Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2025-59343 (GCVE-0-2025-59343)
Vulnerability from cvelistv5 – Published: 2025-09-24 17:43 – Updated: 2025-11-03 18:13
VLAI?
EPSS
Title
tar-fs has a symlink validation bypass if destination directory is predictable with a specific tarball
Summary
tar-fs provides filesystem bindings for tar-stream. Versions prior to 3.1.1, 2.1.3, and 1.16.5 are vulnerable to symlink validation bypass if the destination directory is predictable with a specific tarball. This issue has been patched in version 3.1.1, 2.1.4, and 1.16.6. A workaround involves using the ignore option on non files/directories.
Severity ?
CWE
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/mafintosh/tar-fs/security/advi… | x_refsource_CONFIRM |
| https://github.com/mafintosh/tar-fs/commit/0bd54c… | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-59343",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-03T14:49:04.310765Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-03T14:49:06.790Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T18:13:55.412Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/09/msg00028.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "tar-fs",
"vendor": "mafintosh",
"versions": [
{
"status": "affected",
"version": "\u003e= 3.0.0, \u003c 3.1.1"
},
{
"status": "affected",
"version": "\u003e= 2.0.0, \u003c 2.1.3"
},
{
"status": "affected",
"version": "\u003c 1.16.5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "tar-fs provides filesystem bindings for tar-stream. Versions prior to 3.1.1, 2.1.3, and 1.16.5 are vulnerable to symlink validation bypass if the destination directory is predictable with a specific tarball. This issue has been patched in version 3.1.1, 2.1.4, and 1.16.6. A workaround involves using the ignore option on non files/directories."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "HIGH"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-61",
"description": "CWE-61: UNIX Symbolic Link (Symlink) Following",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-24T17:43:34.728Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/mafintosh/tar-fs/security/advisories/GHSA-vj76-c3g6-qr5v",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/mafintosh/tar-fs/security/advisories/GHSA-vj76-c3g6-qr5v"
},
{
"name": "https://github.com/mafintosh/tar-fs/commit/0bd54cdf06da2b7b5b95cd4b062c9f4e0a8c4e09",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/mafintosh/tar-fs/commit/0bd54cdf06da2b7b5b95cd4b062c9f4e0a8c4e09"
}
],
"source": {
"advisory": "GHSA-vj76-c3g6-qr5v",
"discovery": "UNKNOWN"
},
"title": "tar-fs has a symlink validation bypass if destination directory is predictable with a specific tarball"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-59343",
"datePublished": "2025-09-24T17:43:34.728Z",
"dateReserved": "2025-09-12T12:36:24.636Z",
"dateUpdated": "2025-11-03T18:13:55.412Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2025-59343",
"date": "2026-05-24",
"epss": "0.0003",
"percentile": "0.09031"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2025-59343\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2025-09-24T18:15:42.297\",\"lastModified\":\"2025-11-03T19:16:14.317\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"tar-fs provides filesystem bindings for tar-stream. Versions prior to 3.1.1, 2.1.3, and 1.16.5 are vulnerable to symlink validation bypass if the destination directory is predictable with a specific tarball. This issue has been patched in version 3.1.1, 2.1.4, and 1.16.6. A workaround involves using the ignore option on non files/directories.\"}],\"metrics\":{\"cvssMetricV40\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"4.0\",\"vectorString\":\"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X\",\"baseScore\":8.7,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"attackRequirements\":\"NONE\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"vulnConfidentialityImpact\":\"NONE\",\"vulnIntegrityImpact\":\"HIGH\",\"vulnAvailabilityImpact\":\"NONE\",\"subConfidentialityImpact\":\"NONE\",\"subIntegrityImpact\":\"NONE\",\"subAvailabilityImpact\":\"NONE\",\"exploitMaturity\":\"NOT_DEFINED\",\"confidentialityRequirement\":\"NOT_DEFINED\",\"integrityRequirement\":\"NOT_DEFINED\",\"availabilityRequirement\":\"NOT_DEFINED\",\"modifiedAttackVector\":\"NOT_DEFINED\",\"modifiedAttackComplexity\":\"NOT_DEFINED\",\"modifiedAttackRequirements\":\"NOT_DEFINED\",\"modifiedPrivilegesRequired\":\"NOT_DEFINED\",\"modifiedUserInteraction\":\"NOT_DEFINED\",\"modifiedVulnConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedVulnIntegrityImpact\":\"NOT_DEFINED\",\"modifiedVulnAvailabilityImpact\":\"NOT_DEFINED\",\"modifiedSubConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedSubIntegrityImpact\":\"NOT_DEFINED\",\"modifiedSubAvailabilityImpact\":\"NOT_DEFINED\",\"Safety\":\"NOT_DEFINED\",\"Automatable\":\"NOT_DEFINED\",\"Recovery\":\"NOT_DEFINED\",\"valueDensity\":\"NOT_DEFINED\",\"vulnerabilityResponseEffort\":\"NOT_DEFINED\",\"providerUrgency\":\"NOT_DEFINED\"}}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-22\"},{\"lang\":\"en\",\"value\":\"CWE-61\"}]}],\"references\":[{\"url\":\"https://github.com/mafintosh/tar-fs/commit/0bd54cdf06da2b7b5b95cd4b062c9f4e0a8c4e09\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://github.com/mafintosh/tar-fs/security/advisories/GHSA-vj76-c3g6-qr5v\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://lists.debian.org/debian-lts-announce/2025/09/msg00028.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://lists.debian.org/debian-lts-announce/2025/09/msg00028.html\"}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2025-11-03T18:13:55.412Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-59343\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-10-03T14:49:04.310765Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-09-24T18:17:49.714Z\"}}], \"cna\": {\"title\": \"tar-fs has a symlink validation bypass if destination directory is predictable with a specific tarball\", \"source\": {\"advisory\": \"GHSA-vj76-c3g6-qr5v\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"cvssV4_0\": {\"version\": \"4.0\", \"baseScore\": 8.7, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"attackRequirements\": \"NONE\", \"privilegesRequired\": \"NONE\", \"subIntegrityImpact\": \"NONE\", \"vulnIntegrityImpact\": \"HIGH\", \"subAvailabilityImpact\": \"NONE\", \"vulnAvailabilityImpact\": \"NONE\", \"subConfidentialityImpact\": \"NONE\", \"vulnConfidentialityImpact\": \"NONE\"}}], \"affected\": [{\"vendor\": \"mafintosh\", \"product\": \"tar-fs\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003e= 3.0.0, \u003c 3.1.1\"}, {\"status\": \"affected\", \"version\": \"\u003e= 2.0.0, \u003c 2.1.3\"}, {\"status\": \"affected\", \"version\": \"\u003c 1.16.5\"}]}], \"references\": [{\"url\": \"https://github.com/mafintosh/tar-fs/security/advisories/GHSA-vj76-c3g6-qr5v\", \"name\": \"https://github.com/mafintosh/tar-fs/security/advisories/GHSA-vj76-c3g6-qr5v\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://github.com/mafintosh/tar-fs/commit/0bd54cdf06da2b7b5b95cd4b062c9f4e0a8c4e09\", \"name\": \"https://github.com/mafintosh/tar-fs/commit/0bd54cdf06da2b7b5b95cd4b062c9f4e0a8c4e09\", \"tags\": [\"x_refsource_MISC\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"tar-fs provides filesystem bindings for tar-stream. Versions prior to 3.1.1, 2.1.3, and 1.16.5 are vulnerable to symlink validation bypass if the destination directory is predictable with a specific tarball. This issue has been patched in version 3.1.1, 2.1.4, and 1.16.6. A workaround involves using the ignore option on non files/directories.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-22\", \"description\": \"CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)\"}]}, {\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-61\", \"description\": \"CWE-61: UNIX Symbolic Link (Symlink) Following\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2025-09-24T17:43:34.728Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2025-59343\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-11-03T18:13:55.412Z\", \"dateReserved\": \"2025-09-12T12:36:24.636Z\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"datePublished\": \"2025-09-24T17:43:34.728Z\", \"assignerShortName\": \"GitHub_M\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
CERTFR-2025-AVI-0896
Vulnerability from certfr_avis - Published: 2025-10-17 - Updated: 2025-10-17
De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| IBM | Sterling Connect:Direct | Sterling Connect:Direct Web Services versions 6.4.x antérieures à 6.4.0.4 | ||
| IBM | Cloud Pak | Cloud Pak for Security versions antérieures à 1.11.5.0 | ||
| IBM | QRadar | QRadar Investigation Assistant versions antérieures à 1.2.0 | ||
| IBM | WebSphere | WebSphere eXtreme Scale versions 8.6.1.x sans le correctif APAR PH68446 | ||
| IBM | QRadar Suite Software | QRadar Suite Software versions antérieures à 1.11.5.0 | ||
| IBM | Security QRadar EDR | Security QRadar EDR versions antérieures à 3.12.19 | ||
| IBM | Sterling Connect:Direct | Sterling Connect:Direct Web Services versions 6.3.x antérieures à 6.3.0.15 | ||
| IBM | Sterling Connect:Direct | Sterling Connect:Direct Web Services versions 6.2.x antérieures à 6.2.0.29 |
References
| Title | Publication Time | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Sterling Connect:Direct Web Services versions 6.4.x ant\u00e9rieures \u00e0 6.4.0.4",
"product": {
"name": "Sterling Connect:Direct",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Cloud Pak for Security versions ant\u00e9rieures \u00e0 1.11.5.0",
"product": {
"name": "Cloud Pak",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "QRadar Investigation Assistant versions ant\u00e9rieures \u00e0 1.2.0",
"product": {
"name": "QRadar",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "WebSphere eXtreme Scale versions 8.6.1.x sans le correctif APAR PH68446",
"product": {
"name": "WebSphere",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "QRadar Suite Software versions ant\u00e9rieures \u00e0 1.11.5.0",
"product": {
"name": "QRadar Suite Software",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Security QRadar EDR versions ant\u00e9rieures \u00e0 3.12.19",
"product": {
"name": "Security QRadar EDR",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling Connect:Direct Web Services versions 6.3.x ant\u00e9rieures \u00e0 6.3.0.15",
"product": {
"name": "Sterling Connect:Direct",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling Connect:Direct Web Services versions 6.2.x ant\u00e9rieures \u00e0 6.2.0.29",
"product": {
"name": "Sterling Connect:Direct",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-31651",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31651"
},
{
"name": "CVE-2025-27818",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27818"
},
{
"name": "CVE-2025-27516",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27516"
},
{
"name": "CVE-2024-55565",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-55565"
},
{
"name": "CVE-2025-46548",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-46548"
},
{
"name": "CVE-2025-27817",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27817"
},
{
"name": "CVE-2023-32082",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32082"
},
{
"name": "CVE-2025-22228",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22228"
},
{
"name": "CVE-2019-9674",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9674"
},
{
"name": "CVE-2024-6866",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6866"
},
{
"name": "CVE-2025-1647",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1647"
},
{
"name": "CVE-2020-10735",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10735"
},
{
"name": "CVE-2024-12798",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12798"
},
{
"name": "CVE-2025-49125",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-49125"
},
{
"name": "CVE-2025-50106",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50106"
},
{
"name": "CVE-2018-8740",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-8740"
},
{
"name": "CVE-2025-30754",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30754"
},
{
"name": "CVE-2025-22233",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22233"
},
{
"name": "CVE-2024-38820",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38820"
},
{
"name": "CVE-2025-50182",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50182"
},
{
"name": "CVE-2025-49826",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-49826"
},
{
"name": "CVE-2025-50181",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50181"
},
{
"name": "CVE-2025-30474",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30474"
},
{
"name": "CVE-2025-4565",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4565"
},
{
"name": "CVE-2025-7783",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-7783"
},
{
"name": "CVE-2024-21538",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21538"
},
{
"name": "CVE-2023-44389",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-44389"
},
{
"name": "CVE-2022-38749",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-38749"
},
{
"name": "CVE-2025-22868",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22868"
},
{
"name": "CVE-2024-6844",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6844"
},
{
"name": "CVE-2024-12801",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12801"
},
{
"name": "CVE-2025-48976",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48976"
},
{
"name": "CVE-2025-48989",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48989"
},
{
"name": "CVE-2022-22968",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22968"
},
{
"name": "CVE-2025-50059",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50059"
},
{
"name": "CVE-2025-27553",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27553"
},
{
"name": "CVE-2025-30761",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30761"
},
{
"name": "CVE-2024-47535",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47535"
},
{
"name": "CVE-2024-6484",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6484"
},
{
"name": "CVE-2025-48988",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48988"
},
{
"name": "CVE-2025-47278",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47278"
},
{
"name": "CVE-2024-6485",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6485"
},
{
"name": "CVE-2025-1767",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1767"
},
{
"name": "CVE-2025-49005",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-49005"
},
{
"name": "CVE-2025-30218",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30218"
},
{
"name": "CVE-2023-36479",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36479"
},
{
"name": "CVE-2022-31628",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-31628"
},
{
"name": "CVE-2024-47081",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47081"
},
{
"name": "CVE-2024-7598",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-7598"
},
{
"name": "CVE-2025-29927",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-29927"
},
{
"name": "CVE-2025-55668",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55668"
},
{
"name": "CVE-2022-38751",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-38751"
},
{
"name": "CVE-2025-25193",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-25193"
},
{
"name": "CVE-2025-5889",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5889"
},
{
"name": "CVE-2025-30749",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30749"
},
{
"name": "CVE-2025-46653",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-46653"
},
{
"name": "CVE-2025-27789",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27789"
},
{
"name": "CVE-2024-6827",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6827"
},
{
"name": "CVE-2025-48924",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48924"
},
{
"name": "CVE-2022-38750",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-38750"
},
{
"name": "CVE-2025-53864",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53864"
},
{
"name": "CVE-2024-6839",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6839"
},
{
"name": "CVE-2025-48997",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48997"
},
{
"name": "CVE-2025-48387",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48387"
},
{
"name": "CVE-2025-58754",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58754"
},
{
"name": "CVE-2025-46392",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-46392"
},
{
"name": "CVE-2025-7338",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-7338"
},
{
"name": "CVE-2024-44906",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44906"
},
{
"name": "CVE-2025-59343",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59343"
},
{
"name": "CVE-2025-47273",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47273"
}
],
"initial_release_date": "2025-10-17T00:00:00",
"last_revision_date": "2025-10-17T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-0896",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-10-17T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Injection SQL (SQLi)"
},
{
"description": "Falsification de requ\u00eates c\u00f4t\u00e9 serveur (SSRF)"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
"vendor_advisories": [
{
"published_at": "2025-10-15",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7247985",
