": "CWE-770",
        "name": "Allocation of Resources Without Limits or Throttling"
      },
      "discovery_date": "2025-10-31T17:01:47.052517+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2408891"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A vulnerability in Python\u2019s os.path.expandvars() function that can cause performance degradation. When processing specially crafted, user-controlled input with nested environment variable patterns, the function exhibits quadratic time complexity, potentially leading to excessive CPU usage and denial of service (DoS) conditions. No code execution or data exposure occurs, so the impact is limited to performance slowdown.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "python: Quadratic complexity in os.path.expandvars() with user-controlled template",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This vulnerability is rated Low rather than Moderate because it only causes a performance inefficiency without affecting code execution, data integrity, or confidentiality. The flaw lies in the algorithmic complexity of os.path.expandvars(), which can become quadratic when processing crafted input containing repetitive or nested environment variable references. Exploitation requires the attacker to control the input string passed to this function, which is uncommon in secure applications. Moreover, the impact is limited to increased CPU utilization and potential slowdown, not system compromise or data manipulation. Since the issue does not introduce memory corruption, privilege escalation, or information disclosure risks, its overall impact scope and exploitability are minimal, justifying a Low severity rating.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
          "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64",
          "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
          "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2025-6075"
        },
        {
          "category": "external",
          "summary": "RHBZ#2408891",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2408891"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2025-6075",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-6075"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-6075",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-6075"
        },
        {
          "category": "external",
          "summary": "https://github.com/python/cpython/issues/136065",
          "url": "https://github.com/python/cpython/issues/136065"
        },
        {
          "category": "external",
          "summary": "https://mail.python.org/archives/list/security-announce@python.org/thread/IUP5QJ6D4KK6ULHOMPC7DPNKRYQTQNLA/",
          "url": "https://mail.python.org/archives/list/security-announce@python.org/thread/IUP5QJ6D4KK6ULHOMPC7DPNKRYQTQNLA/"
        }
      ],
      "release_date": "2025-10-31T16:41:34.983000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-01-08T22:34:17+00:00",
          "details": "The containers required to run Discovery can be installed through discovery-installer\nRPM. See the official documentation for more details.",
          "product_ids": [
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64",
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:0414"
        },
        {
          "category": "workaround",
          "details": "No mitigation is currently available that meets Red Hat Product Security\u2019s standards for usability, deployment, applicability, or stability.",
          "product_ids": [
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64",
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "LOW",
            "baseScore": 4.0,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          },
          "products": [
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64",
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "python: Quadratic complexity in os.path.expandvars() with user-controlled template"
    },
    {
      "cve": "CVE-2025-8291",
      "cwe": {
        "id": "CWE-130",
        "name": "Improper Handling of Length Parameter Inconsistency"
      },
      "discovery_date": "2025-10-07T19:01:23.599055+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2402342"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A zip file handling flaw has been discovered in the python standard library `zipfile` module. The \u0027zipfile\u0027 module would not check the validity of the ZIP64 End of Central Directory (EOCD) Locator record offset value would not be used to locate the ZIP64 EOCD record, instead the ZIP64 EOCD record would be assumed to be the previous record in the ZIP archive. This could be abused to create ZIP archives that are handled differently by the \u0027zipfile\u0027 module compared to other ZIP implementations.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "cpython: python: Python zipfile End of Central Directory (EOCD) Locator record offset not checked",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
          "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64",
          "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
          "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2025-8291"
        },
        {
          "category": "external",
          "summary": "RHBZ#2402342",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2402342"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2025-8291",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-8291"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-8291",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-8291"
        },
        {
          "category": "external",
          "summary": "https://github.com/python/cpython/commit/162997bb70e067668c039700141770687bc8f267",
          "url": "https://github.com/python/cpython/commit/162997bb70e067668c039700141770687bc8f267"
        },
        {
          "category": "external",
          "summary": "https://github.com/python/cpython/commit/333d4a6f4967d3ace91492a39ededbcf3faa76a6",
          "url": "https://github.com/python/cpython/commit/333d4a6f4967d3ace91492a39ededbcf3faa76a6"
        },
        {
          "category": "external",
          "summary": "https://github.com/python/cpython/issues/139700",
          "url": "https://github.com/python/cpython/issues/139700"
        },
        {
          "category": "external",
          "summary": "https://github.com/python/cpython/pull/139702",
          "url": "https://github.com/python/cpython/pull/139702"
        },
        {
          "category": "external",
          "summary": "https://mail.python.org/archives/list/security-announce@python.org/thread/QECOPWMTH4VPPJAXAH2BGTA4XADOP62G/",
          "url": "https://mail.python.org/archives/list/security-announce@python.org/thread/QECOPWMTH4VPPJAXAH2BGTA4XADOP62G/"
        }
      ],
      "release_date": "2025-10-07T18:10:05.908000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-01-08T22:34:17+00:00",
          "details": "The containers required to run Discovery can be installed through discovery-installer\nRPM. See the official documentation for more details.",
          "product_ids": [
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64",
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:0414"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
          "product_ids": [
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64",
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64",
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "cpython: python: Python zipfile End of Central Directory (EOCD) Locator record offset not checked"
    },
    {
      "cve": "CVE-2025-9714",
      "cwe": {
        "id": "CWE-606",
        "name": "Unchecked Input for Loop Condition"
      },
      "discovery_date": "2025-09-02T13:03:56.452000+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2392605"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in libxstl/libxml2. The \u0027exsltDynMapFunction\u0027 function in libexslt/dynamic.c does not contain a recursion depth check, which may cause an infinite loop via a specially crafted XSLT document while handling \u0027dyn:map()\u0027, leading to stack exhaustion and a local denial of service.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "libxslt: libxml2: Inifinite recursion at exsltDynMapFunction function in libexslt/dynamic.c",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "No evidence was found for arbitrary memory corruption through this flaw, limiting its impact to Availability only, and reducing its severity to Moderate.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
          "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64",
          "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
          "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2025-9714"
        },
        {
          "category": "external",
          "summary": "RHBZ#2392605",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2392605"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2025-9714",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-9714"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-9714",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-9714"
        },
        {
          "category": "external",
          "summary": "https://gitlab.gnome.org/GNOME/libxml2/-/commit/677a42645ef22b5a50741bad5facf9d8a8bc6d21",
          "url": "https://gitlab.gnome.org/GNOME/libxml2/-/commit/677a42645ef22b5a50741bad5facf9d8a8bc6d21"
        },
        {
          "category": "external",
          "summary": "https://gitlab.gnome.org/GNOME/libxslt/-/issues/148",
          "url": "https://gitlab.gnome.org/GNOME/libxslt/-/issues/148"
        }
      ],
      "release_date": "2025-09-02T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-01-08T22:34:17+00:00",
          "details": "The containers required to run Discovery can be installed through discovery-installer\nRPM. See the official documentation for more details.",
          "product_ids": [
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64",
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:0414"
        },
        {
          "category": "workaround",
          "details": "The impact of this flaw may be reduced by setting strict resource limits to the stack size of processes at the operational system level. This can be achieved either through the \u0027ulimit\u0027 shell built-in or the \u0027limits.conf\u0027 file.",
          "product_ids": [
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64",
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 6.2,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64",
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "libxslt: libxml2: Inifinite recursion at exsltDynMapFunction function in libexslt/dynamic.c"
    },
    {
      "cve": "CVE-2025-12816",
      "cwe": {
        "id": "CWE-179",
        "name": "Incorrect Behavior Order: Early Validation"
      },
      "discovery_date": "2025-11-25T20:01:05.875196+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2417097"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in node-forge. This vulnerability allows unauthenticated attackers to bypass downstream cryptographic verifications and security decisions via crafting ASN.1 (Abstract Syntax Notation One) structures to desynchronize schema validations, yielding a semantic divergence.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "node-forge: node-forge: Interpretation conflict vulnerability allows bypassing cryptographic verifications",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This vulnerability is rated Important for Red Hat products due to an interpretation conflict in the node-forge library. An unauthenticated attacker could exploit this flaw by crafting malicious ASN.1 structures, leading to a bypass of cryptographic verifications and security decisions in affected applications. This impacts various Red Hat products that utilize node-forge for cryptographic operations.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
          "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
        ],
        "known_not_affected": [
          "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
          "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2025-12816"
        },
        {
          "category": "external",
          "summary": "RHBZ#2417097",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2417097"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2025-12816",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-12816"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-12816",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-12816"
        },
        {
          "category": "external",
          "summary": "https://github.com/digitalbazaar/forge",
          "url": "https://github.com/digitalbazaar/forge"
        },
        {
          "category": "external",
          "summary": "https://github.com/digitalbazaar/forge/pull/1124",
          "url": "https://github.com/digitalbazaar/forge/pull/1124"
        },
        {
          "category": "external",
          "summary": "https://github.com/digitalbazaar/forge/security/advisories/GHSA-5gfm-wpxj-wjgq",
          "url": "https://github.com/digitalbazaar/forge/security/advisories/GHSA-5gfm-wpxj-wjgq"
        },
        {
          "category": "external",
          "summary": "https://kb.cert.org/vuls/id/521113",
          "url": "https://kb.cert.org/vuls/id/521113"
        },
        {
          "category": "external",
          "summary": "https://www.npmjs.com/package/node-forge",
          "url": "https://www.npmjs.com/package/node-forge"
        }
      ],
      "release_date": "2025-11-25T19:15:50.243000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-01-08T22:34:17+00:00",
          "details": "The containers required to run Discovery can be installed through discovery-installer\nRPM. See the official documentation for more details.",
          "product_ids": [
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:0414"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
          "product_ids": [
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64",
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 8.7,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64",
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "node-forge: node-forge: Interpretation conflict vulnerability allows bypassing cryptographic verifications"
    },
    {
      "cve": "CVE-2025-15284",
      "cwe": {
        "id": "CWE-770",
        "name": "Allocation of Resources Without Limits or Throttling"
      },
      "discovery_date": "2025-12-29T23:00:58.541337+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2425946"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in qs, a module used for parsing query strings. A remote attacker can exploit an improper input validation vulnerability by sending specially crafted HTTP requests that use bracket notation (e.g., `a[]=value`). This bypasses the `arrayLimit` option, which is designed to limit the size of parsed arrays and prevent resource exhaustion. Successful exploitation can lead to memory exhaustion, causing a Denial of Service (DoS) where the application crashes or becomes unresponsive, making the service unavailable to users.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "qs: qs: Denial of Service via improper input validation in array parsing",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This vulnerability is rated Important for Red Hat products that utilize the `qs` module for parsing query strings, particularly when processing user-controlled input with bracket notation. The `arrayLimit` option, intended to prevent resource exhaustion, is bypassed when bracket notation (`a[]=value`) is used, allowing a remote attacker to cause a denial of service through memory exhaustion. This can lead to application crashes or unresponsiveness, making the service unavailable.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
          "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
        ],
        "known_not_affected": [
          "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
          "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2025-15284"
        },
        {
          "category": "external",
          "summary": "RHBZ#2425946",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2425946"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2025-15284",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-15284"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-15284",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-15284"
        },
        {
          "category": "external",
          "summary": "https://github.com/ljharb/qs/commit/3086902ecf7f088d0d1803887643ac6c03d415b9",
          "url": "https://github.com/ljharb/qs/commit/3086902ecf7f088d0d1803887643ac6c03d415b9"
        },
        {
          "category": "external",
          "summary": "https://github.com/ljharb/qs/security/advisories/GHSA-6rw7-vpxm-498p",
          "url": "https://github.com/ljharb/qs/security/advisories/GHSA-6rw7-vpxm-498p"
        }
      ],
      "release_date": "2025-12-29T22:56:45.240000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-01-08T22:34:17+00:00",
          "details": "The containers required to run Discovery can be installed through discovery-installer\nRPM. See the official documentation for more details.",
          "product_ids": [
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:0414"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
          "product_ids": [
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64",
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64",
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "qs: qs: Denial of Service via improper input validation in array parsing"
    },
    {
      "cve": "CVE-2025-45582",
      "cwe": {
        "id": "CWE-24",
        "name": "Path Traversal: \u0027../filedir\u0027"
      },
      "discovery_date": "2025-07-11T17:00:47.340822+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2379592"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A relative path traversal flaw was found in the gnu tar utility. When archives with relative paths are extracted without the \u2018--keep-old-files\u2019 (\u2018-k\u2019), the extraction process may overwrite existing files that the current user has access to. The server may be impacted if these files are critical to the operation of some service.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "tar: Tar path traversal",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
          "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64",
          "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
          "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2025-45582"
        },
        {
          "category": "external",
          "summary": "RHBZ#2379592",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2379592"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2025-45582",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-45582"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-45582",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-45582"
        },
        {
          "category": "external",
          "summary": "https://github.com/i900008/vulndb/blob/main/Gnu_tar_vuln.md",
          "url": "https://github.com/i900008/vulndb/blob/main/Gnu_tar_vuln.md"
        },
        {
          "category": "external",
          "summary": "https://www.gnu.org/software/tar/",
          "url": "https://www.gnu.org/software/tar/"
        },
        {
          "category": "external",
          "summary": "https://www.gnu.org/software/tar/manual/html_node/Integrity.html#Integrity",
          "url": "https://www.gnu.org/software/tar/manual/html_node/Integrity.html#Integrity"
        }
      ],
      "release_date": "2025-07-11T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-01-08T22:34:17+00:00",
          "details": "The containers required to run Discovery can be installed through discovery-installer\nRPM. See the official documentation for more details.",
          "product_ids": [
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64",
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:0414"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
          "product_ids": [
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64",
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5.6,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.1"
          },
          "products": [
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64",
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "tar: Tar path traversal"
    },
    {
      "cve": "CVE-2025-59375",
      "cwe": {
        "id": "CWE-770",
        "name": "Allocation of Resources Without Limits or Throttling"
      },
      "discovery_date": "2025-09-15T03:00:59.775098+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2395108"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A memory amplification vulnerability in libexpat allows attackers to trigger excessive dynamic memory allocations by submitting specially crafted XML input. A small input (~250 KiB) can cause the parser to allocate hundreds of megabytes, leading to denial-of-service (DoS) through memory exhaustion.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "firefox: thunderbird: expat: libexpat in Expat allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This issue is Important rather than Critical because, while it allows for significant resource exhaustion leading to denial-of-service (DoS), it does not enable arbitrary code execution, data leakage, or privilege escalation. The vulnerability stems from an uncontrolled memory amplification behavior in libexpat\u2019s parser, where a relatively small XML payload can cause disproportionately large heap allocations. However, the flaw is limited in scope to service disruption and requires the attacker to submit a crafted XML document\u2014something that can be mitigated with proper input validation and memory usage limits. Therefore, while the exploitability is high, the impact is confined to availability, not confidentiality or integrity, making it a high-severity but not critical flaw.\n\nIn Firefox and Thunderbird, where libexpat is a transitive userspace dependency, exploitation usually just crashes the application (app-level DoS), so it is classified as Moderate instead of Important.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
          "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64",
          "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
          "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2025-59375"
        },
        {
          "category": "external",
          "summary": "RHBZ#2395108",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2395108"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2025-59375",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-59375"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-59375",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-59375"
        },
        {
          "category": "external",
          "summary": "https://www.mozilla.org/security/advisories/mfsa2026-22/#CVE-2025-59375",
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-22/#CVE-2025-59375"
        },
        {
          "category": "external",
          "summary": "https://www.mozilla.org/security/advisories/mfsa2026-24/#CVE-2025-59375",
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-24/#CVE-2025-59375"
        }
      ],
      "release_date": "2025-09-15T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-01-08T22:34:17+00:00",
          "details": "The containers required to run Discovery can be installed through discovery-installer\nRPM. See the official documentation for more details.",
          "product_ids": [
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64",
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:0414"
        },
        {
          "category": "workaround",
          "details": "To mitigate the issue, limit XML input size and complexity before parsing, and avoid accepting compressed or deeply nested XML. Use OS-level resource controls (like ulimit or setrlimit()) to cap memory usage, or run the parser in a sandboxed or isolated process with strict memory and CPU limits. This helps prevent denial-of-service by containing excessive resource consumption.",
          "product_ids": [
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64",
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          },
          "products": [
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64",
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "firefox: thunderbird: expat: libexpat in Expat allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing"
    },
    {
      "cve": "CVE-2025-59682",
      "cwe": {
        "id": "CWE-22",
        "name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
      },
      "discovery_date": "2025-09-30T13:18:31.746000+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2400450"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Django. The django.utils.archive.extract() function, used by startapp --templateand startproject --template, allowed partial directory-traversal via an archive with file paths sharing a common prefix with the target directory.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "django: Potential partial directory-traversal via archive.extract()",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
          "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64"
        ],
        "known_not_affected": [
          "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
          "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2025-59682"
        },
        {
          "category": "external",
          "summary": "RHBZ#2400450",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2400450"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2025-59682",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-59682"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-59682",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-59682"
        }
      ],
      "release_date": "2025-10-01T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-01-08T22:34:17+00:00",
          "details": "The containers required to run Discovery can be installed through discovery-installer\nRPM. See the official documentation for more details.",
          "product_ids": [
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:0414"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
          "product_ids": [
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64",
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64",
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "django: Potential partial directory-traversal via archive.extract()"
    },
    {
      "cve": "CVE-2025-61984",
      "cwe": {
        "id": "CWE-159",
        "name": "Improper Handling of Invalid Use of Special Elements"
      },
      "discovery_date": "2025-10-06T19:01:13.449665+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2401960"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in OpenSSH where control characters in usernames were not properly validated when sourced from untrusted inputs like the command line or configuration expansion. If a ProxyCommand is used, these control characters could modify command behavior, potentially leading to code execution.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "openssh: OpenSSH: Control characters in usernames can lead to code execution via ProxyCommand",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "The impact is MODERATE because it is a critical component used across many Red Hat products.\nThe issue occurs only when a ProxyCommand is configured and the SSH client handles a username containing control characters from an untrusted source, such as script-generated input or expanded configuration values.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
          "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64"
        ],
        "known_not_affected": [
          "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
          "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2025-61984"
        },
        {
          "category": "external",
          "summary": "RHBZ#2401960",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2401960"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2025-61984",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-61984"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61984",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61984"
        },
        {
          "category": "external",
          "summary": "https://marc.info/?l=openssh-unix-dev\u0026m=175974522032149\u0026w=2",
          "url": "https://marc.info/?l=openssh-unix-dev\u0026m=175974522032149\u0026w=2"
