Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2025-66506 (GCVE-0-2025-66506)
Vulnerability from cvelistv5 – Published: 2025-12-04 22:04 – Updated: 2025-12-05 15:32
VLAI?
EPSS
Title
Fulcio allocates excessive memory during token parsing
Summary
Fulcio is a free-to-use certificate authority for issuing code signing certificates for an OpenID Connect (OIDC) identity. Prior to 1.8.3, function identity.extractIssuerURL splits (via a call to strings.Split) its argument (which is untrusted data) on periods. As a result, in the face of a malicious request with an (invalid) OIDC identity token in the payload containing many period characters, a call to extractIssuerURL incurs allocations to the tune of O(n) bytes (where n stands for the length of the function's argument), with a constant factor of about 16. This vulnerability is fixed in 1.8.3.
Severity ?
7.5 (High)
CWE
- CWE-405 - Asymmetric Resource Consumption (Amplification)
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-66506",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-05T15:32:15.086814Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-05T15:32:25.591Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "fulcio",
"vendor": "sigstore",
"versions": [
{
"status": "affected",
"version": "\u003c 1.8.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Fulcio is a free-to-use certificate authority for issuing code signing certificates for an OpenID Connect (OIDC) identity. Prior to 1.8.3, function identity.extractIssuerURL splits (via a call to strings.Split) its argument (which is untrusted data) on periods. As a result, in the face of a malicious request with an (invalid) OIDC identity token in the payload containing many period characters, a call to extractIssuerURL incurs allocations to the tune of O(n) bytes (where n stands for the length of the function\u0027s argument), with a constant factor of about 16. This vulnerability is fixed in 1.8.3."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-405",
"description": "CWE-405: Asymmetric Resource Consumption (Amplification)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-04T22:04:41.637Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/sigstore/fulcio/security/advisories/GHSA-f83f-xpx7-ffpw",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/sigstore/fulcio/security/advisories/GHSA-f83f-xpx7-ffpw"
},
{
"name": "https://github.com/sigstore/fulcio/commit/765a0e57608b9ef390e1eeeea8595b9054c63a5a",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/sigstore/fulcio/commit/765a0e57608b9ef390e1eeeea8595b9054c63a5a"
}
],
"source": {
"advisory": "GHSA-f83f-xpx7-ffpw",
"discovery": "UNKNOWN"
},
"title": "Fulcio allocates excessive memory during token parsing"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-66506",
"datePublished": "2025-12-04T22:04:41.637Z",
"dateReserved": "2025-12-03T15:12:22.978Z",
"dateUpdated": "2025-12-05T15:32:25.591Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2025-66506\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2025-12-04T22:15:49.503\",\"lastModified\":\"2025-12-08T18:27:15.857\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Fulcio is a free-to-use certificate authority for issuing code signing certificates for an OpenID Connect (OIDC) identity. Prior to 1.8.3, function identity.extractIssuerURL splits (via a call to strings.Split) its argument (which is untrusted data) on periods. As a result, in the face of a malicious request with an (invalid) OIDC identity token in the payload containing many period characters, a call to extractIssuerURL incurs allocations to the tune of O(n) bytes (where n stands for the length of the function\u0027s argument), with a constant factor of about 16. This vulnerability is fixed in 1.8.3.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-405\"}]}],\"references\":[{\"url\":\"https://github.com/sigstore/fulcio/commit/765a0e57608b9ef390e1eeeea8595b9054c63a5a\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://github.com/sigstore/fulcio/security/advisories/GHSA-f83f-xpx7-ffpw\",\"source\":\"security-advisories@github.com\"}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-66506\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-12-05T15:32:15.086814Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-12-05T15:32:21.138Z\"}}], \"cna\": {\"title\": \"Fulcio allocates excessive memory during token parsing\", \"source\": {\"advisory\": \"GHSA-f83f-xpx7-ffpw\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.5, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"NONE\"}}], \"affected\": [{\"vendor\": \"sigstore\", \"product\": \"fulcio\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003c 1.8.3\"}]}], \"references\": [{\"url\": \"https://github.com/sigstore/fulcio/security/advisories/GHSA-f83f-xpx7-ffpw\", \"name\": \"https://github.com/sigstore/fulcio/security/advisories/GHSA-f83f-xpx7-ffpw\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://github.com/sigstore/fulcio/commit/765a0e57608b9ef390e1eeeea8595b9054c63a5a\", \"name\": \"https://github.com/sigstore/fulcio/commit/765a0e57608b9ef390e1eeeea8595b9054c63a5a\", \"tags\": [\"x_refsource_MISC\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Fulcio is a free-to-use certificate authority for issuing code signing certificates for an OpenID Connect (OIDC) identity. Prior to 1.8.3, function identity.extractIssuerURL splits (via a call to strings.Split) its argument (which is untrusted data) on periods. As a result, in the face of a malicious request with an (invalid) OIDC identity token in the payload containing many period characters, a call to extractIssuerURL incurs allocations to the tune of O(n) bytes (where n stands for the length of the function\u0027s argument), with a constant factor of about 16. This vulnerability is fixed in 1.8.3.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-405\", \"description\": \"CWE-405: Asymmetric Resource Consumption (Amplification)\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2025-12-04T22:04:41.637Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2025-66506\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-12-05T15:32:25.591Z\", \"dateReserved\": \"2025-12-03T15:12:22.978Z\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"datePublished\": \"2025-12-04T22:04:41.637Z\", \"assignerShortName\": \"GitHub_M\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
RHSA-2025:23449
Vulnerability from csaf_redhat - Published: 2025-12-17 08:22 - Updated: 2026-02-08 07:22Summary
Red Hat Security Advisory: Red Hat AI Inference Server 3.2.5 (ROCm)
Notes
Topic
Red Hat AI Inference Server 3.2.5 (ROCm) is now available.
Details
Red Hat® AI Inference Server
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat AI Inference Server 3.2.5 (ROCm) is now available.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat\u00ae AI Inference Server",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:23449",
"url": "https://access.redhat.com/errata/RHSA-2025:23449"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-22868",
"url": "https://access.redhat.com/security/cve/CVE-2025-22868"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-22869",
"url": "https://access.redhat.com/security/cve/CVE-2025-22869"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-47906",
"url": "https://access.redhat.com/security/cve/CVE-2025-47906"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-52565",
"url": "https://access.redhat.com/security/cve/CVE-2025-52565"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-59375",
"url": "https://access.redhat.com/security/cve/CVE-2025-59375"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-62164",
"url": "https://access.redhat.com/security/cve/CVE-2025-62164"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-62372",
"url": "https://access.redhat.com/security/cve/CVE-2025-62372"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-66448",
"url": "https://access.redhat.com/security/cve/CVE-2025-66448"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-66506",
"url": "https://access.redhat.com/security/cve/CVE-2025-66506"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-9230",
"url": "https://access.redhat.com/security/cve/CVE-2025-9230"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-9714",
"url": "https://access.redhat.com/security/cve/CVE-2025-9714"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "external",
"summary": "https://www.redhat.com/en/products/ai/inference-server",
"url": "https://www.redhat.com/en/products/ai/inference-server"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_23449.json"
}
],
"title": "Red Hat Security Advisory: Red Hat AI Inference Server 3.2.5 (ROCm)",
"tracking": {
"current_release_date": "2026-02-08T07:22:43+00:00",
"generator": {
"date": "2026-02-08T07:22:43+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.1"
}
},
"id": "RHSA-2025:23449",
"initial_release_date": "2025-12-17T08:22:31+00:00",
"revision_history": [
{
"date": "2025-12-17T08:22:31+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-12-17T08:22:37+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-02-08T07:22:43+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat AI Inference Server 3.2",
"product": {
"name": "Red Hat AI Inference Server 3.2",
"product_id": "Red Hat AI Inference Server 3.2",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:ai_inference_server:3.2::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat AI Inference Server"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:c5efe40fa2a6e98d7d3d6676befff0dbbd87b2887769bb7e5856c5b0b0ada125_amd64",
"product": {
"name": "registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:c5efe40fa2a6e98d7d3d6676befff0dbbd87b2887769bb7e5856c5b0b0ada125_amd64",
"product_id": "registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:c5efe40fa2a6e98d7d3d6676befff0dbbd87b2887769bb7e5856c5b0b0ada125_amd64",
"product_identification_helper": {
"purl": "pkg:oci/vllm-rocm-rhel9@sha256%3Ac5efe40fa2a6e98d7d3d6676befff0dbbd87b2887769bb7e5856c5b0b0ada125?arch=amd64\u0026repository_url=registry.redhat.io/rhaiis\u0026tag=3.2.5-1765552603"
}
}
}
],
"category": "architecture",
"name": "amd64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:c5efe40fa2a6e98d7d3d6676befff0dbbd87b2887769bb7e5856c5b0b0ada125_amd64 as a component of Red Hat AI Inference Server 3.2",
"product_id": "Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:c5efe40fa2a6e98d7d3d6676befff0dbbd87b2887769bb7e5856c5b0b0ada125_amd64"
},
"product_reference": "registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:c5efe40fa2a6e98d7d3d6676befff0dbbd87b2887769bb7e5856c5b0b0ada125_amd64",
"relates_to_product_reference": "Red Hat AI Inference Server 3.2"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-9230",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2025-09-17T12:15:34.387000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2396054"
}
],
"notes": [
{
"category": "description",
"text": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openssl: Out-of-bounds read \u0026 write in RFC 3211 KEK Unwrap",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The vulnerability was rated as Moderate because, while the potential impact includes an application level denial of service and possible arbitrary code execution, successful exploitation is considered unlikely due to the high attack complexity and the fact that password-based CMS encryption (PWRI) is rarely used in real-world deployments.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:c5efe40fa2a6e98d7d3d6676befff0dbbd87b2887769bb7e5856c5b0b0ada125_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-9230"
},
{
"category": "external",
"summary": "RHBZ#2396054",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2396054"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-9230",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9230"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-9230",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-9230"
}
],
"release_date": "2025-09-30T23:59:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-12-17T08:22:31+00:00",
"details": "For more information visit https://access.redhat.com/errata/RHSA-2025:23449",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:c5efe40fa2a6e98d7d3d6676befff0dbbd87b2887769bb7e5856c5b0b0ada125_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:23449"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:c5efe40fa2a6e98d7d3d6676befff0dbbd87b2887769bb7e5856c5b0b0ada125_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:c5efe40fa2a6e98d7d3d6676befff0dbbd87b2887769bb7e5856c5b0b0ada125_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "openssl: Out-of-bounds read \u0026 write in RFC 3211 KEK Unwrap"
},
{
"cve": "CVE-2025-9714",
"cwe": {
"id": "CWE-606",
"name": "Unchecked Input for Loop Condition"
},
"discovery_date": "2025-09-02T13:03:56.452000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2392605"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in libxstl/libxml2. The \u0027exsltDynMapFunction\u0027 function in libexslt/dynamic.c does not contain a recursion depth check, which may cause an infinite loop via a specially crafted XSLT document while handling \u0027dyn:map()\u0027, leading to stack exhaustion and a local denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libxslt: libxml2: Inifinite recursion at exsltDynMapFunction function in libexslt/dynamic.c",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "No evidence was found for arbitrary memory corruption through this flaw, limiting its impact to Availability only, and reducing its severity to Moderate.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:c5efe40fa2a6e98d7d3d6676befff0dbbd87b2887769bb7e5856c5b0b0ada125_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-9714"
},
{
"category": "external",
"summary": "RHBZ#2392605",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2392605"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-9714",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9714"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-9714",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-9714"
},
{
"category": "external",
"summary": "https://gitlab.gnome.org/GNOME/libxml2/-/commit/677a42645ef22b5a50741bad5facf9d8a8bc6d21",
"url": "https://gitlab.gnome.org/GNOME/libxml2/-/commit/677a42645ef22b5a50741bad5facf9d8a8bc6d21"
},
{
"category": "external",
"summary": "https://gitlab.gnome.org/GNOME/libxslt/-/issues/148",
"url": "https://gitlab.gnome.org/GNOME/libxslt/-/issues/148"
}
],
"release_date": "2025-09-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-12-17T08:22:31+00:00",
"details": "For more information visit https://access.redhat.com/errata/RHSA-2025:23449",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:c5efe40fa2a6e98d7d3d6676befff0dbbd87b2887769bb7e5856c5b0b0ada125_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:23449"
},
{
"category": "workaround",