"url": "https://www.ibm.com/support/pages/node/7247985"
},
{
"published_at": "2025-10-15",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7247975",
"url": "https://www.ibm.com/support/pages/node/7247975"
},
{
"published_at": "2025-10-14",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7247893",
"url": "https://www.ibm.com/support/pages/node/7247893"
},
{
"published_at": "2025-10-16",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7248127",
"url": "https://www.ibm.com/support/pages/node/7248127"
},
{
"published_at": "2025-10-16",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7248118",
"url": "https://www.ibm.com/support/pages/node/7248118"
}
]
}
CERTFR-2025-AVI-1072
Vulnerability from certfr_avis - Published: 2025-12-05 - Updated: 2025-12-05
De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| IBM | Sterling Partner Engagement Manager Standard Edition | Sterling Partner Engagement Manager Standard Edition versions 6.2.3.x antérieures à 6.2.3.5 | ||
| IBM | QRadar Use Case Manager App | QRadar Use Case Manager App versions antérieures à 4.1.0 | ||
| IBM | Cognos Controller | Cognos Controller versions 11.x antérieures à 11.0.1 FP7 | ||
| IBM | Sterling Partner Engagement Manager Standard Edition | Sterling Partner Engagement Manager Standard Edition versions 6.2.4.x antérieures à 6.2.4.2 | ||
| IBM | Sterling Partner Engagement Manager Essentials Edition | Sterling Partner Engagement Manager Essentials Edition versions 6.2.4.x antérieures à 6.2.4.2 | ||
| IBM | Sterling B2B Integrator | Sterling B2B Integrator versions 6.2.1.1 sans le correctif de sécurité 6.2.1.1_1 | ||
| IBM | Sterling Partner Engagement Manager Essentials Edition | Sterling Partner Engagement Manager Essentials Edition versions 6.2.3.x antérieures à 6.2.3.5 | ||
| IBM | Sterling File Gateway | Sterling File Gateway versions 6.2.1.1 sans le correctif de sécurité 6.2.1.1_1 |
References
| Title | Publication Time | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Sterling Partner Engagement Manager Standard Edition versions 6.2.3.x ant\u00e9rieures \u00e0 6.2.3.5",
"product": {
"name": "Sterling Partner Engagement Manager Standard Edition",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "QRadar Use Case Manager App versions ant\u00e9rieures \u00e0 4.1.0",
"product": {
"name": "QRadar Use Case Manager App",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Cognos Controller versions 11.x ant\u00e9rieures \u00e0 11.0.1 FP7",
"product": {
"name": "Cognos Controller",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling Partner Engagement Manager Standard Edition versions 6.2.4.x ant\u00e9rieures \u00e0 6.2.4.2",
"product": {
"name": "Sterling Partner Engagement Manager Standard Edition",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling Partner Engagement Manager Essentials Edition versions 6.2.4.x ant\u00e9rieures \u00e0 6.2.4.2",
"product": {
"name": "Sterling Partner Engagement Manager Essentials Edition",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling B2B Integrator versions 6.2.1.1 sans le correctif de s\u00e9curit\u00e9 6.2.1.1_1 ",
"product": {
"name": "Sterling B2B Integrator",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling Partner Engagement Manager Essentials Edition versions 6.2.3.x ant\u00e9rieures \u00e0 6.2.3.5",
"product": {
"name": "Sterling Partner Engagement Manager Essentials Edition",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling File Gateway versions 6.2.1.1 sans le correctif de s\u00e9curit\u00e9 6.2.1.1_1 ",
"product": {
"name": "Sterling File Gateway",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-4447",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4447"
},
{
"name": "CVE-2024-55565",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-55565"
},
{
"name": "CVE-2023-39017",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39017"
},
{
"name": "CVE-2025-47944",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47944"
},
{
"name": "CVE-2025-56200",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-56200"
},
{
"name": "CVE-2025-48795",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48795"
},
{
"name": "CVE-2025-50106",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50106"
},
{
"name": "CVE-2025-30754",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30754"
},
{
"name": "CVE-2025-7783",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-7783"
},
{
"name": "CVE-2025-27152",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27152"
},
{
"name": "CVE-2025-12758",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-12758"
},
{
"name": "CVE-2024-47764",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47764"
},
{
"name": "CVE-2024-45296",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45296"
},
{
"name": "CVE-2025-57350",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-57350"
},
{
"name": "CVE-2024-12905",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12905"
},
{
"name": "CVE-2025-48913",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48913"
},
{
"name": "CVE-2025-47935",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47935"
},
{
"name": "CVE-2024-52798",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-52798"
},
{
"name": "CVE-2025-30761",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30761"
},
{
"name": "CVE-2025-5889",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5889"
},
{
"name": "CVE-2025-30749",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30749"
},
{
"name": "CVE-2019-20149",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20149"
},
{
"name": "CVE-2025-46653",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-46653"
},
{
"name": "CVE-2025-7339",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-7339"
},
{
"name": "CVE-2025-27789",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27789"
},
{
"name": "CVE-2025-48997",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48997"
},
{
"name": "CVE-2025-48387",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48387"
},
{
"name": "CVE-2025-58754",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58754"
},
{
"name": "CVE-2025-7338",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-7338"
},
{
"name": "CVE-2025-59343",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59343"
}
],
"initial_release_date": "2025-12-05T00:00:00",
"last_revision_date": "2025-12-05T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-1072",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-12-05T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Falsification de requ\u00eates c\u00f4t\u00e9 serveur (SSRF)"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
"vendor_advisories": [
{
"published_at": "2025-12-02",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7253432",
"url": "https://www.ibm.com/support/pages/node/7253432"
},
{
"published_at": "2025-12-01",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7253254",
"url": "https://www.ibm.com/support/pages/node/7253254"
},
{
"published_at": "2025-12-01",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7253227",
"url": "https://www.ibm.com/support/pages/node/7253227"
},
{
"published_at": "2025-12-01",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7253232",
"url": "https://www.ibm.com/support/pages/node/7253232"
},
{
"published_at": "2025-12-01",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7253281",
"url": "https://www.ibm.com/support/pages/node/7253281"
}
]
}
CERTFR-2025-AVI-0896
Vulnerability from certfr_avis - Published: 2025-10-17 - Updated: 2025-10-17
De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| IBM | Sterling Connect:Direct | Sterling Connect:Direct Web Services versions 6.4.x antérieures à 6.4.0.4 | ||
| IBM | Cloud Pak | Cloud Pak for Security versions antérieures à 1.11.5.0 | ||
| IBM | QRadar | QRadar Investigation Assistant versions antérieures à 1.2.0 | ||
| IBM | WebSphere | WebSphere eXtreme Scale versions 8.6.1.x sans le correctif APAR PH68446 | ||
| IBM | QRadar Suite Software | QRadar Suite Software versions antérieures à 1.11.5.0 | ||
| IBM | Security QRadar EDR | Security QRadar EDR versions antérieures à 3.12.19 | ||
| IBM | Sterling Connect:Direct | Sterling Connect:Direct Web Services versions 6.3.x antérieures à 6.3.0.15 | ||
| IBM | Sterling Connect:Direct | Sterling Connect:Direct Web Services versions 6.2.x antérieures à 6.2.0.29 |
References
| Title | Publication Time | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Sterling Connect:Direct Web Services versions 6.4.x ant\u00e9rieures \u00e0 6.4.0.4",
"product": {
"name": "Sterling Connect:Direct",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Cloud Pak for Security versions ant\u00e9rieures \u00e0 1.11.5.0",
"product": {
"name": "Cloud Pak",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "QRadar Investigation Assistant versions ant\u00e9rieures \u00e0 1.2.0",
"product": {
"name": "QRadar",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "WebSphere eXtreme Scale versions 8.6.1.x sans le correctif APAR PH68446",
"product": {
"name": "WebSphere",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "QRadar Suite Software versions ant\u00e9rieures \u00e0 1.11.5.0",
"product": {
"name": "QRadar Suite Software",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Security QRadar EDR versions ant\u00e9rieures \u00e0 3.12.19",
"product": {
"name": "Security QRadar EDR",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling Connect:Direct Web Services versions 6.3.x ant\u00e9rieures \u00e0 6.3.0.15",
"product": {
"name": "Sterling Connect:Direct",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling Connect:Direct Web Services versions 6.2.x ant\u00e9rieures \u00e0 6.2.0.29",
"product": {
"name": "Sterling Connect:Direct",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-31651",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31651"
},
{
"name": "CVE-2025-27818",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27818"
},
{
"name": "CVE-2025-27516",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27516"
},
{
"name": "CVE-2024-55565",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-55565"
},
{
"name": "CVE-2025-46548",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-46548"
},
{
"name": "CVE-2025-27817",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27817"
},
{
"name": "CVE-2023-32082",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32082"
},
{
"name": "CVE-2025-22228",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22228"
},
{
"name": "CVE-2019-9674",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9674"
},
{
"name": "CVE-2024-6866",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6866"
},
{
"name": "CVE-2025-1647",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1647"
},
{
"name": "CVE-2020-10735",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10735"
},
{
"name": "CVE-2024-12798",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12798"
},
{
"name": "CVE-2025-49125",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-49125"
},
{
"name": "CVE-2025-50106",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50106"
},
{
"name": "CVE-2018-8740",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-8740"
},
{
"name": "CVE-2025-30754",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30754"
},
{
"name": "CVE-2025-22233",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22233"
},
{
"name": "CVE-2024-38820",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38820"
},
{
"name": "CVE-2025-50182",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50182"
},
{
"name": "CVE-2025-49826",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-49826"
},
{
"name": "CVE-2025-50181",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50181"
},
{
"name": "CVE-2025-30474",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30474"
},
{
"name": "CVE-2025-4565",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4565"
},
{
"name": "CVE-2025-7783",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-7783"
},
{
"name": "CVE-2024-21538",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21538"
},
{
"name": "CVE-2023-44389",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-44389"
},
{
"name": "CVE-2022-38749",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-38749"
},
{
"name": "CVE-2025-22868",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22868"
},
{
"name": "CVE-2024-6844",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6844"
},
{
"name": "CVE-2024-12801",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12801"
},
{
"name": "CVE-2025-48976",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48976"
},
{
"name": "CVE-2025-48989",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48989"
},
{
"name": "CVE-2022-22968",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22968"
},
{
"name": "CVE-2025-50059",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50059"
},
{
"name": "CVE-2025-27553",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27553"
},
{
"name": "CVE-2025-30761",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30761"
},
{
"name": "CVE-2024-47535",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47535"
},
{
"name": "CVE-2024-6484",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6484"
},
{
"name": "CVE-2025-48988",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48988"
},
{
"name": "CVE-2025-47278",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47278"
},
{
"name": "CVE-2024-6485",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6485"
},
{
"name": "CVE-2025-1767",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1767"
},
{
"name": "CVE-2025-49005",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-49005"
},
{
"name": "CVE-2025-30218",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30218"
},
{
"name": "CVE-2023-36479",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36479"
},
{
"name": "CVE-2022-31628",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-31628"
},
{
"name": "CVE-2024-47081",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47081"
},
{
"name": "CVE-2024-7598",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-7598"
},
{
"name": "CVE-2025-29927",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-29927"
},
{
"name": "CVE-2025-55668",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55668"
},
{
"name": "CVE-2022-38751",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-38751"
},
{
"name": "CVE-2025-25193",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-25193"
},
{
"name": "CVE-2025-5889",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5889"
},
{
"name": "CVE-2025-30749",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30749"
},
{
"name": "CVE-2025-46653",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-46653"
},
{
"name": "CVE-2025-27789",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27789"
},
{
"name": "CVE-2024-6827",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6827"
},
{
"name": "CVE-2025-48924",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48924"
},
{
"name": "CVE-2022-38750",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-38750"
},
{
"name": "CVE-2025-53864",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53864"
},
{
"name": "CVE-2024-6839",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6839"
},
{
"name": "CVE-2025-48997",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48997"
},
{
"name": "CVE-2025-48387",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48387"
},
{
"name": "CVE-2025-58754",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58754"
},
{
"name": "CVE-2025-46392",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-46392"
},
{
"name": "CVE-2025-7338",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-7338"
},
{
"name": "CVE-2024-44906",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44906"
},
{
"name": "CVE-2025-59343",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59343"
},
{
"name": "CVE-2025-47273",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47273"
}
],
"initial_release_date": "2025-10-17T00:00:00",
"last_revision_date": "2025-10-17T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-0896",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-10-17T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Injection SQL (SQLi)"
},
{
"description": "Falsification de requ\u00eates c\u00f4t\u00e9 serveur (SSRF)"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
"vendor_advisories": [
{
"published_at": "2025-10-15",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7247985",
"url": "https://www.ibm.com/support/pages/node/7247985"
},
{
"published_at": "2025-10-15",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7247975",
"url": "https://www.ibm.com/support/pages/node/7247975"
},
{
"published_at": "2025-10-14",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7247893",
"url": "https://www.ibm.com/support/pages/node/7247893"
},
{
"published_at": "2025-10-16",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7248127",
"url": "https://www.ibm.com/support/pages/node/7248127"
},
{
"published_at": "2025-10-16",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7248118",
"url": "https://www.ibm.com/support/pages/node/7248118"
}
]
}
CERTFR-2025-AVI-1072
Vulnerability from certfr_avis - Published: 2025-12-05 - Updated: 2025-12-05
De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| IBM | Sterling Partner Engagement Manager Standard Edition | Sterling Partner Engagement Manager Standard Edition versions 6.2.3.x antérieures à 6.2.3.5 | ||