        },
        {
          "category": "external",
          "summary": "https://www.openssh.com/releasenotes.html#10.1p1",
          "url": "https://www.openssh.com/releasenotes.html#10.1p1"
        },
        {
          "category": "external",
          "summary": "https://www.openwall.com/lists/oss-security/2025/10/06/1",
          "url": "https://www.openwall.com/lists/oss-security/2025/10/06/1"
        }
      ],
      "release_date": "2025-10-06T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-01-08T22:34:17+00:00",
          "details": "The containers required to run Discovery can be installed through discovery-installer\nRPM. See the official documentation for more details.",
          "product_ids": [
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:0414"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "LOW",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.1"
          },
          "products": [
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64",
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "openssh: OpenSSH: Control characters in usernames can lead to code execution via ProxyCommand"
    },
    {
      "cve": "CVE-2025-61985",
      "cwe": {
        "id": "CWE-158",
        "name": "Improper Neutralization of Null Byte or NUL Character"
      },
      "discovery_date": "2025-10-06T19:01:16.841946+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2401962"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in OpenSSH where the SSH client accepted \\0 (null) characters in ssh:// URIs. When a ProxyCommand is configured, these characters could alter how the command is parsed, potentially leading to code execution depending on how the proxy is set up.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "openssh: OpenSSH: Null character in ssh:// URI can lead to code execution via ProxyCommand",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "The impact is MODERATE because it is a critical component used across many Red Hat products.\nExploiting this vulnerability would require a specific configuration where ProxyCommand is enabled and the SSH client processes an untrusted ssh:// URI containing null bytes. Under these conditions, the command parser may misinterpret the URI and execute unintended shell commands.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
          "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64"
        ],
        "known_not_affected": [
          "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
          "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2025-61985"
        },
        {
          "category": "external",
          "summary": "RHBZ#2401962",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2401962"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2025-61985",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-61985"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61985",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61985"
        },
        {
          "category": "external",
          "summary": "https://marc.info/?l=openssh-unix-dev\u0026m=175974522032149\u0026w=2",
          "url": "https://marc.info/?l=openssh-unix-dev\u0026m=175974522032149\u0026w=2"
        },
        {
          "category": "external",
          "summary": "https://www.openssh.com/releasenotes.html#10.1p1",
          "url": "https://www.openssh.com/releasenotes.html#10.1p1"
        },
        {
          "category": "external",
          "summary": "https://www.openwall.com/lists/oss-security/2025/10/06/1",
          "url": "https://www.openwall.com/lists/oss-security/2025/10/06/1"
        }
      ],
      "release_date": "2025-10-06T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-01-08T22:34:17+00:00",
          "details": "The containers required to run Discovery can be installed through discovery-installer\nRPM. See the official documentation for more details.",
          "product_ids": [
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:0414"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "LOW",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.1"
          },
          "products": [
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64",
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "openssh: OpenSSH: Null character in ssh:// URI can lead to code execution via ProxyCommand"
    },
    {
      "cve": "CVE-2025-64460",
      "cwe": {
        "id": "CWE-407",
        "name": "Inefficient Algorithmic Complexity"
      },
      "discovery_date": "2025-12-02T16:01:05.300335+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2418366"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Django. This vulnerability allows a remote attacker to cause a potential denial-of-service (DoS) attack triggering Central Processing Unit (CPU) and memory exhaustion via specially crafted Extensible Markup Language (XML) input processed by the XML Deserializer.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "Django: Django: Algorithmic complexity in XML Deserializer leads to denial of service",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This vulnerability is rated Important for Red Hat products that process XML input using Django\u0027s XML Deserializer, including Red Hat Ansible Automation Platform, Red Hat OpenStack Platform, and OpenShift Service Mesh. A remote attacker can exploit this flaw by providing specially crafted XML, leading to a denial-of-service due to CPU and memory exhaustion.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
          "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64"
        ],
        "known_not_affected": [
          "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
          "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2025-64460"
        },
        {
          "category": "external",
          "summary": "RHBZ#2418366",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2418366"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2025-64460",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-64460"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-64460",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-64460"
        },
        {
          "category": "external",
          "summary": "https://docs.djangoproject.com/en/dev/releases/security/",
          "url": "https://docs.djangoproject.com/en/dev/releases/security/"
        },
        {
          "category": "external",
          "summary": "https://groups.google.com/g/django-announce",
          "url": "https://groups.google.com/g/django-announce"
        },
        {
          "category": "external",
          "summary": "https://www.djangoproject.com/weblog/2025/dec/02/security-releases/",
          "url": "https://www.djangoproject.com/weblog/2025/dec/02/security-releases/"
        }
      ],
      "release_date": "2025-12-02T15:15:34.451000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-01-08T22:34:17+00:00",
          "details": "The containers required to run Discovery can be installed through discovery-installer\nRPM. See the official documentation for more details.",
          "product_ids": [
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:0414"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
          "product_ids": [
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64",
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64",
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "Django: Django: Algorithmic complexity in XML Deserializer leads to denial of service"
    },
    {
      "cve": "CVE-2025-64720",
      "cwe": {
        "id": "CWE-125",
        "name": "Out-of-bounds Read"
      },
      "discovery_date": "2025-11-25T00:00:54.081073+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2416904"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A buffer overflow flaw has been discovered in libpng. An out-of-bounds read vulnerability exists in png_image_read_composite when processing palette images with PNG_FLAG_OPTIMIZE_ALPHA enabled. The palette compositing code in png_init_read_transformations incorrectly applies background compositing during premultiplication, violating the invariant component \u2264 alpha \u00d7 257 required by the simplified PNG API.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "libpng: LIBPNG buffer overflow",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This vulnerability is rated Important for Red Hat products. An out-of-bounds read in libpng can occur when processing specially crafted palette images with `PNG_FLAG_OPTIMIZE_ALPHA` enabled. Successful exploitation requires a user to process a malicious PNG file, leading to potential application crash or information disclosure.\n\njava-*-openjdk-headless packages do not contain libsplashscreen.so, hence are not affected.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
          "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
        ],
        "known_not_affected": [
          "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
          "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2025-64720"
        },
        {
          "category": "external",
          "summary": "RHBZ#2416904",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2416904"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2025-64720",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-64720"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-64720",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-64720"
        },
        {
          "category": "external",
          "summary": "https://github.com/pnggroup/libpng/commit/08da33b4c88cfcd36e5a706558a8d7e0e4773643",
          "url": "https://github.com/pnggroup/libpng/commit/08da33b4c88cfcd36e5a706558a8d7e0e4773643"
        },
        {
          "category": "external",
          "summary": "https://github.com/pnggroup/libpng/issues/686",
          "url": "https://github.com/pnggroup/libpng/issues/686"
        },
        {
          "category": "external",
          "summary": "https://github.com/pnggroup/libpng/pull/751",
          "url": "https://github.com/pnggroup/libpng/pull/751"
        },
        {
          "category": "external",
          "summary": "https://github.com/pnggroup/libpng/security/advisories/GHSA-hfc7-ph9c-wcww",
          "url": "https://github.com/pnggroup/libpng/security/advisories/GHSA-hfc7-ph9c-wcww"
        }
      ],
      "release_date": "2025-11-24T23:45:38.315000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-01-08T22:34:17+00:00",
          "details": "The containers required to run Discovery can be installed through discovery-installer\nRPM. See the official documentation for more details.",
          "product_ids": [
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:0414"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
          "product_ids": [
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64",
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64",
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "libpng: LIBPNG buffer overflow"
    },
    {
      "cve": "CVE-2025-64756",
      "cwe": {
        "id": "CWE-78",
        "name": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)"
      },
      "discovery_date": "2025-11-17T18:01:28.077927+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2415451"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in glob. This vulnerability allows arbitrary command execution via processing files with malicious names when the glob command-line interface (CLI) is used with the -c/--cmd option, enabling shell metacharacters to trigger command injection.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "glob: glob: Command Injection Vulnerability via Malicious Filenames",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This flaw in glob allows arbitrary command execution when the `glob` command-line interface is used with the `-c/--cmd` option to process files with malicious names. The vulnerability is triggered by shell metacharacters in filenames, leading to command injection. The glob CLI tool utilizes the -c option to execute shell commands over the files which matched the searched pattern by using the shell:true parameter when creating the subprocess which will further execute the command informed via \u0027-c\u0027 option, this parameter allows the shell meta characters to be used and processed when executing the command. Given that information glob misses to sanitize the file name to eliminate such characters and expressions from the filename, leading to code execution as when performing the shell expansion such characters will be interpreted as shell commands.\n\nTo exploit this vulnerability the targeted system should run the glob CLI over a file with a maliciously crafted filename, additionally the attacker needs to have enough permission to create such file or trick the user to download and process the required file with the glob CLI.\n\nThis flaw is present in the command line interface of the nodejs-glob package. When the package is used by npm, the command line interface is not used at all, so it cannot be triggered. However, the command line interface implementation is still present on the system, but not directly exposed to the user\u0027s $PATH. To reflect this condition, nodejs packages have been rated with a low severity.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
          "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
        ],
        "known_not_affected": [
          "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
          "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2025-64756"
        },
        {
          "category": "external",
          "summary": "RHBZ#2415451",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2415451"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2025-64756",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-64756"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-64756",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-64756"
        },
        {
          "category": "external",
          "summary": "https://github.com/isaacs/node-glob/commit/47473c046b91c67269df7a66eab782a6c2716146",
          "url": "https://github.com/isaacs/node-glob/commit/47473c046b91c67269df7a66eab782a6c2716146"
        },
        {
          "category": "external",
          "summary": "https://github.com/isaacs/node-glob/security/advisories/GHSA-5j98-mcp5-4vw2",
          "url": "https://github.com/isaacs/node-glob/security/advisories/GHSA-5j98-mcp5-4vw2"
        }
      ],
      "release_date": "2025-11-17T17:29:08.029000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-01-08T22:34:17+00:00",
          "details": "The containers required to run Discovery can be installed through discovery-installer\nRPM. See the official documentation for more details.",
          "product_ids": [
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:0414"
        },
        {
          "category": "workaround",
          "details": "To mitigate this issue, avoid using the `glob` command-line interface with the `-c` or `--cmd` option when processing filenames from untrusted sources. If programmatic use of `glob` is necessary, ensure that filenames are thoroughly sanitized before being passed to commands executed with shell interpretation enabled.",
          "product_ids": [
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64",
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64",
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "glob: glob: Command Injection Vulnerability via Malicious Filenames"
    },
    {
      "cve": "CVE-2025-65018",
      "cwe": {
        "id": "CWE-787",
        "name": "Out-of-bounds Write"
      },
      "discovery_date": "2025-11-25T00:01:05.570152+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2416907"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A buffer overflow flaw has been discovered in libpng. There is a heap buffer overflow vulnerability in the libpng simplified API function png_image_finish_read when processing 16-bit interlaced PNGs with 8-bit output format. Attacker-crafted interlaced PNG files cause heap writes beyond allocated buffer bounds.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "libpng: LIBPNG heap buffer overflow",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This vulnerability is rated Important for Red Hat products. A heap buffer overflow exists in the libpng library\u0027s png_image_finish_read function when processing specially crafted 16-bit interlaced PNG images with an 8-bit output format. Successful exploitation requires a user or an automated system to process a malicious PNG file, which could lead to application crashes or arbitrary code execution.\n\njava-*-openjdk-headless packages do not contain libsplashscreen.so, hence are not affected.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
          "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
        ],
        "known_not_affected": [
          "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
          "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2025-65018"
        },
        {
          "category": "external",
          "summary": "RHBZ#2416907",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2416907"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2025-65018",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-65018"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-65018",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-65018"
        },
        {
          "category": "external",
          "summary": "https://github.com/pnggroup/libpng/commit/16b5e3823918840aae65c0a6da57c78a5a496a4d",
          "url": "https://github.com/pnggroup/libpng/commit/16b5e3823918840aae65c0a6da57c78a5a496a4d"
        },
        {
          "category": "external",
          "summary": "https://github.com/pnggroup/libpng/commit/218612ddd6b17944e21eda56caf8b4bf7779d1ea",
          "url": "https://github.com/pnggroup/libpng/commit/218612ddd6b17944e21eda56caf8b4bf7779d1ea"
        },
        {
          "category": "external",
          "summary": "https://github.com/pnggroup/libpng/issues/755",
          "url": "https://github.com/pnggroup/libpng/issues/755"
        },
        {
          "category": "external",
          "summary": "https://github.com/pnggroup/libpng/pull/757",
          "url": "https://github.com/pnggroup/libpng/pull/757"
        },
        {
          "category": "external",
          "summary": "https://github.com/pnggroup/libpng/security/advisories/GHSA-7wv6-48j4-hj3g",
          "url": "https://github.com/pnggroup/libpng/security/advisories/GHSA-7wv6-48j4-hj3g"
        }
      ],
      "release_date": "2025-11-24T23:50:18.294000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-01-08T22:34:17+00:00",
          "details": "The containers required to run Discovery can be installed through discovery-installer\nRPM. See the official documentation for more details.",
          "product_ids": [
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:0414"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
          "product_ids": [
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64",
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64",
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "libpng: LIBPNG heap buffer overflow"
    },
    {
      "cve": "CVE-2025-66031",
      "cwe": {
        "id": "CWE-674",
        "name": "Uncontrolled Recursion"
      },
      "discovery_date": "2025-11-26T23:01:36.363253+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2417397"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "An ASN.1 Denial of Service (Dos) vulnerability exists in the node-forge asn1.fromDer function within forge/lib/asn1.js. The ASN.1 DER parser implementation (_fromDer) recurses for every constructed ASN.1 value (SEQUENCE, SET, etc.) and lacks a guard limiting recursion depth. An attacker can craft a small DER blob containing a very large nesting depth of constructed TLVs which causes the Node.js V8 engine to exhaust its call stack and throw RangeError: Maximum call stack size exceeded, crashing or incapacitating the process handling the parse. This is a remote, low-cost Denial-of-Service against applications that parse untrusted ASN.1 objects.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "node-forge: node-forge ASN.1 Unbounded Recursion",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
          "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
        ],
        "known_not_affected": [
          "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
          "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2025-66031"
        },
        {
          "category": "external",
          "summary": "RHBZ#2417397",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2417397"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2025-66031",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-66031"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-66031",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66031"
        },
        {
          "category": "external",
          "summary": "https://github.com/digitalbazaar/forge/commit/260425c6167a38aae038697132483b5517b26451",
          "url": "https://github.com/digitalbazaar/forge/commit/260425c6167a38aae038697132483b5517b26451"
        },
        {
          "category": "external",
          "summary": "https://github.com/digitalbazaar/forge/security/advisories/GHSA-554w-wpv2-vw27",
          "url": "https://github.com/digitalbazaar/forge/security/advisories/GHSA-554w-wpv2-vw27"
        }
      ],
      "release_date": "2025-11-26T22:23:26.013000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-01-08T22:34:17+00:00",
          "details": "The containers required to run Discovery can be installed through discovery-installer\nRPM. See the official documentation for more details.",
          "product_ids": [
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:0414"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
          "product_ids": [
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64",
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          },
          "products": [
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64",
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "node-forge: node-forge ASN.1 Unbounded Recursion"
    },
    {
      "cve": "CVE-2025-66293",
      "cwe": {
        "id": "CWE-125",
        "name": "Out-of-bounds Read"
      },
      "discovery_date": "2025-12-03T21:00:59.956903+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2418711"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "An out of bounds read vulnerability has been discovered in libpng. This vulnerability is in libpng\u0027s simplified API allows reading up to 1012 bytes beyond the png_sRGB_base[512] array when processing valid palette PNG images with partial transparency and gamma correction. The PNG files that trigger this vulnerability are valid per the PNG specification; the bug is in libpng\u0027s internal state management.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "libpng: LIBPNG out-of-bounds read in png_image_read_composite",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "The Red Hat Product Security team has rated this vulnerability as Important as it affects libpng, a widely used library for PNG image processing. The flaw is due to an out-of-bounds read in libpng\u2019s simplified API when handling specially crafted PNG images containing partial transparency and gamma correction data. Successful exploitation could result in information disclosure or cause application crashes in applications processing untrusted PNG content.\n\nFor `java-17-openjdk-headless` and `java-21-openjdk-headless`, while the affected code is present in the bundled sources, it is not exercised by these headless packages.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
          "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
        ],
        "known_not_affected": [
          "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
          "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2025-66293"
        },
        {
          "category": "external",
          "summary": "RHBZ#2418711",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2418711"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2025-66293",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-66293"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-66293",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66293"
        },
        {
          "category": "external",
          "summary": "https://github.com/pnggroup/libpng/commit/788a624d7387a758ffd5c7ab010f1870dea753a1",
          "url": "https://github.com/pnggroup/libpng/commit/788a624d7387a758ffd5c7ab010f1870dea753a1"
        },
        {
          "category": "external",
          "summary": "https://github.com/pnggroup/libpng/commit/a05a48b756de63e3234ea6b3b938b8f5f862484a",
          "url": "https://github.com/pnggroup/libpng/commit/a05a48b756de63e3234ea6b3b938b8f5f862484a"
        },
        {
          "category": "external",
          "summary": "https://github.com/pnggroup/libpng/issues/764",
          "url": "https://github.com/pnggroup/libpng/issues/764"
        },
        {
          "category": "external",
          "summary": "https://github.com/pnggroup/libpng/security/advisories/GHSA-9mpm-9pxh-mg4f",
          "url": "https://github.com/pnggroup/libpng/security/advisories/GHSA-9mpm-9pxh-mg4f"
        }
      ],
      "release_date": "2025-12-03T20:33:57.086000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-01-08T22:34:17+00:00",
          "details": "The containers required to run Discovery can be installed through discovery-installer\nRPM. See the official documentation for more details.",
          "product_ids": [
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:0414"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
          "product_ids": [
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64",
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64",
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "libpng: LIBPNG out-of-bounds read in png_image_read_composite"
    },
    {
      "cve": "CVE-2025-66418",
      "cwe": {
        "id": "CWE-770",
        "name": "Allocation of Resources Without Limits or Throttling"
      },
      "discovery_date": "2025-12-05T17:01:20.277857+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2419455"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in urllib3 Python library that could lead to a Denial of Service condition. A remote, malicious server can exploit this flaw by responding to a client request with an HTTP message that uses an excessive number of chained compression algorithms. This unlimited decompression chain causes the client system to consume a virtually unbounded amount of CPU resources and memory. The high resource usage leads to service disruption, making the application unresponsive.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "urllib3: urllib3: Unbounded decompression chain leads to resource exhaustion",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
          "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64",
          "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
          "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2025-66418"
        },
        {
          "category": "external",
          "summary": "RHBZ#2419455",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2419455"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2025-66418",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-66418"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-66418",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66418"
        },
        {
          "category": "external",
          "summary": "https://github.com/urllib3/urllib3/commit/24d7b67eac89f94e11003424bcf0d8f7b72222a8",
          "url": "https://github.com/urllib3/urllib3/commit/24d7b67eac89f94e11003424bcf0d8f7b72222a8"
        },
        {
          "category": "external",
          "summary": "https://github.com/urllib3/urllib3/security/advisories/GHSA-gm62-xv2j-4w53",
          "url": "https://github.com/urllib3/urllib3/security/advisories/GHSA-gm62-xv2j-4w53"
        }
      ],
      "release_date": "2025-12-05T16:02:15.271000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-01-08T22:34:17+00:00",
          "details": "The containers required to run Discovery can be installed through discovery-installer\nRPM. See the official documentation for more details.",
          "product_ids": [
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64",
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:0414"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64",
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "urllib3: urllib3: Unbounded decompression chain leads to resource exhaustion"
    }
  ]
}