"details": "The impact of this flaw may be reduced by setting strict resource limits to the stack size of processes at the operational system level. This can be achieved either through the \u0027ulimit\u0027 shell built-in or the \u0027limits.conf\u0027 file.",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:c5efe40fa2a6e98d7d3d6676befff0dbbd87b2887769bb7e5856c5b0b0ada125_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:c5efe40fa2a6e98d7d3d6676befff0dbbd87b2887769bb7e5856c5b0b0ada125_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "libxslt: libxml2: Inifinite recursion at exsltDynMapFunction function in libexslt/dynamic.c"
},
{
"acknowledgments": [
{
"names": [
"jub0bs"
]
}
],
"cve": "CVE-2025-22868",
"cwe": {
"id": "CWE-1286",
"name": "Improper Validation of Syntactic Correctness of Input"
},
"discovery_date": "2025-02-26T04:00:44.350024+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2348366"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the `golang.org/x/oauth2/jws` package in the token parsing component. This vulnerability is made possible because of the use of `strings.Split(token, \".\")` to split JWT tokens, which can lead to excessive memory consumption when processing maliciously crafted tokens with a large number of `.` characters. An attacker could exploit this functionality by sending numerous malformed tokens and can trigger memory exhaustion and a Denial of Service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang.org/x/oauth2/jws: Unexpected memory consumption during token parsing in golang.org/x/oauth2/jws",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:c5efe40fa2a6e98d7d3d6676befff0dbbd87b2887769bb7e5856c5b0b0ada125_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-22868"
},
{
"category": "external",
"summary": "RHBZ#2348366",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2348366"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-22868",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22868"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-22868",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-22868"
},
{
"category": "external",
"summary": "https://go.dev/cl/652155",
"url": "https://go.dev/cl/652155"
},
{
"category": "external",
"summary": "https://go.dev/issue/71490",
"url": "https://go.dev/issue/71490"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-3488",
"url": "https://pkg.go.dev/vuln/GO-2025-3488"
}
],
"release_date": "2025-02-26T03:07:49.012000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-12-17T08:22:31+00:00",
"details": "For more information visit https://access.redhat.com/errata/RHSA-2025:23449",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:c5efe40fa2a6e98d7d3d6676befff0dbbd87b2887769bb7e5856c5b0b0ada125_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:23449"
},
{
"category": "workaround",
"details": "To mitigate this vulnerability, it is recommended to pre-validate any payloads passed to `go-jose` to check that they do not contain an excessive amount of `.` characters.",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:c5efe40fa2a6e98d7d3d6676befff0dbbd87b2887769bb7e5856c5b0b0ada125_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:c5efe40fa2a6e98d7d3d6676befff0dbbd87b2887769bb7e5856c5b0b0ada125_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang.org/x/oauth2/jws: Unexpected memory consumption during token parsing in golang.org/x/oauth2/jws"
},
{
"cve": "CVE-2025-22869",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2025-02-26T04:00:47.683125+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2348367"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the golang.org/x/crypto/ssh package. SSH clients and servers are vulnerable to increased resource consumption, possibly leading to memory exhaustion and a DoS. This can occur during key exchange when the other party is slow to respond during key exchange.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang.org/x/crypto/ssh: Denial of Service in the Key Exchange of golang.org/x/crypto/ssh",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "While this flaw affects both SSH clients and servers implemented with golang.org/x/crypto/ssh, realistically the flaw will only lead to a DoS when transferring large files, greatly reducing the likelihood of exploitation.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:c5efe40fa2a6e98d7d3d6676befff0dbbd87b2887769bb7e5856c5b0b0ada125_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-22869"
},
{
"category": "external",
"summary": "RHBZ#2348367",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2348367"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-22869",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22869"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-22869",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-22869"
},
{
"category": "external",
"summary": "https://go.dev/cl/652135",
"url": "https://go.dev/cl/652135"
},
{
"category": "external",
"summary": "https://go.dev/issue/71931",
"url": "https://go.dev/issue/71931"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-3487",
"url": "https://pkg.go.dev/vuln/GO-2025-3487"
}
],
"release_date": "2025-02-26T03:07:48.855000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-12-17T08:22:31+00:00",
"details": "For more information visit https://access.redhat.com/errata/RHSA-2025:23449",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:c5efe40fa2a6e98d7d3d6676befff0dbbd87b2887769bb7e5856c5b0b0ada125_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:23449"
},
{
"category": "workaround",
"details": "This flaw can be mitigated when using the client only connecting to trusted servers.",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:c5efe40fa2a6e98d7d3d6676befff0dbbd87b2887769bb7e5856c5b0b0ada125_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:c5efe40fa2a6e98d7d3d6676befff0dbbd87b2887769bb7e5856c5b0b0ada125_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang.org/x/crypto/ssh: Denial of Service in the Key Exchange of golang.org/x/crypto/ssh"
},
{
"cve": "CVE-2025-47906",
"cwe": {
"id": "CWE-440",
"name": "Expected Behavior Violation"
},
"discovery_date": "2025-09-18T19:00:47.541046+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2396546"
}
],
"notes": [
{
"category": "description",
"text": "If the PATH environment variable contains paths which are executables (rather than just directories), passing certain strings to LookPath (\"\", \".\", and \"..\"), can result in the binaries listed in the PATH being unexpectedly returned.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "os/exec: Unexpected paths returned from LookPath in os/exec",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:c5efe40fa2a6e98d7d3d6676befff0dbbd87b2887769bb7e5856c5b0b0ada125_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-47906"
},
{
"category": "external",
"summary": "RHBZ#2396546",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2396546"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-47906",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47906"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-47906",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-47906"
},
{
"category": "external",
"summary": "https://go.dev/cl/691775",
"url": "https://go.dev/cl/691775"
},
{
"category": "external",
"summary": "https://go.dev/issue/74466",
"url": "https://go.dev/issue/74466"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/x5MKroML2yM",
"url": "https://groups.google.com/g/golang-announce/c/x5MKroML2yM"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-3956",
"url": "https://pkg.go.dev/vuln/GO-2025-3956"
}
],
"release_date": "2025-09-18T18:41:11.847000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-12-17T08:22:31+00:00",
"details": "For more information visit https://access.redhat.com/errata/RHSA-2025:23449",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:c5efe40fa2a6e98d7d3d6676befff0dbbd87b2887769bb7e5856c5b0b0ada125_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:23449"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:c5efe40fa2a6e98d7d3d6676befff0dbbd87b2887769bb7e5856c5b0b0ada125_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L",
"version": "3.1"
},
"products": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:c5efe40fa2a6e98d7d3d6676befff0dbbd87b2887769bb7e5856c5b0b0ada125_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "os/exec: Unexpected paths returned from LookPath in os/exec"
},
{
"cve": "CVE-2025-52565",
"cwe": {
"id": "CWE-59",
"name": "Improper Link Resolution Before File Access (\u0027Link Following\u0027)"
},
"discovery_date": "2025-10-17T14:19:18.653000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2404708"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in runc. CVE-2025-52565 is very similar in concept and application toCVE-2025-31133, except that it exploits a flaw in /dev/console\nbind-mounts. When creating the /dev/console bind-mount (to /dev/pts/$n), if an attacker replaces /dev/pts/$n with a symlink then runc will bind-mount the symlink target over /dev/console.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "runc: container escape with malicious config due to /dev/console mount and related races",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat considers this as an Important flaw since the impact is limited to local attack with minimal privileges in order to jeopardize the environment.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:c5efe40fa2a6e98d7d3d6676befff0dbbd87b2887769bb7e5856c5b0b0ada125_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-52565"
},
{
"category": "external",
"summary": "RHBZ#2404708",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2404708"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-52565",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-52565"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-52565",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-52565"
}
],
"release_date": "2025-11-05T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-12-17T08:22:31+00:00",
"details": "For more information visit https://access.redhat.com/errata/RHSA-2025:23449",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:c5efe40fa2a6e98d7d3d6676befff0dbbd87b2887769bb7e5856c5b0b0ada125_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:23449"
},
{
"category": "workaround",
"details": "Potential mitigations for this issue include:\n\n* Using user namespaces, with the host root user not mapped into the container\u0027s namespace. procfs file permissions are managed using Unix DAC and thus user namespaces stop a container process from being able to write to them.\n* Not running as a root user in the container (this includes disabling setuid binaries with noNewPrivileges). As above, procfs file permissions are managed using Unix DAC and thus non-root users cannot write to them.\n* The default SELinux policy should mitigate this issue, as the /dev/console bind-mount does not re-label the mount and so the container process should not be able to write to unsafe procfs files. However, CVE-2025-52881 allows an attacker to bypass LSM labels, and so this mitigation is not helpful when considered in combination with CVE-2025-52881.\n* The default AppArmor profile used by most runtimes will NOT help mitigate this issue, as /dev/console access is permitted. You could create a custom profile that blocks access to /dev/console, but such a profile might break regular containers. In addition, CVE-2025-52881 allows an attacker to bypass LSM labels, and so that mitigation is not helpful when considered in combination with CVE-2025-52881.",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:c5efe40fa2a6e98d7d3d6676befff0dbbd87b2887769bb7e5856c5b0b0ada125_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:c5efe40fa2a6e98d7d3d6676befff0dbbd87b2887769bb7e5856c5b0b0ada125_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "runc: container escape with malicious config due to /dev/console mount and related races"
},
{
"cve": "CVE-2025-59375",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2025-09-15T03:00:59.775098+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2395108"
}
],
"notes": [
{
"category": "description",
"text": "A memory amplification vulnerability in libexpat allows attackers to trigger excessive dynamic memory allocations by submitting specially crafted XML input. A small input (~250 KiB) can cause the parser to allocate hundreds of megabytes, leading to denial-of-service (DoS) through memory exhaustion.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "expat: libexpat in Expat allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue is Important rather than Critical because, while it allows for significant resource exhaustion leading to denial-of-service (DoS), it does not enable arbitrary code execution, data leakage, or privilege escalation. The vulnerability stems from an uncontrolled memory amplification behavior in libexpat\u2019s parser, where a relatively small XML payload can cause disproportionately large heap allocations. However, the flaw is limited in scope to service disruption and requires the attacker to submit a crafted XML document\u2014something that can be mitigated with proper input validation and memory usage limits. Therefore, while the exploitability is high, the impact is confined to availability, not confidentiality or integrity, making it a high-severity but not critical flaw.\n\nIn Firefox and Thunderbird, where libexpat is a transitive userspace dependency, exploitation usually just crashes the application (app-level DoS), so it is classify as Moderate instead of Important.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:c5efe40fa2a6e98d7d3d6676befff0dbbd87b2887769bb7e5856c5b0b0ada125_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-59375"
},
{
"category": "external",
"summary": "RHBZ#2395108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2395108"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-59375",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59375"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-59375",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-59375"
},
{
"category": "external",
"summary": "https://github.com/libexpat/libexpat/blob/676a4c531ec768732fac215da9730b5f50fbd2bf/expat/Changes#L45-L74",
"url": "https://github.com/libexpat/libexpat/blob/676a4c531ec768732fac215da9730b5f50fbd2bf/expat/Changes#L45-L74"
},
{
"category": "external",
"summary": "https://github.com/libexpat/libexpat/issues/1018",
"url": "https://github.com/libexpat/libexpat/issues/1018"
},
{
"category": "external",
"summary": "https://github.com/libexpat/libexpat/pull/1034",
"url": "https://github.com/libexpat/libexpat/pull/1034"
},
{
"category": "external",
"summary": "https://issues.oss-fuzz.com/issues/439133977",
"url": "https://issues.oss-fuzz.com/issues/439133977"
}
],
"release_date": "2025-09-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-12-17T08:22:31+00:00",
