cvelistv5 - cve-2025-54386

CVE-2025-54386 (GCVE-0-2025-54386)

Vulnerability from cvelistv5 – Published: 2025-08-01 23:32 – Updated: 2025-08-04 15:28

Summary

Traefik is an HTTP reverse proxy and load balancer. In versions 2.11.27 and below, 3.0.0 through 3.4.4 and 3.5.0-rc1, a path traversal vulnerability was discovered in WASM Traefik’s plugin installation mechanism. By supplying a maliciously crafted ZIP archive containing file paths with ../ sequences, an attacker can overwrite arbitrary files on the system outside of the intended plugin directory. This can lead to remote code execution (RCE), privilege escalation, persistence, or denial of service. This is fixed in versions 2.11.28, 3.4.5 and 3.5.0.

Severity ?

7.3 (High)


                        
                          CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:P/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L

CWE

CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CWE-30 - Path Traversal: 'dir..filename'

Assigner

GitHub_M

References

URL

Tags

	https://github.com/traefik/traefik/security/advis…	x_refsource_CONFIRM
	https://github.com/traefik/plugin-service/pull/71	x_refsource_MISC
	https://github.com/traefik/plugin-service/pull/72	x_refsource_MISC
	https://github.com/traefik/traefik/pull/11911	x_refsource_MISC
	https://github.com/traefik/traefik/commit/5ef853a…	x_refsource_MISC
	https://github.com/traefik/traefik/releases/tag/v…	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	traefik	traefik	Affected: <= 2.11.27, < 2.11.28 Affected: <= 3.0.0, < 3.4.5 Affected: >= 3.5.0-rc1, < 3.5.0-rc2

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-54386",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-08-04T15:27:58.318834Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-08-04T15:28:06.189Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "traefik",
          "vendor": "traefik",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c= 2.11.27, \u003c 2.11.28"
            },
            {
              "status": "affected",
              "version": "\u003c= 3.0.0, \u003c 3.4.5"
            },
            {
              "status": "affected",
              "version": "\u003e= 3.5.0-rc1, \u003c 3.5.0-rc2"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Traefik is an HTTP reverse proxy and load balancer. In versions 2.11.27 and below, 3.0.0 through 3.4.4 and 3.5.0-rc1, a path traversal vulnerability was discovered in WASM Traefik\u2019s plugin installation mechanism. By supplying a maliciously crafted ZIP archive containing file paths with ../ sequences, an attacker can overwrite arbitrary files on the system outside of the intended plugin directory. This can lead to remote code execution (RCE), privilege escalation, persistence, or denial of service. This is fixed in versions 2.11.28, 3.4.5 and 3.5.0."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "attackComplexity": "HIGH",
            "attackRequirements": "PRESENT",
            "attackVector": "NETWORK",
            "baseScore": 7.3,
            "baseSeverity": "HIGH",
            "privilegesRequired": "HIGH",
            "subAvailabilityImpact": "LOW",
            "subConfidentialityImpact": "LOW",
            "subIntegrityImpact": "LOW",
            "userInteraction": "PASSIVE",
            "vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:P/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "HIGH"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-22",
              "description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-30",
              "description": "CWE-30: Path Traversal: \u0027dir..filename\u0027",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-08-01T23:32:21.747Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/traefik/traefik/security/advisories/GHSA-q6gg-9f92-r9wg",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/traefik/traefik/security/advisories/GHSA-q6gg-9f92-r9wg"
        },
        {
          "name": "https://github.com/traefik/plugin-service/pull/71",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/traefik/plugin-service/pull/71"
        },
        {
          "name": "https://github.com/traefik/plugin-service/pull/72",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/traefik/plugin-service/pull/72"
        },
        {
          "name": "https://github.com/traefik/traefik/pull/11911",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/traefik/traefik/pull/11911"
        },
        {
          "name": "https://github.com/traefik/traefik/commit/5ef853a0c53068f69a6c229a5815a0dc6e0a8800",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/traefik/traefik/commit/5ef853a0c53068f69a6c229a5815a0dc6e0a8800"
        },
        {
          "name": "https://github.com/traefik/traefik/releases/tag/v2.11.28",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/traefik/traefik/releases/tag/v2.11.28"
        }
      ],
      "source": {
        "advisory": "GHSA-q6gg-9f92-r9wg",
        "discovery": "UNKNOWN"
      },
      "title": "Traefik\u0027s Client Plugin is Vulnerable to Path Traversal, Arbitrary File Overwrites and Remote Code Execution"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2025-54386",
    "datePublished": "2025-08-01T23:32:21.747Z",
    "dateReserved": "2025-07-21T16:12:20.734Z",
    "dateUpdated": "2025-08-04T15:28:06.189Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2025-54386\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2025-08-02T00:15:25.500\",\"lastModified\":\"2025-11-26T14:02:03.067\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Traefik is an HTTP reverse proxy and load balancer. In versions 2.11.27 and below, 3.0.0 through 3.4.4 and 3.5.0-rc1, a path traversal vulnerability was discovered in WASM Traefik\u2019s plugin installation mechanism. By supplying a maliciously crafted ZIP archive containing file paths with ../ sequences, an attacker can overwrite arbitrary files on the system outside of the intended plugin directory. This can lead to remote code execution (RCE), privilege escalation, persistence, or denial of service. This is fixed in versions 2.11.28, 3.4.5 and 3.5.0.\"},{\"lang\":\"es\",\"value\":\"Traefik es un proxy inverso HTTP y balanceador de carga. En las versiones 2.11.27 y anteriores, 3.0.0 a 3.4.4 y 3.5.0-rc1, se descubri\u00f3 una vulnerabilidad de Path traversal en el mecanismo de instalaci\u00f3n del complemento de WASM Traefik. Al proporcionar un archivo ZIP manipulado con fines malintencionados que contiene rutas de archivos con secuencias ../, un atacante puede sobrescribir archivos arbitrarios en el sistema fuera del directorio del complemento. Esto puede provocar ejecuci\u00f3n remota de c\u00f3digo (RCE), escalada de privilegios, persistencia o denegaci\u00f3n de servicio. Esto se ha corregido en las versiones 2.11.28, 3.4.5 y 3.5.0.\"}],\"metrics\":{\"cvssMetricV40\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"4.0\",\"vectorString\":\"CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:P/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X\",\"baseScore\":7.3,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"attackRequirements\":\"PRESENT\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"PASSIVE\",\"vulnConfidentialityImpact\":\"HIGH\",\"vulnIntegrityImpact\":\"HIGH\",\"vulnAvailabilityImpact\":\"HIGH\",\"subConfidentialityImpact\":\"LOW\",\"subIntegrityImpact\":\"LOW\",\"subAvailabilityImpact\":\"LOW\",\"exploitMaturity\":\"NOT_DEFINED\",\"confidentialityRequirement\":\"NOT_DEFINED\",\"integrityRequirement\":\"NOT_DEFINED\",\"availabilityRequirement\":\"NOT_DEFINED\",\"modifiedAttackVector\":\"NOT_DEFINED\",\"modifiedAttackComplexity\":\"NOT_DEFINED\",\"modifiedAttackRequirements\":\"NOT_DEFINED\",\"modifiedPrivilegesRequired\":\"NOT_DEFINED\",\"modifiedUserInteraction\":\"NOT_DEFINED\",\"modifiedVulnConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedVulnIntegrityImpact\":\"NOT_DEFINED\",\"modifiedVulnAvailabilityImpact\":\"NOT_DEFINED\",\"modifiedSubConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedSubIntegrityImpact\":\"NOT_DEFINED\",\"modifiedSubAvailabilityImpact\":\"NOT_DEFINED\",\"Safety\":\"NOT_DEFINED\",\"Automatable\":\"NOT_DEFINED\",\"Recovery\":\"NOT_DEFINED\",\"valueDensity\":\"NOT_DEFINED\",\"vulnerabilityResponseEffort\":\"NOT_DEFINED\",\"providerUrgency\":\"NOT_DEFINED\"}}],\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-22\"},{\"lang\":\"en\",\"value\":\"CWE-30\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:traefik:traefik:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.11.7\",\"matchCriteriaId\":\"70562832-82A7-4B99-AC35-225226910C29\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:traefik:traefik:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"3.0.0\",\"versionEndExcluding\":\"3.4.4\",\"matchCriteriaId\":\"7F246C7C-0040-4BAF-B0EF-B2CA593F6369\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:traefik:traefik:3.5.0:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"864A70A5-50E4-4A91-B497-39F0B3859203\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:traefik:traefik:3.5.0:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"889325B6-8E4F-4F67-AD9C-02413389825F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:traefik:traefik:3.5.0:rc2:*:*:*:*:*:*\",\"matchCriteriaId\":\"99074CB0-FD1A-4092-B627-06CBD23A9ABA\"}]}]}],\"references\":[{\"url\":\"https://github.com/traefik/plugin-service/pull/71\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/traefik/plugin-service/pull/72\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/traefik/traefik/commit/5ef853a0c53068f69a6c229a5815a0dc6e0a8800\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/traefik/traefik/pull/11911\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/traefik/traefik/releases/tag/v2.11.28\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://github.com/traefik/traefik/security/advisories/GHSA-q6gg-9f92-r9wg\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Vendor Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-54386\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-08-04T15:27:58.318834Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-08-04T15:28:02.818Z\"}}], \"cna\": {\"title\": \"Traefik\u0027s Client Plugin is Vulnerable to Path Traversal, Arbitrary File Overwrites and Remote Code Execution\", \"source\": {\"advisory\": \"GHSA-q6gg-9f92-r9wg\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"cvssV4_0\": {\"version\": \"4.0\", \"baseScore\": 7.3, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:P/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L\", \"userInteraction\": \"PASSIVE\", \"attackComplexity\": \"HIGH\", \"attackRequirements\": \"PRESENT\", \"privilegesRequired\": \"HIGH\", \"subIntegrityImpact\": \"LOW\", \"vulnIntegrityImpact\": \"HIGH\", \"subAvailabilityImpact\": \"LOW\", \"vulnAvailabilityImpact\": \"HIGH\", \"subConfidentialityImpact\": \"LOW\", \"vulnConfidentialityImpact\": \"HIGH\"}}], \"affected\": [{\"vendor\": \"traefik\", \"product\": \"traefik\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003c= 2.11.27, \u003c 2.11.28\"}, {\"status\": \"affected\", \"version\": \"\u003c= 3.0.0, \u003c 3.4.5\"}, {\"status\": \"affected\", \"version\": \"\u003e= 3.5.0-rc1, \u003c 3.5.0-rc2\"}]}], \"references\": [{\"url\": \"https://github.com/traefik/traefik/security/advisories/GHSA-q6gg-9f92-r9wg\", \"name\": \"https://github.com/traefik/traefik/security/advisories/GHSA-q6gg-9f92-r9wg\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://github.com/traefik/plugin-service/pull/71\", \"name\": \"https://github.com/traefik/plugin-service/pull/71\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/traefik/plugin-service/pull/72\", \"name\": \"https://github.com/traefik/plugin-service/pull/72\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/traefik/traefik/pull/11911\", \"name\": \"https://github.com/traefik/traefik/pull/11911\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/traefik/traefik/commit/5ef853a0c53068f69a6c229a5815a0dc6e0a8800\", \"name\": \"https://github.com/traefik/traefik/commit/5ef853a0c53068f69a6c229a5815a0dc6e0a8800\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/traefik/traefik/releases/tag/v2.11.28\", \"name\": \"https://github.com/traefik/traefik/releases/tag/v2.11.28\", \"tags\": [\"x_refsource_MISC\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Traefik is an HTTP reverse proxy and load balancer. In versions 2.11.27 and below, 3.0.0 through 3.4.4 and 3.5.0-rc1, a path traversal vulnerability was discovered in WASM Traefik\\u2019s plugin installation mechanism. By supplying a maliciously crafted ZIP archive containing file paths with ../ sequences, an attacker can overwrite arbitrary files on the system outside of the intended plugin directory. This can lead to remote code execution (RCE), privilege escalation, persistence, or denial of service. This is fixed in versions 2.11.28, 3.4.5 and 3.5.0.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-22\", \"description\": \"CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)\"}]}, {\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-30\", \"description\": \"CWE-30: Path Traversal: \u0027dir..filename\u0027\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2025-08-01T23:32:21.747Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2025-54386\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-08-04T15:28:06.189Z\", \"dateReserved\": \"2025-07-21T16:12:20.734Z\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"datePublished\": \"2025-08-01T23:32:21.747Z\", \"assignerShortName\": \"GitHub_M\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