RHSA-2026:0518

Vulnerability from csaf_redhat - Published: 2026-01-13 16:03 - Updated: 2026-06-02 15:25

Summary

Red Hat Security Advisory: Red Hat Quay 3.16.1

Severity

Important

Notes

Topic: Red Hat Quay 3.16.1 is now available with bug fixes.

Details: Quay 3.16.1

CVE-2025-12816

8.7 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N

CWE-179 - Incorrect Behavior Order: Early Validation

Affected products

Fixed 3 products

Product	Version	Remediation
Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:87dff92ca84ba1c48bb87a276a660165c9d10475fd3067989b593a1fdce8e475_amd64	—	Vendor Fix fix Workaround
Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:a1fccdf3e171f8c2410e0fb3182e49188eec90f2acc08174634114455853436d_ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:ff78174701ecd4c840dff59667f0790419f850771f6726973434bf5fd6e81687_s390x	—	Vendor Fix fix Workaround

Known not affected 21 products

Product	Version	Remediation
Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:18674692fb24a03b3aad3f255b205a3afac8e6201efced2945b4bded3a0168db_s390x	—	Workaround
Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:85e4c20d0dcc746ccf96de9d46e838b5239b1ae0faf328410021ca2454bb55b6_amd64	—	Workaround
Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:d209a8c2876c8dac0380b942c701f67742d737423400189859752214a814e5f5_ppc64le	—	Workaround
Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:e8afb6364b22ee3d98bdf402a45cdd119dd52fe4c70d13c7e353d9917b5390fa_amd64	—	Workaround
Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:0fe722ed6c797a674d1edf5f2a0965eadd05a02bcc7598be674ccb61b8025df4_s390x	—	Workaround
Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:b89297ecfb0a9f63e4da66cccca8d56a116bd2bb90e0782227f9d97387042253_ppc64le	—	Workaround
Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:be10460471b54f6b5442718a4fbf696bb074a6fdaf07569f3519d0677a15ba00_amd64	—	Workaround
Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:84021c67a5bd508aff6efc6e641f108175e617ef3eef2019f5cecd25dc9a0691_amd64	—	Workaround
Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:9c878781eafcc20fe975634d4db7e795608ab89a6c77667c4af04d38af2500bd_ppc64le	—	Workaround
Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:d723221f0ad6ffca4be3b0dd095977ed231a389780ef78672a9fae6896bc9568_s390x	—	Workaround
Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:835936fd4e539387d9b8c9f9c1d2965d03835873b8c6027e4e9a1cde5ef6df55_s390x	—	Workaround
Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:bf793a2407f484febf3185542e8db736766da04297104fe8ceac0071d6773206_amd64	—	Workaround
Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:c1ab8f95c0dd121cd26d8ff0fe50fac54bc6934156a37b8a403c930059b506a5_ppc64le	—	Workaround
Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:4061bfdf8eebf9aa51a7701a685daa5ef97741adab368a7c9c03fd9d01dd63ee_amd64	—	Workaround
Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:12c014cc7ecc8a5ac4b4ae816cf1319d8a6dc5307dbb69de8484b2d276d1a48d_s390x	—	Workaround
Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:a0bfba880aa3c9350aabf6bc8345d9ad7d321edbef33aa8e48ae47e7668852ba_ppc64le	—	Workaround
Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:d9fcca30e7cede4d2fca8a050b04a844453f174906e90ca7e06a77d71cf139f5_amd64	—	Workaround
Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:0c5c0e745efdd28ad5fcf313884fab04ae371748b91a10ffd86fb9da5c13172d_amd64	—	Workaround
Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:0f8e8939cde91c873fbc617202e10bb064ac27713e85f7c4914fb73f7d591c29_amd64	—	Workaround
Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:b291c5cd49701ab09df74370e8971614eaee2ed8b27a77eaae0c09e6bf2ba633_s390x	—	Workaround
Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:c7ab16c077f5ee2f4e597810309ebdc825c8477461d3343478010e5435623e4f_ppc64le	—	Workaround

Threats

Impact Important

CVE-2025-59375

5.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

CWE-770 - Allocation of Resources Without Limits or Throttling

Affected products

Fixed 3 products

Product	Version	Remediation
Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:835936fd4e539387d9b8c9f9c1d2965d03835873b8c6027e4e9a1cde5ef6df55_s390x	—	Vendor Fix fix Workaround
Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:bf793a2407f484febf3185542e8db736766da04297104fe8ceac0071d6773206_amd64	—	Vendor Fix fix Workaround
Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:c1ab8f95c0dd121cd26d8ff0fe50fac54bc6934156a37b8a403c930059b506a5_ppc64le	—	Vendor Fix fix Workaround

Known not affected 21 products

Product	Version	Remediation
Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:18674692fb24a03b3aad3f255b205a3afac8e6201efced2945b4bded3a0168db_s390x	—	Workaround
Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:85e4c20d0dcc746ccf96de9d46e838b5239b1ae0faf328410021ca2454bb55b6_amd64	—	Workaround
Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:d209a8c2876c8dac0380b942c701f67742d737423400189859752214a814e5f5_ppc64le	—	Workaround
Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:e8afb6364b22ee3d98bdf402a45cdd119dd52fe4c70d13c7e353d9917b5390fa_amd64	—	Workaround
Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:0fe722ed6c797a674d1edf5f2a0965eadd05a02bcc7598be674ccb61b8025df4_s390x	—	Workaround
Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:b89297ecfb0a9f63e4da66cccca8d56a116bd2bb90e0782227f9d97387042253_ppc64le	—	Workaround
Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:be10460471b54f6b5442718a4fbf696bb074a6fdaf07569f3519d0677a15ba00_amd64	—	Workaround
Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:84021c67a5bd508aff6efc6e641f108175e617ef3eef2019f5cecd25dc9a0691_amd64	—	Workaround
Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:9c878781eafcc20fe975634d4db7e795608ab89a6c77667c4af04d38af2500bd_ppc64le	—	Workaround
Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:d723221f0ad6ffca4be3b0dd095977ed231a389780ef78672a9fae6896bc9568_s390x	—	Workaround
Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:4061bfdf8eebf9aa51a7701a685daa5ef97741adab368a7c9c03fd9d01dd63ee_amd64	—	Workaround
Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:12c014cc7ecc8a5ac4b4ae816cf1319d8a6dc5307dbb69de8484b2d276d1a48d_s390x	—	Workaround
Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:a0bfba880aa3c9350aabf6bc8345d9ad7d321edbef33aa8e48ae47e7668852ba_ppc64le	—	Workaround
Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:d9fcca30e7cede4d2fca8a050b04a844453f174906e90ca7e06a77d71cf139f5_amd64	—	Workaround
Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:0c5c0e745efdd28ad5fcf313884fab04ae371748b91a10ffd86fb9da5c13172d_amd64	—	Workaround
Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:0f8e8939cde91c873fbc617202e10bb064ac27713e85f7c4914fb73f7d591c29_amd64	—	Workaround
Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:b291c5cd49701ab09df74370e8971614eaee2ed8b27a77eaae0c09e6bf2ba633_s390x	—	Workaround
Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:c7ab16c077f5ee2f4e597810309ebdc825c8477461d3343478010e5435623e4f_ppc64le	—	Workaround
Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:87dff92ca84ba1c48bb87a276a660165c9d10475fd3067989b593a1fdce8e475_amd64	—	Workaround
Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:a1fccdf3e171f8c2410e0fb3182e49188eec90f2acc08174634114455853436d_ppc64le	—	Workaround
Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:ff78174701ecd4c840dff59667f0790419f850771f6726973434bf5fd6e81687_s390x	—	Workaround

Threats

Impact Important

CVE-2025-66031

5.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

CWE-674 - Uncontrolled Recursion

Affected products

Fixed 3 products

Product	Version	Remediation
Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:87dff92ca84ba1c48bb87a276a660165c9d10475fd3067989b593a1fdce8e475_amd64	—	Vendor Fix fix Workaround
Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:a1fccdf3e171f8c2410e0fb3182e49188eec90f2acc08174634114455853436d_ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:ff78174701ecd4c840dff59667f0790419f850771f6726973434bf5fd6e81687_s390x	—	Vendor Fix fix Workaround