"details": "For more information visit https://access.redhat.com/errata/RHSA-2025:23449",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:c5efe40fa2a6e98d7d3d6676befff0dbbd87b2887769bb7e5856c5b0b0ada125_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:23449"
},
{
"category": "workaround",
"details": "To mitigate the issue, limit XML input size and complexity before parsing, and avoid accepting compressed or deeply nested XML. Use OS-level resource controls (like ulimit or setrlimit()) to cap memory usage, or run the parser in a sandboxed or isolated process with strict memory and CPU limits. This helps prevent denial-of-service by containing excessive resource consumption.",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:c5efe40fa2a6e98d7d3d6676befff0dbbd87b2887769bb7e5856c5b0b0ada125_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:c5efe40fa2a6e98d7d3d6676befff0dbbd87b2887769bb7e5856c5b0b0ada125_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "expat: libexpat in Expat allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing"
},
{
"cve": "CVE-2025-62164",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2025-11-21T02:01:11.280042+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2416282"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability in vLLM allows attackers to supply malicious serialized prompt-embedding tensors that are deserialized using torch.load() without validation. Due to PyTorch 2.8.0 disabling sparse-tensor integrity checks by default, a crafted tensor can bypass bounds checks and cause an out-of-bounds write during to_dense(), leading to a crash (DoS) and potentially remote code execution on the vLLM server.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "vllm: VLLM deserialization vulnerability leading to DoS and potential RCE",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is considered important rather than moderate because it involves unsafe deserialization leading to memory corruption in a network-reachable, unauthenticated API path. Unlike typical moderate flaws that may only allow limited DoS or require specific conditions, this issue allows an attacker to supply a crafted sparse tensor that triggers an out-of-bounds memory write during PyTorch\u2019s to_dense() conversion. Memory corruption in a server process handling untrusted input significantly elevates security risk because it can lead not only to a reliable crash but also to potential remote code execution, enabling full compromise of the vLLM service. Additionally, the affected code path is part of the standard Completions API workflow, making the attack surface broadly exposed in real deployments. The combination of remote exploitability, unauthenticated access, memory corruption, and potential RCE clearly positions this issue above a moderate classification and into an important severity level.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:c5efe40fa2a6e98d7d3d6676befff0dbbd87b2887769bb7e5856c5b0b0ada125_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-62164"
},
{
"category": "external",
"summary": "RHBZ#2416282",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2416282"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-62164",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-62164"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-62164",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-62164"
},
{
"category": "external",
"summary": "https://github.com/vllm-project/vllm/commit/58fab50d82838d5014f4a14d991fdb9352c9c84b",
"url": "https://github.com/vllm-project/vllm/commit/58fab50d82838d5014f4a14d991fdb9352c9c84b"
},
{
"category": "external",
"summary": "https://github.com/vllm-project/vllm/pull/27204",
"url": "https://github.com/vllm-project/vllm/pull/27204"
},
{
"category": "external",
"summary": "https://github.com/vllm-project/vllm/security/advisories/GHSA-mrw7-hf4f-83pf",
"url": "https://github.com/vllm-project/vllm/security/advisories/GHSA-mrw7-hf4f-83pf"
}
],
"release_date": "2025-11-21T01:18:38.803000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-12-17T08:22:31+00:00",
"details": "For more information visit https://access.redhat.com/errata/RHSA-2025:23449",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:c5efe40fa2a6e98d7d3d6676befff0dbbd87b2887769bb7e5856c5b0b0ada125_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:23449"
},
{
"category": "workaround",
"details": "No mitigation is currently available that meets Red Hat Product Security\u2019s standards for usability, deployment, applicability, or stability.",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:c5efe40fa2a6e98d7d3d6676befff0dbbd87b2887769bb7e5856c5b0b0ada125_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:c5efe40fa2a6e98d7d3d6676befff0dbbd87b2887769bb7e5856c5b0b0ada125_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "vllm: VLLM deserialization vulnerability leading to DoS and potential RCE"
},
{
"cve": "CVE-2025-62372",
"cwe": {
"id": "CWE-129",
"name": "Improper Validation of Array Index"
},
"discovery_date": "2025-11-21T02:00:57.180567+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2416280"
}
],
"notes": [
{
"category": "description",
"text": "vLLM is an inference and serving engine for large language models (LLMs). From version 0.5.5 to before 0.11.1, users can crash the vLLM engine serving multimodal models by passing multimodal embedding inputs with correct ndim but incorrect shape (e.g. hidden dimension is wrong), regardless of whether the model is intended to support such inputs (as defined in the Supported Models page). This issue has been patched in version 0.11.1.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "vllm: vLLM vulnerable to DoS with incorrect shape of multimodal embedding inputs",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw is rated Moderate rather than Important because its impact is strictly limited to availability and requires low but existing privileges to exploit. The issue arises from incomplete shape validation of multimodal embedding tensors, which can cause deterministic crashes in the inference engine, but it does not enable memory corruption, data leakage, integrity compromise, or execution of arbitrary code. Exploitation requires an authenticated or API-key-holding user to submit malformed multimodal inputs, meaning it cannot be triggered by an unauthenticated attacker on an exposed endpoint. Additionally, the failure mode is a clean crash rather than undefined behavior, so the blast radius is constrained to service interruption rather than broader systemic compromise. These factors\u2014PR:L requirement, no confidentiality/integrity impact, deterministic failure mode, and scoped DoS only\u2014technically align the issue with Moderate severity instead of an Important flaw.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:c5efe40fa2a6e98d7d3d6676befff0dbbd87b2887769bb7e5856c5b0b0ada125_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-62372"
},
{
"category": "external",
"summary": "RHBZ#2416280",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2416280"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-62372",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-62372"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-62372",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-62372"
},
{
"category": "external",
"summary": "https://github.com/vllm-project/vllm/commit/58fab50d82838d5014f4a14d991fdb9352c9c84b",
"url": "https://github.com/vllm-project/vllm/commit/58fab50d82838d5014f4a14d991fdb9352c9c84b"
},
{
"category": "external",
"summary": "https://github.com/vllm-project/vllm/pull/27204",
"url": "https://github.com/vllm-project/vllm/pull/27204"
},
{
"category": "external",
"summary": "https://github.com/vllm-project/vllm/pull/6613",
"url": "https://github.com/vllm-project/vllm/pull/6613"
},
{
"category": "external",
"summary": "https://github.com/vllm-project/vllm/security/advisories/GHSA-pmqf-x6x8-p7qw",
"url": "https://github.com/vllm-project/vllm/security/advisories/GHSA-pmqf-x6x8-p7qw"
}
],
"release_date": "2025-11-21T01:22:37.121000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-12-17T08:22:31+00:00",
"details": "For more information visit https://access.redhat.com/errata/RHSA-2025:23449",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:c5efe40fa2a6e98d7d3d6676befff0dbbd87b2887769bb7e5856c5b0b0ada125_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:23449"
},
{
"category": "workaround",
"details": "No mitigation is currently available that meets Red Hat Product Security\u2019s standards for usability, deployment, applicability, or stability.",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:c5efe40fa2a6e98d7d3d6676befff0dbbd87b2887769bb7e5856c5b0b0ada125_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:c5efe40fa2a6e98d7d3d6676befff0dbbd87b2887769bb7e5856c5b0b0ada125_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "vllm: vLLM vulnerable to DoS with incorrect shape of multimodal embedding inputs"
},
{
"cve": "CVE-2025-66448",
"cwe": {
"id": "CWE-94",
"name": "Improper Control of Generation of Code (\u0027Code Injection\u0027)"
},
"discovery_date": "2025-12-01T23:01:07.198041+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2418152"
}
],
"notes": [
{
"category": "description",
"text": "A remote code execution vulnerability has been identified in vLLM. An attacker can exploit a weakness in the model loading process to silently fetch and run unauthorized, malicious Python code on the host system. This happens because the engine mistakenly executes code from a remote repository referenced in a model\u0027s configuration, even when explicit security measures are set to prevent it.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "vllm: vLLM: Remote Code Execution via malicious model configuration",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Important for Red Hat because vLLM, when deployed in a Red Hat environment, is susceptible to remote code execution. An attacker can craft a malicious model configuration that, when loaded, fetches and executes arbitrary Python code from a remote repository, even if `trust_remote_code` is explicitly set to `False`.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:c5efe40fa2a6e98d7d3d6676befff0dbbd87b2887769bb7e5856c5b0b0ada125_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-66448"
},
{
"category": "external",
"summary": "RHBZ#2418152",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2418152"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-66448",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66448"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-66448",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66448"
},
{
"category": "external",
"summary": "https://github.com/vllm-project/vllm/commit/ffb08379d8870a1a81ba82b72797f196838d0c86",
"url": "https://github.com/vllm-project/vllm/commit/ffb08379d8870a1a81ba82b72797f196838d0c86"
},
{
"category": "external",
"summary": "https://github.com/vllm-project/vllm/pull/28126",
"url": "https://github.com/vllm-project/vllm/pull/28126"
},
{
"category": "external",
"summary": "https://github.com/vllm-project/vllm/security/advisories/GHSA-8fr4-5q9j-m8gm",
"url": "https://github.com/vllm-project/vllm/security/advisories/GHSA-8fr4-5q9j-m8gm"
}
],
"release_date": "2025-12-01T22:45:42.566000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-12-17T08:22:31+00:00",
"details": "For more information visit https://access.redhat.com/errata/RHSA-2025:23449",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:c5efe40fa2a6e98d7d3d6676befff0dbbd87b2887769bb7e5856c5b0b0ada125_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:23449"
},
{
"category": "workaround",
"details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:c5efe40fa2a6e98d7d3d6676befff0dbbd87b2887769bb7e5856c5b0b0ada125_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:c5efe40fa2a6e98d7d3d6676befff0dbbd87b2887769bb7e5856c5b0b0ada125_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "vllm: vLLM: Remote Code Execution via malicious model configuration"
},
{
"cve": "CVE-2025-66506",
"cwe": {
"id": "CWE-405",
"name": "Asymmetric Resource Consumption (Amplification)"
},
"discovery_date": "2025-12-04T23:01:20.507333+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2419056"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Fulcio, a free-to-use certificate authority. This vulnerability allows a denial of service (DoS) due to excessive memory allocation when processing a malicious OpenID Connect (OIDC) identity token containing numerous period characters.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "github.com/sigstore/fulcio: Fulcio: Denial of Service via crafted OpenID Connect (OIDC) token",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Important for Red Hat as Fulcio, a certificate authority used for issuing code signing certificates, is susceptible to a denial of service when processing a specially crafted OpenID Connect (OIDC) token. This could lead to resource exhaustion and service unavailability in affected Red Hat products that utilize Fulcio.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:c5efe40fa2a6e98d7d3d6676befff0dbbd87b2887769bb7e5856c5b0b0ada125_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-66506"
},
{
"category": "external",
"summary": "RHBZ#2419056",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2419056"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-66506",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66506"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-66506",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66506"
},
{
"category": "external",
"summary": "https://github.com/sigstore/fulcio/commit/765a0e57608b9ef390e1eeeea8595b9054c63a5a",
"url": "https://github.com/sigstore/fulcio/commit/765a0e57608b9ef390e1eeeea8595b9054c63a5a"
},
{
"category": "external",
"summary": "https://github.com/sigstore/fulcio/security/advisories/GHSA-f83f-xpx7-ffpw",
"url": "https://github.com/sigstore/fulcio/security/advisories/GHSA-f83f-xpx7-ffpw"
}
],
"release_date": "2025-12-04T22:04:41.637000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-12-17T08:22:31+00:00",
"details": "For more information visit https://access.redhat.com/errata/RHSA-2025:23449",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:c5efe40fa2a6e98d7d3d6676befff0dbbd87b2887769bb7e5856c5b0b0ada125_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:23449"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:c5efe40fa2a6e98d7d3d6676befff0dbbd87b2887769bb7e5856c5b0b0ada125_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "github.com/sigstore/fulcio: Fulcio: Denial of Service via crafted OpenID Connect (OIDC) token"
}
]
}
RHSA-2025:23209
Vulnerability from csaf_redhat - Published: 2025-12-15 15:50 - Updated: 2026-02-08 07:22Summary
Red Hat Security Advisory: Red Hat AI Inference Server 3.2.5 (TPU)
Notes
Topic
Red Hat AI Inference Server 3.2.5 (TPU) is now available.