| IBM | QRadar Use Case Manager App | QRadar Use Case Manager App versions antérieures à 4.1.0 | ||
| IBM | Cognos Controller | Cognos Controller versions 11.x antérieures à 11.0.1 FP7 | ||
| IBM | Sterling Partner Engagement Manager Standard Edition | Sterling Partner Engagement Manager Standard Edition versions 6.2.4.x antérieures à 6.2.4.2 | ||
| IBM | Sterling Partner Engagement Manager Essentials Edition | Sterling Partner Engagement Manager Essentials Edition versions 6.2.4.x antérieures à 6.2.4.2 | ||
| IBM | Sterling B2B Integrator | Sterling B2B Integrator versions 6.2.1.1 sans le correctif de sécurité 6.2.1.1_1 | ||
| IBM | Sterling Partner Engagement Manager Essentials Edition | Sterling Partner Engagement Manager Essentials Edition versions 6.2.3.x antérieures à 6.2.3.5 | ||
| IBM | Sterling File Gateway | Sterling File Gateway versions 6.2.1.1 sans le correctif de sécurité 6.2.1.1_1 |
References
| Title | Publication Time | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Sterling Partner Engagement Manager Standard Edition versions 6.2.3.x ant\u00e9rieures \u00e0 6.2.3.5",
"product": {
"name": "Sterling Partner Engagement Manager Standard Edition",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "QRadar Use Case Manager App versions ant\u00e9rieures \u00e0 4.1.0",
"product": {
"name": "QRadar Use Case Manager App",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Cognos Controller versions 11.x ant\u00e9rieures \u00e0 11.0.1 FP7",
"product": {
"name": "Cognos Controller",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling Partner Engagement Manager Standard Edition versions 6.2.4.x ant\u00e9rieures \u00e0 6.2.4.2",
"product": {
"name": "Sterling Partner Engagement Manager Standard Edition",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling Partner Engagement Manager Essentials Edition versions 6.2.4.x ant\u00e9rieures \u00e0 6.2.4.2",
"product": {
"name": "Sterling Partner Engagement Manager Essentials Edition",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling B2B Integrator versions 6.2.1.1 sans le correctif de s\u00e9curit\u00e9 6.2.1.1_1 ",
"product": {
"name": "Sterling B2B Integrator",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling Partner Engagement Manager Essentials Edition versions 6.2.3.x ant\u00e9rieures \u00e0 6.2.3.5",
"product": {
"name": "Sterling Partner Engagement Manager Essentials Edition",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling File Gateway versions 6.2.1.1 sans le correctif de s\u00e9curit\u00e9 6.2.1.1_1 ",
"product": {
"name": "Sterling File Gateway",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-4447",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4447"
},
{
"name": "CVE-2024-55565",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-55565"
},
{
"name": "CVE-2023-39017",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39017"
},
{
"name": "CVE-2025-47944",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47944"
},
{
"name": "CVE-2025-56200",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-56200"
},
{
"name": "CVE-2025-48795",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48795"
},
{
"name": "CVE-2025-50106",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50106"
},
{
"name": "CVE-2025-30754",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30754"
},
{
"name": "CVE-2025-7783",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-7783"
},
{
"name": "CVE-2025-27152",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27152"
},
{
"name": "CVE-2025-12758",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-12758"
},
{
"name": "CVE-2024-47764",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47764"
},
{
"name": "CVE-2024-45296",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45296"
},
{
"name": "CVE-2025-57350",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-57350"
},
{
"name": "CVE-2024-12905",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12905"
},
{
"name": "CVE-2025-48913",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48913"
},
{
"name": "CVE-2025-47935",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47935"
},
{
"name": "CVE-2024-52798",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-52798"
},
{
"name": "CVE-2025-30761",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30761"
},
{
"name": "CVE-2025-5889",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5889"
},
{
"name": "CVE-2025-30749",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30749"
},
{
"name": "CVE-2019-20149",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20149"
},
{
"name": "CVE-2025-46653",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-46653"
},
{
"name": "CVE-2025-7339",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-7339"
},
{
"name": "CVE-2025-27789",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27789"
},
{
"name": "CVE-2025-48997",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48997"
},
{
"name": "CVE-2025-48387",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48387"
},
{
"name": "CVE-2025-58754",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58754"
},
{
"name": "CVE-2025-7338",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-7338"
},
{
"name": "CVE-2025-59343",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59343"
}
],
"initial_release_date": "2025-12-05T00:00:00",
"last_revision_date": "2025-12-05T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-1072",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-12-05T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Falsification de requ\u00eates c\u00f4t\u00e9 serveur (SSRF)"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
"vendor_advisories": [
{
"published_at": "2025-12-02",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7253432",
"url": "https://www.ibm.com/support/pages/node/7253432"
},
{
"published_at": "2025-12-01",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7253254",
"url": "https://www.ibm.com/support/pages/node/7253254"
},
{
"published_at": "2025-12-01",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7253227",
"url": "https://www.ibm.com/support/pages/node/7253227"
},
{
"published_at": "2025-12-01",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7253232",
"url": "https://www.ibm.com/support/pages/node/7253232"
},
{
"published_at": "2025-12-01",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7253281",
"url": "https://www.ibm.com/support/pages/node/7253281"
}
]
}
CERTFR-2026-AVI-0182
Vulnerability from certfr_avis - Published: 2026-02-18 - Updated: 2026-02-18
De multiples vulnérabilités ont été découvertes dans Atlassian Confluence. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Atlassian | Confluence | Confluence Server versions 9.4.x antérieures à 9.4.0 | ||
| Atlassian | Confluence | Confluence Data Center versions 9.4.x antérieures à 9.4.0 | ||
| Atlassian | Confluence | Confluence Data Center versions 9.5.x antérieures à 9.5.3 | ||
| Atlassian | Confluence | Confluence Server versions 10.1.x antérieures à 10.1.0 | ||
| Atlassian | Confluence | Confluence Server versions 10.0.x antérieures à 10.0.2 | ||
| Atlassian | Confluence | Confluence Data Center versions 10.0.x antérieures à 10.0.2 | ||
| Atlassian | Confluence | Confluence Server versions 9.2.x antérieures à 9.2.7 | ||
| Atlassian | Confluence | Confluence Data Center versions antérieures à 8.5.10 | ||
| Atlassian | Confluence | Confluence Server versions 9.5.x antérieures à 9.5.3 | ||
| Atlassian | Confluence | Confluence Data Center versions 10.1.x antérieures à 10.1.0 | ||
| Atlassian | Confluence | Confluence Data Center versions 10.2.x antérieures à 10.2.6 | ||
| Atlassian | Confluence | Confluence Server versions antérieures à 8.5.10 | ||
| Atlassian | Confluence | Confluence Server versions 10.2.x antérieures à 10.2.6 | ||
| Atlassian | Confluence | Confluence Data Center versions 9.2.x antérieures à 9.2.15 | ||
| Atlassian | Confluence | Confluence Data Center versions 9.3.x antérieures à 9.3.1 | ||
| Atlassian | Confluence | Confluence Server versions 9.3.x antérieures à 9.3.1 |
References
| Title | Publication Time | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Confluence Server versions 9.4.x ant\u00e9rieures \u00e0 9.4.0",
"product": {
"name": "Confluence",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Confluence Data Center versions 9.4.x ant\u00e9rieures \u00e0 9.4.0",
"product": {
"name": "Confluence",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Confluence Data Center versions 9.5.x ant\u00e9rieures \u00e0 9.5.3",
"product": {
"name": "Confluence",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Confluence Server versions 10.1.x ant\u00e9rieures \u00e0 10.1.0",
"product": {
"name": "Confluence",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Confluence Server versions 10.0.x ant\u00e9rieures \u00e0 10.0.2",
"product": {
"name": "Confluence",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Confluence Data Center versions 10.0.x ant\u00e9rieures \u00e0 10.0.2",
"product": {
"name": "Confluence",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Confluence Server versions 9.2.x ant\u00e9rieures \u00e0 9.2.7",
"product": {
"name": "Confluence",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Confluence Data Center versions ant\u00e9rieures \u00e0 8.5.10",
"product": {
"name": "Confluence",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Confluence Server versions 9.5.x ant\u00e9rieures \u00e0 9.5.3",
"product": {
"name": "Confluence",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Confluence Data Center versions 10.1.x ant\u00e9rieures \u00e0 10.1.0",
"product": {
"name": "Confluence",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Confluence Data Center versions 10.2.x ant\u00e9rieures \u00e0 10.2.6",
"product": {
"name": "Confluence",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Confluence Server versions ant\u00e9rieures \u00e0 8.5.10",
"product": {
"name": "Confluence",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Confluence Server versions 10.2.x ant\u00e9rieures \u00e0 10.2.6",
"product": {
"name": "Confluence",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Confluence Data Center versions 9.2.x ant\u00e9rieures \u00e0 9.2.15",
"product": {
"name": "Confluence",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Confluence Data Center versions 9.3.x ant\u00e9rieures \u00e0 9.3.1",
"product": {
"name": "Confluence",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Confluence Server versions 9.3.x ant\u00e9rieures \u00e0 9.3.1",
"product": {
"name": "Confluence",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2022-25883",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25883"
},
{
"name": "CVE-2022-25927",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25927"
},
{
"name": "CVE-2025-48976",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48976"
},
{
"name": "CVE-2025-41249",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-41249"
},
{
"name": "CVE-2020-28469",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-28469"
},
{
"name": "CVE-2025-59343",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59343"
}
],
"initial_release_date": "2026-02-18T00:00:00",
"last_revision_date": "2026-02-18T00:00:00",
"links": [],
"reference": "CERTFR-2026-AVI-0182",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2026-02-18T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Atlassian Confluence. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et un contournement de la politique de s\u00e9curit\u00e9.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Atlassian Confluence",
"vendor_advisories": [
{
"published_at": "2026-02-17",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian CONFSERVER-102185",
"url": "https://jira.atlassian.com/browse/CONFSERVER-102185"
},
{
"published_at": "2026-02-17",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian CONFSERVER-101930",
"url": "https://jira.atlassian.com/browse/CONFSERVER-101930"
},
{
"published_at": "2026-02-17",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian CONFSERVER-102184",
"url": "https://jira.atlassian.com/browse/CONFSERVER-102184"
},
{
"published_at": "2026-02-17",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian CONFSERVER-102186",
"url": "https://jira.atlassian.com/browse/CONFSERVER-102186"
},
{
"published_at": "2026-02-17",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian CONFSERVER-102193",
"url": "https://jira.atlassian.com/browse/CONFSERVER-102193"
},
{
"published_at": "2026-02-17",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian CONFSERVER-102132",
"url": "https://jira.atlassian.com/browse/CONFSERVER-102132"
}
]
}
CERTFR-2026-AVI-0249
Vulnerability from certfr_avis - Published: 2026-03-06 - Updated: 2026-03-06
De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et un déni de service à distance.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| IBM | QRadar | QRadar Data Synchronization App versions antérieures à 3.3.0 | ||
| IBM | Db2 | DB2 Data Management Console versions antérieures à 3.1.13 | ||
| IBM | Tivoli | Tivoli Netcool/OMNIbus_GUI sans le dernier correctif de sécurité | ||
| IBM | Db2 | DB2 Recovery Expert versions antérieures à 5.5.0.1 Interim Fix 8 | ||
| IBM | Db2 | Db2 Warehouse on Cloud Pak for Data versions antérieures à 5.3.1 | ||
| IBM | Db2 | Db2 on Cloud Pak for Data versions antérieures à 5.3.1 | ||
| IBM | QRadar | QRadar Pre-Validation App versions antérieures à 2.0.2 |
References
| Title | Publication Time | Tags | ||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "QRadar Data Synchronization App versions ant\u00e9rieures \u00e0 3.3.0",
"product": {
"name": "QRadar",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "DB2 Data Management Console versions ant\u00e9rieures \u00e0 3.1.13",
"product": {
"name": "Db2",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Tivoli Netcool/OMNIbus_GUI sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "Tivoli",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "DB2 Recovery Expert versions ant\u00e9rieures \u00e0 5.5.0.1 Interim Fix 8",
"product": {
"name": "Db2",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Db2 Warehouse on Cloud Pak for Data versions ant\u00e9rieures \u00e0 5.3.1",
"product": {
"name": "Db2",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Db2 on Cloud Pak for Data versions ant\u00e9rieures \u00e0 5.3.1",
"product": {
"name": "Db2",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "QRadar Pre-Validation App versions ant\u00e9rieures \u00e0 2.0.2",
"product": {
"name": "QRadar",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2024-24790",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24790"
},
{
"name": "CVE-2025-66506",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66506"
},
{
"name": "CVE-2021-33036",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33036"
},
{
"name": "CVE-2024-20919",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20919"
},
{
"name": "CVE-2023-21938",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21938"
},
{
"name": "CVE-2025-53547",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53547"
},
{
"name": "CVE-2025-36353",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-36353"
},
{
"name": "CVE-2026-21933",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21933"
},
{
"name": "CVE-2025-58183",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58183"
},
{
"name": "CVE-2023-21843",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21843"
},
{
"name": "CVE-2026-21932",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21932"
},
{
"name": "CVE-2024-21235",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21235"
},
{
"name": "CVE-2018-14042",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14042"
},
{
"name": "CVE-2025-58190",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58190"
},
{
"name": "CVE-2024-6531",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6531"
},
{
"name": "CVE-2022-21426",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21426"
},
{
"name": "CVE-2024-37891",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-37891"
},
{
"name": "CVE-2023-38264",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38264"
},
{
"name": "CVE-2024-22201",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22201"
},
{
"name": "CVE-2016-0703",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-0703"
},
{
"name": "CVE-2025-5222",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5222"
},
{
"name": "CVE-2025-27516",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27516"
},
{
"name": "CVE-2025-4447",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4447"
},
{
"name": "CVE-2024-21144",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21144"
},
{
"name": "CVE-2024-55565",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-55565"
},
{
"name": "CVE-2025-13867",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-13867"
},
{
"name": "CVE-2025-2668",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-2668"
},
{
"name": "CVE-2025-22872",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22872"
},
{
"name": "CVE-2025-36427",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-36427"
},
{
"name": "CVE-2024-23944",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-23944"
},
{
"name": "CVE-2025-32386",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32386"
},
{
"name": "CVE-2024-35176",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35176"