Known not affected 21 products

Product	Version	Remediation
Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:18674692fb24a03b3aad3f255b205a3afac8e6201efced2945b4bded3a0168db_s390x	—	Workaround
Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:85e4c20d0dcc746ccf96de9d46e838b5239b1ae0faf328410021ca2454bb55b6_amd64	—	Workaround
Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:d209a8c2876c8dac0380b942c701f67742d737423400189859752214a814e5f5_ppc64le	—	Workaround
Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:e8afb6364b22ee3d98bdf402a45cdd119dd52fe4c70d13c7e353d9917b5390fa_amd64	—	Workaround
Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:0fe722ed6c797a674d1edf5f2a0965eadd05a02bcc7598be674ccb61b8025df4_s390x	—	Workaround
Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:b89297ecfb0a9f63e4da66cccca8d56a116bd2bb90e0782227f9d97387042253_ppc64le	—	Workaround
Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:be10460471b54f6b5442718a4fbf696bb074a6fdaf07569f3519d0677a15ba00_amd64	—	Workaround
Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:84021c67a5bd508aff6efc6e641f108175e617ef3eef2019f5cecd25dc9a0691_amd64	—	Workaround
Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:9c878781eafcc20fe975634d4db7e795608ab89a6c77667c4af04d38af2500bd_ppc64le	—	Workaround
Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:d723221f0ad6ffca4be3b0dd095977ed231a389780ef78672a9fae6896bc9568_s390x	—	Workaround
Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:835936fd4e539387d9b8c9f9c1d2965d03835873b8c6027e4e9a1cde5ef6df55_s390x	—	Workaround
Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:bf793a2407f484febf3185542e8db736766da04297104fe8ceac0071d6773206_amd64	—	Workaround
Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:c1ab8f95c0dd121cd26d8ff0fe50fac54bc6934156a37b8a403c930059b506a5_ppc64le	—	Workaround
Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:4061bfdf8eebf9aa51a7701a685daa5ef97741adab368a7c9c03fd9d01dd63ee_amd64	—	Workaround
Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:12c014cc7ecc8a5ac4b4ae816cf1319d8a6dc5307dbb69de8484b2d276d1a48d_s390x	—	Workaround
Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:a0bfba880aa3c9350aabf6bc8345d9ad7d321edbef33aa8e48ae47e7668852ba_ppc64le	—	Workaround
Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:d9fcca30e7cede4d2fca8a050b04a844453f174906e90ca7e06a77d71cf139f5_amd64	—	Workaround
Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:0c5c0e745efdd28ad5fcf313884fab04ae371748b91a10ffd86fb9da5c13172d_amd64	—	Workaround
Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:0f8e8939cde91c873fbc617202e10bb064ac27713e85f7c4914fb73f7d591c29_amd64	—	Workaround
Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:b291c5cd49701ab09df74370e8971614eaee2ed8b27a77eaae0c09e6bf2ba633_s390x	—	Workaround
Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:c7ab16c077f5ee2f4e597810309ebdc825c8477461d3343478010e5435623e4f_ppc64le	—	Workaround