Details
Red Hat® AI Inference Server
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat AI Inference Server 3.2.5 (TPU) is now available.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat\u00ae AI Inference Server",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:23209",
"url": "https://access.redhat.com/errata/RHSA-2025:23209"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-66448",
"url": "https://access.redhat.com/security/cve/CVE-2025-66448"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-66506",
"url": "https://access.redhat.com/security/cve/CVE-2025-66506"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-9230",
"url": "https://access.redhat.com/security/cve/CVE-2025-9230"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-9714",
"url": "https://access.redhat.com/security/cve/CVE-2025-9714"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "external",
"summary": "https://www.redhat.com/en/products/ai/inference-server",
"url": "https://www.redhat.com/en/products/ai/inference-server"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-22868",
"url": "https://access.redhat.com/security/cve/CVE-2025-22868"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-22869",
"url": "https://access.redhat.com/security/cve/CVE-2025-22869"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-52565",
"url": "https://access.redhat.com/security/cve/CVE-2025-52565"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-59375",
"url": "https://access.redhat.com/security/cve/CVE-2025-59375"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-62372",
"url": "https://access.redhat.com/security/cve/CVE-2025-62372"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-62164",
"url": "https://access.redhat.com/security/cve/CVE-2025-62164"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_23209.json"
}
],
"title": "Red Hat Security Advisory: Red Hat AI Inference Server 3.2.5 (TPU)",
"tracking": {
"current_release_date": "2026-02-08T07:22:41+00:00",
"generator": {
"date": "2026-02-08T07:22:41+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.1"
}
},
"id": "RHSA-2025:23209",
"initial_release_date": "2025-12-15T15:50:15+00:00",
"revision_history": [
{
"date": "2025-12-15T15:50:15+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-12-15T15:50:27+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-02-08T07:22:41+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat AI Inference Server 3.2",
"product": {
"name": "Red Hat AI Inference Server 3.2",
"product_id": "Red Hat AI Inference Server 3.2",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:ai_inference_server:3.2::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat AI Inference Server"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/rhaiis/vllm-tpu-rhel9@sha256:64796b48c68d31973a08e22c9530c39b1bc3ba9f376bbefa57643ef0fc857534_amd64",
"product": {
"name": "registry.redhat.io/rhaiis/vllm-tpu-rhel9@sha256:64796b48c68d31973a08e22c9530c39b1bc3ba9f376bbefa57643ef0fc857534_amd64",
"product_id": "registry.redhat.io/rhaiis/vllm-tpu-rhel9@sha256:64796b48c68d31973a08e22c9530c39b1bc3ba9f376bbefa57643ef0fc857534_amd64",
"product_identification_helper": {
"purl": "pkg:oci/vllm-tpu-rhel9@sha256%3A64796b48c68d31973a08e22c9530c39b1bc3ba9f376bbefa57643ef0fc857534?arch=amd64\u0026repository_url=registry.redhat.io/rhaiis\u0026tag=3.2.5-1765552619"
}
}
}
],
"category": "architecture",
"name": "amd64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhaiis/vllm-tpu-rhel9@sha256:64796b48c68d31973a08e22c9530c39b1bc3ba9f376bbefa57643ef0fc857534_amd64 as a component of Red Hat AI Inference Server 3.2",
"product_id": "Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-tpu-rhel9@sha256:64796b48c68d31973a08e22c9530c39b1bc3ba9f376bbefa57643ef0fc857534_amd64"
},
"product_reference": "registry.redhat.io/rhaiis/vllm-tpu-rhel9@sha256:64796b48c68d31973a08e22c9530c39b1bc3ba9f376bbefa57643ef0fc857534_amd64",
"relates_to_product_reference": "Red Hat AI Inference Server 3.2"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-9230",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2025-09-17T12:15:34.387000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2396054"
}
],
"notes": [
{
"category": "description",
"text": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openssl: Out-of-bounds read \u0026 write in RFC 3211 KEK Unwrap",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The vulnerability was rated as Moderate because, while the potential impact includes an application level denial of service and possible arbitrary code execution, successful exploitation is considered unlikely due to the high attack complexity and the fact that password-based CMS encryption (PWRI) is rarely used in real-world deployments.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-tpu-rhel9@sha256:64796b48c68d31973a08e22c9530c39b1bc3ba9f376bbefa57643ef0fc857534_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-9230"
},
{
"category": "external",
"summary": "RHBZ#2396054",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2396054"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-9230",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9230"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-9230",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-9230"
}
],
"release_date": "2025-09-30T23:59:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-12-15T15:50:15+00:00",
"details": "For more information visit https://access.redhat.com/errata/RHSA-2025:23209",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-tpu-rhel9@sha256:64796b48c68d31973a08e22c9530c39b1bc3ba9f376bbefa57643ef0fc857534_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:23209"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-tpu-rhel9@sha256:64796b48c68d31973a08e22c9530c39b1bc3ba9f376bbefa57643ef0fc857534_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-tpu-rhel9@sha256:64796b48c68d31973a08e22c9530c39b1bc3ba9f376bbefa57643ef0fc857534_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "openssl: Out-of-bounds read \u0026 write in RFC 3211 KEK Unwrap"
},
{
"cve": "CVE-2025-9714",
"cwe": {
"id": "CWE-606",
"name": "Unchecked Input for Loop Condition"
},
"discovery_date": "2025-09-02T13:03:56.452000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2392605"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in libxstl/libxml2. The \u0027exsltDynMapFunction\u0027 function in libexslt/dynamic.c does not contain a recursion depth check, which may cause an infinite loop via a specially crafted XSLT document while handling \u0027dyn:map()\u0027, leading to stack exhaustion and a local denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libxslt: libxml2: Inifinite recursion at exsltDynMapFunction function in libexslt/dynamic.c",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "No evidence was found for arbitrary memory corruption through this flaw, limiting its impact to Availability only, and reducing its severity to Moderate.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-tpu-rhel9@sha256:64796b48c68d31973a08e22c9530c39b1bc3ba9f376bbefa57643ef0fc857534_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-9714"
},
{
"category": "external",
"summary": "RHBZ#2392605",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2392605"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-9714",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9714"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-9714",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-9714"
},
{
"category": "external",
"summary": "https://gitlab.gnome.org/GNOME/libxml2/-/commit/677a42645ef22b5a50741bad5facf9d8a8bc6d21",
"url": "https://gitlab.gnome.org/GNOME/libxml2/-/commit/677a42645ef22b5a50741bad5facf9d8a8bc6d21"
},
{
"category": "external",
"summary": "https://gitlab.gnome.org/GNOME/libxslt/-/issues/148",
"url": "https://gitlab.gnome.org/GNOME/libxslt/-/issues/148"
}
],
"release_date": "2025-09-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-12-15T15:50:15+00:00",
"details": "For more information visit https://access.redhat.com/errata/RHSA-2025:23209",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-tpu-rhel9@sha256:64796b48c68d31973a08e22c9530c39b1bc3ba9f376bbefa57643ef0fc857534_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:23209"
},
{
"category": "workaround",
"details": "The impact of this flaw may be reduced by setting strict resource limits to the stack size of processes at the operational system level. This can be achieved either through the \u0027ulimit\u0027 shell built-in or the \u0027limits.conf\u0027 file.",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-tpu-rhel9@sha256:64796b48c68d31973a08e22c9530c39b1bc3ba9f376bbefa57643ef0fc857534_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-tpu-rhel9@sha256:64796b48c68d31973a08e22c9530c39b1bc3ba9f376bbefa57643ef0fc857534_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "libxslt: libxml2: Inifinite recursion at exsltDynMapFunction function in libexslt/dynamic.c"
},
{
"acknowledgments": [
{
"names": [
"jub0bs"
]
}
],
"cve": "CVE-2025-22868",
"cwe": {
"id": "CWE-1286",
"name": "Improper Validation of Syntactic Correctness of Input"
},
"discovery_date": "2025-02-26T04:00:44.350024+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2348366"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the `golang.org/x/oauth2/jws` package in the token parsing component. This vulnerability is made possible because of the use of `strings.Split(token, \".\")` to split JWT tokens, which can lead to excessive memory consumption when processing maliciously crafted tokens with a large number of `.` characters. An attacker could exploit this functionality by sending numerous malformed tokens and can trigger memory exhaustion and a Denial of Service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang.org/x/oauth2/jws: Unexpected memory consumption during token parsing in golang.org/x/oauth2/jws",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-tpu-rhel9@sha256:64796b48c68d31973a08e22c9530c39b1bc3ba9f376bbefa57643ef0fc857534_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-22868"
},
{
"category": "external",
"summary": "RHBZ#2348366",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2348366"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-22868",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22868"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-22868",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-22868"
},
{
"category": "external",
"summary": "https://go.dev/cl/652155",
"url": "https://go.dev/cl/652155"
},
{
"category": "external",
"summary": "https://go.dev/issue/71490",
"url": "https://go.dev/issue/71490"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-3488",
"url": "https://pkg.go.dev/vuln/GO-2025-3488"
}
],
"release_date": "2025-02-26T03:07:49.012000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-12-15T15:50:15+00:00",
"details": "For more information visit https://access.redhat.com/errata/RHSA-2025:23209",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-tpu-rhel9@sha256:64796b48c68d31973a08e22c9530c39b1bc3ba9f376bbefa57643ef0fc857534_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:23209"
},
{
"category": "workaround",
"details": "To mitigate this vulnerability, it is recommended to pre-validate any payloads passed to `go-jose` to check that they do not contain an excessive amount of `.` characters.",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-tpu-rhel9@sha256:64796b48c68d31973a08e22c9530c39b1bc3ba9f376bbefa57643ef0fc857534_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-tpu-rhel9@sha256:64796b48c68d31973a08e22c9530c39b1bc3ba9f376bbefa57643ef0fc857534_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang.org/x/oauth2/jws: Unexpected memory consumption during token parsing in golang.org/x/oauth2/jws"
},
{
"cve": "CVE-2025-22869",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2025-02-26T04:00:47.683125+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2348367"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the golang.org/x/crypto/ssh package. SSH clients and servers are vulnerable to increased resource consumption, possibly leading to memory exhaustion and a DoS. This can occur during key exchange when the other party is slow to respond during key exchange.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang.org/x/crypto/ssh: Denial of Service in the Key Exchange of golang.org/x/crypto/ssh",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "While this flaw affects both SSH clients and servers implemented with golang.org/x/crypto/ssh, realistically the flaw will only lead to a DoS when transferring large files, greatly reducing the likelihood of exploitation.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-tpu-rhel9@sha256:64796b48c68d31973a08e22c9530c39b1bc3ba9f376bbefa57643ef0fc857534_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-22869"
},
{
"category": "external",
"summary": "RHBZ#2348367",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2348367"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-22869",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22869"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-22869",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-22869"
},
{
"category": "external",
"summary": "https://go.dev/cl/652135",
"url": "https://go.dev/cl/652135"
},
{
"category": "external",
"summary": "https://go.dev/issue/71931",
"url": "https://go.dev/issue/71931"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-3487",
"url": "https://pkg.go.dev/vuln/GO-2025-3487"
}
],
"release_date": "2025-02-26T03:07:48.855000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-12-15T15:50:15+00:00",
"details": "For more information visit https://access.redhat.com/errata/RHSA-2025:23209",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-tpu-rhel9@sha256:64796b48c68d31973a08e22c9530c39b1bc3ba9f376bbefa57643ef0fc857534_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:23209"
},
{
"category": "workaround",