},
{
"name": "CVE-2023-21954",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21954"
},
{
"name": "CVE-2022-4304",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4304"
},
{
"name": "CVE-2023-21939",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21939"
},
{
"name": "CVE-2024-20926",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20926"
},
{
"name": "CVE-2018-14040",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14040"
},
{
"name": "CVE-2025-32421",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32421"
},
{
"name": "CVE-2025-47944",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47944"
},
{
"name": "CVE-2024-3154",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-3154"
},
{
"name": "CVE-2024-57980",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57980"
},
{
"name": "CVE-2024-12797",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12797"
},
{
"name": "CVE-2025-27219",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27219"
},
{
"name": "CVE-2025-36384",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-36384"
},
{
"name": "CVE-2025-36098",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-36098"
},
{
"name": "CVE-2025-45582",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-45582"
},
{
"name": "CVE-2024-21068",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21068"
},
{
"name": "CVE-2023-45288",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45288"
},
{
"name": "CVE-2023-21830",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21830"
},
{
"name": "CVE-2024-50302",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50302"
},
{
"name": "CVE-2025-36184",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-36184"
},
{
"name": "CVE-2025-58185",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58185"
},
{
"name": "CVE-2023-0215",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0215"
},
{
"name": "CVE-2016-0800",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-0800"
},
{
"name": "CVE-2024-3933",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-3933"
},
{
"name": "CVE-2023-0286",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0286"
},
{
"name": "CVE-2025-22121",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22121"
},
{
"name": "CVE-2025-24970",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24970"
},
{
"name": "CVE-2025-49128",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-49128"
},
{
"name": "CVE-2025-22091",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22091"
},
{
"name": "CVE-2024-24791",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24791"
},
{
"name": "CVE-2024-20921",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20921"
},
{
"name": "CVE-2025-36247",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-36247"
},
{
"name": "CVE-2024-8176",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-8176"
},
{
"name": "CVE-2025-36009",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-36009"
},
{
"name": "CVE-2016-9318",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-9318"
},
{
"name": "CVE-2024-51479",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-51479"
},
{
"name": "CVE-2024-45341",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45341"
},
{
"name": "CVE-2026-23745",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23745"
},
{
"name": "CVE-2025-15467",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-15467"
},
{
"name": "CVE-2022-21624",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21624"
},
{
"name": "CVE-2025-36070",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-36070"
},
{
"name": "CVE-2022-46337",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-46337"
},
{
"name": "CVE-2015-2716",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-2716"
},
{
"name": "CVE-2024-43398",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43398"
},
{
"name": "CVE-2024-29857",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29857"
},
{
"name": "CVE-2023-45133",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45133"
},
{
"name": "CVE-2025-36428",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-36428"
},
{
"name": "CVE-2025-41248",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-41248"
},
{
"name": "CVE-2025-21613",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21613"
},
{
"name": "CVE-2025-15284",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-15284"
},
{
"name": "CVE-2024-34447",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34447"
},
{
"name": "CVE-2022-40897",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40897"
},
{
"name": "CVE-2024-29025",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29025"
},
{
"name": "CVE-2025-36424",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-36424"
},
{
"name": "CVE-2025-36387",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-36387"
},
{
"name": "CVE-2019-19921",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19921"
},
{
"name": "CVE-2023-22081",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22081"
},
{
"name": "CVE-2025-64329",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-64329"
},
{
"name": "CVE-2025-27903",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27903"
},
{
"name": "CVE-2015-1283",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1283"
},
{
"name": "CVE-2025-50106",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50106"
},
{
"name": "CVE-2025-37958",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37958"
},
{
"name": "CVE-2023-22041",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22041"
},
{
"name": "CVE-2022-21626",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21626"
},
{
"name": "CVE-2025-58057",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58057"
},
{
"name": "CVE-2025-61727",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61727"
},
{
"name": "CVE-2025-22866",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22866"
},
{
"name": "CVE-2026-21925",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21925"
},
{
"name": "CVE-2024-26308",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26308"
},
{
"name": "CVE-2016-4472",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4472"
},
{
"name": "CVE-2025-30754",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30754"
},
{
"name": "CVE-2024-10917",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-10917"
},
{
"name": "CVE-2024-9042",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-9042"
},
{
"name": "CVE-2025-22233",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22233"
},
{
"name": "CVE-2024-31141",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-31141"
},
{
"name": "CVE-2025-30691",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30691"
},
{
"name": "CVE-2025-57822",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-57822"
},
{
"name": "CVE-2024-53113",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53113"
},
{
"name": "CVE-2024-30172",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-30172"
},
{
"name": "CVE-2025-67779",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-67779"
},
{
"name": "CVE-2022-32743",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32743"
},
{
"name": "CVE-2025-55183",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55183"
},
{
"name": "CVE-2024-51744",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-51744"
},
{
"name": "CVE-2024-38820",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38820"
},
{
"name": "CVE-2024-12085",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12085"
},
{
"name": "CVE-2024-45338",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45338"
},
{
"name": "CVE-2023-48795",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-48795"
},
{
"name": "CVE-2025-6965",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6965"
},
{
"name": "CVE-2025-47906",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47906"
},
{
"name": "CVE-2023-22043",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22043"
},
{
"name": "CVE-2016-4658",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4658"
},
{
"name": "CVE-2025-31133",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31133"
},
{
"name": "CVE-2024-36621",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36621"
},
{
"name": "CVE-2024-23454",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-23454"
},
{
"name": "CVE-2022-3510",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3510"
},
{
"name": "CVE-2022-3509",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3509"
},
{
"name": "CVE-2023-22067",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22067"
},
{
"name": "CVE-2025-55173",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55173"
},
{
"name": "CVE-2024-40635",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40635"
},
{
"name": "CVE-2024-48910",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-48910"
},
{
"name": "CVE-2024-8184",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-8184"
},
{
"name": "CVE-2025-38086",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38086"
},
{
"name": "CVE-2025-48068",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48068"
},
{
"name": "CVE-2025-27152",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27152"
},
{
"name": "CVE-2022-40609",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40609"
},
{
"name": "CVE-2018-5764",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-5764"
},
{
"name": "CVE-2024-50264",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50264"
},
{
"name": "CVE-2025-57752",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-57752"
},
{
"name": "CVE-2024-21634",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21634"
},
{
"name": "CVE-2022-21628",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21628"
},
{
"name": "CVE-2025-38110",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38110"
},
{
"name": "CVE-2020-15115",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-15115"
},
{
"name": "CVE-2024-21011",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21011"
},
{
"name": "CVE-2024-45336",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45336"
},
{
"name": "CVE-2025-52881",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-52881"
},
{
"name": "CVE-2025-22868",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22868"
},
{
"name": "CVE-2025-22113",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22113"
},
{
"name": "CVE-2025-61724",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61724"
},
{
"name": "CVE-2025-5187",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5187"
},
{
"name": "CVE-2026-1188",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-1188"
},
{
"name": "CVE-2025-37797",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37797"
},
{
"name": "CVE-2012-2098",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-2098"
},
{
"name": "CVE-2024-41909",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41909"
},
{
"name": "CVE-2024-45296",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45296"
},
{
"name": "CVE-2023-35887",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-35887"
},
{
"name": "CVE-2025-21587",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21587"
},
{
"name": "CVE-2025-66471",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66471"
},
{
"name": "CVE-2026-21441",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21441"
},
{
"name": "CVE-2024-21147",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21147"
},
{
"name": "CVE-2024-56332",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56332"
},
{
"name": "CVE-2024-25710",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-25710"
},
{
"name": "CVE-2026-25765",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-25765"
},
{
"name": "CVE-2025-7039",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-7039"
},
{
"name": "CVE-2022-29458",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-29458"
},
{
"name": "CVE-2024-39908",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39908"
},
{
"name": "CVE-2025-27220",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27220"
},
{
"name": "CVE-2024-29133",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29133"
},
{
"name": "CVE-2025-55163",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55163"
},
{
"name": "CVE-2024-35195",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35195"
},
{
"name": "CVE-2025-38089",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38089"
},
{
"name": "CVE-2023-2727",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2727"
},
{
"name": "CVE-2024-12905",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12905"
},
{
"name": "CVE-2024-21140",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21140"
},
{
"name": "CVE-2025-36425",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-36425"
},
{
"name": "CVE-2024-21094",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21094"
},
{
"name": "CVE-2021-37404",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-37404"
},
{
"name": "CVE-2025-58457",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58457"
},
{
"name": "CVE-2026-24842",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-24842"
},
{
"name": "CVE-2025-47935",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47935"
},
{
"name": "CVE-2025-22085",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22085"
},
{
"name": "CVE-2025-50537",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50537"
},
{
"name": "CVE-2026-23950",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23950"
},
{
"name": "CVE-2023-21937",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21937"
},
{
"name": "CVE-2024-52798",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-52798"
},
{
"name": "CVE-2024-21626",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21626"
},
{
"name": "CVE-2025-30761",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30761"
},
{
"name": "CVE-2025-47912",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47912"
},
{
"name": "CVE-2023-43804",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-43804"
},
{
"name": "CVE-2024-47535",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47535"
},
{
"name": "CVE-2022-4450",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4450"
},
{
"name": "CVE-2016-0704",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-0704"
},
{
"name": "CVE-2023-33850",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-33850"
},
{
"name": "CVE-2025-54410",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-54410"
},
{
"name": "CVE-2025-52565",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-52565"
},
{
"name": "CVE-2023-2597",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2597"
},
{
"name": "CVE-2022-29154",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-29154"
},
{
"name": "CVE-2025-1767",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1767"
},
{
"name": "CVE-2025-58186",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58186"
},
{
"name": "CVE-2025-30698",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30698"
},
{
"name": "CVE-2021-22569",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22569"
},
{
"name": "CVE-2025-58187",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58187"
},
{
"name": "CVE-2025-4673",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4673"
},
{
"name": "CVE-2025-36001",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-36001"
},
{
"name": "CVE-2023-22045",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22045"
},
{
"name": "CVE-2025-58056",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58056"
},
{
"name": "CVE-2025-22871",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22871"
},
{
"name": "CVE-2024-21138",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21138"
},
{
"name": "CVE-2024-47875",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47875"
},
{
"name": "CVE-2023-22049",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22049"
},
{
"name": "CVE-2025-47913",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47913"
},
{
"name": "CVE-2024-6119",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6119"
},
{
"name": "CVE-2018-14041",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14041"
},
{
"name": "CVE-2025-24294",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24294"
},
{
"name": "CVE-2025-29927",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-29927"
},
{
"name": "CVE-2024-25621",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-25621"
},
{
"name": "CVE-2025-36365",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-36365"
},
{
"name": "CVE-2023-42503",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42503"
},
{
"name": "CVE-2025-27904",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27904"
},
{
"name": "CVE-2025-32387",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32387"
},
{
"name": "CVE-2025-58058",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58058"
},
{
"name": "CVE-2025-22869",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22869"
},
{
"name": "CVE-2026-25639",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-25639"
},
{
"name": "CVE-2023-5676",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5676"
},
{
"name": "CVE-2025-58189",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58189"
},
{
"name": "CVE-2025-36442",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-36442"
},
{
"name": "CVE-2024-28863",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28863"