CERTFR-2025-AVI-0652

Vulnerability from certfr_avis - Published: - Updated:

Une vulnérabilité a été découverte dans dans le greffon "WASM Client" pour Traefik. Elle permet à un attaquant de provoquer une atteinte à l'intégrité des données.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
Traefik	Traefik	Greffon "WASM Client" pour Traefik versions v3.5.x antérieures à v3.5.0
Traefik	Traefik	Greffon "WASM Client" pour Traefik versions v3.4.x antérieures à v3.4.5
Traefik	Traefik	Greffon "WASM Client" pour Traefik versions antérieures à v2.11.28

References

Title

Publication Time

Tags

Bulletin de sécurité Traefik GHSA-q6gg-9f92-r9wg

2025-08-01

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Greffon \"WASM Client\" pour Traefik versions v3.5.x ant\u00e9rieures \u00e0 v3.5.0",
      "product": {
        "name": "Traefik",
        "vendor": {
          "name": "Traefik",
          "scada": false
        }
      }
    },
    {
      "description": "Greffon \"WASM Client\" pour Traefik versions v3.4.x ant\u00e9rieures \u00e0 v3.4.5",
      "product": {
        "name": "Traefik",
        "vendor": {
          "name": "Traefik",
          "scada": false
        }
      }
    },
    {
      "description": "Greffon \"WASM Client\" pour Traefik versions ant\u00e9rieures \u00e0 v2.11.28",
      "product": {
        "name": "Traefik",
        "vendor": {
          "name": "Traefik",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2025-54386",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-54386"
    }
  ],
  "links": [],
  "reference": "CERTFR-2025-AVI-0652",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2025-08-04T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans  dans le greffon \"WASM Client\" pour Traefik. Elle permet \u00e0 un attaquant de provoquer une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.",
  "title": "Vuln\u00e9rabilit\u00e9 dans le greffon \"WASM Client\" pour Traefik",
  "vendor_advisories": [
    {
      "published_at": "2025-08-01",
      "title": "Bulletin de s\u00e9curit\u00e9 Traefik GHSA-q6gg-9f92-r9wg",
      "url": "https://github.com/traefik/traefik/security/advisories/GHSA-q6gg-9f92-r9wg"
    }
  ]
}

CERTFR-2025-AVI-0652

Vulnerability from certfr_avis - Published: - Updated:

Une vulnérabilité a été découverte dans dans le greffon "WASM Client" pour Traefik. Elle permet à un attaquant de provoquer une atteinte à l'intégrité des données.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
Traefik	Traefik	Greffon "WASM Client" pour Traefik versions v3.5.x antérieures à v3.5.0
Traefik	Traefik	Greffon "WASM Client" pour Traefik versions v3.4.x antérieures à v3.4.5
Traefik	Traefik	Greffon "WASM Client" pour Traefik versions antérieures à v2.11.28

References

Title

Publication Time

Tags

Bulletin de sécurité Traefik GHSA-q6gg-9f92-r9wg

2025-08-01

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Greffon \"WASM Client\" pour Traefik versions v3.5.x ant\u00e9rieures \u00e0 v3.5.0",
      "product": {
        "name": "Traefik",
        "vendor": {
          "name": "Traefik",
          "scada": false
        }
      }
    },
    {
      "description": "Greffon \"WASM Client\" pour Traefik versions v3.4.x ant\u00e9rieures \u00e0 v3.4.5",
      "product": {
        "name": "Traefik",
        "vendor": {
          "name": "Traefik",
          "scada": false
        }
      }
    },
    {
      "description": "Greffon \"WASM Client\" pour Traefik versions ant\u00e9rieures \u00e0 v2.11.28",
      "product": {
        "name": "Traefik",
        "vendor": {
          "name": "Traefik",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2025-54386",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-54386"
    }
  ],
  "links": [],
  "reference": "CERTFR-2025-AVI-0652",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2025-08-04T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans  dans le greffon \"WASM Client\" pour Traefik. Elle permet \u00e0 un attaquant de provoquer une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.",
  "title": "Vuln\u00e9rabilit\u00e9 dans le greffon \"WASM Client\" pour Traefik",
  "vendor_advisories": [
    {
      "published_at": "2025-08-01",
      "title": "Bulletin de s\u00e9curit\u00e9 Traefik GHSA-q6gg-9f92-r9wg",
      "url": "https://github.com/traefik/traefik/security/advisories/GHSA-q6gg-9f92-r9wg"
    }
  ]
}

FKIE_CVE-2025-54386

Vulnerability from fkie_nvd - Published: 2025-08-02 00:15 - Updated: 2025-11-26 14:02

Severity ?

9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

References

URL	Tags
security-advisories@github.com	https://github.com/traefik/plugin-service/pull/71	Patch
security-advisories@github.com	https://github.com/traefik/plugin-service/pull/72	Patch
security-advisories@github.com	https://github.com/traefik/traefik/commit/5ef853a0c53068f69a6c229a5815a0dc6e0a8800	Patch
security-advisories@github.com	https://github.com/traefik/traefik/pull/11911	Patch
security-advisories@github.com	https://github.com/traefik/traefik/releases/tag/v2.11.28	Release Notes
security-advisories@github.com	https://github.com/traefik/traefik/security/advisories/GHSA-q6gg-9f92-r9wg	Vendor Advisory

Impacted products

Vendor	Product	Version
traefik	traefik	*
traefik	traefik	*
traefik	traefik	3.5.0
traefik	traefik	3.5.0
traefik	traefik	3.5.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:traefik:traefik:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "70562832-82A7-4B99-AC35-225226910C29",
              "versionEndExcluding": "2.11.7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:traefik:traefik:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "7F246C7C-0040-4BAF-B0EF-B2CA593F6369",
              "versionEndExcluding": "3.4.4",
              "versionStartIncluding": "3.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:traefik:traefik:3.5.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "864A70A5-50E4-4A91-B497-39F0B3859203",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:traefik:traefik:3.5.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "889325B6-8E4F-4F67-AD9C-02413389825F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:traefik:traefik:3.5.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "99074CB0-FD1A-4092-B627-06CBD23A9ABA",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Traefik is an HTTP reverse proxy and load balancer. In versions 2.11.27 and below, 3.0.0 through 3.4.4 and 3.5.0-rc1, a path traversal vulnerability was discovered in WASM Traefik\u2019s plugin installation mechanism. By supplying a maliciously crafted ZIP archive containing file paths with ../ sequences, an attacker can overwrite arbitrary files on the system outside of the intended plugin directory. This can lead to remote code execution (RCE), privilege escalation, persistence, or denial of service. This is fixed in versions 2.11.28, 3.4.5 and 3.5.0."
    },
    {
      "lang": "es",
      "value": "Traefik es un proxy inverso HTTP y balanceador de carga. En las versiones 2.11.27 y anteriores, 3.0.0 a 3.4.4 y 3.5.0-rc1, se descubri\u00f3 una vulnerabilidad de Path traversal en el mecanismo de instalaci\u00f3n del complemento de WASM Traefik. Al proporcionar un archivo ZIP manipulado con fines malintencionados que contiene rutas de archivos con secuencias ../, un atacante puede sobrescribir archivos arbitrarios en el sistema fuera del directorio del complemento. Esto puede provocar ejecuci\u00f3n remota de c\u00f3digo (RCE), escalada de privilegios, persistencia o denegaci\u00f3n de servicio. Esto se ha corregido en las versiones 2.11.28, 3.4.5 y 3.5.0."
    }
  ],
  "id": "CVE-2025-54386",
  "lastModified": "2025-11-26T14:02:03.067",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ],
    "cvssMetricV40": [
      {
        "cvssData": {
          "Automatable": "NOT_DEFINED",
          "Recovery": "NOT_DEFINED",
          "Safety": "NOT_DEFINED",
          "attackComplexity": "HIGH",
          "attackRequirements": "PRESENT",
          "attackVector": "NETWORK",
          "availabilityRequirement": "NOT_DEFINED",
          "baseScore": 7.3,
          "baseSeverity": "HIGH",
          "confidentialityRequirement": "NOT_DEFINED",
          "exploitMaturity": "NOT_DEFINED",
          "integrityRequirement": "NOT_DEFINED",
          "modifiedAttackComplexity": "NOT_DEFINED",
          "modifiedAttackRequirements": "NOT_DEFINED",
          "modifiedAttackVector": "NOT_DEFINED",
          "modifiedPrivilegesRequired": "NOT_DEFINED",
          "modifiedSubAvailabilityImpact": "NOT_DEFINED",
          "modifiedSubConfidentialityImpact": "NOT_DEFINED",
          "modifiedSubIntegrityImpact": "NOT_DEFINED",
          "modifiedUserInteraction": "NOT_DEFINED",
          "modifiedVulnAvailabilityImpact": "NOT_DEFINED",
          "modifiedVulnConfidentialityImpact": "NOT_DEFINED",
          "modifiedVulnIntegrityImpact": "NOT_DEFINED",
          "privilegesRequired": "HIGH",
          "providerUrgency": "NOT_DEFINED",
          "subAvailabilityImpact": "LOW",
          "subConfidentialityImpact": "LOW",
          "subIntegrityImpact": "LOW",
          "userInteraction": "PASSIVE",
          "valueDensity": "NOT_DEFINED",
          "vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:P/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
          "version": "4.0",
          "vulnAvailabilityImpact": "HIGH",
          "vulnConfidentialityImpact": "HIGH",
          "vulnIntegrityImpact": "HIGH",
          "vulnerabilityResponseEffort": "NOT_DEFINED"
        },
        "source": "security-advisories@github.com",
        "type": "Secondary"
      }
    ]
  },
  "published": "2025-08-02T00:15:25.500",
  "references": [
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Patch"
      ],
      "url": "https://github.com/traefik/plugin-service/pull/71"
    },
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Patch"
      ],
      "url": "https://github.com/traefik/plugin-service/pull/72"
    },
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Patch"
      ],
      "url": "https://github.com/traefik/traefik/commit/5ef853a0c53068f69a6c229a5815a0dc6e0a8800"
    },
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Patch"
      ],
      "url": "https://github.com/traefik/traefik/pull/11911"
    },
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Release Notes"
      ],
      "url": "https://github.com/traefik/traefik/releases/tag/v2.11.28"
    },
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://github.com/traefik/traefik/security/advisories/GHSA-q6gg-9f92-r9wg"
    }
  ],
  "sourceIdentifier": "security-advisories@github.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-22"
        },
        {
          "lang": "en",
          "value": "CWE-30"
        }
      ],
      "source": "security-advisories@github.com",
      "type": "Primary"
    }
  ]
}