"details": "This flaw can be mitigated when using the client only connecting to trusted servers.",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-tpu-rhel9@sha256:64796b48c68d31973a08e22c9530c39b1bc3ba9f376bbefa57643ef0fc857534_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-tpu-rhel9@sha256:64796b48c68d31973a08e22c9530c39b1bc3ba9f376bbefa57643ef0fc857534_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang.org/x/crypto/ssh: Denial of Service in the Key Exchange of golang.org/x/crypto/ssh"
},
{
"cve": "CVE-2025-52565",
"cwe": {
"id": "CWE-59",
"name": "Improper Link Resolution Before File Access (\u0027Link Following\u0027)"
},
"discovery_date": "2025-10-17T14:19:18.653000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2404708"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in runc. CVE-2025-52565 is very similar in concept and application toCVE-2025-31133, except that it exploits a flaw in /dev/console\nbind-mounts. When creating the /dev/console bind-mount (to /dev/pts/$n), if an attacker replaces /dev/pts/$n with a symlink then runc will bind-mount the symlink target over /dev/console.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "runc: container escape with malicious config due to /dev/console mount and related races",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat considers this as an Important flaw since the impact is limited to local attack with minimal privileges in order to jeopardize the environment.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-tpu-rhel9@sha256:64796b48c68d31973a08e22c9530c39b1bc3ba9f376bbefa57643ef0fc857534_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-52565"
},
{
"category": "external",
"summary": "RHBZ#2404708",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2404708"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-52565",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-52565"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-52565",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-52565"
}
],
"release_date": "2025-11-05T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-12-15T15:50:15+00:00",
"details": "For more information visit https://access.redhat.com/errata/RHSA-2025:23209",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-tpu-rhel9@sha256:64796b48c68d31973a08e22c9530c39b1bc3ba9f376bbefa57643ef0fc857534_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:23209"
},
{
"category": "workaround",
"details": "Potential mitigations for this issue include:\n\n* Using user namespaces, with the host root user not mapped into the container\u0027s namespace. procfs file permissions are managed using Unix DAC and thus user namespaces stop a container process from being able to write to them.\n* Not running as a root user in the container (this includes disabling setuid binaries with noNewPrivileges). As above, procfs file permissions are managed using Unix DAC and thus non-root users cannot write to them.\n* The default SELinux policy should mitigate this issue, as the /dev/console bind-mount does not re-label the mount and so the container process should not be able to write to unsafe procfs files. However, CVE-2025-52881 allows an attacker to bypass LSM labels, and so this mitigation is not helpful when considered in combination with CVE-2025-52881.\n* The default AppArmor profile used by most runtimes will NOT help mitigate this issue, as /dev/console access is permitted. You could create a custom profile that blocks access to /dev/console, but such a profile might break regular containers. In addition, CVE-2025-52881 allows an attacker to bypass LSM labels, and so that mitigation is not helpful when considered in combination with CVE-2025-52881.",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-tpu-rhel9@sha256:64796b48c68d31973a08e22c9530c39b1bc3ba9f376bbefa57643ef0fc857534_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-tpu-rhel9@sha256:64796b48c68d31973a08e22c9530c39b1bc3ba9f376bbefa57643ef0fc857534_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "runc: container escape with malicious config due to /dev/console mount and related races"
},
{
"cve": "CVE-2025-59375",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2025-09-15T03:00:59.775098+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2395108"
}
],
"notes": [
{
"category": "description",
"text": "A memory amplification vulnerability in libexpat allows attackers to trigger excessive dynamic memory allocations by submitting specially crafted XML input. A small input (~250 KiB) can cause the parser to allocate hundreds of megabytes, leading to denial-of-service (DoS) through memory exhaustion.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "expat: libexpat in Expat allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue is Important rather than Critical because, while it allows for significant resource exhaustion leading to denial-of-service (DoS), it does not enable arbitrary code execution, data leakage, or privilege escalation. The vulnerability stems from an uncontrolled memory amplification behavior in libexpat\u2019s parser, where a relatively small XML payload can cause disproportionately large heap allocations. However, the flaw is limited in scope to service disruption and requires the attacker to submit a crafted XML document\u2014something that can be mitigated with proper input validation and memory usage limits. Therefore, while the exploitability is high, the impact is confined to availability, not confidentiality or integrity, making it a high-severity but not critical flaw.\n\nIn Firefox and Thunderbird, where libexpat is a transitive userspace dependency, exploitation usually just crashes the application (app-level DoS), so it is classify as Moderate instead of Important.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-tpu-rhel9@sha256:64796b48c68d31973a08e22c9530c39b1bc3ba9f376bbefa57643ef0fc857534_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-59375"
},
{
"category": "external",
"summary": "RHBZ#2395108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2395108"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-59375",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59375"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-59375",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-59375"
},
{
"category": "external",
"summary": "https://github.com/libexpat/libexpat/blob/676a4c531ec768732fac215da9730b5f50fbd2bf/expat/Changes#L45-L74",
"url": "https://github.com/libexpat/libexpat/blob/676a4c531ec768732fac215da9730b5f50fbd2bf/expat/Changes#L45-L74"
},
{
"category": "external",
"summary": "https://github.com/libexpat/libexpat/issues/1018",
"url": "https://github.com/libexpat/libexpat/issues/1018"
},
{
"category": "external",
"summary": "https://github.com/libexpat/libexpat/pull/1034",
"url": "https://github.com/libexpat/libexpat/pull/1034"
},
{
"category": "external",
"summary": "https://issues.oss-fuzz.com/issues/439133977",
"url": "https://issues.oss-fuzz.com/issues/439133977"
}
],
"release_date": "2025-09-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-12-15T15:50:15+00:00",
"details": "For more information visit https://access.redhat.com/errata/RHSA-2025:23209",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-tpu-rhel9@sha256:64796b48c68d31973a08e22c9530c39b1bc3ba9f376bbefa57643ef0fc857534_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:23209"
},
{
"category": "workaround",
"details": "To mitigate the issue, limit XML input size and complexity before parsing, and avoid accepting compressed or deeply nested XML. Use OS-level resource controls (like ulimit or setrlimit()) to cap memory usage, or run the parser in a sandboxed or isolated process with strict memory and CPU limits. This helps prevent denial-of-service by containing excessive resource consumption.",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-tpu-rhel9@sha256:64796b48c68d31973a08e22c9530c39b1bc3ba9f376bbefa57643ef0fc857534_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-tpu-rhel9@sha256:64796b48c68d31973a08e22c9530c39b1bc3ba9f376bbefa57643ef0fc857534_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "expat: libexpat in Expat allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing"
},
{
"cve": "CVE-2025-62164",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2025-11-21T02:01:11.280042+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2416282"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability in vLLM allows attackers to supply malicious serialized prompt-embedding tensors that are deserialized using torch.load() without validation. Due to PyTorch 2.8.0 disabling sparse-tensor integrity checks by default, a crafted tensor can bypass bounds checks and cause an out-of-bounds write during to_dense(), leading to a crash (DoS) and potentially remote code execution on the vLLM server.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "vllm: VLLM deserialization vulnerability leading to DoS and potential RCE",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is considered important rather than moderate because it involves unsafe deserialization leading to memory corruption in a network-reachable, unauthenticated API path. Unlike typical moderate flaws that may only allow limited DoS or require specific conditions, this issue allows an attacker to supply a crafted sparse tensor that triggers an out-of-bounds memory write during PyTorch\u2019s to_dense() conversion. Memory corruption in a server process handling untrusted input significantly elevates security risk because it can lead not only to a reliable crash but also to potential remote code execution, enabling full compromise of the vLLM service. Additionally, the affected code path is part of the standard Completions API workflow, making the attack surface broadly exposed in real deployments. The combination of remote exploitability, unauthenticated access, memory corruption, and potential RCE clearly positions this issue above a moderate classification and into an important severity level.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-tpu-rhel9@sha256:64796b48c68d31973a08e22c9530c39b1bc3ba9f376bbefa57643ef0fc857534_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-62164"
},
{
"category": "external",
"summary": "RHBZ#2416282",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2416282"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-62164",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-62164"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-62164",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-62164"
},
{
"category": "external",
"summary": "https://github.com/vllm-project/vllm/commit/58fab50d82838d5014f4a14d991fdb9352c9c84b",
"url": "https://github.com/vllm-project/vllm/commit/58fab50d82838d5014f4a14d991fdb9352c9c84b"
},
{
"category": "external",
"summary": "https://github.com/vllm-project/vllm/pull/27204",
"url": "https://github.com/vllm-project/vllm/pull/27204"
},
{
"category": "external",
"summary": "https://github.com/vllm-project/vllm/security/advisories/GHSA-mrw7-hf4f-83pf",
"url": "https://github.com/vllm-project/vllm/security/advisories/GHSA-mrw7-hf4f-83pf"
}
],
"release_date": "2025-11-21T01:18:38.803000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-12-15T15:50:15+00:00",
"details": "For more information visit https://access.redhat.com/errata/RHSA-2025:23209",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-tpu-rhel9@sha256:64796b48c68d31973a08e22c9530c39b1bc3ba9f376bbefa57643ef0fc857534_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:23209"
},
{
"category": "workaround",
"details": "No mitigation is currently available that meets Red Hat Product Security\u2019s standards for usability, deployment, applicability, or stability.",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-tpu-rhel9@sha256:64796b48c68d31973a08e22c9530c39b1bc3ba9f376bbefa57643ef0fc857534_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-tpu-rhel9@sha256:64796b48c68d31973a08e22c9530c39b1bc3ba9f376bbefa57643ef0fc857534_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "vllm: VLLM deserialization vulnerability leading to DoS and potential RCE"
},
{
"cve": "CVE-2025-62372",
"cwe": {
"id": "CWE-129",
"name": "Improper Validation of Array Index"
},
"discovery_date": "2025-11-21T02:00:57.180567+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2416280"
}
],
"notes": [
{
"category": "description",
"text": "vLLM is an inference and serving engine for large language models (LLMs). From version 0.5.5 to before 0.11.1, users can crash the vLLM engine serving multimodal models by passing multimodal embedding inputs with correct ndim but incorrect shape (e.g. hidden dimension is wrong), regardless of whether the model is intended to support such inputs (as defined in the Supported Models page). This issue has been patched in version 0.11.1.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "vllm: vLLM vulnerable to DoS with incorrect shape of multimodal embedding inputs",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw is rated Moderate rather than Important because its impact is strictly limited to availability and requires low but existing privileges to exploit. The issue arises from incomplete shape validation of multimodal embedding tensors, which can cause deterministic crashes in the inference engine, but it does not enable memory corruption, data leakage, integrity compromise, or execution of arbitrary code. Exploitation requires an authenticated or API-key-holding user to submit malformed multimodal inputs, meaning it cannot be triggered by an unauthenticated attacker on an exposed endpoint. Additionally, the failure mode is a clean crash rather than undefined behavior, so the blast radius is constrained to service interruption rather than broader systemic compromise. These factors\u2014PR:L requirement, no confidentiality/integrity impact, deterministic failure mode, and scoped DoS only\u2014technically align the issue with Moderate severity instead of an Important flaw.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-tpu-rhel9@sha256:64796b48c68d31973a08e22c9530c39b1bc3ba9f376bbefa57643ef0fc857534_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-62372"