},
{
"name": "CVE-2025-25193",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-25193"
},
{
"name": "CVE-2026-21945",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21945"
},
{
"name": "CVE-2024-21145",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21145"
},
{
"name": "CVE-2025-22870",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22870"
},
{
"name": "CVE-2023-21968",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21968"
},
{
"name": "CVE-2025-5889",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5889"
},
{
"name": "CVE-2025-21905",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21905"
},
{
"name": "CVE-2024-30171",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-30171"
},
{
"name": "CVE-2025-30749",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30749"
},
{
"name": "CVE-2025-7339",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-7339"
},
{
"name": "CVE-2025-14689",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-14689"
},
{
"name": "CVE-2025-27789",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27789"
},
{
"name": "CVE-2023-21930",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21930"
},
{
"name": "CVE-2025-8916",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8916"
},
{
"name": "CVE-2024-47072",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47072"
},
{
"name": "CVE-2024-20918",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20918"
},
{
"name": "CVE-2025-41249",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-41249"
},
{
"name": "CVE-2025-36366",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-36366"
},
{
"name": "CVE-2025-36123",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-36123"
},
{
"name": "CVE-2025-27900",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27900"
},
{
"name": "CVE-2025-0426",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0426"
},
{
"name": "CVE-2024-3651",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-3651"
},
{
"name": "CVE-2025-27899",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27899"
},
{
"name": "CVE-2025-64756",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-64756"
},
{
"name": "CVE-2023-22044",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22044"
},
{
"name": "CVE-2025-48997",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48997"
},
{
"name": "CVE-2025-27901",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27901"
},
{
"name": "CVE-2022-45047",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-45047"
},
{
"name": "CVE-2021-22570",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22570"
},
{
"name": "CVE-2024-21085",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21085"
},
{
"name": "CVE-2025-48387",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48387"
},
{
"name": "CVE-2024-20945",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20945"
},
{
"name": "CVE-2024-21131",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21131"
},
{
"name": "CVE-2024-21210",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21210"
},
{
"name": "CVE-2025-27898",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27898"
},
{
"name": "CVE-2025-53057",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53057"
},
{
"name": "CVE-2022-3171",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3171"
},
{
"name": "CVE-2023-2728",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2728"
},
{
"name": "CVE-2024-7143",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-7143"
},
{
"name": "CVE-2023-21967",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21967"
},
{
"name": "CVE-2024-34155",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34155"
},
{
"name": "CVE-2022-21619",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21619"
},
{
"name": "CVE-2025-36407",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-36407"
},
{
"name": "CVE-2025-7338",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-7338"
},
{
"name": "CVE-2025-53066",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53066"
},
{
"name": "CVE-2025-13465",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-13465"
},
{
"name": "CVE-2025-55184",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55184"
},
{
"name": "CVE-2024-21217",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21217"
},
{
"name": "CVE-2024-27267",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27267"
},
{
"name": "CVE-2025-59343",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59343"
},
{
"name": "CVE-2024-36623",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36623"
},
{
"name": "CVE-2024-20952",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20952"
},
{
"name": "CVE-2024-36620",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36620"
},
{
"name": "CVE-2025-27221",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27221"
},
{
"name": "CVE-2021-20251",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-20251"
},
{
"name": "CVE-2025-61729",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61729"
},
{
"name": "CVE-2024-21208",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21208"
},
{
"name": "CVE-2019-8331",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8331"
},
{
"name": "CVE-2025-66418",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66418"
}
],
"initial_release_date": "2026-03-06T00:00:00",
"last_revision_date": "2026-03-06T00:00:00",
"links": [],
"reference": "CERTFR-2026-AVI-0249",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2026-03-06T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Injection de requ\u00eates ill\u00e9gitimes par rebond (CSRF)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Falsification de requ\u00eates c\u00f4t\u00e9 serveur (SSRF)"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0 distance.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
"vendor_advisories": [
{
"published_at": "2026-03-06",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7262753",
"url": "https://www.ibm.com/support/pages/node/7262753"
},
{
"published_at": "2026-03-06",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7262754",
"url": "https://www.ibm.com/support/pages/node/7262754"
},
{
"published_at": "2026-03-02",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7262324",
"url": "https://www.ibm.com/support/pages/node/7262324"
},
{
"published_at": "2026-03-05",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7262669",
"url": "https://www.ibm.com/support/pages/node/7262669"
},
{
"published_at": "2026-03-03",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7262494",
"url": "https://www.ibm.com/support/pages/node/7262494"
},
{
"published_at": "2026-03-04",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7262548",
"url": "https://www.ibm.com/support/pages/node/7262548"
},
{
"published_at": "2026-03-02",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7262325",
"url": "https://www.ibm.com/support/pages/node/7262325"
},
{
"published_at": "2026-02-25",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7259901",
"url": "https://www.ibm.com/support/pages/node/7259901"
}
]
}
FKIE_CVE-2025-59343
Vulnerability from fkie_nvd - Published: 2025-09-24 18:15 - Updated: 2026-04-15 00:35
Severity ?
Summary
tar-fs provides filesystem bindings for tar-stream. Versions prior to 3.1.1, 2.1.3, and 1.16.5 are vulnerable to symlink validation bypass if the destination directory is predictable with a specific tarball. This issue has been patched in version 3.1.1, 2.1.4, and 1.16.6. A workaround involves using the ignore option on non files/directories.
References
Impacted products
| Vendor | Product | Version |
|---|
{
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "tar-fs provides filesystem bindings for tar-stream. Versions prior to 3.1.1, 2.1.3, and 1.16.5 are vulnerable to symlink validation bypass if the destination directory is predictable with a specific tarball. This issue has been patched in version 3.1.1, 2.1.4, and 1.16.6. A workaround involves using the ignore option on non files/directories."
},
{
"lang": "es",
"value": "tar-fs proporciona enlaces de sistema de archivos para tar-stream. Las versiones anteriores a 3.1.1, 2.1.3 y 1.16.5 son vulnerables a una omisi\u00f3n de validaci\u00f3n de enlace simb\u00f3lico si el directorio de destino es predecible con un tarball espec\u00edfico. Este problema ha sido parcheado en las versiones 3.1.1, 2.1.4 y 1.16.6. Una soluci\u00f3n alternativa implica usar la opci\u00f3n de ignorar en elementos que no son archivos/directorios."
}
],
"id": "CVE-2025-59343",
"lastModified": "2026-04-15T00:35:42.020",
"metrics": {
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"source": "security-advisories@github.com",
"type": "Secondary"
}
]
},
"published": "2025-09-24T18:15:42.297",
"references": [
{
"source": "security-advisories@github.com",
"url": "https://github.com/mafintosh/tar-fs/commit/0bd54cdf06da2b7b5b95cd4b062c9f4e0a8c4e09"
},
{
"source": "security-advisories@github.com",
"url": "https://github.com/mafintosh/tar-fs/security/advisories/GHSA-vj76-c3g6-qr5v"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.debian.org/debian-lts-announce/2025/09/msg00028.html"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
},
{
"lang": "en",
"value": "CWE-61"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
}
]
}
GHSA-VJ76-C3G6-QR5V
Vulnerability from github – Published: 2025-09-24 18:57 – Updated: 2025-11-03 21:34
VLAI?
Summary
tar-fs has a symlink validation bypass if destination directory is predictable with a specific tarball
Details
Impact
v3.1.0, v2.1.3, v1.16.5 and below
Patches
Has been patched in 3.1.1, 2.1.4, and 1.16.6
Workarounds
You can use the ignore option to ignore non files/directories.
ignore (_, header) {
// pass files & directories, ignore e.g. symlinks
return header.type !== 'file' && header.type !== 'directory'
}
Credit
Reported by: Mapta / BugBunny_ai
Severity ?
{
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "tar-fs"
},
"ranges": [
{
"events": [
{
"introduced": "3.0.0"
},
{
"fixed": "3.1.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "npm",
"name": "tar-fs"
},
"ranges": [
{
"events": [
{
"introduced": "2.0.0"
},
{
"fixed": "2.1.4"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "npm",
"name": "tar-fs"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.16.6"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2025-59343"
],
"database_specific": {
"cwe_ids": [
"CWE-22",
"CWE-61"
],
"github_reviewed": true,
"github_reviewed_at": "2025-09-24T18:57:04Z",
"nvd_published_at": "2025-09-24T18:15:42Z",
"severity": "HIGH"
},
"details": "### Impact\n v3.1.0, v2.1.3, v1.16.5 and below\n\n### Patches\nHas been patched in 3.1.1, 2.1.4, and 1.16.6\n\n### Workarounds\nYou can use the ignore option to ignore non files/directories.\n\n```js\n ignore (_, header) {\n // pass files \u0026 directories, ignore e.g. symlinks\n return header.type !== \u0027file\u0027 \u0026\u0026 header.type !== \u0027directory\u0027\n }\n```\n\n### Credit\nReported by: Mapta / BugBunny_ai",
"id": "GHSA-vj76-c3g6-qr5v",
"modified": "2025-11-03T21:34:35Z",
"published": "2025-09-24T18:57:04Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/mafintosh/tar-fs/security/advisories/GHSA-vj76-c3g6-qr5v"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-59343"
},
{
"type": "WEB",
"url": "https://github.com/mafintosh/tar-fs/commit/0bd54cdf06da2b7b5b95cd4b062c9f4e0a8c4e09"
},
{
"type": "PACKAGE",
"url": "https://github.com/mafintosh/tar-fs"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2025/09/msg00028.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "tar-fs has a symlink validation bypass if destination directory is predictable with a specific tarball"
}
OPENSUSE-SU-2025:15582-1
Vulnerability from csaf_opensuse - Published: 2025-09-26 00:00 - Updated: 2025-09-26 00:00Summary
tree-sitter-ruby-0.23.1-2.1 on GA media
Severity
Moderate
Notes
Title of the patch: tree-sitter-ruby-0.23.1-2.1 on GA media
Description of the patch: These are all security issues fixed in the tree-sitter-ruby-0.23.1-2.1 package on the GA media of openSUSE Tumbleweed.
Patchnames: openSUSE-Tumbleweed-2025-15582
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
Affected products
Recommended
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:tree-sitter-ruby-0.23.1-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:tree-sitter-ruby-0.23.1-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:tree-sitter-ruby-0.23.1-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:tree-sitter-ruby-0.23.1-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:tree-sitter-ruby-devel-0.23.1-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:tree-sitter-ruby-devel-0.23.1-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:tree-sitter-ruby-devel-0.23.1-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:tree-sitter-ruby-devel-0.23.1-2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
low
6.2 (Medium)
Affected products
Recommended
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:tree-sitter-ruby-0.23.1-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:tree-sitter-ruby-0.23.1-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:tree-sitter-ruby-0.23.1-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:tree-sitter-ruby-0.23.1-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:tree-sitter-ruby-devel-0.23.1-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:tree-sitter-ruby-devel-0.23.1-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:tree-sitter-ruby-devel-0.23.1-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:tree-sitter-ruby-devel-0.23.1-2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
References
8 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "tree-sitter-ruby-0.23.1-2.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the tree-sitter-ruby-0.23.1-2.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2025-15582",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2025_15582-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-5889 page",
"url": "https://www.suse.com/security/cve/CVE-2025-5889/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-59343 page",
"url": "https://www.suse.com/security/cve/CVE-2025-59343/"
}
],
"title": "tree-sitter-ruby-0.23.1-2.1 on GA media",
"tracking": {
"current_release_date": "2025-09-26T00:00:00Z",
"generator": {
"date": "2025-09-26T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2025:15582-1",
"initial_release_date": "2025-09-26T00:00:00Z",
"revision_history": [
{
"date": "2025-09-26T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "tree-sitter-ruby-0.23.1-2.1.aarch64",
"product": {
"name": "tree-sitter-ruby-0.23.1-2.1.aarch64",
"product_id": "tree-sitter-ruby-0.23.1-2.1.aarch64"
}
},
{
"category": "product_version",
"name": "tree-sitter-ruby-devel-0.23.1-2.1.aarch64",
"product": {
"name": "tree-sitter-ruby-devel-0.23.1-2.1.aarch64",
"product_id": "tree-sitter-ruby-devel-0.23.1-2.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "tree-sitter-ruby-0.23.1-2.1.ppc64le",
"product": {
"name": "tree-sitter-ruby-0.23.1-2.1.ppc64le",
"product_id": "tree-sitter-ruby-0.23.1-2.1.ppc64le"
}
},
{
"category": "product_version",
"name": "tree-sitter-ruby-devel-0.23.1-2.1.ppc64le",
"product": {
"name": "tree-sitter-ruby-devel-0.23.1-2.1.ppc64le",
"product_id": "tree-sitter-ruby-devel-0.23.1-2.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "tree-sitter-ruby-0.23.1-2.1.s390x",
"product": {
"name": "tree-sitter-ruby-0.23.1-2.1.s390x",
"product_id": "tree-sitter-ruby-0.23.1-2.1.s390x"
}
},
{
"category": "product_version",
"name": "tree-sitter-ruby-devel-0.23.1-2.1.s390x",
"product": {
"name": "tree-sitter-ruby-devel-0.23.1-2.1.s390x",
"product_id": "tree-sitter-ruby-devel-0.23.1-2.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "tree-sitter-ruby-0.23.1-2.1.x86_64",
"product": {
"name": "tree-sitter-ruby-0.23.1-2.1.x86_64",
"product_id": "tree-sitter-ruby-0.23.1-2.1.x86_64"
}
},
{
"category": "product_version",
"name": "tree-sitter-ruby-devel-0.23.1-2.1.x86_64",
"product": {
"name": "tree-sitter-ruby-devel-0.23.1-2.1.x86_64",
"product_id": "tree-sitter-ruby-devel-0.23.1-2.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "tree-sitter-ruby-0.23.1-2.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tree-sitter-ruby-0.23.1-2.1.aarch64"
},
"product_reference": "tree-sitter-ruby-0.23.1-2.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tree-sitter-ruby-0.23.1-2.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tree-sitter-ruby-0.23.1-2.1.ppc64le"
},
"product_reference": "tree-sitter-ruby-0.23.1-2.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tree-sitter-ruby-0.23.1-2.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tree-sitter-ruby-0.23.1-2.1.s390x"
},
"product_reference": "tree-sitter-ruby-0.23.1-2.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tree-sitter-ruby-0.23.1-2.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tree-sitter-ruby-0.23.1-2.1.x86_64"
},
"product_reference": "tree-sitter-ruby-0.23.1-2.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tree-sitter-ruby-devel-0.23.1-2.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tree-sitter-ruby-devel-0.23.1-2.1.aarch64"
},
"product_reference": "tree-sitter-ruby-devel-0.23.1-2.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tree-sitter-ruby-devel-0.23.1-2.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tree-sitter-ruby-devel-0.23.1-2.1.ppc64le"
},