Threats

Impact Moderate

References

27 references

URL	Category
https://access.redhat.com/errata/RHSA-2026:0518	self
https://access.redhat.com/security/cve/CVE-2025-12816	external
https://access.redhat.com/security/cve/CVE-2025-59375	external
https://access.redhat.com/security/cve/CVE-2025-66031	external
https://access.redhat.com/security/updates/classi…	external
https://security.access.redhat.com/data/csaf/v2/a…	self
https://access.redhat.com/security/cve/CVE-2025-12816	self
https://bugzilla.redhat.com/show_bug.cgi?id=2417097	external
https://www.cve.org/CVERecord?id=CVE-2025-12816	external
https://nvd.nist.gov/vuln/detail/CVE-2025-12816	external
https://github.com/digitalbazaar/forge	external
https://github.com/digitalbazaar/forge/pull/1124	external
https://github.com/digitalbazaar/forge/security/a…	external
https://kb.cert.org/vuls/id/521113	external
https://www.npmjs.com/package/node-forge	external
https://access.redhat.com/security/cve/CVE-2025-59375	self
https://bugzilla.redhat.com/show_bug.cgi?id=2395108	external
https://www.cve.org/CVERecord?id=CVE-2025-59375	external
https://nvd.nist.gov/vuln/detail/CVE-2025-59375	external
https://www.mozilla.org/security/advisories/mfsa2…	external
https://www.mozilla.org/security/advisories/mfsa2…	external
https://access.redhat.com/security/cve/CVE-2025-66031	self
https://bugzilla.redhat.com/show_bug.cgi?id=2417397	external
https://www.cve.org/CVERecord?id=CVE-2025-66031	external
https://nvd.nist.gov/vuln/detail/CVE-2025-66031	external
https://github.com/digitalbazaar/forge/commit/260…	external
https://github.com/digitalbazaar/forge/security/a…	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Red Hat Quay 3.16.1 is now available with bug fixes.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "Quay 3.16.1",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2026:0518",
        "url": "https://access.redhat.com/errata/RHSA-2026:0518"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/CVE-2025-12816",
        "url": "https://access.redhat.com/security/cve/CVE-2025-12816"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/CVE-2025-59375",
        "url": "https://access.redhat.com/security/cve/CVE-2025-59375"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/CVE-2025-66031",
        "url": "https://access.redhat.com/security/cve/CVE-2025-66031"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/",
        "url": "https://access.redhat.com/security/updates/classification/"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_0518.json"
      }
    ],
    "title": "Red Hat Security Advisory: Red Hat Quay 3.16.1",
    "tracking": {
      "current_release_date": "2026-06-02T15:25:16+00:00",
      "generator": {
        "date": "2026-06-02T15:25:16+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.8.1"
        }
      },
      "id": "RHSA-2026:0518",
      "initial_release_date": "2026-01-13T16:03:52+00:00",
      "revision_history": [
        {
          "date": "2026-01-13T16:03:52+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2026-01-13T16:04:01+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2026-06-02T15:25:16+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Quay 3.16",
                "product": {
                  "name": "Red Hat Quay 3.16",
                  "product_id": "Red Hat Quay 3.16",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:quay:3.16::el9"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Quay"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:9c878781eafcc20fe975634d4db7e795608ab89a6c77667c4af04d38af2500bd_ppc64le",
                "product": {
                  "name": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:9c878781eafcc20fe975634d4db7e795608ab89a6c77667c4af04d38af2500bd_ppc64le",
                  "product_id": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:9c878781eafcc20fe975634d4db7e795608ab89a6c77667c4af04d38af2500bd_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/quay-builder-qemu-rhcos-rhel8@sha256%3A9c878781eafcc20fe975634d4db7e795608ab89a6c77667c4af04d38af2500bd?arch=ppc64le\u0026repository_url=registry.redhat.io/quay\u0026tag=1767970158"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "registry.redhat.io/quay/quay-builder-rhel9@sha256:c1ab8f95c0dd121cd26d8ff0fe50fac54bc6934156a37b8a403c930059b506a5_ppc64le",
                "product": {
                  "name": "registry.redhat.io/quay/quay-builder-rhel9@sha256:c1ab8f95c0dd121cd26d8ff0fe50fac54bc6934156a37b8a403c930059b506a5_ppc64le",
                  "product_id": "registry.redhat.io/quay/quay-builder-rhel9@sha256:c1ab8f95c0dd121cd26d8ff0fe50fac54bc6934156a37b8a403c930059b506a5_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/quay-builder-rhel9@sha256%3Ac1ab8f95c0dd121cd26d8ff0fe50fac54bc6934156a37b8a403c930059b506a5?arch=ppc64le\u0026repository_url=registry.redhat.io/quay\u0026tag=1767979355"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:a0bfba880aa3c9350aabf6bc8345d9ad7d321edbef33aa8e48ae47e7668852ba_ppc64le",
                "product": {
                  "name": "registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:a0bfba880aa3c9350aabf6bc8345d9ad7d321edbef33aa8e48ae47e7668852ba_ppc64le",
                  "product_id": "registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:a0bfba880aa3c9350aabf6bc8345d9ad7d321edbef33aa8e48ae47e7668852ba_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/quay-container-security-operator-rhel9@sha256%3Aa0bfba880aa3c9350aabf6bc8345d9ad7d321edbef33aa8e48ae47e7668852ba?arch=ppc64le\u0026repository_url=registry.redhat.io/quay\u0026tag=1767978288"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:b89297ecfb0a9f63e4da66cccca8d56a116bd2bb90e0782227f9d97387042253_ppc64le",
                "product": {
                  "name": "registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:b89297ecfb0a9f63e4da66cccca8d56a116bd2bb90e0782227f9d97387042253_ppc64le",
                  "product_id": "registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:b89297ecfb0a9f63e4da66cccca8d56a116bd2bb90e0782227f9d97387042253_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/quay-bridge-operator-rhel9@sha256%3Ab89297ecfb0a9f63e4da66cccca8d56a116bd2bb90e0782227f9d97387042253?arch=ppc64le\u0026repository_url=registry.redhat.io/quay\u0026tag=1767969285"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "registry.redhat.io/quay/clair-rhel9@sha256:d209a8c2876c8dac0380b942c701f67742d737423400189859752214a814e5f5_ppc64le",
                "product": {
                  "name": "registry.redhat.io/quay/clair-rhel9@sha256:d209a8c2876c8dac0380b942c701f67742d737423400189859752214a814e5f5_ppc64le",
                  "product_id": "registry.redhat.io/quay/clair-rhel9@sha256:d209a8c2876c8dac0380b942c701f67742d737423400189859752214a814e5f5_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/clair-rhel9@sha256%3Ad209a8c2876c8dac0380b942c701f67742d737423400189859752214a814e5f5?arch=ppc64le\u0026repository_url=registry.redhat.io/quay\u0026tag=1767969180"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "registry.redhat.io/quay/quay-operator-rhel9@sha256:c7ab16c077f5ee2f4e597810309ebdc825c8477461d3343478010e5435623e4f_ppc64le",
                "product": {
                  "name": "registry.redhat.io/quay/quay-operator-rhel9@sha256:c7ab16c077f5ee2f4e597810309ebdc825c8477461d3343478010e5435623e4f_ppc64le",
                  "product_id": "registry.redhat.io/quay/quay-operator-rhel9@sha256:c7ab16c077f5ee2f4e597810309ebdc825c8477461d3343478010e5435623e4f_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/quay-operator-rhel9@sha256%3Ac7ab16c077f5ee2f4e597810309ebdc825c8477461d3343478010e5435623e4f?arch=ppc64le\u0026repository_url=registry.redhat.io/quay\u0026tag=1767969106"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "registry.redhat.io/quay/quay-rhel9@sha256:a1fccdf3e171f8c2410e0fb3182e49188eec90f2acc08174634114455853436d_ppc64le",
                "product": {
                  "name": "registry.redhat.io/quay/quay-rhel9@sha256:a1fccdf3e171f8c2410e0fb3182e49188eec90f2acc08174634114455853436d_ppc64le",
                  "product_id": "registry.redhat.io/quay/quay-rhel9@sha256:a1fccdf3e171f8c2410e0fb3182e49188eec90f2acc08174634114455853436d_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/quay-rhel9@sha256%3Aa1fccdf3e171f8c2410e0fb3182e49188eec90f2acc08174634114455853436d?arch=ppc64le\u0026repository_url=registry.redhat.io/quay\u0026tag=1767886976"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:d723221f0ad6ffca4be3b0dd095977ed231a389780ef78672a9fae6896bc9568_s390x",
                "product": {
                  "name": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:d723221f0ad6ffca4be3b0dd095977ed231a389780ef78672a9fae6896bc9568_s390x",
                  "product_id": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:d723221f0ad6ffca4be3b0dd095977ed231a389780ef78672a9fae6896bc9568_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/quay-builder-qemu-rhcos-rhel8@sha256%3Ad723221f0ad6ffca4be3b0dd095977ed231a389780ef78672a9fae6896bc9568?arch=s390x\u0026repository_url=registry.redhat.io/quay\u0026tag=1767970158"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:0fe722ed6c797a674d1edf5f2a0965eadd05a02bcc7598be674ccb61b8025df4_s390x",
                "product": {
                  "name": "registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:0fe722ed6c797a674d1edf5f2a0965eadd05a02bcc7598be674ccb61b8025df4_s390x",
                  "product_id": "registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:0fe722ed6c797a674d1edf5f2a0965eadd05a02bcc7598be674ccb61b8025df4_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/quay-bridge-operator-rhel9@sha256%3A0fe722ed6c797a674d1edf5f2a0965eadd05a02bcc7598be674ccb61b8025df4?arch=s390x\u0026repository_url=registry.redhat.io/quay\u0026tag=1767969285"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "registry.redhat.io/quay/quay-builder-rhel9@sha256:835936fd4e539387d9b8c9f9c1d2965d03835873b8c6027e4e9a1cde5ef6df55_s390x",
                "product": {
                  "name": "registry.redhat.io/quay/quay-builder-rhel9@sha256:835936fd4e539387d9b8c9f9c1d2965d03835873b8c6027e4e9a1cde5ef6df55_s390x",
                  "product_id": "registry.redhat.io/quay/quay-builder-rhel9@sha256:835936fd4e539387d9b8c9f9c1d2965d03835873b8c6027e4e9a1cde5ef6df55_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/quay-builder-rhel9@sha256%3A835936fd4e539387d9b8c9f9c1d2965d03835873b8c6027e4e9a1cde5ef6df55?arch=s390x\u0026repository_url=registry.redhat.io/quay\u0026tag=1767979355"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:12c014cc7ecc8a5ac4b4ae816cf1319d8a6dc5307dbb69de8484b2d276d1a48d_s390x",
                "product": {
                  "name": "registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:12c014cc7ecc8a5ac4b4ae816cf1319d8a6dc5307dbb69de8484b2d276d1a48d_s390x",
                  "product_id": "registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:12c014cc7ecc8a5ac4b4ae816cf1319d8a6dc5307dbb69de8484b2d276d1a48d_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/quay-container-security-operator-rhel9@sha256%3A12c014cc7ecc8a5ac4b4ae816cf1319d8a6dc5307dbb69de8484b2d276d1a48d?arch=s390x\u0026repository_url=registry.redhat.io/quay\u0026tag=1767978288"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "registry.redhat.io/quay/clair-rhel9@sha256:18674692fb24a03b3aad3f255b205a3afac8e6201efced2945b4bded3a0168db_s390x",
                "product": {
                  "name": "registry.redhat.io/quay/clair-rhel9@sha256:18674692fb24a03b3aad3f255b205a3afac8e6201efced2945b4bded3a0168db_s390x",
                  "product_id": "registry.redhat.io/quay/clair-rhel9@sha256:18674692fb24a03b3aad3f255b205a3afac8e6201efced2945b4bded3a0168db_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/clair-rhel9@sha256%3A18674692fb24a03b3aad3f255b205a3afac8e6201efced2945b4bded3a0168db?arch=s390x\u0026repository_url=registry.redhat.io/quay\u0026tag=1767969180"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "registry.redhat.io/quay/quay-operator-rhel9@sha256:b291c5cd49701ab09df74370e8971614eaee2ed8b27a77eaae0c09e6bf2ba633_s390x",
                "product": {
                  "name": "registry.redhat.io/quay/quay-operator-rhel9@sha256:b291c5cd49701ab09df74370e8971614eaee2ed8b27a77eaae0c09e6bf2ba633_s390x",
                  "product_id": "registry.redhat.io/quay/quay-operator-rhel9@sha256:b291c5cd49701ab09df74370e8971614eaee2ed8b27a77eaae0c09e6bf2ba633_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/quay-operator-rhel9@sha256%3Ab291c5cd49701ab09df74370e8971614eaee2ed8b27a77eaae0c09e6bf2ba633?arch=s390x\u0026repository_url=registry.redhat.io/quay\u0026tag=1767969106"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "registry.redhat.io/quay/quay-rhel9@sha256:ff78174701ecd4c840dff59667f0790419f850771f6726973434bf5fd6e81687_s390x",
                "product": {
                  "name": "registry.redhat.io/quay/quay-rhel9@sha256:ff78174701ecd4c840dff59667f0790419f850771f6726973434bf5fd6e81687_s390x",
                  "product_id": "registry.redhat.io/quay/quay-rhel9@sha256:ff78174701ecd4c840dff59667f0790419f850771f6726973434bf5fd6e81687_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/quay-rhel9@sha256%3Aff78174701ecd4c840dff59667f0790419f850771f6726973434bf5fd6e81687?arch=s390x\u0026repository_url=registry.redhat.io/quay\u0026tag=1767886976"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "registry.redhat.io/quay/quay-builder-rhel9@sha256:bf793a2407f484febf3185542e8db736766da04297104fe8ceac0071d6773206_amd64",
                "product": {
                  "name": "registry.redhat.io/quay/quay-builder-rhel9@sha256:bf793a2407f484febf3185542e8db736766da04297104fe8ceac0071d6773206_amd64",
                  "product_id": "registry.redhat.io/quay/quay-builder-rhel9@sha256:bf793a2407f484febf3185542e8db736766da04297104fe8ceac0071d6773206_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/quay-builder-rhel9@sha256%3Abf793a2407f484febf3185542e8db736766da04297104fe8ceac0071d6773206?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1767979355"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:84021c67a5bd508aff6efc6e641f108175e617ef3eef2019f5cecd25dc9a0691_amd64",
                "product": {
                  "name": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:84021c67a5bd508aff6efc6e641f108175e617ef3eef2019f5cecd25dc9a0691_amd64",
                  "product_id": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:84021c67a5bd508aff6efc6e641f108175e617ef3eef2019f5cecd25dc9a0691_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/quay-builder-qemu-rhcos-rhel8@sha256%3A84021c67a5bd508aff6efc6e641f108175e617ef3eef2019f5cecd25dc9a0691?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1767970158"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:4061bfdf8eebf9aa51a7701a685daa5ef97741adab368a7c9c03fd9d01dd63ee_amd64",
                "product": {
                  "name": "registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:4061bfdf8eebf9aa51a7701a685daa5ef97741adab368a7c9c03fd9d01dd63ee_amd64",
                  "product_id": "registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:4061bfdf8eebf9aa51a7701a685daa5ef97741adab368a7c9c03fd9d01dd63ee_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/quay-container-security-operator-bundle@sha256%3A4061bfdf8eebf9aa51a7701a685daa5ef97741adab368a7c9c03fd9d01dd63ee?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1767979280"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:d9fcca30e7cede4d2fca8a050b04a844453f174906e90ca7e06a77d71cf139f5_amd64",
                "product": {
                  "name": "registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:d9fcca30e7cede4d2fca8a050b04a844453f174906e90ca7e06a77d71cf139f5_amd64",
                  "product_id": "registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:d9fcca30e7cede4d2fca8a050b04a844453f174906e90ca7e06a77d71cf139f5_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/quay-container-security-operator-rhel9@sha256%3Ad9fcca30e7cede4d2fca8a050b04a844453f174906e90ca7e06a77d71cf139f5?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1767978288"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:e8afb6364b22ee3d98bdf402a45cdd119dd52fe4c70d13c7e353d9917b5390fa_amd64",
                "product": {
                  "name": "registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:e8afb6364b22ee3d98bdf402a45cdd119dd52fe4c70d13c7e353d9917b5390fa_amd64",
                  "product_id": "registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:e8afb6364b22ee3d98bdf402a45cdd119dd52fe4c70d13c7e353d9917b5390fa_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/quay-bridge-operator-bundle@sha256%3Ae8afb6364b22ee3d98bdf402a45cdd119dd52fe4c70d13c7e353d9917b5390fa?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1767970174"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:be10460471b54f6b5442718a4fbf696bb074a6fdaf07569f3519d0677a15ba00_amd64",
                "product": {
                  "name": "registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:be10460471b54f6b5442718a4fbf696bb074a6fdaf07569f3519d0677a15ba00_amd64",
                  "product_id": "registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:be10460471b54f6b5442718a4fbf696bb074a6fdaf07569f3519d0677a15ba00_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/quay-bridge-operator-rhel9@sha256%3Abe10460471b54f6b5442718a4fbf696bb074a6fdaf07569f3519d0677a15ba00?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1767969285"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "registry.redhat.io/quay/clair-rhel9@sha256:85e4c20d0dcc746ccf96de9d46e838b5239b1ae0faf328410021ca2454bb55b6_amd64",
                "product": {
                  "name": "registry.redhat.io/quay/clair-rhel9@sha256:85e4c20d0dcc746ccf96de9d46e838b5239b1ae0faf328410021ca2454bb55b6_amd64",
                  "product_id": "registry.redhat.io/quay/clair-rhel9@sha256:85e4c20d0dcc746ccf96de9d46e838b5239b1ae0faf328410021ca2454bb55b6_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/clair-rhel9@sha256%3A85e4c20d0dcc746ccf96de9d46e838b5239b1ae0faf328410021ca2454bb55b6?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1767969180"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "registry.redhat.io/quay/quay-operator-bundle@sha256:0c5c0e745efdd28ad5fcf313884fab04ae371748b91a10ffd86fb9da5c13172d_amd64",
                "product": {
                  "name": "registry.redhat.io/quay/quay-operator-bundle@sha256:0c5c0e745efdd28ad5fcf313884fab04ae371748b91a10ffd86fb9da5c13172d_amd64",
                  "product_id": "registry.redhat.io/quay/quay-operator-bundle@sha256:0c5c0e745efdd28ad5fcf313884fab04ae371748b91a10ffd86fb9da5c13172d_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/quay-operator-bundle@sha256%3A0c5c0e745efdd28ad5fcf313884fab04ae371748b91a10ffd86fb9da5c13172d?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1767980647"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "registry.redhat.io/quay/quay-operator-rhel9@sha256:0f8e8939cde91c873fbc617202e10bb064ac27713e85f7c4914fb73f7d591c29_amd64",
                "product": {
                  "name": "registry.redhat.io/quay/quay-operator-rhel9@sha256:0f8e8939cde91c873fbc617202e10bb064ac27713e85f7c4914fb73f7d591c29_amd64",
                  "product_id": "registry.redhat.io/quay/quay-operator-rhel9@sha256:0f8e8939cde91c873fbc617202e10bb064ac27713e85f7c4914fb73f7d591c29_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/quay-operator-rhel9@sha256%3A0f8e8939cde91c873fbc617202e10bb064ac27713e85f7c4914fb73f7d591c29?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1767969106"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "registry.redhat.io/quay/quay-rhel9@sha256:87dff92ca84ba1c48bb87a276a660165c9d10475fd3067989b593a1fdce8e475_amd64",
                "product": {
                  "name": "registry.redhat.io/quay/quay-rhel9@sha256:87dff92ca84ba1c48bb87a276a660165c9d10475fd3067989b593a1fdce8e475_amd64",
                  "product_id": "registry.redhat.io/quay/quay-rhel9@sha256:87dff92ca84ba1c48bb87a276a660165c9d10475fd3067989b593a1fdce8e475_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/quay-rhel9@sha256%3A87dff92ca84ba1c48bb87a276a660165c9d10475fd3067989b593a1fdce8e475?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1767886976"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "amd64"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "registry.redhat.io/quay/clair-rhel9@sha256:18674692fb24a03b3aad3f255b205a3afac8e6201efced2945b4bded3a0168db_s390x as a component of Red Hat Quay 3.16",
          "product_id": "Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:18674692fb24a03b3aad3f255b205a3afac8e6201efced2945b4bded3a0168db_s390x"
        },
        "product_reference": "registry.redhat.io/quay/clair-rhel9@sha256:18674692fb24a03b3aad3f255b205a3afac8e6201efced2945b4bded3a0168db_s390x",