},
{
"category": "external",
"summary": "RHBZ#2416280",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2416280"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-62372",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-62372"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-62372",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-62372"
},
{
"category": "external",
"summary": "https://github.com/vllm-project/vllm/commit/58fab50d82838d5014f4a14d991fdb9352c9c84b",
"url": "https://github.com/vllm-project/vllm/commit/58fab50d82838d5014f4a14d991fdb9352c9c84b"
},
{
"category": "external",
"summary": "https://github.com/vllm-project/vllm/pull/27204",
"url": "https://github.com/vllm-project/vllm/pull/27204"
},
{
"category": "external",
"summary": "https://github.com/vllm-project/vllm/pull/6613",
"url": "https://github.com/vllm-project/vllm/pull/6613"
},
{
"category": "external",
"summary": "https://github.com/vllm-project/vllm/security/advisories/GHSA-pmqf-x6x8-p7qw",
"url": "https://github.com/vllm-project/vllm/security/advisories/GHSA-pmqf-x6x8-p7qw"
}
],
"release_date": "2025-11-21T01:22:37.121000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-12-15T15:50:15+00:00",
"details": "For more information visit https://access.redhat.com/errata/RHSA-2025:23209",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-tpu-rhel9@sha256:64796b48c68d31973a08e22c9530c39b1bc3ba9f376bbefa57643ef0fc857534_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:23209"
},
{
"category": "workaround",
"details": "No mitigation is currently available that meets Red Hat Product Security\u2019s standards for usability, deployment, applicability, or stability.",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-tpu-rhel9@sha256:64796b48c68d31973a08e22c9530c39b1bc3ba9f376bbefa57643ef0fc857534_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-tpu-rhel9@sha256:64796b48c68d31973a08e22c9530c39b1bc3ba9f376bbefa57643ef0fc857534_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "vllm: vLLM vulnerable to DoS with incorrect shape of multimodal embedding inputs"
},
{
"cve": "CVE-2025-66448",
"cwe": {
"id": "CWE-94",
"name": "Improper Control of Generation of Code (\u0027Code Injection\u0027)"
},
"discovery_date": "2025-12-01T23:01:07.198041+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2418152"
}
],
"notes": [
{
"category": "description",
"text": "A remote code execution vulnerability has been identified in vLLM. An attacker can exploit a weakness in the model loading process to silently fetch and run unauthorized, malicious Python code on the host system. This happens because the engine mistakenly executes code from a remote repository referenced in a model\u0027s configuration, even when explicit security measures are set to prevent it.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "vllm: vLLM: Remote Code Execution via malicious model configuration",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Important for Red Hat because vLLM, when deployed in a Red Hat environment, is susceptible to remote code execution. An attacker can craft a malicious model configuration that, when loaded, fetches and executes arbitrary Python code from a remote repository, even if `trust_remote_code` is explicitly set to `False`.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-tpu-rhel9@sha256:64796b48c68d31973a08e22c9530c39b1bc3ba9f376bbefa57643ef0fc857534_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-66448"
},
{
"category": "external",
"summary": "RHBZ#2418152",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2418152"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-66448",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66448"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-66448",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66448"
},
{
"category": "external",
"summary": "https://github.com/vllm-project/vllm/commit/ffb08379d8870a1a81ba82b72797f196838d0c86",
"url": "https://github.com/vllm-project/vllm/commit/ffb08379d8870a1a81ba82b72797f196838d0c86"
},
{
"category": "external",
"summary": "https://github.com/vllm-project/vllm/pull/28126",
"url": "https://github.com/vllm-project/vllm/pull/28126"
},
{
"category": "external",
"summary": "https://github.com/vllm-project/vllm/security/advisories/GHSA-8fr4-5q9j-m8gm",
"url": "https://github.com/vllm-project/vllm/security/advisories/GHSA-8fr4-5q9j-m8gm"
}
],
"release_date": "2025-12-01T22:45:42.566000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-12-15T15:50:15+00:00",
"details": "For more information visit https://access.redhat.com/errata/RHSA-2025:23209",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-tpu-rhel9@sha256:64796b48c68d31973a08e22c9530c39b1bc3ba9f376bbefa57643ef0fc857534_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:23209"
},
{
"category": "workaround",
"details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-tpu-rhel9@sha256:64796b48c68d31973a08e22c9530c39b1bc3ba9f376bbefa57643ef0fc857534_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-tpu-rhel9@sha256:64796b48c68d31973a08e22c9530c39b1bc3ba9f376bbefa57643ef0fc857534_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "vllm: vLLM: Remote Code Execution via malicious model configuration"
},
{
"cve": "CVE-2025-66506",
"cwe": {
"id": "CWE-405",
"name": "Asymmetric Resource Consumption (Amplification)"
},
"discovery_date": "2025-12-04T23:01:20.507333+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2419056"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Fulcio, a free-to-use certificate authority. This vulnerability allows a denial of service (DoS) due to excessive memory allocation when processing a malicious OpenID Connect (OIDC) identity token containing numerous period characters.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "github.com/sigstore/fulcio: Fulcio: Denial of Service via crafted OpenID Connect (OIDC) token",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Important for Red Hat as Fulcio, a certificate authority used for issuing code signing certificates, is susceptible to a denial of service when processing a specially crafted OpenID Connect (OIDC) token. This could lead to resource exhaustion and service unavailability in affected Red Hat products that utilize Fulcio.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-tpu-rhel9@sha256:64796b48c68d31973a08e22c9530c39b1bc3ba9f376bbefa57643ef0fc857534_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-66506"
},
{
"category": "external",
"summary": "RHBZ#2419056",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2419056"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-66506",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66506"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-66506",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66506"
},
{
"category": "external",
"summary": "https://github.com/sigstore/fulcio/commit/765a0e57608b9ef390e1eeeea8595b9054c63a5a",
"url": "https://github.com/sigstore/fulcio/commit/765a0e57608b9ef390e1eeeea8595b9054c63a5a"
},
{
"category": "external",
"summary": "https://github.com/sigstore/fulcio/security/advisories/GHSA-f83f-xpx7-ffpw",
"url": "https://github.com/sigstore/fulcio/security/advisories/GHSA-f83f-xpx7-ffpw"
}
],
"release_date": "2025-12-04T22:04:41.637000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-12-15T15:50:15+00:00",
"details": "For more information visit https://access.redhat.com/errata/RHSA-2025:23209",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-tpu-rhel9@sha256:64796b48c68d31973a08e22c9530c39b1bc3ba9f376bbefa57643ef0fc857534_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:23209"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-tpu-rhel9@sha256:64796b48c68d31973a08e22c9530c39b1bc3ba9f376bbefa57643ef0fc857534_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "github.com/sigstore/fulcio: Fulcio: Denial of Service via crafted OpenID Connect (OIDC) token"
}
]
}
RHSA-2025:23202
Vulnerability from csaf_redhat - Published: 2025-12-15 15:29 - Updated: 2026-02-08 07:22Summary
Red Hat Security Advisory: Red Hat AI Inference Server Model Optimization Tools 3.2.5 (CUDA)
Notes
Topic
Red Hat AI Inference Server Model Optimization Tools 3.2.5 (CUDA) is now available.
Details
Red Hat® AI Inference Server Model Optimization Tools
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat AI Inference Server Model Optimization Tools 3.2.5 (CUDA) is now available.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat\u00ae AI Inference Server Model Optimization Tools",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:23202",
"url": "https://access.redhat.com/errata/RHSA-2025:23202"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-22868",
"url": "https://access.redhat.com/security/cve/CVE-2025-22868"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-22869",
"url": "https://access.redhat.com/security/cve/CVE-2025-22869"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-52565",
"url": "https://access.redhat.com/security/cve/CVE-2025-52565"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-59375",
"url": "https://access.redhat.com/security/cve/CVE-2025-59375"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-66506",
"url": "https://access.redhat.com/security/cve/CVE-2025-66506"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-9230",
"url": "https://access.redhat.com/security/cve/CVE-2025-9230"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-9714",
"url": "https://access.redhat.com/security/cve/CVE-2025-9714"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "external",
"summary": "https://www.redhat.com/en/products/ai/inference-server",
"url": "https://www.redhat.com/en/products/ai/inference-server"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_23202.json"
}
],
"title": "Red Hat Security Advisory: Red Hat AI Inference Server Model Optimization Tools 3.2.5 (CUDA)",
"tracking": {
"current_release_date": "2026-02-08T07:22:37+00:00",
"generator": {
"date": "2026-02-08T07:22:37+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.1"
}
},
"id": "RHSA-2025:23202",
"initial_release_date": "2025-12-15T15:29:01+00:00",
"revision_history": [
{
"date": "2025-12-15T15:29:01+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-12-15T15:29:08+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-02-08T07:22:37+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat AI Inference Server 3.2",
"product": {
"name": "Red Hat AI Inference Server 3.2",
"product_id": "Red Hat AI Inference Server 3.2",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:ai_inference_server:3.2::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat AI Inference Server"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/rhaiis/model-opt-cuda-rhel9@sha256:fca12d55fef49b9a67c8aa7c2c004adb8916b9784134b4e571067a615a7a4a2e_amd64",
"product": {
"name": "registry.redhat.io/rhaiis/model-opt-cuda-rhel9@sha256:fca12d55fef49b9a67c8aa7c2c004adb8916b9784134b4e571067a615a7a4a2e_amd64",
"product_id": "registry.redhat.io/rhaiis/model-opt-cuda-rhel9@sha256:fca12d55fef49b9a67c8aa7c2c004adb8916b9784134b4e571067a615a7a4a2e_amd64",
"product_identification_helper": {
"purl": "pkg:oci/model-opt-cuda-rhel9@sha256%3Afca12d55fef49b9a67c8aa7c2c004adb8916b9784134b4e571067a615a7a4a2e?arch=amd64\u0026repository_url=registry.redhat.io/rhaiis\u0026tag=3.2.5-1765361184"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/rhaiis/model-opt-cuda-rhel9@sha256:f083e52ef4198ab8123c49eb044c4374ec996f65633d224bb8152ef0c3f30e7d_arm64",
"product": {
"name": "registry.redhat.io/rhaiis/model-opt-cuda-rhel9@sha256:f083e52ef4198ab8123c49eb044c4374ec996f65633d224bb8152ef0c3f30e7d_arm64",
"product_id": "registry.redhat.io/rhaiis/model-opt-cuda-rhel9@sha256:f083e52ef4198ab8123c49eb044c4374ec996f65633d224bb8152ef0c3f30e7d_arm64",
"product_identification_helper": {
"purl": "pkg:oci/model-opt-cuda-rhel9@sha256%3Af083e52ef4198ab8123c49eb044c4374ec996f65633d224bb8152ef0c3f30e7d?arch=arm64\u0026repository_url=registry.redhat.io/rhaiis\u0026tag=3.2.5-1765361184"
}
}
}
],
"category": "architecture",
"name": "arm64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhaiis/model-opt-cuda-rhel9@sha256:f083e52ef4198ab8123c49eb044c4374ec996f65633d224bb8152ef0c3f30e7d_arm64 as a component of Red Hat AI Inference Server 3.2",
"product_id": "Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/model-opt-cuda-rhel9@sha256:f083e52ef4198ab8123c49eb044c4374ec996f65633d224bb8152ef0c3f30e7d_arm64"
},
"product_reference": "registry.redhat.io/rhaiis/model-opt-cuda-rhel9@sha256:f083e52ef4198ab8123c49eb044c4374ec996f65633d224bb8152ef0c3f30e7d_arm64",
"relates_to_product_reference": "Red Hat AI Inference Server 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhaiis/model-opt-cuda-rhel9@sha256:fca12d55fef49b9a67c8aa7c2c004adb8916b9784134b4e571067a615a7a4a2e_amd64 as a component of Red Hat AI Inference Server 3.2",
"product_id": "Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/model-opt-cuda-rhel9@sha256:fca12d55fef49b9a67c8aa7c2c004adb8916b9784134b4e571067a615a7a4a2e_amd64"
},
"product_reference": "registry.redhat.io/rhaiis/model-opt-cuda-rhel9@sha256:fca12d55fef49b9a67c8aa7c2c004adb8916b9784134b4e571067a615a7a4a2e_amd64",
"relates_to_product_reference": "Red Hat AI Inference Server 3.2"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-9230",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2025-09-17T12:15:34.387000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2396054"
}
],
"notes": [
{
"category": "description",
"text": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openssl: Out-of-bounds read \u0026 write in RFC 3211 KEK Unwrap",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The vulnerability was rated as Moderate because, while the potential impact includes an application level denial of service and possible arbitrary code execution, successful exploitation is considered unlikely due to the high attack complexity and the fact that password-based CMS encryption (PWRI) is rarely used in real-world deployments.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/model-opt-cuda-rhel9@sha256:f083e52ef4198ab8123c49eb044c4374ec996f65633d224bb8152ef0c3f30e7d_arm64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/model-opt-cuda-rhel9@sha256:fca12d55fef49b9a67c8aa7c2c004adb8916b9784134b4e571067a615a7a4a2e_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-9230"