"product_reference": "tree-sitter-ruby-devel-0.23.1-2.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tree-sitter-ruby-devel-0.23.1-2.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tree-sitter-ruby-devel-0.23.1-2.1.s390x"
},
"product_reference": "tree-sitter-ruby-devel-0.23.1-2.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tree-sitter-ruby-devel-0.23.1-2.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tree-sitter-ruby-devel-0.23.1-2.1.x86_64"
},
"product_reference": "tree-sitter-ruby-devel-0.23.1-2.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-5889",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-5889"
}
],
"notes": [
{
"category": "general",
"text": "A vulnerability was found in juliangruber brace-expansion up to 1.1.11/2.0.1/3.0.0/4.0.0. It has been rated as problematic. Affected by this issue is the function expand of the file index.js. The manipulation leads to inefficient regular expression complexity. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. Upgrading to version 1.1.12, 2.0.2, 3.0.1 and 4.0.1 is able to address this issue. The name of the patch is a5b98a4f30d7813266b221435e1eaaf25a1b0ac5. It is recommended to upgrade the affected component.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:tree-sitter-ruby-0.23.1-2.1.aarch64",
"openSUSE Tumbleweed:tree-sitter-ruby-0.23.1-2.1.ppc64le",
"openSUSE Tumbleweed:tree-sitter-ruby-0.23.1-2.1.s390x",
"openSUSE Tumbleweed:tree-sitter-ruby-0.23.1-2.1.x86_64",
"openSUSE Tumbleweed:tree-sitter-ruby-devel-0.23.1-2.1.aarch64",
"openSUSE Tumbleweed:tree-sitter-ruby-devel-0.23.1-2.1.ppc64le",
"openSUSE Tumbleweed:tree-sitter-ruby-devel-0.23.1-2.1.s390x",
"openSUSE Tumbleweed:tree-sitter-ruby-devel-0.23.1-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-5889",
"url": "https://www.suse.com/security/cve/CVE-2025-5889"
},
{
"category": "external",
"summary": "SUSE Bug 1244340 for CVE-2025-5889",
"url": "https://bugzilla.suse.com/1244340"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:tree-sitter-ruby-0.23.1-2.1.aarch64",
"openSUSE Tumbleweed:tree-sitter-ruby-0.23.1-2.1.ppc64le",
"openSUSE Tumbleweed:tree-sitter-ruby-0.23.1-2.1.s390x",
"openSUSE Tumbleweed:tree-sitter-ruby-0.23.1-2.1.x86_64",
"openSUSE Tumbleweed:tree-sitter-ruby-devel-0.23.1-2.1.aarch64",
"openSUSE Tumbleweed:tree-sitter-ruby-devel-0.23.1-2.1.ppc64le",
"openSUSE Tumbleweed:tree-sitter-ruby-devel-0.23.1-2.1.s390x",
"openSUSE Tumbleweed:tree-sitter-ruby-devel-0.23.1-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 2.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:tree-sitter-ruby-0.23.1-2.1.aarch64",
"openSUSE Tumbleweed:tree-sitter-ruby-0.23.1-2.1.ppc64le",
"openSUSE Tumbleweed:tree-sitter-ruby-0.23.1-2.1.s390x",
"openSUSE Tumbleweed:tree-sitter-ruby-0.23.1-2.1.x86_64",
"openSUSE Tumbleweed:tree-sitter-ruby-devel-0.23.1-2.1.aarch64",
"openSUSE Tumbleweed:tree-sitter-ruby-devel-0.23.1-2.1.ppc64le",
"openSUSE Tumbleweed:tree-sitter-ruby-devel-0.23.1-2.1.s390x",
"openSUSE Tumbleweed:tree-sitter-ruby-devel-0.23.1-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-09-26T00:00:00Z",
"details": "low"
}
],
"title": "CVE-2025-5889"
},
{
"cve": "CVE-2025-59343",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-59343"
}
],
"notes": [
{
"category": "general",
"text": "tar-fs provides filesystem bindings for tar-stream. Versions prior to 3.1.1, 2.1.3, and 1.16.5 are vulnerable to symlink validation bypass if the destination directory is predictable with a specific tarball. This issue has been patched in version 3.1.1, 2.1.4, and 1.16.6. A workaround involves using the ignore option on non files/directories.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:tree-sitter-ruby-0.23.1-2.1.aarch64",
"openSUSE Tumbleweed:tree-sitter-ruby-0.23.1-2.1.ppc64le",
"openSUSE Tumbleweed:tree-sitter-ruby-0.23.1-2.1.s390x",
"openSUSE Tumbleweed:tree-sitter-ruby-0.23.1-2.1.x86_64",
"openSUSE Tumbleweed:tree-sitter-ruby-devel-0.23.1-2.1.aarch64",
"openSUSE Tumbleweed:tree-sitter-ruby-devel-0.23.1-2.1.ppc64le",
"openSUSE Tumbleweed:tree-sitter-ruby-devel-0.23.1-2.1.s390x",
"openSUSE Tumbleweed:tree-sitter-ruby-devel-0.23.1-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-59343",
"url": "https://www.suse.com/security/cve/CVE-2025-59343"
},
{
"category": "external",
"summary": "SUSE Bug 1250515 for CVE-2025-59343",
"url": "https://bugzilla.suse.com/1250515"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:tree-sitter-ruby-0.23.1-2.1.aarch64",
"openSUSE Tumbleweed:tree-sitter-ruby-0.23.1-2.1.ppc64le",
"openSUSE Tumbleweed:tree-sitter-ruby-0.23.1-2.1.s390x",
"openSUSE Tumbleweed:tree-sitter-ruby-0.23.1-2.1.x86_64",
"openSUSE Tumbleweed:tree-sitter-ruby-devel-0.23.1-2.1.aarch64",
"openSUSE Tumbleweed:tree-sitter-ruby-devel-0.23.1-2.1.ppc64le",
"openSUSE Tumbleweed:tree-sitter-ruby-devel-0.23.1-2.1.s390x",
"openSUSE Tumbleweed:tree-sitter-ruby-devel-0.23.1-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:tree-sitter-ruby-0.23.1-2.1.aarch64",
"openSUSE Tumbleweed:tree-sitter-ruby-0.23.1-2.1.ppc64le",
"openSUSE Tumbleweed:tree-sitter-ruby-0.23.1-2.1.s390x",
"openSUSE Tumbleweed:tree-sitter-ruby-0.23.1-2.1.x86_64",
"openSUSE Tumbleweed:tree-sitter-ruby-devel-0.23.1-2.1.aarch64",
"openSUSE Tumbleweed:tree-sitter-ruby-devel-0.23.1-2.1.ppc64le",
"openSUSE Tumbleweed:tree-sitter-ruby-devel-0.23.1-2.1.s390x",
"openSUSE Tumbleweed:tree-sitter-ruby-devel-0.23.1-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-09-26T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-59343"
}
]
}
RHSA-2025:17376
Vulnerability from csaf_redhat - Published: 2025-10-06 13:05 - Updated: 2026-03-31 03:08Summary
Red Hat Security Advisory: Red Hat build of Cryostat 4.0.3: new RHEL 9 container image security update
Severity
Important
Notes
Topic: New Red Hat build of Cryostat 4.0.3 on RHEL 9 container images are now available.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: The Cryostat 4 on RHEL 9 container images have been updated to fix several bugs.
Users of Cryostat 4 on RHEL 9 container images are advised to upgrade to these updated images, which contain backported patches to fix these bugs and add these enhancements. Users of these images are also encouraged to rebuild all container images that depend on these images.
Security Fix(es):
* tar-fs: tar-fs symlink validation bypass (CVE-2025-59343)
You can find images updated by this advisory in the Red Hat Container Catalog (see the References section).
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A symlink validation bypass flaw has been discovered in the npm tar-fs library. Affected versions are vulnerable to a symlink validation bypass if the destination directory is predictable with a specific tarball.
7.5 (High)
Affected products
Fixed
22 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-agent-init-rhel9@sha256:9463aed19da3b03a12bed39c6050bec99463e10065ee372b67816213a045c6f4_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-agent-init-rhel9@sha256:f70b1ea3fc288d6054c8fd361e672849b35d8c4ae2ba844d7afe9fa4ae3e4d6f_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-db-rhel9@sha256:3f78daa87571d389f545698ccfafd7fb95e8acc88105bc26b89acd1f1d4604ec_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-db-rhel9@sha256:f21352681262b8d7671383fad5ac0318ceffce84ad863072a4b9dd90a2f152e2_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-grafana-dashboard-rhel9@sha256:7a7bb95ea5e6a42221586653da0bf950f8aca246ac3615d09fd6679d4b13e07b_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-grafana-dashboard-rhel9@sha256:d1336f0e9915a034b3156ab5bb1ee61fd479ceb5a16b9af95ea765998013222c_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-openshift-console-plugin-rhel9@sha256:35bde3754ad9ca1e81205f114c82d4a56f285057a61145909177a6cb65d29b9a_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-openshift-console-plugin-rhel9@sha256:50b56388f16ff8d9d54e0cf24e6169e21426725fa4bf7e7846191fb75b746aa1_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-operator-bundle@sha256:935d3968b95d7712f35efe8a60e45160ef8fdac687632f34edc447f22eb9e764_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-operator-bundle@sha256:dadf9b28a2d935a73c3daa6c26638ced5c433262a230d3a14ce1b4f2509244bc_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-ose-oauth-proxy-rhel9@sha256:287d87e4e5a80514270d9d3f3f0911bff5a965019445f2cbc3a354de87ee8fc8_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-ose-oauth-proxy-rhel9@sha256:7f1ccbfe7c19ffbc43c864afa0f3265aaca55156b0dc37b35258941c5cefa467_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-reports-rhel9@sha256:3855e1063979608e04a443bb23061de41d40384de6a0cf97e773a9437e001e86_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-reports-rhel9@sha256:b31a398c301bf937e3b32779990106e83514d78d880d468f52248c28a0804844_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-rhel9-operator@sha256:f93fb5a329f336d7221e457f33fea590d33b3f3a0d3817572ec6a3df4733492b_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-rhel9-operator@sha256:fe346c81d84d7919f0d15d0b3fc83a81274308b5e922347cb6d3c19e7137fa55_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-rhel9@sha256:a6c3b106d370130408da31aabe9719d7b9576275038b261fef2967b618faf03f_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-rhel9@sha256:cf45d23bb2e8064fb1f92335b9854bfc6d05a8ff82f93e19c6377b414c2cfba7_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-storage-rhel9@sha256:2b6db9665766c3d8320292ca3ff9840935e92f4d06acc4ec1abfd38d63b83b7d_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-storage-rhel9@sha256:5735fe58a6bb76ca20fe83a7429bbe1ab0cc198d2f5248505c36bd13dfed54b9_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-Cryostat-4:cryostat/jfr-datasource-rhel9@sha256:78542cfcb567bc4c3766f7734a49b07485ec0283484878f16b3c3bb3ab0e4bd3_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-Cryostat-4:cryostat/jfr-datasource-rhel9@sha256:ffcd3bb8792afadd97ac09e43c14cf5ee2da2688e0b9aa3e0839a411d87e688a_amd64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
References
10 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "New Red Hat build of Cryostat 4.0.3 on RHEL 9 container images are now available.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The Cryostat 4 on RHEL 9 container images have been updated to fix several bugs.\n\nUsers of Cryostat 4 on RHEL 9 container images are advised to upgrade to these updated images, which contain backported patches to fix these bugs and add these enhancements. Users of these images are also encouraged to rebuild all container images that depend on these images.\n\nSecurity Fix(es):\n\n* tar-fs: tar-fs symlink validation bypass (CVE-2025-59343)\n\nYou can find images updated by this advisory in the Red Hat Container Catalog (see the References section).",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:17376",
"url": "https://access.redhat.com/errata/RHSA-2025:17376"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2397901",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2397901"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_17376.json"
}
],
"title": "Red Hat Security Advisory: Red Hat build of Cryostat 4.0.3: new RHEL 9 container image security update",
"tracking": {
"current_release_date": "2026-03-31T03:08:51+00:00",
"generator": {
"date": "2026-03-31T03:08:51+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.4"
}
},
"id": "RHSA-2025:17376",
"initial_release_date": "2025-10-06T13:05:24+00:00",
"revision_history": [
{
"date": "2025-10-06T13:05:24+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-10-06T13:05:24+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-03-31T03:08:51+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Cryostat 4 on RHEL 9",
"product": {
"name": "Cryostat 4 on RHEL 9",
"product_id": "9Base-Cryostat-4",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:cryostat:4::el9"
}
}
}
],
"category": "product_family",
"name": "Cryostat"
},
{
"branches": [
{
"category": "product_version",
"name": "cryostat/cryostat-agent-init-rhel9@sha256:9463aed19da3b03a12bed39c6050bec99463e10065ee372b67816213a045c6f4_arm64",
"product": {
"name": "cryostat/cryostat-agent-init-rhel9@sha256:9463aed19da3b03a12bed39c6050bec99463e10065ee372b67816213a045c6f4_arm64",
"product_id": "cryostat/cryostat-agent-init-rhel9@sha256:9463aed19da3b03a12bed39c6050bec99463e10065ee372b67816213a045c6f4_arm64",
"product_identification_helper": {
"purl": "pkg:oci/cryostat-agent-init-rhel9@sha256:9463aed19da3b03a12bed39c6050bec99463e10065ee372b67816213a045c6f4?arch=arm64\u0026repository_url=registry.redhat.io/cryostat/cryostat-agent-init-rhel9\u0026tag=0.5.3-2"
}
}
},
{
"category": "product_version",
"name": "cryostat/cryostat-db-rhel9@sha256:f21352681262b8d7671383fad5ac0318ceffce84ad863072a4b9dd90a2f152e2_arm64",
"product": {
"name": "cryostat/cryostat-db-rhel9@sha256:f21352681262b8d7671383fad5ac0318ceffce84ad863072a4b9dd90a2f152e2_arm64",
"product_id": "cryostat/cryostat-db-rhel9@sha256:f21352681262b8d7671383fad5ac0318ceffce84ad863072a4b9dd90a2f152e2_arm64",
"product_identification_helper": {
"purl": "pkg:oci/cryostat-db-rhel9@sha256:f21352681262b8d7671383fad5ac0318ceffce84ad863072a4b9dd90a2f152e2?arch=arm64\u0026repository_url=registry.redhat.io/cryostat/cryostat-db-rhel9\u0026tag=4.0.3-2"
}
}
},
{
"category": "product_version",
"name": "cryostat/cryostat-grafana-dashboard-rhel9@sha256:7a7bb95ea5e6a42221586653da0bf950f8aca246ac3615d09fd6679d4b13e07b_arm64",
"product": {
"name": "cryostat/cryostat-grafana-dashboard-rhel9@sha256:7a7bb95ea5e6a42221586653da0bf950f8aca246ac3615d09fd6679d4b13e07b_arm64",
"product_id": "cryostat/cryostat-grafana-dashboard-rhel9@sha256:7a7bb95ea5e6a42221586653da0bf950f8aca246ac3615d09fd6679d4b13e07b_arm64",
"product_identification_helper": {
"purl": "pkg:oci/cryostat-grafana-dashboard-rhel9@sha256:7a7bb95ea5e6a42221586653da0bf950f8aca246ac3615d09fd6679d4b13e07b?arch=arm64\u0026repository_url=registry.redhat.io/cryostat/cryostat-grafana-dashboard-rhel9\u0026tag=4.0.3-2"
}
}
},
{
"category": "product_version",
"name": "cryostat/cryostat-openshift-console-plugin-rhel9@sha256:50b56388f16ff8d9d54e0cf24e6169e21426725fa4bf7e7846191fb75b746aa1_arm64",
"product": {
"name": "cryostat/cryostat-openshift-console-plugin-rhel9@sha256:50b56388f16ff8d9d54e0cf24e6169e21426725fa4bf7e7846191fb75b746aa1_arm64",
"product_id": "cryostat/cryostat-openshift-console-plugin-rhel9@sha256:50b56388f16ff8d9d54e0cf24e6169e21426725fa4bf7e7846191fb75b746aa1_arm64",
"product_identification_helper": {
"purl": "pkg:oci/cryostat-openshift-console-plugin-rhel9@sha256:50b56388f16ff8d9d54e0cf24e6169e21426725fa4bf7e7846191fb75b746aa1?arch=arm64\u0026repository_url=registry.redhat.io/cryostat/cryostat-openshift-console-plugin-rhel9\u0026tag=4.0.3-2"
}
}
},
{
"category": "product_version",
"name": "cryostat/cryostat-ose-oauth-proxy-rhel9@sha256:7f1ccbfe7c19ffbc43c864afa0f3265aaca55156b0dc37b35258941c5cefa467_arm64",
"product": {
"name": "cryostat/cryostat-ose-oauth-proxy-rhel9@sha256:7f1ccbfe7c19ffbc43c864afa0f3265aaca55156b0dc37b35258941c5cefa467_arm64",
"product_id": "cryostat/cryostat-ose-oauth-proxy-rhel9@sha256:7f1ccbfe7c19ffbc43c864afa0f3265aaca55156b0dc37b35258941c5cefa467_arm64",
"product_identification_helper": {
"purl": "pkg:oci/cryostat-ose-oauth-proxy-rhel9@sha256:7f1ccbfe7c19ffbc43c864afa0f3265aaca55156b0dc37b35258941c5cefa467?arch=arm64\u0026repository_url=registry.redhat.io/cryostat/cryostat-ose-oauth-proxy-rhel9\u0026tag=4.0.3-2"
}
}
},
{
"category": "product_version",
"name": "cryostat/cryostat-reports-rhel9@sha256:b31a398c301bf937e3b32779990106e83514d78d880d468f52248c28a0804844_arm64",
"product": {
"name": "cryostat/cryostat-reports-rhel9@sha256:b31a398c301bf937e3b32779990106e83514d78d880d468f52248c28a0804844_arm64",
"product_id": "cryostat/cryostat-reports-rhel9@sha256:b31a398c301bf937e3b32779990106e83514d78d880d468f52248c28a0804844_arm64",
"product_identification_helper": {
"purl": "pkg:oci/cryostat-reports-rhel9@sha256:b31a398c301bf937e3b32779990106e83514d78d880d468f52248c28a0804844?arch=arm64\u0026repository_url=registry.redhat.io/cryostat/cryostat-reports-rhel9\u0026tag=4.0.3-2"
}
}
},
{
"category": "product_version",
"name": "cryostat/cryostat-rhel9@sha256:cf45d23bb2e8064fb1f92335b9854bfc6d05a8ff82f93e19c6377b414c2cfba7_arm64",
"product": {
"name": "cryostat/cryostat-rhel9@sha256:cf45d23bb2e8064fb1f92335b9854bfc6d05a8ff82f93e19c6377b414c2cfba7_arm64",
"product_id": "cryostat/cryostat-rhel9@sha256:cf45d23bb2e8064fb1f92335b9854bfc6d05a8ff82f93e19c6377b414c2cfba7_arm64",
"product_identification_helper": {
"purl": "pkg:oci/cryostat-rhel9@sha256:cf45d23bb2e8064fb1f92335b9854bfc6d05a8ff82f93e19c6377b414c2cfba7?arch=arm64\u0026repository_url=registry.redhat.io/cryostat/cryostat-rhel9\u0026tag=4.0.3-2"
}
}
},
{
"category": "product_version",
"name": "cryostat/cryostat-operator-bundle@sha256:935d3968b95d7712f35efe8a60e45160ef8fdac687632f34edc447f22eb9e764_arm64",
"product": {
"name": "cryostat/cryostat-operator-bundle@sha256:935d3968b95d7712f35efe8a60e45160ef8fdac687632f34edc447f22eb9e764_arm64",
"product_id": "cryostat/cryostat-operator-bundle@sha256:935d3968b95d7712f35efe8a60e45160ef8fdac687632f34edc447f22eb9e764_arm64",
"product_identification_helper": {
"purl": "pkg:oci/cryostat-operator-bundle@sha256:935d3968b95d7712f35efe8a60e45160ef8fdac687632f34edc447f22eb9e764?arch=arm64\u0026repository_url=registry.redhat.io/cryostat/cryostat-operator-bundle\u0026tag=4.0.3-2"
}
}
},
{
"category": "product_version",
"name": "cryostat/cryostat-rhel9-operator@sha256:fe346c81d84d7919f0d15d0b3fc83a81274308b5e922347cb6d3c19e7137fa55_arm64",
"product": {
"name": "cryostat/cryostat-rhel9-operator@sha256:fe346c81d84d7919f0d15d0b3fc83a81274308b5e922347cb6d3c19e7137fa55_arm64",