GHSA-Q6GG-9F92-R9WG

Vulnerability from github – Published: 2025-08-01 18:08 – Updated: 2025-11-27 09:02

Summary

Traefik Client Plugin's Path Traversal Vulnerability Allows Arbitrary File Overwrite and Remote Code Execution

Details

Summary

A path traversal vulnerability was discovered in WASM Traefik’s plugin installation mechanism. By supplying a maliciously crafted ZIP archive containing file paths with ../ sequences, an attacker can overwrite arbitrary files on the system outside of the intended plugin directory. This can lead to remote code execution (RCE), privilege escalation, persistence, or denial of service. ✅ After investigation, it is confirmed that no plugins on the Catalog were affected. There is no known impact.

Details

The vulnerability resides in the WASM plugin extraction logic, specifically in the unzipFile function (/plugins/client.go). The application constructs file paths during ZIP extraction using filepath.Join(destDir, f.Name) without validating or sanitizing f.Name. If the ZIP archive contains entries with ../, the resulting path can escape the intended directory, allowing writes to arbitrary locations on the host filesystem.

Attack Requirements

There are several requirements needed to make this attack possible: - The Traefik server should be deployed with plugins enabled with a WASM plugin (yaegi plugins are not impacted). - The attacker should have write access to a remote plugin asset loaded by the Traefik server - The attacker should craft a malicious version of this plugin

Warning

As clearly stated in the documentation, plugins are experimental in Traefik, and unsafe plugins could damage your infrastructure:

Experimental Features Plugins can change the behavior of Traefik in unforeseen ways. Exercise caution when adding new plugins to production Traefik instances.

Impact

This vulnerability did not affect any plugin from the catalog. There is no known impact. Additionally, the catalog will also prevent any compromised plugin to be available across all Traefik versions. This vulnerability can allow an attacker to perform arbitrary file write outside the intended plugin extraction directory by crafting a malicious ZIP archive that includes ../ (directory traversal) in file paths.

Severity ?

7.3 (High)


                  
                    CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:P/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 2.11.27"
      },
      "package": {
        "ecosystem": "Go",
        "name": "github.com/traefik/traefik/v2"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.11.28"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 3.4.4"
      },
      "package": {
        "ecosystem": "Go",
        "name": "github.com/traefik/traefik/v3"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "3.4.5"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 3.5.0-rc2"
      },
      "package": {
        "ecosystem": "Go",
        "name": "github.com/traefik/traefik/v3"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "3.5.0-rc1"
            },
            {
              "fixed": "3.5.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2025-54386"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-22",
      "CWE-30"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2025-08-01T18:08:15Z",
    "nvd_published_at": "2025-08-02T00:15:25Z",
    "severity": "HIGH"
  },
  "details": "### Summary\nA path traversal vulnerability was discovered in WASM Traefik\u2019s plugin installation mechanism. By supplying a maliciously crafted ZIP archive containing file paths with `../` sequences, an attacker can overwrite arbitrary files on the system outside of the intended plugin directory. This can lead to remote code execution (RCE), privilege escalation, persistence, or denial of service.\n **\u2705 After investigation, it is confirmed that no plugins on the [Catalog](https://plugins.traefik.io/plugins) were affected. There is no known impact.**\n\n### Details\nThe vulnerability resides in the WASM plugin extraction logic, specifically in the `unzipFile` function (`/plugins/client.go`). The application constructs file paths during ZIP extraction using `filepath.Join(destDir, f.Name)` without validating or sanitizing `f.Name`. If the ZIP archive contains entries with `../`, the resulting path can escape the intended directory, allowing writes to arbitrary locations on the host filesystem.\n\n### Attack Requirements\nThere are several requirements needed to make this attack possible:\n- The Traefik server should be deployed with [plugins enabled](https://doc.traefik.io/traefik/plugins/) with a WASM plugin (yaegi plugins are not impacted).\n- The attacker should have write access to a remote plugin asset loaded by the Traefik server\n- The attacker should craft a malicious version of this plugin\n\n### Warning\nAs clearly stated in the [documentation](https://doc.traefik.io/traefik/plugins/), plugins are experimental in Traefik, and unsafe plugins could damage your infrastructure:\n\n\u003e **Experimental Features**\nPlugins can change the behavior of Traefik in unforeseen ways. Exercise caution when adding new plugins to production Traefik instances.\n\n### Impact\n**This vulnerability did not affect any plugin from the catalog. There is no known impact. \nAdditionally, the catalog will also prevent any compromised plugin to be available across all Traefik versions.**\nThis vulnerability can allow an attacker to perform arbitrary file write outside the intended plugin extraction directory by crafting a malicious ZIP archive that includes `../` (directory traversal) in file paths.",
  "id": "GHSA-q6gg-9f92-r9wg",
  "modified": "2025-11-27T09:02:51Z",
  "published": "2025-08-01T18:08:15Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/traefik/traefik/security/advisories/GHSA-q6gg-9f92-r9wg"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-54386"
    },
    {
      "type": "WEB",
      "url": "https://github.com/traefik/plugin-service/pull/71"
    },
    {
      "type": "WEB",
      "url": "https://github.com/traefik/plugin-service/pull/72"
    },
    {
      "type": "WEB",
      "url": "https://github.com/traefik/traefik/pull/11911"
    },
    {
      "type": "WEB",
      "url": "https://github.com/traefik/traefik/commit/5ef853a0c53068f69a6c229a5815a0dc6e0a8800"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/traefik/traefik"
    },
    {
      "type": "WEB",
      "url": "https://github.com/traefik/traefik/releases/tag/v2.11.28"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:P/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L",
      "type": "CVSS_V4"
    }
  ],
  "summary": "Traefik Client Plugin\u0027s Path Traversal Vulnerability Allows Arbitrary File Overwrite and Remote Code Execution"
}

OPENSUSE-SU-2025:15434-1

Vulnerability from csaf_opensuse - Published: 2025-08-12 00:00 - Updated: 2025-08-12 00:00

Summary

govulncheck-vulndb-0.0.20250811T192933-1.1 on GA media

Notes

Title of the patch

govulncheck-vulndb-0.0.20250811T192933-1.1 on GA media

Description of the patch

These are all security issues fixed in the govulncheck-vulndb-0.0.20250811T192933-1.1 package on the GA media of openSUSE Tumbleweed.