        "relates_to_product_reference": "Red Hat Quay 3.16"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "registry.redhat.io/quay/clair-rhel9@sha256:85e4c20d0dcc746ccf96de9d46e838b5239b1ae0faf328410021ca2454bb55b6_amd64 as a component of Red Hat Quay 3.16",
          "product_id": "Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:85e4c20d0dcc746ccf96de9d46e838b5239b1ae0faf328410021ca2454bb55b6_amd64"
        },
        "product_reference": "registry.redhat.io/quay/clair-rhel9@sha256:85e4c20d0dcc746ccf96de9d46e838b5239b1ae0faf328410021ca2454bb55b6_amd64",
        "relates_to_product_reference": "Red Hat Quay 3.16"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "registry.redhat.io/quay/clair-rhel9@sha256:d209a8c2876c8dac0380b942c701f67742d737423400189859752214a814e5f5_ppc64le as a component of Red Hat Quay 3.16",
          "product_id": "Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:d209a8c2876c8dac0380b942c701f67742d737423400189859752214a814e5f5_ppc64le"
        },
        "product_reference": "registry.redhat.io/quay/clair-rhel9@sha256:d209a8c2876c8dac0380b942c701f67742d737423400189859752214a814e5f5_ppc64le",
        "relates_to_product_reference": "Red Hat Quay 3.16"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:e8afb6364b22ee3d98bdf402a45cdd119dd52fe4c70d13c7e353d9917b5390fa_amd64 as a component of Red Hat Quay 3.16",
          "product_id": "Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:e8afb6364b22ee3d98bdf402a45cdd119dd52fe4c70d13c7e353d9917b5390fa_amd64"
        },
        "product_reference": "registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:e8afb6364b22ee3d98bdf402a45cdd119dd52fe4c70d13c7e353d9917b5390fa_amd64",
        "relates_to_product_reference": "Red Hat Quay 3.16"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:0fe722ed6c797a674d1edf5f2a0965eadd05a02bcc7598be674ccb61b8025df4_s390x as a component of Red Hat Quay 3.16",
          "product_id": "Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:0fe722ed6c797a674d1edf5f2a0965eadd05a02bcc7598be674ccb61b8025df4_s390x"
        },
        "product_reference": "registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:0fe722ed6c797a674d1edf5f2a0965eadd05a02bcc7598be674ccb61b8025df4_s390x",
        "relates_to_product_reference": "Red Hat Quay 3.16"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:b89297ecfb0a9f63e4da66cccca8d56a116bd2bb90e0782227f9d97387042253_ppc64le as a component of Red Hat Quay 3.16",
          "product_id": "Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:b89297ecfb0a9f63e4da66cccca8d56a116bd2bb90e0782227f9d97387042253_ppc64le"
        },
        "product_reference": "registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:b89297ecfb0a9f63e4da66cccca8d56a116bd2bb90e0782227f9d97387042253_ppc64le",
        "relates_to_product_reference": "Red Hat Quay 3.16"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:be10460471b54f6b5442718a4fbf696bb074a6fdaf07569f3519d0677a15ba00_amd64 as a component of Red Hat Quay 3.16",
          "product_id": "Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:be10460471b54f6b5442718a4fbf696bb074a6fdaf07569f3519d0677a15ba00_amd64"
        },
        "product_reference": "registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:be10460471b54f6b5442718a4fbf696bb074a6fdaf07569f3519d0677a15ba00_amd64",
        "relates_to_product_reference": "Red Hat Quay 3.16"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:84021c67a5bd508aff6efc6e641f108175e617ef3eef2019f5cecd25dc9a0691_amd64 as a component of Red Hat Quay 3.16",
          "product_id": "Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:84021c67a5bd508aff6efc6e641f108175e617ef3eef2019f5cecd25dc9a0691_amd64"
        },
        "product_reference": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:84021c67a5bd508aff6efc6e641f108175e617ef3eef2019f5cecd25dc9a0691_amd64",
        "relates_to_product_reference": "Red Hat Quay 3.16"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:9c878781eafcc20fe975634d4db7e795608ab89a6c77667c4af04d38af2500bd_ppc64le as a component of Red Hat Quay 3.16",
          "product_id": "Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:9c878781eafcc20fe975634d4db7e795608ab89a6c77667c4af04d38af2500bd_ppc64le"
        },
        "product_reference": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:9c878781eafcc20fe975634d4db7e795608ab89a6c77667c4af04d38af2500bd_ppc64le",
        "relates_to_product_reference": "Red Hat Quay 3.16"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:d723221f0ad6ffca4be3b0dd095977ed231a389780ef78672a9fae6896bc9568_s390x as a component of Red Hat Quay 3.16",
          "product_id": "Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:d723221f0ad6ffca4be3b0dd095977ed231a389780ef78672a9fae6896bc9568_s390x"
        },
        "product_reference": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:d723221f0ad6ffca4be3b0dd095977ed231a389780ef78672a9fae6896bc9568_s390x",
        "relates_to_product_reference": "Red Hat Quay 3.16"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "registry.redhat.io/quay/quay-builder-rhel9@sha256:835936fd4e539387d9b8c9f9c1d2965d03835873b8c6027e4e9a1cde5ef6df55_s390x as a component of Red Hat Quay 3.16",
          "product_id": "Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:835936fd4e539387d9b8c9f9c1d2965d03835873b8c6027e4e9a1cde5ef6df55_s390x"
        },
        "product_reference": "registry.redhat.io/quay/quay-builder-rhel9@sha256:835936fd4e539387d9b8c9f9c1d2965d03835873b8c6027e4e9a1cde5ef6df55_s390x",
        "relates_to_product_reference": "Red Hat Quay 3.16"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "registry.redhat.io/quay/quay-builder-rhel9@sha256:bf793a2407f484febf3185542e8db736766da04297104fe8ceac0071d6773206_amd64 as a component of Red Hat Quay 3.16",
          "product_id": "Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:bf793a2407f484febf3185542e8db736766da04297104fe8ceac0071d6773206_amd64"
        },
        "product_reference": "registry.redhat.io/quay/quay-builder-rhel9@sha256:bf793a2407f484febf3185542e8db736766da04297104fe8ceac0071d6773206_amd64",
        "relates_to_product_reference": "Red Hat Quay 3.16"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "registry.redhat.io/quay/quay-builder-rhel9@sha256:c1ab8f95c0dd121cd26d8ff0fe50fac54bc6934156a37b8a403c930059b506a5_ppc64le as a component of Red Hat Quay 3.16",
          "product_id": "Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:c1ab8f95c0dd121cd26d8ff0fe50fac54bc6934156a37b8a403c930059b506a5_ppc64le"
        },
        "product_reference": "registry.redhat.io/quay/quay-builder-rhel9@sha256:c1ab8f95c0dd121cd26d8ff0fe50fac54bc6934156a37b8a403c930059b506a5_ppc64le",
        "relates_to_product_reference": "Red Hat Quay 3.16"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:4061bfdf8eebf9aa51a7701a685daa5ef97741adab368a7c9c03fd9d01dd63ee_amd64 as a component of Red Hat Quay 3.16",
          "product_id": "Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:4061bfdf8eebf9aa51a7701a685daa5ef97741adab368a7c9c03fd9d01dd63ee_amd64"
        },
        "product_reference": "registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:4061bfdf8eebf9aa51a7701a685daa5ef97741adab368a7c9c03fd9d01dd63ee_amd64",
        "relates_to_product_reference": "Red Hat Quay 3.16"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:12c014cc7ecc8a5ac4b4ae816cf1319d8a6dc5307dbb69de8484b2d276d1a48d_s390x as a component of Red Hat Quay 3.16",
          "product_id": "Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:12c014cc7ecc8a5ac4b4ae816cf1319d8a6dc5307dbb69de8484b2d276d1a48d_s390x"
        },
        "product_reference": "registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:12c014cc7ecc8a5ac4b4ae816cf1319d8a6dc5307dbb69de8484b2d276d1a48d_s390x",
        "relates_to_product_reference": "Red Hat Quay 3.16"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:a0bfba880aa3c9350aabf6bc8345d9ad7d321edbef33aa8e48ae47e7668852ba_ppc64le as a component of Red Hat Quay 3.16",
          "product_id": "Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:a0bfba880aa3c9350aabf6bc8345d9ad7d321edbef33aa8e48ae47e7668852ba_ppc64le"
        },
        "product_reference": "registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:a0bfba880aa3c9350aabf6bc8345d9ad7d321edbef33aa8e48ae47e7668852ba_ppc64le",
        "relates_to_product_reference": "Red Hat Quay 3.16"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:d9fcca30e7cede4d2fca8a050b04a844453f174906e90ca7e06a77d71cf139f5_amd64 as a component of Red Hat Quay 3.16",
          "product_id": "Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:d9fcca30e7cede4d2fca8a050b04a844453f174906e90ca7e06a77d71cf139f5_amd64"
        },
        "product_reference": "registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:d9fcca30e7cede4d2fca8a050b04a844453f174906e90ca7e06a77d71cf139f5_amd64",
        "relates_to_product_reference": "Red Hat Quay 3.16"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "registry.redhat.io/quay/quay-operator-bundle@sha256:0c5c0e745efdd28ad5fcf313884fab04ae371748b91a10ffd86fb9da5c13172d_amd64 as a component of Red Hat Quay 3.16",
          "product_id": "Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:0c5c0e745efdd28ad5fcf313884fab04ae371748b91a10ffd86fb9da5c13172d_amd64"
        },
        "product_reference": "registry.redhat.io/quay/quay-operator-bundle@sha256:0c5c0e745efdd28ad5fcf313884fab04ae371748b91a10ffd86fb9da5c13172d_amd64",
        "relates_to_product_reference": "Red Hat Quay 3.16"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "registry.redhat.io/quay/quay-operator-rhel9@sha256:0f8e8939cde91c873fbc617202e10bb064ac27713e85f7c4914fb73f7d591c29_amd64 as a component of Red Hat Quay 3.16",
          "product_id": "Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:0f8e8939cde91c873fbc617202e10bb064ac27713e85f7c4914fb73f7d591c29_amd64"
        },
        "product_reference": "registry.redhat.io/quay/quay-operator-rhel9@sha256:0f8e8939cde91c873fbc617202e10bb064ac27713e85f7c4914fb73f7d591c29_amd64",
        "relates_to_product_reference": "Red Hat Quay 3.16"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "registry.redhat.io/quay/quay-operator-rhel9@sha256:b291c5cd49701ab09df74370e8971614eaee2ed8b27a77eaae0c09e6bf2ba633_s390x as a component of Red Hat Quay 3.16",
          "product_id": "Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:b291c5cd49701ab09df74370e8971614eaee2ed8b27a77eaae0c09e6bf2ba633_s390x"
        },
        "product_reference": "registry.redhat.io/quay/quay-operator-rhel9@sha256:b291c5cd49701ab09df74370e8971614eaee2ed8b27a77eaae0c09e6bf2ba633_s390x",
        "relates_to_product_reference": "Red Hat Quay 3.16"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "registry.redhat.io/quay/quay-operator-rhel9@sha256:c7ab16c077f5ee2f4e597810309ebdc825c8477461d3343478010e5435623e4f_ppc64le as a component of Red Hat Quay 3.16",
          "product_id": "Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:c7ab16c077f5ee2f4e597810309ebdc825c8477461d3343478010e5435623e4f_ppc64le"
        },
        "product_reference": "registry.redhat.io/quay/quay-operator-rhel9@sha256:c7ab16c077f5ee2f4e597810309ebdc825c8477461d3343478010e5435623e4f_ppc64le",
        "relates_to_product_reference": "Red Hat Quay 3.16"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "registry.redhat.io/quay/quay-rhel9@sha256:87dff92ca84ba1c48bb87a276a660165c9d10475fd3067989b593a1fdce8e475_amd64 as a component of Red Hat Quay 3.16",
          "product_id": "Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:87dff92ca84ba1c48bb87a276a660165c9d10475fd3067989b593a1fdce8e475_amd64"
        },
        "product_reference": "registry.redhat.io/quay/quay-rhel9@sha256:87dff92ca84ba1c48bb87a276a660165c9d10475fd3067989b593a1fdce8e475_amd64",
        "relates_to_product_reference": "Red Hat Quay 3.16"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "registry.redhat.io/quay/quay-rhel9@sha256:a1fccdf3e171f8c2410e0fb3182e49188eec90f2acc08174634114455853436d_ppc64le as a component of Red Hat Quay 3.16",
          "product_id": "Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:a1fccdf3e171f8c2410e0fb3182e49188eec90f2acc08174634114455853436d_ppc64le"
        },
        "product_reference": "registry.redhat.io/quay/quay-rhel9@sha256:a1fccdf3e171f8c2410e0fb3182e49188eec90f2acc08174634114455853436d_ppc64le",
        "relates_to_product_reference": "Red Hat Quay 3.16"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "registry.redhat.io/quay/quay-rhel9@sha256:ff78174701ecd4c840dff59667f0790419f850771f6726973434bf5fd6e81687_s390x as a component of Red Hat Quay 3.16",
          "product_id": "Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:ff78174701ecd4c840dff59667f0790419f850771f6726973434bf5fd6e81687_s390x"
        },
        "product_reference": "registry.redhat.io/quay/quay-rhel9@sha256:ff78174701ecd4c840dff59667f0790419f850771f6726973434bf5fd6e81687_s390x",
        "relates_to_product_reference": "Red Hat Quay 3.16"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2025-12816",
      "cwe": {
        "id": "CWE-179",
        "name": "Incorrect Behavior Order: Early Validation"
      },
      "discovery_date": "2025-11-25T20:01:05.875196+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:18674692fb24a03b3aad3f255b205a3afac8e6201efced2945b4bded3a0168db_s390x",
            "Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:85e4c20d0dcc746ccf96de9d46e838b5239b1ae0faf328410021ca2454bb55b6_amd64",
            "Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:d209a8c2876c8dac0380b942c701f67742d737423400189859752214a814e5f5_ppc64le",
            "Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:e8afb6364b22ee3d98bdf402a45cdd119dd52fe4c70d13c7e353d9917b5390fa_amd64",
            "Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:0fe722ed6c797a674d1edf5f2a0965eadd05a02bcc7598be674ccb61b8025df4_s390x",
            "Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:b89297ecfb0a9f63e4da66cccca8d56a116bd2bb90e0782227f9d97387042253_ppc64le",
            "Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:be10460471b54f6b5442718a4fbf696bb074a6fdaf07569f3519d0677a15ba00_amd64",
            "Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:84021c67a5bd508aff6efc6e641f108175e617ef3eef2019f5cecd25dc9a0691_amd64",
            "Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:9c878781eafcc20fe975634d4db7e795608ab89a6c77667c4af04d38af2500bd_ppc64le",
            "Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:d723221f0ad6ffca4be3b0dd095977ed231a389780ef78672a9fae6896bc9568_s390x",
            "Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:835936fd4e539387d9b8c9f9c1d2965d03835873b8c6027e4e9a1cde5ef6df55_s390x",
            "Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:bf793a2407f484febf3185542e8db736766da04297104fe8ceac0071d6773206_amd64",
            "Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:c1ab8f95c0dd121cd26d8ff0fe50fac54bc6934156a37b8a403c930059b506a5_ppc64le",
            "Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:4061bfdf8eebf9aa51a7701a685daa5ef97741adab368a7c9c03fd9d01dd63ee_amd64",
            "Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:12c014cc7ecc8a5ac4b4ae816cf1319d8a6dc5307dbb69de8484b2d276d1a48d_s390x",
            "Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:a0bfba880aa3c9350aabf6bc8345d9ad7d321edbef33aa8e48ae47e7668852ba_ppc64le",
            "Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:d9fcca30e7cede4d2fca8a050b04a844453f174906e90ca7e06a77d71cf139f5_amd64",
            "Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:0c5c0e745efdd28ad5fcf313884fab04ae371748b91a10ffd86fb9da5c13172d_amd64",
            "Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:0f8e8939cde91c873fbc617202e10bb064ac27713e85f7c4914fb73f7d591c29_amd64",
            "Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:b291c5cd49701ab09df74370e8971614eaee2ed8b27a77eaae0c09e6bf2ba633_s390x",
            "Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:c7ab16c077f5ee2f4e597810309ebdc825c8477461d3343478010e5435623e4f_ppc64le"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2417097"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in node-forge. This vulnerability allows unauthenticated attackers to bypass downstream cryptographic verifications and security decisions via crafting ASN.1 (Abstract Syntax Notation One) structures to desynchronize schema validations, yielding a semantic divergence.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "node-forge: node-forge: Interpretation conflict vulnerability allows bypassing cryptographic verifications",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This vulnerability is rated Important for Red Hat products due to an interpretation conflict in the node-forge library. An unauthenticated attacker could exploit this flaw by crafting malicious ASN.1 structures, leading to a bypass of cryptographic verifications and security decisions in affected applications. This impacts various Red Hat products that utilize node-forge for cryptographic operations.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:87dff92ca84ba1c48bb87a276a660165c9d10475fd3067989b593a1fdce8e475_amd64",
          "Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:a1fccdf3e171f8c2410e0fb3182e49188eec90f2acc08174634114455853436d_ppc64le",
          "Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:ff78174701ecd4c840dff59667f0790419f850771f6726973434bf5fd6e81687_s390x"
        ],
        "known_not_affected": [
          "Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:18674692fb24a03b3aad3f255b205a3afac8e6201efced2945b4bded3a0168db_s390x",
          "Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:85e4c20d0dcc746ccf96de9d46e838b5239b1ae0faf328410021ca2454bb55b6_amd64",
          "Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:d209a8c2876c8dac0380b942c701f67742d737423400189859752214a814e5f5_ppc64le",
          "Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:e8afb6364b22ee3d98bdf402a45cdd119dd52fe4c70d13c7e353d9917b5390fa_amd64",
          "Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:0fe722ed6c797a674d1edf5f2a0965eadd05a02bcc7598be674ccb61b8025df4_s390x",
          "Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:b89297ecfb0a9f63e4da66cccca8d56a116bd2bb90e0782227f9d97387042253_ppc64le",
          "Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:be10460471b54f6b5442718a4fbf696bb074a6fdaf07569f3519d0677a15ba00_amd64",
          "Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:84021c67a5bd508aff6efc6e641f108175e617ef3eef2019f5cecd25dc9a0691_amd64",
          "Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:9c878781eafcc20fe975634d4db7e795608ab89a6c77667c4af04d38af2500bd_ppc64le",
          "Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:d723221f0ad6ffca4be3b0dd095977ed231a389780ef78672a9fae6896bc9568_s390x",
          "Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:835936fd4e539387d9b8c9f9c1d2965d03835873b8c6027e4e9a1cde5ef6df55_s390x",
          "Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:bf793a2407f484febf3185542e8db736766da04297104fe8ceac0071d6773206_amd64",
          "Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:c1ab8f95c0dd121cd26d8ff0fe50fac54bc6934156a37b8a403c930059b506a5_ppc64le",
          "Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:4061bfdf8eebf9aa51a7701a685daa5ef97741adab368a7c9c03fd9d01dd63ee_amd64",
          "Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:12c014cc7ecc8a5ac4b4ae816cf1319d8a6dc5307dbb69de8484b2d276d1a48d_s390x",
          "Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:a0bfba880aa3c9350aabf6bc8345d9ad7d321edbef33aa8e48ae47e7668852ba_ppc64le",
          "Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:d9fcca30e7cede4d2fca8a050b04a844453f174906e90ca7e06a77d71cf139f5_amd64",
          "Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:0c5c0e745efdd28ad5fcf313884fab04ae371748b91a10ffd86fb9da5c13172d_amd64",
          "Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:0f8e8939cde91c873fbc617202e10bb064ac27713e85f7c4914fb73f7d591c29_amd64",
          "Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:b291c5cd49701ab09df74370e8971614eaee2ed8b27a77eaae0c09e6bf2ba633_s390x",
          "Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:c7ab16c077f5ee2f4e597810309ebdc825c8477461d3343478010e5435623e4f_ppc64le"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2025-12816"
        },
        {
          "category": "external",
          "summary": "RHBZ#2417097",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2417097"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2025-12816",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-12816"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-12816",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-12816"