"product_id": "cryostat/cryostat-rhel9-operator@sha256:fe346c81d84d7919f0d15d0b3fc83a81274308b5e922347cb6d3c19e7137fa55_arm64",
"product_identification_helper": {
"purl": "pkg:oci/cryostat-rhel9-operator@sha256:fe346c81d84d7919f0d15d0b3fc83a81274308b5e922347cb6d3c19e7137fa55?arch=arm64\u0026repository_url=registry.redhat.io/cryostat/cryostat-rhel9-operator\u0026tag=4.0.3-2"
}
}
},
{
"category": "product_version",
"name": "cryostat/cryostat-storage-rhel9@sha256:5735fe58a6bb76ca20fe83a7429bbe1ab0cc198d2f5248505c36bd13dfed54b9_arm64",
"product": {
"name": "cryostat/cryostat-storage-rhel9@sha256:5735fe58a6bb76ca20fe83a7429bbe1ab0cc198d2f5248505c36bd13dfed54b9_arm64",
"product_id": "cryostat/cryostat-storage-rhel9@sha256:5735fe58a6bb76ca20fe83a7429bbe1ab0cc198d2f5248505c36bd13dfed54b9_arm64",
"product_identification_helper": {
"purl": "pkg:oci/cryostat-storage-rhel9@sha256:5735fe58a6bb76ca20fe83a7429bbe1ab0cc198d2f5248505c36bd13dfed54b9?arch=arm64\u0026repository_url=registry.redhat.io/cryostat/cryostat-storage-rhel9\u0026tag=4.0.3-2"
}
}
},
{
"category": "product_version",
"name": "cryostat/jfr-datasource-rhel9@sha256:78542cfcb567bc4c3766f7734a49b07485ec0283484878f16b3c3bb3ab0e4bd3_arm64",
"product": {
"name": "cryostat/jfr-datasource-rhel9@sha256:78542cfcb567bc4c3766f7734a49b07485ec0283484878f16b3c3bb3ab0e4bd3_arm64",
"product_id": "cryostat/jfr-datasource-rhel9@sha256:78542cfcb567bc4c3766f7734a49b07485ec0283484878f16b3c3bb3ab0e4bd3_arm64",
"product_identification_helper": {
"purl": "pkg:oci/jfr-datasource-rhel9@sha256:78542cfcb567bc4c3766f7734a49b07485ec0283484878f16b3c3bb3ab0e4bd3?arch=arm64\u0026repository_url=registry.redhat.io/cryostat/jfr-datasource-rhel9\u0026tag=4.0.3-2"
}
}
}
],
"category": "architecture",
"name": "arm64"
},
{
"branches": [
{
"category": "product_version",
"name": "cryostat/cryostat-agent-init-rhel9@sha256:f70b1ea3fc288d6054c8fd361e672849b35d8c4ae2ba844d7afe9fa4ae3e4d6f_amd64",
"product": {
"name": "cryostat/cryostat-agent-init-rhel9@sha256:f70b1ea3fc288d6054c8fd361e672849b35d8c4ae2ba844d7afe9fa4ae3e4d6f_amd64",
"product_id": "cryostat/cryostat-agent-init-rhel9@sha256:f70b1ea3fc288d6054c8fd361e672849b35d8c4ae2ba844d7afe9fa4ae3e4d6f_amd64",
"product_identification_helper": {
"purl": "pkg:oci/cryostat-agent-init-rhel9@sha256:f70b1ea3fc288d6054c8fd361e672849b35d8c4ae2ba844d7afe9fa4ae3e4d6f?arch=amd64\u0026repository_url=registry.redhat.io/cryostat/cryostat-agent-init-rhel9\u0026tag=0.5.3-2"
}
}
},
{
"category": "product_version",
"name": "cryostat/cryostat-db-rhel9@sha256:3f78daa87571d389f545698ccfafd7fb95e8acc88105bc26b89acd1f1d4604ec_amd64",
"product": {
"name": "cryostat/cryostat-db-rhel9@sha256:3f78daa87571d389f545698ccfafd7fb95e8acc88105bc26b89acd1f1d4604ec_amd64",
"product_id": "cryostat/cryostat-db-rhel9@sha256:3f78daa87571d389f545698ccfafd7fb95e8acc88105bc26b89acd1f1d4604ec_amd64",
"product_identification_helper": {
"purl": "pkg:oci/cryostat-db-rhel9@sha256:3f78daa87571d389f545698ccfafd7fb95e8acc88105bc26b89acd1f1d4604ec?arch=amd64\u0026repository_url=registry.redhat.io/cryostat/cryostat-db-rhel9\u0026tag=4.0.3-2"
}
}
},
{
"category": "product_version",
"name": "cryostat/cryostat-grafana-dashboard-rhel9@sha256:d1336f0e9915a034b3156ab5bb1ee61fd479ceb5a16b9af95ea765998013222c_amd64",
"product": {
"name": "cryostat/cryostat-grafana-dashboard-rhel9@sha256:d1336f0e9915a034b3156ab5bb1ee61fd479ceb5a16b9af95ea765998013222c_amd64",
"product_id": "cryostat/cryostat-grafana-dashboard-rhel9@sha256:d1336f0e9915a034b3156ab5bb1ee61fd479ceb5a16b9af95ea765998013222c_amd64",
"product_identification_helper": {
"purl": "pkg:oci/cryostat-grafana-dashboard-rhel9@sha256:d1336f0e9915a034b3156ab5bb1ee61fd479ceb5a16b9af95ea765998013222c?arch=amd64\u0026repository_url=registry.redhat.io/cryostat/cryostat-grafana-dashboard-rhel9\u0026tag=4.0.3-2"
}
}
},
{
"category": "product_version",
"name": "cryostat/cryostat-openshift-console-plugin-rhel9@sha256:35bde3754ad9ca1e81205f114c82d4a56f285057a61145909177a6cb65d29b9a_amd64",
"product": {
"name": "cryostat/cryostat-openshift-console-plugin-rhel9@sha256:35bde3754ad9ca1e81205f114c82d4a56f285057a61145909177a6cb65d29b9a_amd64",
"product_id": "cryostat/cryostat-openshift-console-plugin-rhel9@sha256:35bde3754ad9ca1e81205f114c82d4a56f285057a61145909177a6cb65d29b9a_amd64",
"product_identification_helper": {
"purl": "pkg:oci/cryostat-openshift-console-plugin-rhel9@sha256:35bde3754ad9ca1e81205f114c82d4a56f285057a61145909177a6cb65d29b9a?arch=amd64\u0026repository_url=registry.redhat.io/cryostat/cryostat-openshift-console-plugin-rhel9\u0026tag=4.0.3-2"
}
}
},
{
"category": "product_version",
"name": "cryostat/cryostat-ose-oauth-proxy-rhel9@sha256:287d87e4e5a80514270d9d3f3f0911bff5a965019445f2cbc3a354de87ee8fc8_amd64",
"product": {
"name": "cryostat/cryostat-ose-oauth-proxy-rhel9@sha256:287d87e4e5a80514270d9d3f3f0911bff5a965019445f2cbc3a354de87ee8fc8_amd64",
"product_id": "cryostat/cryostat-ose-oauth-proxy-rhel9@sha256:287d87e4e5a80514270d9d3f3f0911bff5a965019445f2cbc3a354de87ee8fc8_amd64",
"product_identification_helper": {
"purl": "pkg:oci/cryostat-ose-oauth-proxy-rhel9@sha256:287d87e4e5a80514270d9d3f3f0911bff5a965019445f2cbc3a354de87ee8fc8?arch=amd64\u0026repository_url=registry.redhat.io/cryostat/cryostat-ose-oauth-proxy-rhel9\u0026tag=4.0.3-2"
}
}
},
{
"category": "product_version",
"name": "cryostat/cryostat-reports-rhel9@sha256:3855e1063979608e04a443bb23061de41d40384de6a0cf97e773a9437e001e86_amd64",
"product": {
"name": "cryostat/cryostat-reports-rhel9@sha256:3855e1063979608e04a443bb23061de41d40384de6a0cf97e773a9437e001e86_amd64",
"product_id": "cryostat/cryostat-reports-rhel9@sha256:3855e1063979608e04a443bb23061de41d40384de6a0cf97e773a9437e001e86_amd64",
"product_identification_helper": {
"purl": "pkg:oci/cryostat-reports-rhel9@sha256:3855e1063979608e04a443bb23061de41d40384de6a0cf97e773a9437e001e86?arch=amd64\u0026repository_url=registry.redhat.io/cryostat/cryostat-reports-rhel9\u0026tag=4.0.3-2"
}
}
},
{
"category": "product_version",
"name": "cryostat/cryostat-rhel9@sha256:a6c3b106d370130408da31aabe9719d7b9576275038b261fef2967b618faf03f_amd64",
"product": {
"name": "cryostat/cryostat-rhel9@sha256:a6c3b106d370130408da31aabe9719d7b9576275038b261fef2967b618faf03f_amd64",
"product_id": "cryostat/cryostat-rhel9@sha256:a6c3b106d370130408da31aabe9719d7b9576275038b261fef2967b618faf03f_amd64",
"product_identification_helper": {
"purl": "pkg:oci/cryostat-rhel9@sha256:a6c3b106d370130408da31aabe9719d7b9576275038b261fef2967b618faf03f?arch=amd64\u0026repository_url=registry.redhat.io/cryostat/cryostat-rhel9\u0026tag=4.0.3-2"
}
}
},
{
"category": "product_version",
"name": "cryostat/cryostat-operator-bundle@sha256:dadf9b28a2d935a73c3daa6c26638ced5c433262a230d3a14ce1b4f2509244bc_amd64",
"product": {
"name": "cryostat/cryostat-operator-bundle@sha256:dadf9b28a2d935a73c3daa6c26638ced5c433262a230d3a14ce1b4f2509244bc_amd64",
"product_id": "cryostat/cryostat-operator-bundle@sha256:dadf9b28a2d935a73c3daa6c26638ced5c433262a230d3a14ce1b4f2509244bc_amd64",
"product_identification_helper": {
"purl": "pkg:oci/cryostat-operator-bundle@sha256:dadf9b28a2d935a73c3daa6c26638ced5c433262a230d3a14ce1b4f2509244bc?arch=amd64\u0026repository_url=registry.redhat.io/cryostat/cryostat-operator-bundle\u0026tag=4.0.3-2"
}
}
},
{
"category": "product_version",
"name": "cryostat/cryostat-rhel9-operator@sha256:f93fb5a329f336d7221e457f33fea590d33b3f3a0d3817572ec6a3df4733492b_amd64",
"product": {
"name": "cryostat/cryostat-rhel9-operator@sha256:f93fb5a329f336d7221e457f33fea590d33b3f3a0d3817572ec6a3df4733492b_amd64",
"product_id": "cryostat/cryostat-rhel9-operator@sha256:f93fb5a329f336d7221e457f33fea590d33b3f3a0d3817572ec6a3df4733492b_amd64",
"product_identification_helper": {
"purl": "pkg:oci/cryostat-rhel9-operator@sha256:f93fb5a329f336d7221e457f33fea590d33b3f3a0d3817572ec6a3df4733492b?arch=amd64\u0026repository_url=registry.redhat.io/cryostat/cryostat-rhel9-operator\u0026tag=4.0.3-2"
}
}
},
{
"category": "product_version",
"name": "cryostat/cryostat-storage-rhel9@sha256:2b6db9665766c3d8320292ca3ff9840935e92f4d06acc4ec1abfd38d63b83b7d_amd64",
"product": {
"name": "cryostat/cryostat-storage-rhel9@sha256:2b6db9665766c3d8320292ca3ff9840935e92f4d06acc4ec1abfd38d63b83b7d_amd64",
"product_id": "cryostat/cryostat-storage-rhel9@sha256:2b6db9665766c3d8320292ca3ff9840935e92f4d06acc4ec1abfd38d63b83b7d_amd64",
"product_identification_helper": {
"purl": "pkg:oci/cryostat-storage-rhel9@sha256:2b6db9665766c3d8320292ca3ff9840935e92f4d06acc4ec1abfd38d63b83b7d?arch=amd64\u0026repository_url=registry.redhat.io/cryostat/cryostat-storage-rhel9\u0026tag=4.0.3-2"
}
}
},
{
"category": "product_version",
"name": "cryostat/jfr-datasource-rhel9@sha256:ffcd3bb8792afadd97ac09e43c14cf5ee2da2688e0b9aa3e0839a411d87e688a_amd64",
"product": {
"name": "cryostat/jfr-datasource-rhel9@sha256:ffcd3bb8792afadd97ac09e43c14cf5ee2da2688e0b9aa3e0839a411d87e688a_amd64",
"product_id": "cryostat/jfr-datasource-rhel9@sha256:ffcd3bb8792afadd97ac09e43c14cf5ee2da2688e0b9aa3e0839a411d87e688a_amd64",
"product_identification_helper": {
"purl": "pkg:oci/jfr-datasource-rhel9@sha256:ffcd3bb8792afadd97ac09e43c14cf5ee2da2688e0b9aa3e0839a411d87e688a?arch=amd64\u0026repository_url=registry.redhat.io/cryostat/jfr-datasource-rhel9\u0026tag=4.0.3-2"
}
}
}
],
"category": "architecture",
"name": "amd64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "cryostat/cryostat-agent-init-rhel9@sha256:9463aed19da3b03a12bed39c6050bec99463e10065ee372b67816213a045c6f4_arm64 as a component of Cryostat 4 on RHEL 9",
"product_id": "9Base-Cryostat-4:cryostat/cryostat-agent-init-rhel9@sha256:9463aed19da3b03a12bed39c6050bec99463e10065ee372b67816213a045c6f4_arm64"
},
"product_reference": "cryostat/cryostat-agent-init-rhel9@sha256:9463aed19da3b03a12bed39c6050bec99463e10065ee372b67816213a045c6f4_arm64",
"relates_to_product_reference": "9Base-Cryostat-4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cryostat/cryostat-agent-init-rhel9@sha256:f70b1ea3fc288d6054c8fd361e672849b35d8c4ae2ba844d7afe9fa4ae3e4d6f_amd64 as a component of Cryostat 4 on RHEL 9",
"product_id": "9Base-Cryostat-4:cryostat/cryostat-agent-init-rhel9@sha256:f70b1ea3fc288d6054c8fd361e672849b35d8c4ae2ba844d7afe9fa4ae3e4d6f_amd64"
},
"product_reference": "cryostat/cryostat-agent-init-rhel9@sha256:f70b1ea3fc288d6054c8fd361e672849b35d8c4ae2ba844d7afe9fa4ae3e4d6f_amd64",
"relates_to_product_reference": "9Base-Cryostat-4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cryostat/cryostat-db-rhel9@sha256:3f78daa87571d389f545698ccfafd7fb95e8acc88105bc26b89acd1f1d4604ec_amd64 as a component of Cryostat 4 on RHEL 9",
"product_id": "9Base-Cryostat-4:cryostat/cryostat-db-rhel9@sha256:3f78daa87571d389f545698ccfafd7fb95e8acc88105bc26b89acd1f1d4604ec_amd64"
},
"product_reference": "cryostat/cryostat-db-rhel9@sha256:3f78daa87571d389f545698ccfafd7fb95e8acc88105bc26b89acd1f1d4604ec_amd64",
"relates_to_product_reference": "9Base-Cryostat-4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cryostat/cryostat-db-rhel9@sha256:f21352681262b8d7671383fad5ac0318ceffce84ad863072a4b9dd90a2f152e2_arm64 as a component of Cryostat 4 on RHEL 9",
"product_id": "9Base-Cryostat-4:cryostat/cryostat-db-rhel9@sha256:f21352681262b8d7671383fad5ac0318ceffce84ad863072a4b9dd90a2f152e2_arm64"
},
"product_reference": "cryostat/cryostat-db-rhel9@sha256:f21352681262b8d7671383fad5ac0318ceffce84ad863072a4b9dd90a2f152e2_arm64",
"relates_to_product_reference": "9Base-Cryostat-4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cryostat/cryostat-grafana-dashboard-rhel9@sha256:7a7bb95ea5e6a42221586653da0bf950f8aca246ac3615d09fd6679d4b13e07b_arm64 as a component of Cryostat 4 on RHEL 9",
"product_id": "9Base-Cryostat-4:cryostat/cryostat-grafana-dashboard-rhel9@sha256:7a7bb95ea5e6a42221586653da0bf950f8aca246ac3615d09fd6679d4b13e07b_arm64"
},
"product_reference": "cryostat/cryostat-grafana-dashboard-rhel9@sha256:7a7bb95ea5e6a42221586653da0bf950f8aca246ac3615d09fd6679d4b13e07b_arm64",
"relates_to_product_reference": "9Base-Cryostat-4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cryostat/cryostat-grafana-dashboard-rhel9@sha256:d1336f0e9915a034b3156ab5bb1ee61fd479ceb5a16b9af95ea765998013222c_amd64 as a component of Cryostat 4 on RHEL 9",
"product_id": "9Base-Cryostat-4:cryostat/cryostat-grafana-dashboard-rhel9@sha256:d1336f0e9915a034b3156ab5bb1ee61fd479ceb5a16b9af95ea765998013222c_amd64"
},
"product_reference": "cryostat/cryostat-grafana-dashboard-rhel9@sha256:d1336f0e9915a034b3156ab5bb1ee61fd479ceb5a16b9af95ea765998013222c_amd64",
"relates_to_product_reference": "9Base-Cryostat-4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cryostat/cryostat-openshift-console-plugin-rhel9@sha256:35bde3754ad9ca1e81205f114c82d4a56f285057a61145909177a6cb65d29b9a_amd64 as a component of Cryostat 4 on RHEL 9",
"product_id": "9Base-Cryostat-4:cryostat/cryostat-openshift-console-plugin-rhel9@sha256:35bde3754ad9ca1e81205f114c82d4a56f285057a61145909177a6cb65d29b9a_amd64"
},
"product_reference": "cryostat/cryostat-openshift-console-plugin-rhel9@sha256:35bde3754ad9ca1e81205f114c82d4a56f285057a61145909177a6cb65d29b9a_amd64",
"relates_to_product_reference": "9Base-Cryostat-4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cryostat/cryostat-openshift-console-plugin-rhel9@sha256:50b56388f16ff8d9d54e0cf24e6169e21426725fa4bf7e7846191fb75b746aa1_arm64 as a component of Cryostat 4 on RHEL 9",
"product_id": "9Base-Cryostat-4:cryostat/cryostat-openshift-console-plugin-rhel9@sha256:50b56388f16ff8d9d54e0cf24e6169e21426725fa4bf7e7846191fb75b746aa1_arm64"
},
"product_reference": "cryostat/cryostat-openshift-console-plugin-rhel9@sha256:50b56388f16ff8d9d54e0cf24e6169e21426725fa4bf7e7846191fb75b746aa1_arm64",
"relates_to_product_reference": "9Base-Cryostat-4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cryostat/cryostat-operator-bundle@sha256:935d3968b95d7712f35efe8a60e45160ef8fdac687632f34edc447f22eb9e764_arm64 as a component of Cryostat 4 on RHEL 9",
"product_id": "9Base-Cryostat-4:cryostat/cryostat-operator-bundle@sha256:935d3968b95d7712f35efe8a60e45160ef8fdac687632f34edc447f22eb9e764_arm64"
},
"product_reference": "cryostat/cryostat-operator-bundle@sha256:935d3968b95d7712f35efe8a60e45160ef8fdac687632f34edc447f22eb9e764_arm64",
"relates_to_product_reference": "9Base-Cryostat-4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cryostat/cryostat-operator-bundle@sha256:dadf9b28a2d935a73c3daa6c26638ced5c433262a230d3a14ce1b4f2509244bc_amd64 as a component of Cryostat 4 on RHEL 9",
"product_id": "9Base-Cryostat-4:cryostat/cryostat-operator-bundle@sha256:dadf9b28a2d935a73c3daa6c26638ced5c433262a230d3a14ce1b4f2509244bc_amd64"
},
"product_reference": "cryostat/cryostat-operator-bundle@sha256:dadf9b28a2d935a73c3daa6c26638ced5c433262a230d3a14ce1b4f2509244bc_amd64",
"relates_to_product_reference": "9Base-Cryostat-4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cryostat/cryostat-ose-oauth-proxy-rhel9@sha256:287d87e4e5a80514270d9d3f3f0911bff5a965019445f2cbc3a354de87ee8fc8_amd64 as a component of Cryostat 4 on RHEL 9",
"product_id": "9Base-Cryostat-4:cryostat/cryostat-ose-oauth-proxy-rhel9@sha256:287d87e4e5a80514270d9d3f3f0911bff5a965019445f2cbc3a354de87ee8fc8_amd64"
},
"product_reference": "cryostat/cryostat-ose-oauth-proxy-rhel9@sha256:287d87e4e5a80514270d9d3f3f0911bff5a965019445f2cbc3a354de87ee8fc8_amd64",
"relates_to_product_reference": "9Base-Cryostat-4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cryostat/cryostat-ose-oauth-proxy-rhel9@sha256:7f1ccbfe7c19ffbc43c864afa0f3265aaca55156b0dc37b35258941c5cefa467_arm64 as a component of Cryostat 4 on RHEL 9",
"product_id": "9Base-Cryostat-4:cryostat/cryostat-ose-oauth-proxy-rhel9@sha256:7f1ccbfe7c19ffbc43c864afa0f3265aaca55156b0dc37b35258941c5cefa467_arm64"
},
"product_reference": "cryostat/cryostat-ose-oauth-proxy-rhel9@sha256:7f1ccbfe7c19ffbc43c864afa0f3265aaca55156b0dc37b35258941c5cefa467_arm64",
"relates_to_product_reference": "9Base-Cryostat-4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cryostat/cryostat-reports-rhel9@sha256:3855e1063979608e04a443bb23061de41d40384de6a0cf97e773a9437e001e86_amd64 as a component of Cryostat 4 on RHEL 9",
"product_id": "9Base-Cryostat-4:cryostat/cryostat-reports-rhel9@sha256:3855e1063979608e04a443bb23061de41d40384de6a0cf97e773a9437e001e86_amd64"
},
"product_reference": "cryostat/cryostat-reports-rhel9@sha256:3855e1063979608e04a443bb23061de41d40384de6a0cf97e773a9437e001e86_amd64",
"relates_to_product_reference": "9Base-Cryostat-4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cryostat/cryostat-reports-rhel9@sha256:b31a398c301bf937e3b32779990106e83514d78d880d468f52248c28a0804844_arm64 as a component of Cryostat 4 on RHEL 9",
"product_id": "9Base-Cryostat-4:cryostat/cryostat-reports-rhel9@sha256:b31a398c301bf937e3b32779990106e83514d78d880d468f52248c28a0804844_arm64"
},
"product_reference": "cryostat/cryostat-reports-rhel9@sha256:b31a398c301bf937e3b32779990106e83514d78d880d468f52248c28a0804844_arm64",
"relates_to_product_reference": "9Base-Cryostat-4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cryostat/cryostat-rhel9-operator@sha256:f93fb5a329f336d7221e457f33fea590d33b3f3a0d3817572ec6a3df4733492b_amd64 as a component of Cryostat 4 on RHEL 9",
"product_id": "9Base-Cryostat-4:cryostat/cryostat-rhel9-operator@sha256:f93fb5a329f336d7221e457f33fea590d33b3f3a0d3817572ec6a3df4733492b_amd64"
},
"product_reference": "cryostat/cryostat-rhel9-operator@sha256:f93fb5a329f336d7221e457f33fea590d33b3f3a0d3817572ec6a3df4733492b_amd64",