Patchnames

openSUSE-Tumbleweed-2025-15434

CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "govulncheck-vulndb-0.0.20250811T192933-1.1 on GA media",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "These are all security issues fixed in the govulncheck-vulndb-0.0.20250811T192933-1.1 package on the GA media of openSUSE Tumbleweed.",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "openSUSE-Tumbleweed-2025-15434",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2025_15434-1.json"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2021-21411 page",
        "url": "https://www.suse.com/security/cve/CVE-2021-21411/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-44779 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-44779/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-50738 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-50738/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-53534 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-53534/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-53942 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-53942/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-54386 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-54386/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-54388 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-54388/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-54410 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-54410/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-54424 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-54424/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-54576 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-54576/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-54799 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-54799/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-54801 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-54801/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-54996 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-54996/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-54997 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-54997/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-54998 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-54998/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-54999 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-54999/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-55000 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-55000/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-55001 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-55001/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-55003 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-55003/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-5999 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-5999/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-6000 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-6000/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-6004 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-6004/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-6011 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-6011/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-6013 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-6013/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-6014 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-6014/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-6015 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-6015/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-6037 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-6037/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-7195 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-7195/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-8341 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-8341/"
      }
    ],
    "title": "govulncheck-vulndb-0.0.20250811T192933-1.1 on GA media",
    "tracking": {
      "current_release_date": "2025-08-12T00:00:00Z",
      "generator": {
        "date": "2025-08-12T00:00:00Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "openSUSE-SU-2025:15434-1",
      "initial_release_date": "2025-08-12T00:00:00Z",
      "revision_history": [
        {
          "date": "2025-08-12T00:00:00Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "govulncheck-vulndb-0.0.20250811T192933-1.1.aarch64",
                "product": {
                  "name": "govulncheck-vulndb-0.0.20250811T192933-1.1.aarch64",
                  "product_id": "govulncheck-vulndb-0.0.20250811T192933-1.1.aarch64"
                }
              }
            ],
            "category": "architecture",
            "name": "aarch64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "govulncheck-vulndb-0.0.20250811T192933-1.1.ppc64le",
                "product": {
                  "name": "govulncheck-vulndb-0.0.20250811T192933-1.1.ppc64le",
                  "product_id": "govulncheck-vulndb-0.0.20250811T192933-1.1.ppc64le"
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "govulncheck-vulndb-0.0.20250811T192933-1.1.s390x",
                "product": {
                  "name": "govulncheck-vulndb-0.0.20250811T192933-1.1.s390x",
                  "product_id": "govulncheck-vulndb-0.0.20250811T192933-1.1.s390x"
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "govulncheck-vulndb-0.0.20250811T192933-1.1.x86_64",
                "product": {
                  "name": "govulncheck-vulndb-0.0.20250811T192933-1.1.x86_64",
                  "product_id": "govulncheck-vulndb-0.0.20250811T192933-1.1.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "openSUSE Tumbleweed",
                "product": {
                  "name": "openSUSE Tumbleweed",
                  "product_id": "openSUSE Tumbleweed",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:opensuse:tumbleweed"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "govulncheck-vulndb-0.0.20250811T192933-1.1.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.aarch64"
        },
        "product_reference": "govulncheck-vulndb-0.0.20250811T192933-1.1.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "govulncheck-vulndb-0.0.20250811T192933-1.1.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.ppc64le"
        },
        "product_reference": "govulncheck-vulndb-0.0.20250811T192933-1.1.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "govulncheck-vulndb-0.0.20250811T192933-1.1.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.s390x"
        },
        "product_reference": "govulncheck-vulndb-0.0.20250811T192933-1.1.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "govulncheck-vulndb-0.0.20250811T192933-1.1.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.x86_64"
        },
        "product_reference": "govulncheck-vulndb-0.0.20250811T192933-1.1.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2021-21411",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2021-21411"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "OAuth2-Proxy is an open source reverse proxy that provides authentication with Google, Github or other providers. The `--gitlab-group` flag for group-based authorization in the GitLab provider stopped working in the v7.0.0 release. Regardless of the flag settings, authorization wasn\u0027t restricted. Additionally, any authenticated users had whichever groups were set in `--gitlab-group` added to the new `X-Forwarded-Groups` header to the upstream application. While adding GitLab project based authorization support in #630, a bug was introduced where the user session\u0027s groups field was populated with the `--gitlab-group` config entries instead of pulling the individual user\u0027s group membership from the GitLab Userinfo endpoint. When the session groups where compared against the allowed groups for authorization, they matched improperly (since both lists were populated with the same data) so authorization was allowed. This impacts GitLab Provider users who relies on group membership for authorization restrictions. Any authenticated users in your GitLab environment can access your applications regardless of `--gitlab-group` membership restrictions. This is patched in v7.1.0. There is no workaround for the Group membership bug. But `--gitlab-project` can be set to use Project membership as the authorization checks instead of groups; it is not broken.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.aarch64",
          "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.ppc64le",
          "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.s390x",
          "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2021-21411",
          "url": "https://www.suse.com/security/cve/CVE-2021-21411"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.aarch64",
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.ppc64le",
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.s390x",
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.aarch64",
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.ppc64le",
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.s390x",
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-08-12T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2021-21411"
    },
    {
      "cve": "CVE-2025-44779",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-44779"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "An issue in Ollama v0.1.33 allows attackers to delete arbitrary files via sending a crafted packet to the endpoint /api/pull.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.aarch64",
          "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.ppc64le",
          "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.s390x",
          "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-44779",
          "url": "https://www.suse.com/security/cve/CVE-2025-44779"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1247810 for CVE-2025-44779",
          "url": "https://bugzilla.suse.com/1247810"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.aarch64",
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.ppc64le",
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.s390x",
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-08-12T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-44779"
    },
    {
      "cve": "CVE-2025-50738",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-50738"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "The Memos application, up to version v0.24.3, allows for the embedding of markdown images with arbitrary URLs. When a user views a memo containing such an image, their browser automatically fetches the image URL without explicit user consent or interaction beyond viewing the memo. This can be exploited by an attacker to disclose the viewing user\u0027s IP address, browser User-Agent string, and potentially other request-specific information to the attacker-controlled server, leading to information disclosure and user tracking.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.aarch64",
          "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.ppc64le",
          "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.s390x",
          "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-50738",
          "url": "https://www.suse.com/security/cve/CVE-2025-50738"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.aarch64",
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.ppc64le",
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.s390x",
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-08-12T00:00:00Z",
          "details": "critical"
        }
      ],
      "title": "CVE-2025-50738"
    },
    {
      "cve": "CVE-2025-53534",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-53534"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "RatPanel is a server operation and maintenance management panel. In versions 2.3.19 through 2.5.5, when an attacker obtains the backend login path of RatPanel (including but not limited to weak default paths, brute-force cracking, etc.), they can execute system commands or take over hosts managed by the panel without logging in. In addition to this remote code execution (RCE) vulnerability, the flawed code also leads to unauthorized access. RatPanel uses the CleanPath middleware provided by github.com/go-chi/chi package to clean URLs, but but the middleware does not process r.URL.Path, which can cause the paths to be misinterpreted. This is fixed in version 2.5.6.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.aarch64",
          "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.ppc64le",
          "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.s390x",
          "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-53534",
          "url": "https://www.suse.com/security/cve/CVE-2025-53534"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.aarch64",