        },
        {
          "category": "external",
          "summary": "https://github.com/digitalbazaar/forge",
          "url": "https://github.com/digitalbazaar/forge"
        },
        {
          "category": "external",
          "summary": "https://github.com/digitalbazaar/forge/pull/1124",
          "url": "https://github.com/digitalbazaar/forge/pull/1124"
        },
        {
          "category": "external",
          "summary": "https://github.com/digitalbazaar/forge/security/advisories/GHSA-5gfm-wpxj-wjgq",
          "url": "https://github.com/digitalbazaar/forge/security/advisories/GHSA-5gfm-wpxj-wjgq"
        },
        {
          "category": "external",
          "summary": "https://kb.cert.org/vuls/id/521113",
          "url": "https://kb.cert.org/vuls/id/521113"
        },
        {
          "category": "external",
          "summary": "https://www.npmjs.com/package/node-forge",
          "url": "https://www.npmjs.com/package/node-forge"
        }
      ],
      "release_date": "2025-11-25T19:15:50.243000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-01-13T16:03:52+00:00",
          "details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:87dff92ca84ba1c48bb87a276a660165c9d10475fd3067989b593a1fdce8e475_amd64",
            "Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:a1fccdf3e171f8c2410e0fb3182e49188eec90f2acc08174634114455853436d_ppc64le",
            "Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:ff78174701ecd4c840dff59667f0790419f850771f6726973434bf5fd6e81687_s390x"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:0518"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
          "product_ids": [
            "Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:18674692fb24a03b3aad3f255b205a3afac8e6201efced2945b4bded3a0168db_s390x",
            "Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:85e4c20d0dcc746ccf96de9d46e838b5239b1ae0faf328410021ca2454bb55b6_amd64",
            "Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:d209a8c2876c8dac0380b942c701f67742d737423400189859752214a814e5f5_ppc64le",
            "Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:e8afb6364b22ee3d98bdf402a45cdd119dd52fe4c70d13c7e353d9917b5390fa_amd64",
            "Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:0fe722ed6c797a674d1edf5f2a0965eadd05a02bcc7598be674ccb61b8025df4_s390x",
            "Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:b89297ecfb0a9f63e4da66cccca8d56a116bd2bb90e0782227f9d97387042253_ppc64le",
            "Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:be10460471b54f6b5442718a4fbf696bb074a6fdaf07569f3519d0677a15ba00_amd64",
            "Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:84021c67a5bd508aff6efc6e641f108175e617ef3eef2019f5cecd25dc9a0691_amd64",
            "Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:9c878781eafcc20fe975634d4db7e795608ab89a6c77667c4af04d38af2500bd_ppc64le",
            "Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:d723221f0ad6ffca4be3b0dd095977ed231a389780ef78672a9fae6896bc9568_s390x",
            "Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:835936fd4e539387d9b8c9f9c1d2965d03835873b8c6027e4e9a1cde5ef6df55_s390x",
            "Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:bf793a2407f484febf3185542e8db736766da04297104fe8ceac0071d6773206_amd64",
            "Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:c1ab8f95c0dd121cd26d8ff0fe50fac54bc6934156a37b8a403c930059b506a5_ppc64le",
            "Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:4061bfdf8eebf9aa51a7701a685daa5ef97741adab368a7c9c03fd9d01dd63ee_amd64",
            "Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:12c014cc7ecc8a5ac4b4ae816cf1319d8a6dc5307dbb69de8484b2d276d1a48d_s390x",
            "Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:a0bfba880aa3c9350aabf6bc8345d9ad7d321edbef33aa8e48ae47e7668852ba_ppc64le",
            "Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:d9fcca30e7cede4d2fca8a050b04a844453f174906e90ca7e06a77d71cf139f5_amd64",
            "Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:0c5c0e745efdd28ad5fcf313884fab04ae371748b91a10ffd86fb9da5c13172d_amd64",
            "Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:0f8e8939cde91c873fbc617202e10bb064ac27713e85f7c4914fb73f7d591c29_amd64",
            "Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:b291c5cd49701ab09df74370e8971614eaee2ed8b27a77eaae0c09e6bf2ba633_s390x",
            "Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:c7ab16c077f5ee2f4e597810309ebdc825c8477461d3343478010e5435623e4f_ppc64le",
            "Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:87dff92ca84ba1c48bb87a276a660165c9d10475fd3067989b593a1fdce8e475_amd64",
            "Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:a1fccdf3e171f8c2410e0fb3182e49188eec90f2acc08174634114455853436d_ppc64le",
            "Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:ff78174701ecd4c840dff59667f0790419f850771f6726973434bf5fd6e81687_s390x"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 8.7,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:18674692fb24a03b3aad3f255b205a3afac8e6201efced2945b4bded3a0168db_s390x",
            "Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:85e4c20d0dcc746ccf96de9d46e838b5239b1ae0faf328410021ca2454bb55b6_amd64",
            "Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:d209a8c2876c8dac0380b942c701f67742d737423400189859752214a814e5f5_ppc64le",
            "Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:e8afb6364b22ee3d98bdf402a45cdd119dd52fe4c70d13c7e353d9917b5390fa_amd64",
            "Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:0fe722ed6c797a674d1edf5f2a0965eadd05a02bcc7598be674ccb61b8025df4_s390x",
            "Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:b89297ecfb0a9f63e4da66cccca8d56a116bd2bb90e0782227f9d97387042253_ppc64le",
            "Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:be10460471b54f6b5442718a4fbf696bb074a6fdaf07569f3519d0677a15ba00_amd64",
            "Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:84021c67a5bd508aff6efc6e641f108175e617ef3eef2019f5cecd25dc9a0691_amd64",
            "Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:9c878781eafcc20fe975634d4db7e795608ab89a6c77667c4af04d38af2500bd_ppc64le",
            "Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:d723221f0ad6ffca4be3b0dd095977ed231a389780ef78672a9fae6896bc9568_s390x",
            "Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:835936fd4e539387d9b8c9f9c1d2965d03835873b8c6027e4e9a1cde5ef6df55_s390x",
            "Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:bf793a2407f484febf3185542e8db736766da04297104fe8ceac0071d6773206_amd64",
            "Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:c1ab8f95c0dd121cd26d8ff0fe50fac54bc6934156a37b8a403c930059b506a5_ppc64le",
            "Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:4061bfdf8eebf9aa51a7701a685daa5ef97741adab368a7c9c03fd9d01dd63ee_amd64",
            "Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:12c014cc7ecc8a5ac4b4ae816cf1319d8a6dc5307dbb69de8484b2d276d1a48d_s390x",
            "Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:a0bfba880aa3c9350aabf6bc8345d9ad7d321edbef33aa8e48ae47e7668852ba_ppc64le",
            "Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:d9fcca30e7cede4d2fca8a050b04a844453f174906e90ca7e06a77d71cf139f5_amd64",
            "Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:0c5c0e745efdd28ad5fcf313884fab04ae371748b91a10ffd86fb9da5c13172d_amd64",
            "Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:0f8e8939cde91c873fbc617202e10bb064ac27713e85f7c4914fb73f7d591c29_amd64",
            "Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:b291c5cd49701ab09df74370e8971614eaee2ed8b27a77eaae0c09e6bf2ba633_s390x",
            "Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:c7ab16c077f5ee2f4e597810309ebdc825c8477461d3343478010e5435623e4f_ppc64le",
            "Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:87dff92ca84ba1c48bb87a276a660165c9d10475fd3067989b593a1fdce8e475_amd64",
            "Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:a1fccdf3e171f8c2410e0fb3182e49188eec90f2acc08174634114455853436d_ppc64le",
            "Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:ff78174701ecd4c840dff59667f0790419f850771f6726973434bf5fd6e81687_s390x"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "node-forge: node-forge: Interpretation conflict vulnerability allows bypassing cryptographic verifications"
    },
    {
      "cve": "CVE-2025-59375",
      "cwe": {
        "id": "CWE-770",
        "name": "Allocation of Resources Without Limits or Throttling"
      },
      "discovery_date": "2025-09-15T03:00:59.775098+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:18674692fb24a03b3aad3f255b205a3afac8e6201efced2945b4bded3a0168db_s390x",
            "Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:85e4c20d0dcc746ccf96de9d46e838b5239b1ae0faf328410021ca2454bb55b6_amd64",
            "Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:d209a8c2876c8dac0380b942c701f67742d737423400189859752214a814e5f5_ppc64le",
            "Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:e8afb6364b22ee3d98bdf402a45cdd119dd52fe4c70d13c7e353d9917b5390fa_amd64",
            "Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:0fe722ed6c797a674d1edf5f2a0965eadd05a02bcc7598be674ccb61b8025df4_s390x",
            "Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:b89297ecfb0a9f63e4da66cccca8d56a116bd2bb90e0782227f9d97387042253_ppc64le",
            "Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:be10460471b54f6b5442718a4fbf696bb074a6fdaf07569f3519d0677a15ba00_amd64",
            "Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:84021c67a5bd508aff6efc6e641f108175e617ef3eef2019f5cecd25dc9a0691_amd64",
            "Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:9c878781eafcc20fe975634d4db7e795608ab89a6c77667c4af04d38af2500bd_ppc64le",
            "Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:d723221f0ad6ffca4be3b0dd095977ed231a389780ef78672a9fae6896bc9568_s390x",
            "Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:4061bfdf8eebf9aa51a7701a685daa5ef97741adab368a7c9c03fd9d01dd63ee_amd64",
            "Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:12c014cc7ecc8a5ac4b4ae816cf1319d8a6dc5307dbb69de8484b2d276d1a48d_s390x",
            "Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:a0bfba880aa3c9350aabf6bc8345d9ad7d321edbef33aa8e48ae47e7668852ba_ppc64le",
            "Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:d9fcca30e7cede4d2fca8a050b04a844453f174906e90ca7e06a77d71cf139f5_amd64",
            "Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:0c5c0e745efdd28ad5fcf313884fab04ae371748b91a10ffd86fb9da5c13172d_amd64",
            "Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:0f8e8939cde91c873fbc617202e10bb064ac27713e85f7c4914fb73f7d591c29_amd64",
            "Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:b291c5cd49701ab09df74370e8971614eaee2ed8b27a77eaae0c09e6bf2ba633_s390x",
            "Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:c7ab16c077f5ee2f4e597810309ebdc825c8477461d3343478010e5435623e4f_ppc64le",
            "Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:87dff92ca84ba1c48bb87a276a660165c9d10475fd3067989b593a1fdce8e475_amd64",
            "Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:a1fccdf3e171f8c2410e0fb3182e49188eec90f2acc08174634114455853436d_ppc64le",
            "Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:ff78174701ecd4c840dff59667f0790419f850771f6726973434bf5fd6e81687_s390x"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2395108"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A memory amplification vulnerability in libexpat allows attackers to trigger excessive dynamic memory allocations by submitting specially crafted XML input. A small input (~250 KiB) can cause the parser to allocate hundreds of megabytes, leading to denial-of-service (DoS) through memory exhaustion.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "firefox: thunderbird: expat: libexpat in Expat allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This issue is Important rather than Critical because, while it allows for significant resource exhaustion leading to denial-of-service (DoS), it does not enable arbitrary code execution, data leakage, or privilege escalation. The vulnerability stems from an uncontrolled memory amplification behavior in libexpat\u2019s parser, where a relatively small XML payload can cause disproportionately large heap allocations. However, the flaw is limited in scope to service disruption and requires the attacker to submit a crafted XML document\u2014something that can be mitigated with proper input validation and memory usage limits. Therefore, while the exploitability is high, the impact is confined to availability, not confidentiality or integrity, making it a high-severity but not critical flaw.\n\nIn Firefox and Thunderbird, where libexpat is a transitive userspace dependency, exploitation usually just crashes the application (app-level DoS), so it is classified as Moderate instead of Important.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:835936fd4e539387d9b8c9f9c1d2965d03835873b8c6027e4e9a1cde5ef6df55_s390x",
          "Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:bf793a2407f484febf3185542e8db736766da04297104fe8ceac0071d6773206_amd64",
          "Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:c1ab8f95c0dd121cd26d8ff0fe50fac54bc6934156a37b8a403c930059b506a5_ppc64le"
        ],
        "known_not_affected": [
          "Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:18674692fb24a03b3aad3f255b205a3afac8e6201efced2945b4bded3a0168db_s390x",
          "Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:85e4c20d0dcc746ccf96de9d46e838b5239b1ae0faf328410021ca2454bb55b6_amd64",
          "Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:d209a8c2876c8dac0380b942c701f67742d737423400189859752214a814e5f5_ppc64le",
          "Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:e8afb6364b22ee3d98bdf402a45cdd119dd52fe4c70d13c7e353d9917b5390fa_amd64",
          "Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:0fe722ed6c797a674d1edf5f2a0965eadd05a02bcc7598be674ccb61b8025df4_s390x",
          "Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:b89297ecfb0a9f63e4da66cccca8d56a116bd2bb90e0782227f9d97387042253_ppc64le",
          "Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:be10460471b54f6b5442718a4fbf696bb074a6fdaf07569f3519d0677a15ba00_amd64",
          "Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:84021c67a5bd508aff6efc6e641f108175e617ef3eef2019f5cecd25dc9a0691_amd64",
          "Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:9c878781eafcc20fe975634d4db7e795608ab89a6c77667c4af04d38af2500bd_ppc64le",
          "Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:d723221f0ad6ffca4be3b0dd095977ed231a389780ef78672a9fae6896bc9568_s390x",
          "Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:4061bfdf8eebf9aa51a7701a685daa5ef97741adab368a7c9c03fd9d01dd63ee_amd64",
          "Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:12c014cc7ecc8a5ac4b4ae816cf1319d8a6dc5307dbb69de8484b2d276d1a48d_s390x",
          "Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:a0bfba880aa3c9350aabf6bc8345d9ad7d321edbef33aa8e48ae47e7668852ba_ppc64le",
          "Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:d9fcca30e7cede4d2fca8a050b04a844453f174906e90ca7e06a77d71cf139f5_amd64",
          "Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:0c5c0e745efdd28ad5fcf313884fab04ae371748b91a10ffd86fb9da5c13172d_amd64",
          "Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:0f8e8939cde91c873fbc617202e10bb064ac27713e85f7c4914fb73f7d591c29_amd64",
          "Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:b291c5cd49701ab09df74370e8971614eaee2ed8b27a77eaae0c09e6bf2ba633_s390x",
          "Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:c7ab16c077f5ee2f4e597810309ebdc825c8477461d3343478010e5435623e4f_ppc64le",
          "Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:87dff92ca84ba1c48bb87a276a660165c9d10475fd3067989b593a1fdce8e475_amd64",
          "Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:a1fccdf3e171f8c2410e0fb3182e49188eec90f2acc08174634114455853436d_ppc64le",
          "Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:ff78174701ecd4c840dff59667f0790419f850771f6726973434bf5fd6e81687_s390x"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2025-59375"
        },
        {
          "category": "external",
          "summary": "RHBZ#2395108",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2395108"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2025-59375",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-59375"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-59375",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-59375"
        },
        {
          "category": "external",
          "summary": "https://www.mozilla.org/security/advisories/mfsa2026-22/#CVE-2025-59375",
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-22/#CVE-2025-59375"
        },
        {
          "category": "external",
          "summary": "https://www.mozilla.org/security/advisories/mfsa2026-24/#CVE-2025-59375",
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-24/#CVE-2025-59375"
        }
      ],
      "release_date": "2025-09-15T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-01-13T16:03:52+00:00",
          "details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:835936fd4e539387d9b8c9f9c1d2965d03835873b8c6027e4e9a1cde5ef6df55_s390x",
            "Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:bf793a2407f484febf3185542e8db736766da04297104fe8ceac0071d6773206_amd64",
            "Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:c1ab8f95c0dd121cd26d8ff0fe50fac54bc6934156a37b8a403c930059b506a5_ppc64le"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:0518"
        },
        {
          "category": "workaround",
          "details": "To mitigate the issue, limit XML input size and complexity before parsing, and avoid accepting compressed or deeply nested XML. Use OS-level resource controls (like ulimit or setrlimit()) to cap memory usage, or run the parser in a sandboxed or isolated process with strict memory and CPU limits. This helps prevent denial-of-service by containing excessive resource consumption.",
          "product_ids": [
            "Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:18674692fb24a03b3aad3f255b205a3afac8e6201efced2945b4bded3a0168db_s390x",
            "Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:85e4c20d0dcc746ccf96de9d46e838b5239b1ae0faf328410021ca2454bb55b6_amd64",
            "Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:d209a8c2876c8dac0380b942c701f67742d737423400189859752214a814e5f5_ppc64le",
            "Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:e8afb6364b22ee3d98bdf402a45cdd119dd52fe4c70d13c7e353d9917b5390fa_amd64",
            "Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:0fe722ed6c797a674d1edf5f2a0965eadd05a02bcc7598be674ccb61b8025df4_s390x",
            "Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:b89297ecfb0a9f63e4da66cccca8d56a116bd2bb90e0782227f9d97387042253_ppc64le",
            "Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:be10460471b54f6b5442718a4fbf696bb074a6fdaf07569f3519d0677a15ba00_amd64",
            "Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:84021c67a5bd508aff6efc6e641f108175e617ef3eef2019f5cecd25dc9a0691_amd64",
            "Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:9c878781eafcc20fe975634d4db7e795608ab89a6c77667c4af04d38af2500bd_ppc64le",
            "Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:d723221f0ad6ffca4be3b0dd095977ed231a389780ef78672a9fae6896bc9568_s390x",
            "Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:835936fd4e539387d9b8c9f9c1d2965d03835873b8c6027e4e9a1cde5ef6df55_s390x",
            "Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:bf793a2407f484febf3185542e8db736766da04297104fe8ceac0071d6773206_amd64",
            "Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:c1ab8f95c0dd121cd26d8ff0fe50fac54bc6934156a37b8a403c930059b506a5_ppc64le",
            "Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:4061bfdf8eebf9aa51a7701a685daa5ef97741adab368a7c9c03fd9d01dd63ee_amd64",
            "Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:12c014cc7ecc8a5ac4b4ae816cf1319d8a6dc5307dbb69de8484b2d276d1a48d_s390x",