},
{
"category": "external",
"summary": "RHBZ#2396054",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2396054"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-9230",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9230"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-9230",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-9230"
}
],
"release_date": "2025-09-30T23:59:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-12-15T15:29:01+00:00",
"details": "For more information visit https://access.redhat.com/errata/RHSA-2025:23202",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/model-opt-cuda-rhel9@sha256:f083e52ef4198ab8123c49eb044c4374ec996f65633d224bb8152ef0c3f30e7d_arm64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/model-opt-cuda-rhel9@sha256:fca12d55fef49b9a67c8aa7c2c004adb8916b9784134b4e571067a615a7a4a2e_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:23202"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/model-opt-cuda-rhel9@sha256:f083e52ef4198ab8123c49eb044c4374ec996f65633d224bb8152ef0c3f30e7d_arm64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/model-opt-cuda-rhel9@sha256:fca12d55fef49b9a67c8aa7c2c004adb8916b9784134b4e571067a615a7a4a2e_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/model-opt-cuda-rhel9@sha256:f083e52ef4198ab8123c49eb044c4374ec996f65633d224bb8152ef0c3f30e7d_arm64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/model-opt-cuda-rhel9@sha256:fca12d55fef49b9a67c8aa7c2c004adb8916b9784134b4e571067a615a7a4a2e_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "openssl: Out-of-bounds read \u0026 write in RFC 3211 KEK Unwrap"
},
{
"cve": "CVE-2025-9714",
"cwe": {
"id": "CWE-606",
"name": "Unchecked Input for Loop Condition"
},
"discovery_date": "2025-09-02T13:03:56.452000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2392605"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in libxstl/libxml2. The \u0027exsltDynMapFunction\u0027 function in libexslt/dynamic.c does not contain a recursion depth check, which may cause an infinite loop via a specially crafted XSLT document while handling \u0027dyn:map()\u0027, leading to stack exhaustion and a local denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libxslt: libxml2: Inifinite recursion at exsltDynMapFunction function in libexslt/dynamic.c",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "No evidence was found for arbitrary memory corruption through this flaw, limiting its impact to Availability only, and reducing its severity to Moderate.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/model-opt-cuda-rhel9@sha256:f083e52ef4198ab8123c49eb044c4374ec996f65633d224bb8152ef0c3f30e7d_arm64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/model-opt-cuda-rhel9@sha256:fca12d55fef49b9a67c8aa7c2c004adb8916b9784134b4e571067a615a7a4a2e_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-9714"
},
{
"category": "external",
"summary": "RHBZ#2392605",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2392605"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-9714",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9714"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-9714",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-9714"
},
{
"category": "external",
"summary": "https://gitlab.gnome.org/GNOME/libxml2/-/commit/677a42645ef22b5a50741bad5facf9d8a8bc6d21",
"url": "https://gitlab.gnome.org/GNOME/libxml2/-/commit/677a42645ef22b5a50741bad5facf9d8a8bc6d21"
},
{
"category": "external",
"summary": "https://gitlab.gnome.org/GNOME/libxslt/-/issues/148",
"url": "https://gitlab.gnome.org/GNOME/libxslt/-/issues/148"
}
],
"release_date": "2025-09-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-12-15T15:29:01+00:00",
"details": "For more information visit https://access.redhat.com/errata/RHSA-2025:23202",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/model-opt-cuda-rhel9@sha256:f083e52ef4198ab8123c49eb044c4374ec996f65633d224bb8152ef0c3f30e7d_arm64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/model-opt-cuda-rhel9@sha256:fca12d55fef49b9a67c8aa7c2c004adb8916b9784134b4e571067a615a7a4a2e_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:23202"
},
{
"category": "workaround",
"details": "The impact of this flaw may be reduced by setting strict resource limits to the stack size of processes at the operational system level. This can be achieved either through the \u0027ulimit\u0027 shell built-in or the \u0027limits.conf\u0027 file.",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/model-opt-cuda-rhel9@sha256:f083e52ef4198ab8123c49eb044c4374ec996f65633d224bb8152ef0c3f30e7d_arm64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/model-opt-cuda-rhel9@sha256:fca12d55fef49b9a67c8aa7c2c004adb8916b9784134b4e571067a615a7a4a2e_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/model-opt-cuda-rhel9@sha256:f083e52ef4198ab8123c49eb044c4374ec996f65633d224bb8152ef0c3f30e7d_arm64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/model-opt-cuda-rhel9@sha256:fca12d55fef49b9a67c8aa7c2c004adb8916b9784134b4e571067a615a7a4a2e_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "libxslt: libxml2: Inifinite recursion at exsltDynMapFunction function in libexslt/dynamic.c"
},
{
"acknowledgments": [
{
"names": [
"jub0bs"
]
}
],
"cve": "CVE-2025-22868",
"cwe": {
"id": "CWE-1286",
"name": "Improper Validation of Syntactic Correctness of Input"
},
"discovery_date": "2025-02-26T04:00:44.350024+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2348366"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the `golang.org/x/oauth2/jws` package in the token parsing component. This vulnerability is made possible because of the use of `strings.Split(token, \".\")` to split JWT tokens, which can lead to excessive memory consumption when processing maliciously crafted tokens with a large number of `.` characters. An attacker could exploit this functionality by sending numerous malformed tokens and can trigger memory exhaustion and a Denial of Service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang.org/x/oauth2/jws: Unexpected memory consumption during token parsing in golang.org/x/oauth2/jws",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/model-opt-cuda-rhel9@sha256:f083e52ef4198ab8123c49eb044c4374ec996f65633d224bb8152ef0c3f30e7d_arm64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/model-opt-cuda-rhel9@sha256:fca12d55fef49b9a67c8aa7c2c004adb8916b9784134b4e571067a615a7a4a2e_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-22868"
},
{
"category": "external",
"summary": "RHBZ#2348366",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2348366"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-22868",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22868"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-22868",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-22868"
},
{
"category": "external",
"summary": "https://go.dev/cl/652155",
"url": "https://go.dev/cl/652155"
},
{
"category": "external",
"summary": "https://go.dev/issue/71490",
"url": "https://go.dev/issue/71490"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-3488",
"url": "https://pkg.go.dev/vuln/GO-2025-3488"
}
],
"release_date": "2025-02-26T03:07:49.012000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-12-15T15:29:01+00:00",
"details": "For more information visit https://access.redhat.com/errata/RHSA-2025:23202",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/model-opt-cuda-rhel9@sha256:f083e52ef4198ab8123c49eb044c4374ec996f65633d224bb8152ef0c3f30e7d_arm64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/model-opt-cuda-rhel9@sha256:fca12d55fef49b9a67c8aa7c2c004adb8916b9784134b4e571067a615a7a4a2e_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:23202"
},
{
"category": "workaround",
"details": "To mitigate this vulnerability, it is recommended to pre-validate any payloads passed to `go-jose` to check that they do not contain an excessive amount of `.` characters.",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/model-opt-cuda-rhel9@sha256:f083e52ef4198ab8123c49eb044c4374ec996f65633d224bb8152ef0c3f30e7d_arm64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/model-opt-cuda-rhel9@sha256:fca12d55fef49b9a67c8aa7c2c004adb8916b9784134b4e571067a615a7a4a2e_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/model-opt-cuda-rhel9@sha256:f083e52ef4198ab8123c49eb044c4374ec996f65633d224bb8152ef0c3f30e7d_arm64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/model-opt-cuda-rhel9@sha256:fca12d55fef49b9a67c8aa7c2c004adb8916b9784134b4e571067a615a7a4a2e_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang.org/x/oauth2/jws: Unexpected memory consumption during token parsing in golang.org/x/oauth2/jws"
},
{
"cve": "CVE-2025-22869",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2025-02-26T04:00:47.683125+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2348367"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the golang.org/x/crypto/ssh package. SSH clients and servers are vulnerable to increased resource consumption, possibly leading to memory exhaustion and a DoS. This can occur during key exchange when the other party is slow to respond during key exchange.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang.org/x/crypto/ssh: Denial of Service in the Key Exchange of golang.org/x/crypto/ssh",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "While this flaw affects both SSH clients and servers implemented with golang.org/x/crypto/ssh, realistically the flaw will only lead to a DoS when transferring large files, greatly reducing the likelihood of exploitation.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/model-opt-cuda-rhel9@sha256:f083e52ef4198ab8123c49eb044c4374ec996f65633d224bb8152ef0c3f30e7d_arm64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/model-opt-cuda-rhel9@sha256:fca12d55fef49b9a67c8aa7c2c004adb8916b9784134b4e571067a615a7a4a2e_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-22869"
},
{
"category": "external",
"summary": "RHBZ#2348367",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2348367"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-22869",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22869"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-22869",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-22869"
},
{
"category": "external",
"summary": "https://go.dev/cl/652135",
"url": "https://go.dev/cl/652135"
},
{
"category": "external",
"summary": "https://go.dev/issue/71931",
"url": "https://go.dev/issue/71931"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-3487",
"url": "https://pkg.go.dev/vuln/GO-2025-3487"
}
],
"release_date": "2025-02-26T03:07:48.855000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-12-15T15:29:01+00:00",
"details": "For more information visit https://access.redhat.com/errata/RHSA-2025:23202",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/model-opt-cuda-rhel9@sha256:f083e52ef4198ab8123c49eb044c4374ec996f65633d224bb8152ef0c3f30e7d_arm64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/model-opt-cuda-rhel9@sha256:fca12d55fef49b9a67c8aa7c2c004adb8916b9784134b4e571067a615a7a4a2e_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:23202"
},
{
"category": "workaround",
"details": "This flaw can be mitigated when using the client only connecting to trusted servers.",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/model-opt-cuda-rhel9@sha256:f083e52ef4198ab8123c49eb044c4374ec996f65633d224bb8152ef0c3f30e7d_arm64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/model-opt-cuda-rhel9@sha256:fca12d55fef49b9a67c8aa7c2c004adb8916b9784134b4e571067a615a7a4a2e_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/model-opt-cuda-rhel9@sha256:f083e52ef4198ab8123c49eb044c4374ec996f65633d224bb8152ef0c3f30e7d_arm64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/model-opt-cuda-rhel9@sha256:fca12d55fef49b9a67c8aa7c2c004adb8916b9784134b4e571067a615a7a4a2e_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang.org/x/crypto/ssh: Denial of Service in the Key Exchange of golang.org/x/crypto/ssh"
},
{
"cve": "CVE-2025-52565",
"cwe": {
"id": "CWE-59",
"name": "Improper Link Resolution Before File Access (\u0027Link Following\u0027)"
},
"discovery_date": "2025-10-17T14:19:18.653000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2404708"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in runc. CVE-2025-52565 is very similar in concept and application toCVE-2025-31133, except that it exploits a flaw in /dev/console\nbind-mounts. When creating the /dev/console bind-mount (to /dev/pts/$n), if an attacker replaces /dev/pts/$n with a symlink then runc will bind-mount the symlink target over /dev/console.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "runc: container escape with malicious config due to /dev/console mount and related races",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat considers this as an Important flaw since the impact is limited to local attack with minimal privileges in order to jeopardize the environment.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/model-opt-cuda-rhel9@sha256:f083e52ef4198ab8123c49eb044c4374ec996f65633d224bb8152ef0c3f30e7d_arm64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/model-opt-cuda-rhel9@sha256:fca12d55fef49b9a67c8aa7c2c004adb8916b9784134b4e571067a615a7a4a2e_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-52565"
},
{
"category": "external",
"summary": "RHBZ#2404708",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2404708"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-52565",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-52565"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-52565",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-52565"
}
],
"release_date": "2025-11-05T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-12-15T15:29:01+00:00",