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.ppc64le",
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.s390x",
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-08-12T00:00:00Z",
          "details": "not set"
        }
      ],
      "title": "CVE-2025-53534"
    },
    {
      "cve": "CVE-2025-53942",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-53942"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "authentik is an open-source Identity Provider that emphasizes flexibility and versatility, with support for a wide set of protocols. In versions 2025.4.4 and earlier, as well as versions 2025.6.0-rc1 through 2025.6.3, deactivated users who registered through OAuth/SAML or linked their accounts to OAuth/SAML providers can still retain partial access to the system despite their accounts being deactivated. They end up in a half-authenticated state where they cannot access the API but crucially they can authorize applications if they know the URL of the application. To workaround this issue, developers can add an expression policy to the user login stage on the respective authentication flow with the expression of return request.context[\"pending_user\"].is_active. This modification ensures that the return statement only activates the user login stage when the user is active. This issue is fixed in versions authentik 2025.4.4 and 2025.6.4.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.aarch64",
          "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.ppc64le",
          "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.s390x",
          "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-53942",
          "url": "https://www.suse.com/security/cve/CVE-2025-53942"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.aarch64",
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.ppc64le",
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.s390x",
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.4,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.aarch64",
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.ppc64le",
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.s390x",
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-08-12T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2025-53942"
    },
    {
      "cve": "CVE-2025-54386",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-54386"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Traefik is an HTTP reverse proxy and load balancer. In versions 2.11.27 and below, 3.0.0 through 3.4.4 and 3.5.0-rc1, a path traversal vulnerability was discovered in WASM Traefik\u0027s plugin installation mechanism. By supplying a maliciously crafted ZIP archive containing file paths with ../ sequences, an attacker can overwrite arbitrary files on the system outside of the intended plugin directory. This can lead to remote code execution (RCE), privilege escalation, persistence, or denial of service. This is fixed in versions 2.11.28, 3.4.5 and 3.5.0.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.aarch64",
          "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.ppc64le",
          "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.s390x",
          "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-54386",
          "url": "https://www.suse.com/security/cve/CVE-2025-54386"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1247524 for CVE-2025-54386",
          "url": "https://bugzilla.suse.com/1247524"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.aarch64",
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.ppc64le",
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.s390x",
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.aarch64",
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.ppc64le",
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.s390x",
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-08-12T00:00:00Z",
          "details": "critical"
        }
      ],
      "title": "CVE-2025-54386"
    },
    {
      "cve": "CVE-2025-54388",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-54388"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Moby is an open source container framework developed by Docker Inc. that is distributed as Docker Engine, Mirantis Container Runtime, and various other downstream projects/products. In versions 28.2.0 through 28.3.2, when the firewalld service is reloaded it removes all iptables rules including those created by Docker. While Docker should automatically recreate these rules, versions before 28.3.3 fail to recreate the specific rules that block external access to containers. This means that after a firewalld reload, containers with ports published to localhost (like 127.0.0.1:8080) become accessible from remote machines that have network routing to the Docker bridge, even though they should only be accessible from the host itself. The vulnerability only affects explicitly published ports - unpublished ports remain protected. This issue is fixed in version 28.3.3.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.aarch64",
          "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.ppc64le",
          "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.s390x",
          "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-54388",
          "url": "https://www.suse.com/security/cve/CVE-2025-54388"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1247367 for CVE-2025-54388",
          "url": "https://bugzilla.suse.com/1247367"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.aarch64",
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.ppc64le",
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.s390x",
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.2,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.aarch64",
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.ppc64le",
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.s390x",
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-08-12T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-54388"
    },
    {
      "cve": "CVE-2025-54410",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-54410"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Moby is an open source container framework developed by Docker Inc. that is distributed as Docker Engine, Mirantis Container Runtime, and various other downstream projects/products. A firewalld vulnerability affects Moby releases before 28.0.0. When firewalld reloads, Docker fails to re-create iptables rules that isolate bridge networks, allowing any container to access all ports on any other container across different bridge networks on the same host. This breaks network segmentation between containers that should be isolated, creating significant risk in multi-tenant environments. Only containers in --internal networks remain protected.\nWorkarounds include reloading firewalld and either restarting the docker daemon, re-creating bridge networks, or using rootless mode. Maintainers anticipate a fix for this issue in version 25.0.13.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.aarch64",
          "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.ppc64le",
          "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.s390x",
          "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-54410",
          "url": "https://www.suse.com/security/cve/CVE-2025-54410"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1247392 for CVE-2025-54410",
          "url": "https://bugzilla.suse.com/1247392"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.aarch64",
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.ppc64le",
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.s390x",
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 3.9,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.aarch64",
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.ppc64le",
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.s390x",
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-08-12T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-54410"
    },
    {
      "cve": "CVE-2025-54424",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-54424"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "1Panel is a web interface and MCP Server that manages websites, files, containers, databases, and LLMs on a Linux server. In versions 2.0.5 and below, the HTTPS protocol used for communication between the Core and Agent endpoints has incomplete certificate verification during certificate validation, leading to unauthorized interface access. Due to the presence of numerous command execution or high-privilege interfaces in 1Panel, this results in Remote Code Execution (RCE). This is fixed in version 2.0.6. The CVE has been translated from Simplified Chinese using GitHub Copilot.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.aarch64",
          "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.ppc64le",
          "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.s390x",
          "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-54424",
          "url": "https://www.suse.com/security/cve/CVE-2025-54424"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.aarch64",
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.ppc64le",
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.s390x",
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-08-12T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2025-54424"
    },
    {
      "cve": "CVE-2025-54576",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-54576"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "OAuth2-Proxy is an open-source tool that can act as either a standalone reverse proxy or a middleware component integrated into existing reverse proxy or load balancer setups. In versions 7.10.0 and below, oauth2-proxy deployments are vulnerable when using the skip_auth_routes configuration option with regex patterns. Attackers can bypass authentication by crafting URLs with query parameters that satisfy configured regex patterns, allowing unauthorized access to protected resources. The issue stems from skip_auth_routes matching against the full request URI. Deployments using skip_auth_routes with regex patterns containing wildcards or broad matching patterns are most at risk. This issue is fixed in version 7.11.0. Workarounds include: auditing all skip_auth_routes configurations for overly permissive patterns, replacing wildcard patterns with exact path matches where possible, ensuring regex patterns are properly anchored (starting with ^ and ending with $), or implementing custom validation that strips query parameters before regex matching.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.aarch64",
          "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.ppc64le",
          "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.s390x",
          "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-54576",
          "url": "https://www.suse.com/security/cve/CVE-2025-54576"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.aarch64",
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.ppc64le",
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.s390x",
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-08-12T00:00:00Z",
          "details": "critical"
        }
      ],
      "title": "CVE-2025-54576"
    },
    {
      "cve": "CVE-2025-54799",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-54799"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Let\u0027s Encrypt client and ACME library written in Go (Lego). In versions 4.25.1 and below, the github.com/go-acme/lego/v4/acme/api package (thus the lego library and the lego cli as well) don\u0027t enforce HTTPS when talking to CAs as an ACME client. Unlike the http-01 challenge which solves an ACME challenge over unencrypted HTTP, the ACME protocol requires HTTPS when a client communicates with the CA to performs ACME functions. However, the library fails to enforce HTTPS both in the original discover URL (configured by the library user) and in the subsequent addresses returned by the CAs in the directory and order objects. If users input HTTP URLs or CAs misconfigure endpoints, protocol operations occur over HTTP instead of HTTPS. This compromises privacy by exposing request/response details like account and request identifiers to network attackers. This was fixed in version 4.25.2.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.aarch64",
          "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.ppc64le",
          "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.s390x",
          "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-54799",
          "url": "https://www.suse.com/security/cve/CVE-2025-54799"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1247743 for CVE-2025-54799",
          "url": "https://bugzilla.suse.com/1247743"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.aarch64",
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.ppc64le",