"relates_to_product_reference": "9Base-Cryostat-4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cryostat/cryostat-rhel9-operator@sha256:fe346c81d84d7919f0d15d0b3fc83a81274308b5e922347cb6d3c19e7137fa55_arm64 as a component of Cryostat 4 on RHEL 9",
"product_id": "9Base-Cryostat-4:cryostat/cryostat-rhel9-operator@sha256:fe346c81d84d7919f0d15d0b3fc83a81274308b5e922347cb6d3c19e7137fa55_arm64"
},
"product_reference": "cryostat/cryostat-rhel9-operator@sha256:fe346c81d84d7919f0d15d0b3fc83a81274308b5e922347cb6d3c19e7137fa55_arm64",
"relates_to_product_reference": "9Base-Cryostat-4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cryostat/cryostat-rhel9@sha256:a6c3b106d370130408da31aabe9719d7b9576275038b261fef2967b618faf03f_amd64 as a component of Cryostat 4 on RHEL 9",
"product_id": "9Base-Cryostat-4:cryostat/cryostat-rhel9@sha256:a6c3b106d370130408da31aabe9719d7b9576275038b261fef2967b618faf03f_amd64"
},
"product_reference": "cryostat/cryostat-rhel9@sha256:a6c3b106d370130408da31aabe9719d7b9576275038b261fef2967b618faf03f_amd64",
"relates_to_product_reference": "9Base-Cryostat-4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cryostat/cryostat-rhel9@sha256:cf45d23bb2e8064fb1f92335b9854bfc6d05a8ff82f93e19c6377b414c2cfba7_arm64 as a component of Cryostat 4 on RHEL 9",
"product_id": "9Base-Cryostat-4:cryostat/cryostat-rhel9@sha256:cf45d23bb2e8064fb1f92335b9854bfc6d05a8ff82f93e19c6377b414c2cfba7_arm64"
},
"product_reference": "cryostat/cryostat-rhel9@sha256:cf45d23bb2e8064fb1f92335b9854bfc6d05a8ff82f93e19c6377b414c2cfba7_arm64",
"relates_to_product_reference": "9Base-Cryostat-4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cryostat/cryostat-storage-rhel9@sha256:2b6db9665766c3d8320292ca3ff9840935e92f4d06acc4ec1abfd38d63b83b7d_amd64 as a component of Cryostat 4 on RHEL 9",
"product_id": "9Base-Cryostat-4:cryostat/cryostat-storage-rhel9@sha256:2b6db9665766c3d8320292ca3ff9840935e92f4d06acc4ec1abfd38d63b83b7d_amd64"
},
"product_reference": "cryostat/cryostat-storage-rhel9@sha256:2b6db9665766c3d8320292ca3ff9840935e92f4d06acc4ec1abfd38d63b83b7d_amd64",
"relates_to_product_reference": "9Base-Cryostat-4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cryostat/cryostat-storage-rhel9@sha256:5735fe58a6bb76ca20fe83a7429bbe1ab0cc198d2f5248505c36bd13dfed54b9_arm64 as a component of Cryostat 4 on RHEL 9",
"product_id": "9Base-Cryostat-4:cryostat/cryostat-storage-rhel9@sha256:5735fe58a6bb76ca20fe83a7429bbe1ab0cc198d2f5248505c36bd13dfed54b9_arm64"
},
"product_reference": "cryostat/cryostat-storage-rhel9@sha256:5735fe58a6bb76ca20fe83a7429bbe1ab0cc198d2f5248505c36bd13dfed54b9_arm64",
"relates_to_product_reference": "9Base-Cryostat-4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cryostat/jfr-datasource-rhel9@sha256:78542cfcb567bc4c3766f7734a49b07485ec0283484878f16b3c3bb3ab0e4bd3_arm64 as a component of Cryostat 4 on RHEL 9",
"product_id": "9Base-Cryostat-4:cryostat/jfr-datasource-rhel9@sha256:78542cfcb567bc4c3766f7734a49b07485ec0283484878f16b3c3bb3ab0e4bd3_arm64"
},
"product_reference": "cryostat/jfr-datasource-rhel9@sha256:78542cfcb567bc4c3766f7734a49b07485ec0283484878f16b3c3bb3ab0e4bd3_arm64",
"relates_to_product_reference": "9Base-Cryostat-4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cryostat/jfr-datasource-rhel9@sha256:ffcd3bb8792afadd97ac09e43c14cf5ee2da2688e0b9aa3e0839a411d87e688a_amd64 as a component of Cryostat 4 on RHEL 9",
"product_id": "9Base-Cryostat-4:cryostat/jfr-datasource-rhel9@sha256:ffcd3bb8792afadd97ac09e43c14cf5ee2da2688e0b9aa3e0839a411d87e688a_amd64"
},
"product_reference": "cryostat/jfr-datasource-rhel9@sha256:ffcd3bb8792afadd97ac09e43c14cf5ee2da2688e0b9aa3e0839a411d87e688a_amd64",
"relates_to_product_reference": "9Base-Cryostat-4"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-59343",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2025-09-24T18:01:19.612438+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2397901"
}
],
"notes": [
{
"category": "description",
"text": "A symlink validation bypass flaw has been discovered in the npm tar-fs library. Affected versions are vulnerable to a symlink validation bypass if the destination directory is predictable with a specific tarball.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tar-fs: tar-fs symlink validation bypass",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-Cryostat-4:cryostat/cryostat-agent-init-rhel9@sha256:9463aed19da3b03a12bed39c6050bec99463e10065ee372b67816213a045c6f4_arm64",
"9Base-Cryostat-4:cryostat/cryostat-agent-init-rhel9@sha256:f70b1ea3fc288d6054c8fd361e672849b35d8c4ae2ba844d7afe9fa4ae3e4d6f_amd64",
"9Base-Cryostat-4:cryostat/cryostat-db-rhel9@sha256:3f78daa87571d389f545698ccfafd7fb95e8acc88105bc26b89acd1f1d4604ec_amd64",
"9Base-Cryostat-4:cryostat/cryostat-db-rhel9@sha256:f21352681262b8d7671383fad5ac0318ceffce84ad863072a4b9dd90a2f152e2_arm64",
"9Base-Cryostat-4:cryostat/cryostat-grafana-dashboard-rhel9@sha256:7a7bb95ea5e6a42221586653da0bf950f8aca246ac3615d09fd6679d4b13e07b_arm64",
"9Base-Cryostat-4:cryostat/cryostat-grafana-dashboard-rhel9@sha256:d1336f0e9915a034b3156ab5bb1ee61fd479ceb5a16b9af95ea765998013222c_amd64",
"9Base-Cryostat-4:cryostat/cryostat-openshift-console-plugin-rhel9@sha256:35bde3754ad9ca1e81205f114c82d4a56f285057a61145909177a6cb65d29b9a_amd64",
"9Base-Cryostat-4:cryostat/cryostat-openshift-console-plugin-rhel9@sha256:50b56388f16ff8d9d54e0cf24e6169e21426725fa4bf7e7846191fb75b746aa1_arm64",
"9Base-Cryostat-4:cryostat/cryostat-operator-bundle@sha256:935d3968b95d7712f35efe8a60e45160ef8fdac687632f34edc447f22eb9e764_arm64",
"9Base-Cryostat-4:cryostat/cryostat-operator-bundle@sha256:dadf9b28a2d935a73c3daa6c26638ced5c433262a230d3a14ce1b4f2509244bc_amd64",
"9Base-Cryostat-4:cryostat/cryostat-ose-oauth-proxy-rhel9@sha256:287d87e4e5a80514270d9d3f3f0911bff5a965019445f2cbc3a354de87ee8fc8_amd64",
"9Base-Cryostat-4:cryostat/cryostat-ose-oauth-proxy-rhel9@sha256:7f1ccbfe7c19ffbc43c864afa0f3265aaca55156b0dc37b35258941c5cefa467_arm64",
"9Base-Cryostat-4:cryostat/cryostat-reports-rhel9@sha256:3855e1063979608e04a443bb23061de41d40384de6a0cf97e773a9437e001e86_amd64",
"9Base-Cryostat-4:cryostat/cryostat-reports-rhel9@sha256:b31a398c301bf937e3b32779990106e83514d78d880d468f52248c28a0804844_arm64",
"9Base-Cryostat-4:cryostat/cryostat-rhel9-operator@sha256:f93fb5a329f336d7221e457f33fea590d33b3f3a0d3817572ec6a3df4733492b_amd64",
"9Base-Cryostat-4:cryostat/cryostat-rhel9-operator@sha256:fe346c81d84d7919f0d15d0b3fc83a81274308b5e922347cb6d3c19e7137fa55_arm64",
"9Base-Cryostat-4:cryostat/cryostat-rhel9@sha256:a6c3b106d370130408da31aabe9719d7b9576275038b261fef2967b618faf03f_amd64",
"9Base-Cryostat-4:cryostat/cryostat-rhel9@sha256:cf45d23bb2e8064fb1f92335b9854bfc6d05a8ff82f93e19c6377b414c2cfba7_arm64",
"9Base-Cryostat-4:cryostat/cryostat-storage-rhel9@sha256:2b6db9665766c3d8320292ca3ff9840935e92f4d06acc4ec1abfd38d63b83b7d_amd64",
"9Base-Cryostat-4:cryostat/cryostat-storage-rhel9@sha256:5735fe58a6bb76ca20fe83a7429bbe1ab0cc198d2f5248505c36bd13dfed54b9_arm64",
"9Base-Cryostat-4:cryostat/jfr-datasource-rhel9@sha256:78542cfcb567bc4c3766f7734a49b07485ec0283484878f16b3c3bb3ab0e4bd3_arm64",
"9Base-Cryostat-4:cryostat/jfr-datasource-rhel9@sha256:ffcd3bb8792afadd97ac09e43c14cf5ee2da2688e0b9aa3e0839a411d87e688a_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-59343"
},
{
"category": "external",
"summary": "RHBZ#2397901",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2397901"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-59343",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59343"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-59343",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-59343"
},
{
"category": "external",
"summary": "https://github.com/mafintosh/tar-fs/commit/0bd54cdf06da2b7b5b95cd4b062c9f4e0a8c4e09",
"url": "https://github.com/mafintosh/tar-fs/commit/0bd54cdf06da2b7b5b95cd4b062c9f4e0a8c4e09"
},
{
"category": "external",
"summary": "https://github.com/mafintosh/tar-fs/security/advisories/GHSA-vj76-c3g6-qr5v",
"url": "https://github.com/mafintosh/tar-fs/security/advisories/GHSA-vj76-c3g6-qr5v"
}
],
"release_date": "2025-09-24T17:43:34.728000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-10-06T13:05:24+00:00",
"details": "You can download the Cryostat 4 on RHEL 9 container images that this update provides from the Red Hat Container Registry at registry.access.redhat.com. Installation instructions for your platform are available in the Red Hat Container Catalog (see the References section).\n\nDockerfiles and scripts should be amended to refer to this new image specifically or to the latest image generally.",
"product_ids": [
"9Base-Cryostat-4:cryostat/cryostat-agent-init-rhel9@sha256:9463aed19da3b03a12bed39c6050bec99463e10065ee372b67816213a045c6f4_arm64",
"9Base-Cryostat-4:cryostat/cryostat-agent-init-rhel9@sha256:f70b1ea3fc288d6054c8fd361e672849b35d8c4ae2ba844d7afe9fa4ae3e4d6f_amd64",
"9Base-Cryostat-4:cryostat/cryostat-db-rhel9@sha256:3f78daa87571d389f545698ccfafd7fb95e8acc88105bc26b89acd1f1d4604ec_amd64",
"9Base-Cryostat-4:cryostat/cryostat-db-rhel9@sha256:f21352681262b8d7671383fad5ac0318ceffce84ad863072a4b9dd90a2f152e2_arm64",
"9Base-Cryostat-4:cryostat/cryostat-grafana-dashboard-rhel9@sha256:7a7bb95ea5e6a42221586653da0bf950f8aca246ac3615d09fd6679d4b13e07b_arm64",
"9Base-Cryostat-4:cryostat/cryostat-grafana-dashboard-rhel9@sha256:d1336f0e9915a034b3156ab5bb1ee61fd479ceb5a16b9af95ea765998013222c_amd64",
"9Base-Cryostat-4:cryostat/cryostat-openshift-console-plugin-rhel9@sha256:35bde3754ad9ca1e81205f114c82d4a56f285057a61145909177a6cb65d29b9a_amd64",
"9Base-Cryostat-4:cryostat/cryostat-openshift-console-plugin-rhel9@sha256:50b56388f16ff8d9d54e0cf24e6169e21426725fa4bf7e7846191fb75b746aa1_arm64",
"9Base-Cryostat-4:cryostat/cryostat-operator-bundle@sha256:935d3968b95d7712f35efe8a60e45160ef8fdac687632f34edc447f22eb9e764_arm64",
"9Base-Cryostat-4:cryostat/cryostat-operator-bundle@sha256:dadf9b28a2d935a73c3daa6c26638ced5c433262a230d3a14ce1b4f2509244bc_amd64",
"9Base-Cryostat-4:cryostat/cryostat-ose-oauth-proxy-rhel9@sha256:287d87e4e5a80514270d9d3f3f0911bff5a965019445f2cbc3a354de87ee8fc8_amd64",
"9Base-Cryostat-4:cryostat/cryostat-ose-oauth-proxy-rhel9@sha256:7f1ccbfe7c19ffbc43c864afa0f3265aaca55156b0dc37b35258941c5cefa467_arm64",
"9Base-Cryostat-4:cryostat/cryostat-reports-rhel9@sha256:3855e1063979608e04a443bb23061de41d40384de6a0cf97e773a9437e001e86_amd64",
"9Base-Cryostat-4:cryostat/cryostat-reports-rhel9@sha256:b31a398c301bf937e3b32779990106e83514d78d880d468f52248c28a0804844_arm64",
"9Base-Cryostat-4:cryostat/cryostat-rhel9-operator@sha256:f93fb5a329f336d7221e457f33fea590d33b3f3a0d3817572ec6a3df4733492b_amd64",
"9Base-Cryostat-4:cryostat/cryostat-rhel9-operator@sha256:fe346c81d84d7919f0d15d0b3fc83a81274308b5e922347cb6d3c19e7137fa55_arm64",
"9Base-Cryostat-4:cryostat/cryostat-rhel9@sha256:a6c3b106d370130408da31aabe9719d7b9576275038b261fef2967b618faf03f_amd64",
"9Base-Cryostat-4:cryostat/cryostat-rhel9@sha256:cf45d23bb2e8064fb1f92335b9854bfc6d05a8ff82f93e19c6377b414c2cfba7_arm64",
"9Base-Cryostat-4:cryostat/cryostat-storage-rhel9@sha256:2b6db9665766c3d8320292ca3ff9840935e92f4d06acc4ec1abfd38d63b83b7d_amd64",
"9Base-Cryostat-4:cryostat/cryostat-storage-rhel9@sha256:5735fe58a6bb76ca20fe83a7429bbe1ab0cc198d2f5248505c36bd13dfed54b9_arm64",
"9Base-Cryostat-4:cryostat/jfr-datasource-rhel9@sha256:78542cfcb567bc4c3766f7734a49b07485ec0283484878f16b3c3bb3ab0e4bd3_arm64",
"9Base-Cryostat-4:cryostat/jfr-datasource-rhel9@sha256:ffcd3bb8792afadd97ac09e43c14cf5ee2da2688e0b9aa3e0839a411d87e688a_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:17376"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"9Base-Cryostat-4:cryostat/cryostat-agent-init-rhel9@sha256:9463aed19da3b03a12bed39c6050bec99463e10065ee372b67816213a045c6f4_arm64",
"9Base-Cryostat-4:cryostat/cryostat-agent-init-rhel9@sha256:f70b1ea3fc288d6054c8fd361e672849b35d8c4ae2ba844d7afe9fa4ae3e4d6f_amd64",
"9Base-Cryostat-4:cryostat/cryostat-db-rhel9@sha256:3f78daa87571d389f545698ccfafd7fb95e8acc88105bc26b89acd1f1d4604ec_amd64",
"9Base-Cryostat-4:cryostat/cryostat-db-rhel9@sha256:f21352681262b8d7671383fad5ac0318ceffce84ad863072a4b9dd90a2f152e2_arm64",
"9Base-Cryostat-4:cryostat/cryostat-grafana-dashboard-rhel9@sha256:7a7bb95ea5e6a42221586653da0bf950f8aca246ac3615d09fd6679d4b13e07b_arm64",
"9Base-Cryostat-4:cryostat/cryostat-grafana-dashboard-rhel9@sha256:d1336f0e9915a034b3156ab5bb1ee61fd479ceb5a16b9af95ea765998013222c_amd64",
"9Base-Cryostat-4:cryostat/cryostat-openshift-console-plugin-rhel9@sha256:35bde3754ad9ca1e81205f114c82d4a56f285057a61145909177a6cb65d29b9a_amd64",
"9Base-Cryostat-4:cryostat/cryostat-openshift-console-plugin-rhel9@sha256:50b56388f16ff8d9d54e0cf24e6169e21426725fa4bf7e7846191fb75b746aa1_arm64",
"9Base-Cryostat-4:cryostat/cryostat-operator-bundle@sha256:935d3968b95d7712f35efe8a60e45160ef8fdac687632f34edc447f22eb9e764_arm64",
"9Base-Cryostat-4:cryostat/cryostat-operator-bundle@sha256:dadf9b28a2d935a73c3daa6c26638ced5c433262a230d3a14ce1b4f2509244bc_amd64",
"9Base-Cryostat-4:cryostat/cryostat-ose-oauth-proxy-rhel9@sha256:287d87e4e5a80514270d9d3f3f0911bff5a965019445f2cbc3a354de87ee8fc8_amd64",
"9Base-Cryostat-4:cryostat/cryostat-ose-oauth-proxy-rhel9@sha256:7f1ccbfe7c19ffbc43c864afa0f3265aaca55156b0dc37b35258941c5cefa467_arm64",
"9Base-Cryostat-4:cryostat/cryostat-reports-rhel9@sha256:3855e1063979608e04a443bb23061de41d40384de6a0cf97e773a9437e001e86_amd64",
"9Base-Cryostat-4:cryostat/cryostat-reports-rhel9@sha256:b31a398c301bf937e3b32779990106e83514d78d880d468f52248c28a0804844_arm64",
"9Base-Cryostat-4:cryostat/cryostat-rhel9-operator@sha256:f93fb5a329f336d7221e457f33fea590d33b3f3a0d3817572ec6a3df4733492b_amd64",
"9Base-Cryostat-4:cryostat/cryostat-rhel9-operator@sha256:fe346c81d84d7919f0d15d0b3fc83a81274308b5e922347cb6d3c19e7137fa55_arm64",
"9Base-Cryostat-4:cryostat/cryostat-rhel9@sha256:a6c3b106d370130408da31aabe9719d7b9576275038b261fef2967b618faf03f_amd64",
"9Base-Cryostat-4:cryostat/cryostat-rhel9@sha256:cf45d23bb2e8064fb1f92335b9854bfc6d05a8ff82f93e19c6377b414c2cfba7_arm64",
"9Base-Cryostat-4:cryostat/cryostat-storage-rhel9@sha256:2b6db9665766c3d8320292ca3ff9840935e92f4d06acc4ec1abfd38d63b83b7d_amd64",
"9Base-Cryostat-4:cryostat/cryostat-storage-rhel9@sha256:5735fe58a6bb76ca20fe83a7429bbe1ab0cc198d2f5248505c36bd13dfed54b9_arm64",
"9Base-Cryostat-4:cryostat/jfr-datasource-rhel9@sha256:78542cfcb567bc4c3766f7734a49b07485ec0283484878f16b3c3bb3ab0e4bd3_arm64",
"9Base-Cryostat-4:cryostat/jfr-datasource-rhel9@sha256:ffcd3bb8792afadd97ac09e43c14cf5ee2da2688e0b9aa3e0839a411d87e688a_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"9Base-Cryostat-4:cryostat/cryostat-agent-init-rhel9@sha256:9463aed19da3b03a12bed39c6050bec99463e10065ee372b67816213a045c6f4_arm64",
"9Base-Cryostat-4:cryostat/cryostat-agent-init-rhel9@sha256:f70b1ea3fc288d6054c8fd361e672849b35d8c4ae2ba844d7afe9fa4ae3e4d6f_amd64",
"9Base-Cryostat-4:cryostat/cryostat-db-rhel9@sha256:3f78daa87571d389f545698ccfafd7fb95e8acc88105bc26b89acd1f1d4604ec_amd64",
"9Base-Cryostat-4:cryostat/cryostat-db-rhel9@sha256:f21352681262b8d7671383fad5ac0318ceffce84ad863072a4b9dd90a2f152e2_arm64",
"9Base-Cryostat-4:cryostat/cryostat-grafana-dashboard-rhel9@sha256:7a7bb95ea5e6a42221586653da0bf950f8aca246ac3615d09fd6679d4b13e07b_arm64",
"9Base-Cryostat-4:cryostat/cryostat-grafana-dashboard-rhel9@sha256:d1336f0e9915a034b3156ab5bb1ee61fd479ceb5a16b9af95ea765998013222c_amd64",
"9Base-Cryostat-4:cryostat/cryostat-openshift-console-plugin-rhel9@sha256:35bde3754ad9ca1e81205f114c82d4a56f285057a61145909177a6cb65d29b9a_amd64",
"9Base-Cryostat-4:cryostat/cryostat-openshift-console-plugin-rhel9@sha256:50b56388f16ff8d9d54e0cf24e6169e21426725fa4bf7e7846191fb75b746aa1_arm64",
"9Base-Cryostat-4:cryostat/cryostat-operator-bundle@sha256:935d3968b95d7712f35efe8a60e45160ef8fdac687632f34edc447f22eb9e764_arm64",
"9Base-Cryostat-4:cryostat/cryostat-operator-bundle@sha256:dadf9b28a2d935a73c3daa6c26638ced5c433262a230d3a14ce1b4f2509244bc_amd64",
"9Base-Cryostat-4:cryostat/cryostat-ose-oauth-proxy-rhel9@sha256:287d87e4e5a80514270d9d3f3f0911bff5a965019445f2cbc3a354de87ee8fc8_amd64",
"9Base-Cryostat-4:cryostat/cryostat-ose-oauth-proxy-rhel9@sha256:7f1ccbfe7c19ffbc43c864afa0f3265aaca55156b0dc37b35258941c5cefa467_arm64",
"9Base-Cryostat-4:cryostat/cryostat-reports-rhel9@sha256:3855e1063979608e04a443bb23061de41d40384de6a0cf97e773a9437e001e86_amd64",
"9Base-Cryostat-4:cryostat/cryostat-reports-rhel9@sha256:b31a398c301bf937e3b32779990106e83514d78d880d468f52248c28a0804844_arm64",
"9Base-Cryostat-4:cryostat/cryostat-rhel9-operator@sha256:f93fb5a329f336d7221e457f33fea590d33b3f3a0d3817572ec6a3df4733492b_amd64",
"9Base-Cryostat-4:cryostat/cryostat-rhel9-operator@sha256:fe346c81d84d7919f0d15d0b3fc83a81274308b5e922347cb6d3c19e7137fa55_arm64",
"9Base-Cryostat-4:cryostat/cryostat-rhel9@sha256:a6c3b106d370130408da31aabe9719d7b9576275038b261fef2967b618faf03f_amd64",
"9Base-Cryostat-4:cryostat/cryostat-rhel9@sha256:cf45d23bb2e8064fb1f92335b9854bfc6d05a8ff82f93e19c6377b414c2cfba7_arm64",
"9Base-Cryostat-4:cryostat/cryostat-storage-rhel9@sha256:2b6db9665766c3d8320292ca3ff9840935e92f4d06acc4ec1abfd38d63b83b7d_amd64",
"9Base-Cryostat-4:cryostat/cryostat-storage-rhel9@sha256:5735fe58a6bb76ca20fe83a7429bbe1ab0cc198d2f5248505c36bd13dfed54b9_arm64",
"9Base-Cryostat-4:cryostat/jfr-datasource-rhel9@sha256:78542cfcb567bc4c3766f7734a49b07485ec0283484878f16b3c3bb3ab0e4bd3_arm64",
"9Base-Cryostat-4:cryostat/jfr-datasource-rhel9@sha256:ffcd3bb8792afadd97ac09e43c14cf5ee2da2688e0b9aa3e0839a411d87e688a_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "tar-fs: tar-fs symlink validation bypass"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…