            "Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:a0bfba880aa3c9350aabf6bc8345d9ad7d321edbef33aa8e48ae47e7668852ba_ppc64le",
            "Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:d9fcca30e7cede4d2fca8a050b04a844453f174906e90ca7e06a77d71cf139f5_amd64",
            "Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:0c5c0e745efdd28ad5fcf313884fab04ae371748b91a10ffd86fb9da5c13172d_amd64",
            "Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:0f8e8939cde91c873fbc617202e10bb064ac27713e85f7c4914fb73f7d591c29_amd64",
            "Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:b291c5cd49701ab09df74370e8971614eaee2ed8b27a77eaae0c09e6bf2ba633_s390x",
            "Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:c7ab16c077f5ee2f4e597810309ebdc825c8477461d3343478010e5435623e4f_ppc64le",
            "Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:87dff92ca84ba1c48bb87a276a660165c9d10475fd3067989b593a1fdce8e475_amd64",
            "Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:a1fccdf3e171f8c2410e0fb3182e49188eec90f2acc08174634114455853436d_ppc64le",
            "Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:ff78174701ecd4c840dff59667f0790419f850771f6726973434bf5fd6e81687_s390x"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          },
          "products": [
            "Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:18674692fb24a03b3aad3f255b205a3afac8e6201efced2945b4bded3a0168db_s390x",
            "Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:85e4c20d0dcc746ccf96de9d46e838b5239b1ae0faf328410021ca2454bb55b6_amd64",
            "Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:d209a8c2876c8dac0380b942c701f67742d737423400189859752214a814e5f5_ppc64le",
            "Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:e8afb6364b22ee3d98bdf402a45cdd119dd52fe4c70d13c7e353d9917b5390fa_amd64",
            "Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:0fe722ed6c797a674d1edf5f2a0965eadd05a02bcc7598be674ccb61b8025df4_s390x",
            "Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:b89297ecfb0a9f63e4da66cccca8d56a116bd2bb90e0782227f9d97387042253_ppc64le",
            "Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:be10460471b54f6b5442718a4fbf696bb074a6fdaf07569f3519d0677a15ba00_amd64",
            "Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:84021c67a5bd508aff6efc6e641f108175e617ef3eef2019f5cecd25dc9a0691_amd64",
            "Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:9c878781eafcc20fe975634d4db7e795608ab89a6c77667c4af04d38af2500bd_ppc64le",
            "Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:d723221f0ad6ffca4be3b0dd095977ed231a389780ef78672a9fae6896bc9568_s390x",
            "Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:835936fd4e539387d9b8c9f9c1d2965d03835873b8c6027e4e9a1cde5ef6df55_s390x",
            "Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:bf793a2407f484febf3185542e8db736766da04297104fe8ceac0071d6773206_amd64",
            "Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:c1ab8f95c0dd121cd26d8ff0fe50fac54bc6934156a37b8a403c930059b506a5_ppc64le",
            "Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:4061bfdf8eebf9aa51a7701a685daa5ef97741adab368a7c9c03fd9d01dd63ee_amd64",
            "Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:12c014cc7ecc8a5ac4b4ae816cf1319d8a6dc5307dbb69de8484b2d276d1a48d_s390x",
            "Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:a0bfba880aa3c9350aabf6bc8345d9ad7d321edbef33aa8e48ae47e7668852ba_ppc64le",
            "Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:d9fcca30e7cede4d2fca8a050b04a844453f174906e90ca7e06a77d71cf139f5_amd64",
            "Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:0c5c0e745efdd28ad5fcf313884fab04ae371748b91a10ffd86fb9da5c13172d_amd64",
            "Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:0f8e8939cde91c873fbc617202e10bb064ac27713e85f7c4914fb73f7d591c29_amd64",
            "Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:b291c5cd49701ab09df74370e8971614eaee2ed8b27a77eaae0c09e6bf2ba633_s390x",
            "Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:c7ab16c077f5ee2f4e597810309ebdc825c8477461d3343478010e5435623e4f_ppc64le",
            "Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:87dff92ca84ba1c48bb87a276a660165c9d10475fd3067989b593a1fdce8e475_amd64",
            "Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:a1fccdf3e171f8c2410e0fb3182e49188eec90f2acc08174634114455853436d_ppc64le",
            "Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:ff78174701ecd4c840dff59667f0790419f850771f6726973434bf5fd6e81687_s390x"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "firefox: thunderbird: expat: libexpat in Expat allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing"
    },
    {
      "cve": "CVE-2025-66031",
      "cwe": {
        "id": "CWE-674",
        "name": "Uncontrolled Recursion"
      },
      "discovery_date": "2025-11-26T23:01:36.363253+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:18674692fb24a03b3aad3f255b205a3afac8e6201efced2945b4bded3a0168db_s390x",
            "Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:85e4c20d0dcc746ccf96de9d46e838b5239b1ae0faf328410021ca2454bb55b6_amd64",
            "Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:d209a8c2876c8dac0380b942c701f67742d737423400189859752214a814e5f5_ppc64le",
            "Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:e8afb6364b22ee3d98bdf402a45cdd119dd52fe4c70d13c7e353d9917b5390fa_amd64",
            "Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:0fe722ed6c797a674d1edf5f2a0965eadd05a02bcc7598be674ccb61b8025df4_s390x",
            "Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:b89297ecfb0a9f63e4da66cccca8d56a116bd2bb90e0782227f9d97387042253_ppc64le",
            "Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:be10460471b54f6b5442718a4fbf696bb074a6fdaf07569f3519d0677a15ba00_amd64",
            "Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:84021c67a5bd508aff6efc6e641f108175e617ef3eef2019f5cecd25dc9a0691_amd64",
            "Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:9c878781eafcc20fe975634d4db7e795608ab89a6c77667c4af04d38af2500bd_ppc64le",
            "Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:d723221f0ad6ffca4be3b0dd095977ed231a389780ef78672a9fae6896bc9568_s390x",
            "Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:835936fd4e539387d9b8c9f9c1d2965d03835873b8c6027e4e9a1cde5ef6df55_s390x",
            "Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:bf793a2407f484febf3185542e8db736766da04297104fe8ceac0071d6773206_amd64",
            "Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:c1ab8f95c0dd121cd26d8ff0fe50fac54bc6934156a37b8a403c930059b506a5_ppc64le",
            "Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:4061bfdf8eebf9aa51a7701a685daa5ef97741adab368a7c9c03fd9d01dd63ee_amd64",
            "Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:12c014cc7ecc8a5ac4b4ae816cf1319d8a6dc5307dbb69de8484b2d276d1a48d_s390x",
            "Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:a0bfba880aa3c9350aabf6bc8345d9ad7d321edbef33aa8e48ae47e7668852ba_ppc64le",
            "Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:d9fcca30e7cede4d2fca8a050b04a844453f174906e90ca7e06a77d71cf139f5_amd64",
            "Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:0c5c0e745efdd28ad5fcf313884fab04ae371748b91a10ffd86fb9da5c13172d_amd64",
            "Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:0f8e8939cde91c873fbc617202e10bb064ac27713e85f7c4914fb73f7d591c29_amd64",
            "Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:b291c5cd49701ab09df74370e8971614eaee2ed8b27a77eaae0c09e6bf2ba633_s390x",
            "Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:c7ab16c077f5ee2f4e597810309ebdc825c8477461d3343478010e5435623e4f_ppc64le"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2417397"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "An ASN.1 Denial of Service (Dos) vulnerability exists in the node-forge asn1.fromDer function within forge/lib/asn1.js. The ASN.1 DER parser implementation (_fromDer) recurses for every constructed ASN.1 value (SEQUENCE, SET, etc.) and lacks a guard limiting recursion depth. An attacker can craft a small DER blob containing a very large nesting depth of constructed TLVs which causes the Node.js V8 engine to exhaust its call stack and throw RangeError: Maximum call stack size exceeded, crashing or incapacitating the process handling the parse. This is a remote, low-cost Denial-of-Service against applications that parse untrusted ASN.1 objects.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "node-forge: node-forge ASN.1 Unbounded Recursion",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:87dff92ca84ba1c48bb87a276a660165c9d10475fd3067989b593a1fdce8e475_amd64",
          "Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:a1fccdf3e171f8c2410e0fb3182e49188eec90f2acc08174634114455853436d_ppc64le",
          "Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:ff78174701ecd4c840dff59667f0790419f850771f6726973434bf5fd6e81687_s390x"
        ],
        "known_not_affected": [
          "Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:18674692fb24a03b3aad3f255b205a3afac8e6201efced2945b4bded3a0168db_s390x",
          "Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:85e4c20d0dcc746ccf96de9d46e838b5239b1ae0faf328410021ca2454bb55b6_amd64",
          "Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:d209a8c2876c8dac0380b942c701f67742d737423400189859752214a814e5f5_ppc64le",
          "Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:e8afb6364b22ee3d98bdf402a45cdd119dd52fe4c70d13c7e353d9917b5390fa_amd64",
          "Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:0fe722ed6c797a674d1edf5f2a0965eadd05a02bcc7598be674ccb61b8025df4_s390x",
          "Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:b89297ecfb0a9f63e4da66cccca8d56a116bd2bb90e0782227f9d97387042253_ppc64le",
          "Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:be10460471b54f6b5442718a4fbf696bb074a6fdaf07569f3519d0677a15ba00_amd64",
          "Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:84021c67a5bd508aff6efc6e641f108175e617ef3eef2019f5cecd25dc9a0691_amd64",
          "Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:9c878781eafcc20fe975634d4db7e795608ab89a6c77667c4af04d38af2500bd_ppc64le",
          "Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:d723221f0ad6ffca4be3b0dd095977ed231a389780ef78672a9fae6896bc9568_s390x",
          "Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:835936fd4e539387d9b8c9f9c1d2965d03835873b8c6027e4e9a1cde5ef6df55_s390x",
          "Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:bf793a2407f484febf3185542e8db736766da04297104fe8ceac0071d6773206_amd64",
          "Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:c1ab8f95c0dd121cd26d8ff0fe50fac54bc6934156a37b8a403c930059b506a5_ppc64le",
          "Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:4061bfdf8eebf9aa51a7701a685daa5ef97741adab368a7c9c03fd9d01dd63ee_amd64",
          "Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:12c014cc7ecc8a5ac4b4ae816cf1319d8a6dc5307dbb69de8484b2d276d1a48d_s390x",
          "Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:a0bfba880aa3c9350aabf6bc8345d9ad7d321edbef33aa8e48ae47e7668852ba_ppc64le",
          "Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:d9fcca30e7cede4d2fca8a050b04a844453f174906e90ca7e06a77d71cf139f5_amd64",
          "Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:0c5c0e745efdd28ad5fcf313884fab04ae371748b91a10ffd86fb9da5c13172d_amd64",
          "Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:0f8e8939cde91c873fbc617202e10bb064ac27713e85f7c4914fb73f7d591c29_amd64",
          "Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:b291c5cd49701ab09df74370e8971614eaee2ed8b27a77eaae0c09e6bf2ba633_s390x",
          "Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:c7ab16c077f5ee2f4e597810309ebdc825c8477461d3343478010e5435623e4f_ppc64le"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2025-66031"
        },
        {
          "category": "external",
          "summary": "RHBZ#2417397",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2417397"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2025-66031",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-66031"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-66031",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66031"
        },
        {
          "category": "external",
          "summary": "https://github.com/digitalbazaar/forge/commit/260425c6167a38aae038697132483b5517b26451",
          "url": "https://github.com/digitalbazaar/forge/commit/260425c6167a38aae038697132483b5517b26451"
        },
        {
          "category": "external",
          "summary": "https://github.com/digitalbazaar/forge/security/advisories/GHSA-554w-wpv2-vw27",
          "url": "https://github.com/digitalbazaar/forge/security/advisories/GHSA-554w-wpv2-vw27"
        }
      ],
      "release_date": "2025-11-26T22:23:26.013000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-01-13T16:03:52+00:00",
          "details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:87dff92ca84ba1c48bb87a276a660165c9d10475fd3067989b593a1fdce8e475_amd64",
            "Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:a1fccdf3e171f8c2410e0fb3182e49188eec90f2acc08174634114455853436d_ppc64le",
            "Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:ff78174701ecd4c840dff59667f0790419f850771f6726973434bf5fd6e81687_s390x"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:0518"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
          "product_ids": [
            "Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:18674692fb24a03b3aad3f255b205a3afac8e6201efced2945b4bded3a0168db_s390x",
            "Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:85e4c20d0dcc746ccf96de9d46e838b5239b1ae0faf328410021ca2454bb55b6_amd64",
            "Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:d209a8c2876c8dac0380b942c701f67742d737423400189859752214a814e5f5_ppc64le",
            "Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:e8afb6364b22ee3d98bdf402a45cdd119dd52fe4c70d13c7e353d9917b5390fa_amd64",
            "Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:0fe722ed6c797a674d1edf5f2a0965eadd05a02bcc7598be674ccb61b8025df4_s390x",
            "Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:b89297ecfb0a9f63e4da66cccca8d56a116bd2bb90e0782227f9d97387042253_ppc64le",
            "Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:be10460471b54f6b5442718a4fbf696bb074a6fdaf07569f3519d0677a15ba00_amd64",
            "Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:84021c67a5bd508aff6efc6e641f108175e617ef3eef2019f5cecd25dc9a0691_amd64",
            "Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:9c878781eafcc20fe975634d4db7e795608ab89a6c77667c4af04d38af2500bd_ppc64le",
            "Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:d723221f0ad6ffca4be3b0dd095977ed231a389780ef78672a9fae6896bc9568_s390x",
            "Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:835936fd4e539387d9b8c9f9c1d2965d03835873b8c6027e4e9a1cde5ef6df55_s390x",
            "Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:bf793a2407f484febf3185542e8db736766da04297104fe8ceac0071d6773206_amd64",
            "Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:c1ab8f95c0dd121cd26d8ff0fe50fac54bc6934156a37b8a403c930059b506a5_ppc64le",
            "Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:4061bfdf8eebf9aa51a7701a685daa5ef97741adab368a7c9c03fd9d01dd63ee_amd64",
            "Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:12c014cc7ecc8a5ac4b4ae816cf1319d8a6dc5307dbb69de8484b2d276d1a48d_s390x",
            "Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:a0bfba880aa3c9350aabf6bc8345d9ad7d321edbef33aa8e48ae47e7668852ba_ppc64le",
            "Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:d9fcca30e7cede4d2fca8a050b04a844453f174906e90ca7e06a77d71cf139f5_amd64",
            "Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:0c5c0e745efdd28ad5fcf313884fab04ae371748b91a10ffd86fb9da5c13172d_amd64",
            "Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:0f8e8939cde91c873fbc617202e10bb064ac27713e85f7c4914fb73f7d591c29_amd64",
            "Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:b291c5cd49701ab09df74370e8971614eaee2ed8b27a77eaae0c09e6bf2ba633_s390x",
            "Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:c7ab16c077f5ee2f4e597810309ebdc825c8477461d3343478010e5435623e4f_ppc64le",
            "Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:87dff92ca84ba1c48bb87a276a660165c9d10475fd3067989b593a1fdce8e475_amd64",
            "Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:a1fccdf3e171f8c2410e0fb3182e49188eec90f2acc08174634114455853436d_ppc64le",
            "Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:ff78174701ecd4c840dff59667f0790419f850771f6726973434bf5fd6e81687_s390x"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          },
          "products": [
            "Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:18674692fb24a03b3aad3f255b205a3afac8e6201efced2945b4bded3a0168db_s390x",
            "Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:85e4c20d0dcc746ccf96de9d46e838b5239b1ae0faf328410021ca2454bb55b6_amd64",
            "Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:d209a8c2876c8dac0380b942c701f67742d737423400189859752214a814e5f5_ppc64le",
            "Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:e8afb6364b22ee3d98bdf402a45cdd119dd52fe4c70d13c7e353d9917b5390fa_amd64",
            "Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:0fe722ed6c797a674d1edf5f2a0965eadd05a02bcc7598be674ccb61b8025df4_s390x",
            "Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:b89297ecfb0a9f63e4da66cccca8d56a116bd2bb90e0782227f9d97387042253_ppc64le",
            "Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:be10460471b54f6b5442718a4fbf696bb074a6fdaf07569f3519d0677a15ba00_amd64",
            "Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:84021c67a5bd508aff6efc6e641f108175e617ef3eef2019f5cecd25dc9a0691_amd64",
            "Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:9c878781eafcc20fe975634d4db7e795608ab89a6c77667c4af04d38af2500bd_ppc64le",
            "Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:d723221f0ad6ffca4be3b0dd095977ed231a389780ef78672a9fae6896bc9568_s390x",
            "Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:835936fd4e539387d9b8c9f9c1d2965d03835873b8c6027e4e9a1cde5ef6df55_s390x",
            "Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:bf793a2407f484febf3185542e8db736766da04297104fe8ceac0071d6773206_amd64",
            "Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:c1ab8f95c0dd121cd26d8ff0fe50fac54bc6934156a37b8a403c930059b506a5_ppc64le",
            "Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:4061bfdf8eebf9aa51a7701a685daa5ef97741adab368a7c9c03fd9d01dd63ee_amd64",
            "Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:12c014cc7ecc8a5ac4b4ae816cf1319d8a6dc5307dbb69de8484b2d276d1a48d_s390x",
            "Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:a0bfba880aa3c9350aabf6bc8345d9ad7d321edbef33aa8e48ae47e7668852ba_ppc64le",
            "Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:d9fcca30e7cede4d2fca8a050b04a844453f174906e90ca7e06a77d71cf139f5_amd64",
            "Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:0c5c0e745efdd28ad5fcf313884fab04ae371748b91a10ffd86fb9da5c13172d_amd64",
            "Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:0f8e8939cde91c873fbc617202e10bb064ac27713e85f7c4914fb73f7d591c29_amd64",
            "Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:b291c5cd49701ab09df74370e8971614eaee2ed8b27a77eaae0c09e6bf2ba633_s390x",
            "Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:c7ab16c077f5ee2f4e597810309ebdc825c8477461d3343478010e5435623e4f_ppc64le",
            "Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:87dff92ca84ba1c48bb87a276a660165c9d10475fd3067989b593a1fdce8e475_amd64",
            "Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:a1fccdf3e171f8c2410e0fb3182e49188eec90f2acc08174634114455853436d_ppc64le",
            "Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:ff78174701ecd4c840dff59667f0790419f850771f6726973434bf5fd6e81687_s390x"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "node-forge: node-forge ASN.1 Unbounded Recursion"
    }
  ]
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2025-66031 (GCVE-0-2025-66031)

Tags

Sightings

Nomenclature