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.s390x",
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-08-12T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-54799"
    },
    {
      "cve": "CVE-2025-54801",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-54801"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Fiber is an Express inspired web framework written in Go. In versions 2.52.8 and below, when using Fiber\u0027s Ctx.BodyParser to parse form data containing a large numeric key that represents a slice index (e.g., test.18446744073704), the application crashes due to an out-of-bounds slice allocation in the underlying schema decoder. The root cause is that the decoder attempts to allocate a slice of length idx + 1 without validating whether the index is within a safe or reasonable range. If the idx is excessively large, this leads to an integer overflow or memory exhaustion, causing a panic or crash. This is fixed in version 2.52.9.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.aarch64",
          "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.ppc64le",
          "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.s390x",
          "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-54801",
          "url": "https://www.suse.com/security/cve/CVE-2025-54801"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.aarch64",
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.ppc64le",
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.s390x",
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-08-12T00:00:00Z",
          "details": "not set"
        }
      ],
      "title": "CVE-2025-54801"
    },
    {
      "cve": "CVE-2025-54996",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-54996"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "OpenBao exists to provide a software solution to manage, store, and distribute sensitive data including secrets, certificates, and keys. In versions 2.3.1 and below, accounts with access to highly-privileged identity entity systems in root namespaces were able to increase their scope directly to the root policy. While the identity system allowed adding arbitrary policies, which in turn could contain capability grants on arbitrary paths, the root policy was restricted to manual generation using unseal or recovery key shares. The global root policy was not accessible from child namespaces. This issue is fixed in version 2.3.2. To workaround this vulnerability, use of denied_parameters in any policy which has access to the affected identity endpoints (on identity entities) may be sufficient to prohibit this type of attack.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.aarch64",
          "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.ppc64le",
          "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.s390x",
          "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-54996",
          "url": "https://www.suse.com/security/cve/CVE-2025-54996"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1247888 for CVE-2025-54996",
          "url": "https://bugzilla.suse.com/1247888"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.aarch64",
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.ppc64le",
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.s390x",
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-08-12T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2025-54996"
    },
    {
      "cve": "CVE-2025-54997",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-54997"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "OpenBao exists to provide a software solution to manage, store, and distribute sensitive data including secrets, certificates, and keys. In versions 2.3.1 and below, some OpenBao deployments intentionally limit privileged API operators from executing system code or making network connections. However, these operators can bypass both restrictions through the audit subsystem by manipulating log prefixes. This allows unauthorized code execution and network access that violates the intended security model. This issue is fixed in version 2.3.2. To workaround, users can block access to sys/audit/* endpoints using explicit deny policies, but root operators cannot be restricted this way.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.aarch64",
          "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.ppc64le",
          "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.s390x",
          "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-54997",
          "url": "https://www.suse.com/security/cve/CVE-2025-54997"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1247889 for CVE-2025-54997",
          "url": "https://bugzilla.suse.com/1247889"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.aarch64",
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.ppc64le",
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.s390x",
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-08-12T00:00:00Z",
          "details": "critical"
        }
      ],
      "title": "CVE-2025-54997"
    },
    {
      "cve": "CVE-2025-54998",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-54998"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "OpenBao exists to provide a software solution to manage, store, and distribute sensitive data including secrets, certificates, and keys. In versions 0.1.0 through 2.3.1, attackers could bypass the automatic user lockout mechanisms in the OpenBao Userpass or LDAP auth systems. This was caused by different aliasing between pre-flight and full login request user entity alias attributions. This is fixed in version 2.3.2. To work around this issue, existing users may apply rate-limiting quotas on the authentication endpoints:, see https://openbao.org/api-docs/system/rate-limit-quotas/.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.aarch64",
          "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.ppc64le",
          "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.s390x",
          "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-54998",
          "url": "https://www.suse.com/security/cve/CVE-2025-54998"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1247890 for CVE-2025-54998",
          "url": "https://bugzilla.suse.com/1247890"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.aarch64",
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.ppc64le",
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.s390x",
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-08-12T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-54998"
    },
    {
      "cve": "CVE-2025-54999",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-54999"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "OpenBao exists to provide a software solution to manage, store, and distribute sensitive data including secrets, certificates, and keys. In versions 0.1.0 through 2.3.1, when using OpenBao\u0027s userpass auth method, user enumeration was possible due to timing difference between non-existent users and users with stored credentials. This is independent of whether the supplied credentials were valid for the given user. This issue was fixed in version 2.3.2. To work around this issue, users may use another auth method or apply rate limiting quotas to limit the number of requests in a period of time: https://openbao.org/api-docs/system/rate-limit-quotas/.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.aarch64",
          "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.ppc64le",
          "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.s390x",
          "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-54999",
          "url": "https://www.suse.com/security/cve/CVE-2025-54999"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1247891 for CVE-2025-54999",
          "url": "https://bugzilla.suse.com/1247891"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.aarch64",
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.ppc64le",
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.s390x",
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 3.7,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.aarch64",
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.ppc64le",
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.s390x",
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-08-12T00:00:00Z",
          "details": "low"
        }
      ],
      "title": "CVE-2025-54999"
    },
    {
      "cve": "CVE-2025-55000",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-55000"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "OpenBao exists to provide a software solution to manage, store, and distribute sensitive data including secrets, certificates, and keys. In versions 0.1.0 through 2.3.1, OpenBao\u0027s TOTP secrets engine could accept valid codes multiple times rather than strictly-once. This was caused by unexpected normalization in the underlying TOTP library. To work around, ensure that all codes are first normalized before submitting to the OpenBao endpoint. TOTP code verification is a privileged action; only trusted systems should be verifying codes.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.aarch64",
          "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.ppc64le",
          "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.s390x",
          "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-55000",
          "url": "https://www.suse.com/security/cve/CVE-2025-55000"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1247892 for CVE-2025-55000",
          "url": "https://bugzilla.suse.com/1247892"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.aarch64",
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.ppc64le",
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.s390x",
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-08-12T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-55000"
    },
    {
      "cve": "CVE-2025-55001",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-55001"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "OpenBao exists to provide a software solution to manage, store, and distribute sensitive data including secrets, certificates, and keys. In versions 2.3.1 and below, OpenBao allowed the assignment of policies and MFA attribution based upon entity aliases, chosen by the underlying auth method. When the username_as_alias=true parameter in the LDAP auth method was in use, the caller-supplied username was used verbatim without normalization, allowing an attacker to bypass alias-specific MFA requirements. This issue was fixed in version 2.3.2. To work around this, remove all usage of the username_as_alias=true parameter and update any entity aliases accordingly.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.aarch64",
          "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.ppc64le",
          "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.s390x",
          "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-55001",
          "url": "https://www.suse.com/security/cve/CVE-2025-55001"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1247893 for CVE-2025-55001",
          "url": "https://bugzilla.suse.com/1247893"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.aarch64",
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.ppc64le",
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.s390x",
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-08-12T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-55001"
    },
    {
      "cve": "CVE-2025-55003",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-55003"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "OpenBao exists to provide a software solution to manage, store, and distribute sensitive data including secrets, certificates, and keys. In versions 2.3.1 and below, OpenBao\u0027s Login Multi-Factor Authentication (MFA) system allows enforcing MFA using Time-based One Time Password (TOTP). Due to normalization applied by the underlying TOTP library, codes were accepted which could contain whitespace; this whitespace could bypass internal rate limiting of the MFA method and allow reuse of existing MFA codes. This issue was fixed in version 2.3.2. To work around this, use of rate-limiting quotas can limit an attacker\u0027s ability to exploit this: https://openbao.org/api-docs/system/rate-limit-quotas/.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.aarch64",
          "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.ppc64le",
          "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.s390x",
          "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-55003",
          "url": "https://www.suse.com/security/cve/CVE-2025-55003"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1247894 for CVE-2025-55003",
          "url": "https://bugzilla.suse.com/1247894"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.aarch64",
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.ppc64le",
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.s390x",
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-08-12T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-55003"
    },
    {
      "cve": "CVE-2025-5999",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-5999"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "A privileged Vault operator with write permissions to the root namespace\u0027s identity endpoint could escalate their own or another user\u0027s token privileges to Vault\u0027s root policy. Fixed in Vault Community Edition 1.20.0 and Vault Enterprise 1.20.0, 1.19.6, 1.18.11 and 1.16.22.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.aarch64",
          "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.ppc64le",
          "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.s390x",
          "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-5999",
          "url": "https://www.suse.com/security/cve/CVE-2025-5999"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.aarch64",
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.ppc64le",
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.s390x",
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-08-12T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2025-5999"
    },
    {
      "cve": "CVE-2025-6000",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-6000"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "A privileged Vault operator within the root namespace with write permission to {{sys/audit}} may obtain code execution on the underlying host if a plugin directory is set in Vault\u0027s configuration. Fixed in Vault Community Edition 1.20.1 and Vault Enterprise 1.20.1, 1.19.7, 1.18.12, and 1.16.23.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.aarch64",
          "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.ppc64le",
          "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.s390x",
          "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-6000",
          "url": "https://www.suse.com/security/cve/CVE-2025-6000"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1247546 for CVE-2025-6000",
          "url": "https://bugzilla.suse.com/1247546"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.aarch64",
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.ppc64le",
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.s390x",
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.aarch64",
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.ppc64le",
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.s390x",
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-08-12T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2025-6000"
    },
    {
      "cve": "CVE-2025-6004",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-6004"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Vault and Vault Enterprise\u0027s (\"Vault\") user lockout feature could be bypassed for Userpass and LDAP authentication methods. Fixed in Vault Community Edition 1.20.1 and Vault Enterprise 1.20.1, 1.19.7, 1.18.12, and 1.16.23.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.aarch64",
          "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.ppc64le",
          "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.s390x",
          "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-6004",
          "url": "https://www.suse.com/security/cve/CVE-2025-6004"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.aarch64",
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.ppc64le",
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.s390x",
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-08-12T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-6004"
    },
    {
      "cve": "CVE-2025-6011",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-6011"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "A timing side channel in Vault and Vault Enterprise\u0027s (\"Vault\") userpass auth method allowed an attacker to distinguish between existing and non-existing users, and potentially enumerate valid usernames for Vault\u0027s Userpass auth method. Fixed in Vault Community Edition 1.20.1 and Vault Enterprise 1.20.1, 1.19.7, 1.18.12, and 1.16.23.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.aarch64",
          "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.ppc64le",
          "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.s390x",
          "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-6011",
          "url": "https://www.suse.com/security/cve/CVE-2025-6011"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.aarch64",
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.ppc64le",
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.s390x",
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-08-12T00:00:00Z",
          "details": "low"
        }
      ],
      "title": "CVE-2025-6011"
    },
    {
      "cve": "CVE-2025-6013",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-6013"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Vault and Vault Enterprise\u0027s (\"Vault\") ldap auth method may not have correctly enforced MFA if username_as_alias was set to true and a user had multiple CNs that are equal but with leading or trailing spaces. Fixed in Vault Community Edition 1.20.2 and Vault Enterprise 1.20.2, 1.19.8, 1.18.13, and 1.16.24.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.aarch64",
          "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.ppc64le",
          "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.s390x",
          "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-6013",
          "url": "https://www.suse.com/security/cve/CVE-2025-6013"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1247698 for CVE-2025-6013",
          "url": "https://bugzilla.suse.com/1247698"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.aarch64",
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.ppc64le",
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.s390x",
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.aarch64",
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.ppc64le",
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.s390x",
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-08-12T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-6013"
    },
    {
      "cve": "CVE-2025-6014",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-6014"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Vault and Vault Enterprise\u0027s (\"Vault\") TOTP Secrets Engine code validation endpoint is susceptible to code reuse within its validity period. Fixed in Vault Community Edition 1.20.1 and Vault Enterprise 1.20.1, 1.19.7, 1.18.12, and 1.16.23.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.aarch64",
          "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.ppc64le",
          "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.s390x",
          "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-6014",
          "url": "https://www.suse.com/security/cve/CVE-2025-6014"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.aarch64",
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.ppc64le",
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.s390x",
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-08-12T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-6014"
    },
    {
      "cve": "CVE-2025-6015",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-6015"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Vault and Vault Enterprise\u0027s (\"Vault\") login MFA rate limits could be bypassed and TOTP tokens could be reused. Fixed in Vault Community Edition 1.20.1 and Vault Enterprise 1.20.1, 1.19.7, 1.18.12, and 1.16.23.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.aarch64",
          "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.ppc64le",
          "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.s390x",
          "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-6015",
          "url": "https://www.suse.com/security/cve/CVE-2025-6015"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.aarch64",
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.ppc64le",
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.s390x",
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-08-12T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-6015"
    },
    {
      "cve": "CVE-2025-6037",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-6037"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Vault and Vault Enterprise (\"Vault\") TLS certificate auth method did not correctly validate client certificates when configured with a non-CA certificate as [+trusted certificate+|https://developer.hashicorp.com/vault/api-docs/auth/cert#certificate]. In this configuration, an attacker may be able to craft a malicious certificate that could be used to impersonate another user. Fixed in Vault Community Edition 1.20.1 and Vault Enterprise 1.20.1, 1.19.7, 1.18.12, and 1.16.23.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.aarch64",
          "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.ppc64le",
          "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.s390x",
          "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-6037",
          "url": "https://www.suse.com/security/cve/CVE-2025-6037"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.aarch64",
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.ppc64le",
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.s390x",
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-08-12T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-6037"
    },
    {
      "cve": "CVE-2025-7195",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-7195"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Early versions of Operator-SDK provided an insecure method to allow operator containers to run in environments that used a random UID. Operator-SDK before 0.15.2 provided a script, user_setup, which modifies the permissions of the /etc/passwd file to 664 during build time. Developers who used Operator-SDK before 0.15.2 to scaffold their operator may still be impacted by this if the insecure user_setup script is still being used to build new container images. \n\nIn affected images, the /etc/passwd file is created during build time with group-writable permissions and a group ownership of root (gid=0). An attacker who can execute commands within an affected container, even as a non-root user, may be able to leverage their membership in the root group to modify the /etc/passwd file. This could allow the attacker to add a new user with any arbitrary UID, including UID 0, leading to full root privileges within the container.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.aarch64",
          "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.ppc64le",
          "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.s390x",
          "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-7195",
          "url": "https://www.suse.com/security/cve/CVE-2025-7195"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.aarch64",
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.ppc64le",
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.s390x",
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-08-12T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-7195"
    },
    {
      "cve": "CVE-2025-8341",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-8341"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Grafana is an open-source platform for monitoring and observability. The Infinity datasource plugin, maintained by Grafana Labs, allows visualizing data from JSON, CSV, XML, GraphQL, and HTML endpoints.\n\n\nIf the plugin was configured to allow only certain URLs, an attacker could bypass this restriction using a specially crafted URL. This vulnerability is fixed in version 3.4.1.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.aarch64",
          "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.ppc64le",
          "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.s390x",
          "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-8341",
          "url": "https://www.suse.com/security/cve/CVE-2025-8341"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.aarch64",
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.ppc64le",
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.s390x",
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-08-12T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-8341"
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2025-54386 (GCVE-0-2025-54386)

CERTFR-2025-AVI-0652

Solutions

CERTFR-2025-AVI-0652

Solutions

FKIE_CVE-2025-54386

GHSA-Q6GG-9F92-R9WG

Summary

Details

Attack Requirements

Warning

Impact

OPENSUSE-SU-2025:15434-1

Tags

Sightings

Nomenclature