"details": "For more information visit https://access.redhat.com/errata/RHSA-2025:23202",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/model-opt-cuda-rhel9@sha256:f083e52ef4198ab8123c49eb044c4374ec996f65633d224bb8152ef0c3f30e7d_arm64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/model-opt-cuda-rhel9@sha256:fca12d55fef49b9a67c8aa7c2c004adb8916b9784134b4e571067a615a7a4a2e_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:23202"
},
{
"category": "workaround",
"details": "Potential mitigations for this issue include:\n\n* Using user namespaces, with the host root user not mapped into the container\u0027s namespace. procfs file permissions are managed using Unix DAC and thus user namespaces stop a container process from being able to write to them.\n* Not running as a root user in the container (this includes disabling setuid binaries with noNewPrivileges). As above, procfs file permissions are managed using Unix DAC and thus non-root users cannot write to them.\n* The default SELinux policy should mitigate this issue, as the /dev/console bind-mount does not re-label the mount and so the container process should not be able to write to unsafe procfs files. However, CVE-2025-52881 allows an attacker to bypass LSM labels, and so this mitigation is not helpful when considered in combination with CVE-2025-52881.\n* The default AppArmor profile used by most runtimes will NOT help mitigate this issue, as /dev/console access is permitted. You could create a custom profile that blocks access to /dev/console, but such a profile might break regular containers. In addition, CVE-2025-52881 allows an attacker to bypass LSM labels, and so that mitigation is not helpful when considered in combination with CVE-2025-52881.",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/model-opt-cuda-rhel9@sha256:f083e52ef4198ab8123c49eb044c4374ec996f65633d224bb8152ef0c3f30e7d_arm64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/model-opt-cuda-rhel9@sha256:fca12d55fef49b9a67c8aa7c2c004adb8916b9784134b4e571067a615a7a4a2e_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/model-opt-cuda-rhel9@sha256:f083e52ef4198ab8123c49eb044c4374ec996f65633d224bb8152ef0c3f30e7d_arm64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/model-opt-cuda-rhel9@sha256:fca12d55fef49b9a67c8aa7c2c004adb8916b9784134b4e571067a615a7a4a2e_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "runc: container escape with malicious config due to /dev/console mount and related races"
},
{
"cve": "CVE-2025-59375",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2025-09-15T03:00:59.775098+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2395108"
}
],
"notes": [
{
"category": "description",
"text": "A memory amplification vulnerability in libexpat allows attackers to trigger excessive dynamic memory allocations by submitting specially crafted XML input. A small input (~250 KiB) can cause the parser to allocate hundreds of megabytes, leading to denial-of-service (DoS) through memory exhaustion.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "expat: libexpat in Expat allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue is Important rather than Critical because, while it allows for significant resource exhaustion leading to denial-of-service (DoS), it does not enable arbitrary code execution, data leakage, or privilege escalation. The vulnerability stems from an uncontrolled memory amplification behavior in libexpat\u2019s parser, where a relatively small XML payload can cause disproportionately large heap allocations. However, the flaw is limited in scope to service disruption and requires the attacker to submit a crafted XML document\u2014something that can be mitigated with proper input validation and memory usage limits. Therefore, while the exploitability is high, the impact is confined to availability, not confidentiality or integrity, making it a high-severity but not critical flaw.\n\nIn Firefox and Thunderbird, where libexpat is a transitive userspace dependency, exploitation usually just crashes the application (app-level DoS), so it is classify as Moderate instead of Important.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/model-opt-cuda-rhel9@sha256:f083e52ef4198ab8123c49eb044c4374ec996f65633d224bb8152ef0c3f30e7d_arm64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/model-opt-cuda-rhel9@sha256:fca12d55fef49b9a67c8aa7c2c004adb8916b9784134b4e571067a615a7a4a2e_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-59375"
},
{
"category": "external",
"summary": "RHBZ#2395108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2395108"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-59375",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59375"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-59375",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-59375"
},
{
"category": "external",
"summary": "https://github.com/libexpat/libexpat/blob/676a4c531ec768732fac215da9730b5f50fbd2bf/expat/Changes#L45-L74",
"url": "https://github.com/libexpat/libexpat/blob/676a4c531ec768732fac215da9730b5f50fbd2bf/expat/Changes#L45-L74"
},
{
"category": "external",
"summary": "https://github.com/libexpat/libexpat/issues/1018",
"url": "https://github.com/libexpat/libexpat/issues/1018"
},
{
"category": "external",
"summary": "https://github.com/libexpat/libexpat/pull/1034",
"url": "https://github.com/libexpat/libexpat/pull/1034"
},
{
"category": "external",
"summary": "https://issues.oss-fuzz.com/issues/439133977",
"url": "https://issues.oss-fuzz.com/issues/439133977"
}
],
"release_date": "2025-09-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-12-15T15:29:01+00:00",
"details": "For more information visit https://access.redhat.com/errata/RHSA-2025:23202",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/model-opt-cuda-rhel9@sha256:f083e52ef4198ab8123c49eb044c4374ec996f65633d224bb8152ef0c3f30e7d_arm64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/model-opt-cuda-rhel9@sha256:fca12d55fef49b9a67c8aa7c2c004adb8916b9784134b4e571067a615a7a4a2e_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:23202"
},
{
"category": "workaround",
"details": "To mitigate the issue, limit XML input size and complexity before parsing, and avoid accepting compressed or deeply nested XML. Use OS-level resource controls (like ulimit or setrlimit()) to cap memory usage, or run the parser in a sandboxed or isolated process with strict memory and CPU limits. This helps prevent denial-of-service by containing excessive resource consumption.",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/model-opt-cuda-rhel9@sha256:f083e52ef4198ab8123c49eb044c4374ec996f65633d224bb8152ef0c3f30e7d_arm64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/model-opt-cuda-rhel9@sha256:fca12d55fef49b9a67c8aa7c2c004adb8916b9784134b4e571067a615a7a4a2e_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/model-opt-cuda-rhel9@sha256:f083e52ef4198ab8123c49eb044c4374ec996f65633d224bb8152ef0c3f30e7d_arm64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/model-opt-cuda-rhel9@sha256:fca12d55fef49b9a67c8aa7c2c004adb8916b9784134b4e571067a615a7a4a2e_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "expat: libexpat in Expat allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing"
},
{
"cve": "CVE-2025-66506",
"cwe": {
"id": "CWE-405",
"name": "Asymmetric Resource Consumption (Amplification)"
},
"discovery_date": "2025-12-04T23:01:20.507333+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2419056"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Fulcio, a free-to-use certificate authority. This vulnerability allows a denial of service (DoS) due to excessive memory allocation when processing a malicious OpenID Connect (OIDC) identity token containing numerous period characters.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "github.com/sigstore/fulcio: Fulcio: Denial of Service via crafted OpenID Connect (OIDC) token",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Important for Red Hat as Fulcio, a certificate authority used for issuing code signing certificates, is susceptible to a denial of service when processing a specially crafted OpenID Connect (OIDC) token. This could lead to resource exhaustion and service unavailability in affected Red Hat products that utilize Fulcio.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/model-opt-cuda-rhel9@sha256:f083e52ef4198ab8123c49eb044c4374ec996f65633d224bb8152ef0c3f30e7d_arm64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/model-opt-cuda-rhel9@sha256:fca12d55fef49b9a67c8aa7c2c004adb8916b9784134b4e571067a615a7a4a2e_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-66506"
},
{
"category": "external",
"summary": "RHBZ#2419056",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2419056"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-66506",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66506"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-66506",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66506"
},
{
"category": "external",
"summary": "https://github.com/sigstore/fulcio/commit/765a0e57608b9ef390e1eeeea8595b9054c63a5a",
"url": "https://github.com/sigstore/fulcio/commit/765a0e57608b9ef390e1eeeea8595b9054c63a5a"
},
{
"category": "external",
"summary": "https://github.com/sigstore/fulcio/security/advisories/GHSA-f83f-xpx7-ffpw",
"url": "https://github.com/sigstore/fulcio/security/advisories/GHSA-f83f-xpx7-ffpw"
}
],
"release_date": "2025-12-04T22:04:41.637000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-12-15T15:29:01+00:00",
"details": "For more information visit https://access.redhat.com/errata/RHSA-2025:23202",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/model-opt-cuda-rhel9@sha256:f083e52ef4198ab8123c49eb044c4374ec996f65633d224bb8152ef0c3f30e7d_arm64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/model-opt-cuda-rhel9@sha256:fca12d55fef49b9a67c8aa7c2c004adb8916b9784134b4e571067a615a7a4a2e_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:23202"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/model-opt-cuda-rhel9@sha256:f083e52ef4198ab8123c49eb044c4374ec996f65633d224bb8152ef0c3f30e7d_arm64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/model-opt-cuda-rhel9@sha256:fca12d55fef49b9a67c8aa7c2c004adb8916b9784134b4e571067a615a7a4a2e_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "github.com/sigstore/fulcio: Fulcio: Denial of Service via crafted OpenID Connect (OIDC) token"
}
]
}
RHSA-2025:23205
Vulnerability from csaf_redhat - Published: 2025-12-15 15:38 - Updated: 2026-02-08 07:22Summary
Red Hat Security Advisory: Red Hat AI Inference Server 3.2.5 (ROCm)
Notes
Topic
Red Hat AI Inference Server 3.2.5 (ROCm) is now available.
Details
Red Hat® AI Inference Server
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat AI Inference Server 3.2.5 (ROCm) is now available.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat\u00ae AI Inference Server",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:23205",
"url": "https://access.redhat.com/errata/RHSA-2025:23205"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-22868",
"url": "https://access.redhat.com/security/cve/CVE-2025-22868"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-22869",
"url": "https://access.redhat.com/security/cve/CVE-2025-22869"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-47906",
"url": "https://access.redhat.com/security/cve/CVE-2025-47906"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-52565",
"url": "https://access.redhat.com/security/cve/CVE-2025-52565"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-59375",
"url": "https://access.redhat.com/security/cve/CVE-2025-59375"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-62164",
"url": "https://access.redhat.com/security/cve/CVE-2025-62164"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-62372",
"url": "https://access.redhat.com/security/cve/CVE-2025-62372"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-66448",
"url": "https://access.redhat.com/security/cve/CVE-2025-66448"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-66506",
"url": "https://access.redhat.com/security/cve/CVE-2025-66506"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-9230",
"url": "https://access.redhat.com/security/cve/CVE-2025-9230"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-9714",
"url": "https://access.redhat.com/security/cve/CVE-2025-9714"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "external",
"summary": "https://www.redhat.com/en/products/ai/inference-server",
"url": "https://www.redhat.com/en/products/ai/inference-server"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_23205.json"
}
],
"title": "Red Hat Security Advisory: Red Hat AI Inference Server 3.2.5 (ROCm)",
"tracking": {
"current_release_date": "2026-02-08T07:22:39+00:00",
"generator": {
"date": "2026-02-08T07:22:39+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.1"
}
},
"id": "RHSA-2025:23205",
"initial_release_date": "2025-12-15T15:38:07+00:00",
"revision_history": [
{
"date": "2025-12-15T15:38:07+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-12-15T15:38:16+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-02-08T07:22:39+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat AI Inference Server 3.2",
"product": {
"name": "Red Hat AI Inference Server 3.2",
"product_id": "Red Hat AI Inference Server 3.2",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:ai_inference_server:3.2::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat AI Inference Server"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:e3b3efcdd86f60b90664a249d45918b2ac5f45bae5eed5399e310d63e878b287_amd64",
"product": {
"name": "registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:e3b3efcdd86f60b90664a249d45918b2ac5f45bae5eed5399e310d63e878b287_amd64",
"product_id": "registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:e3b3efcdd86f60b90664a249d45918b2ac5f45bae5eed5399e310d63e878b287_amd64",
"product_identification_helper": {
"purl": "pkg:oci/vllm-rocm-rhel9@sha256%3Ae3b3efcdd86f60b90664a249d45918b2ac5f45bae5eed5399e310d63e878b287?arch=amd64\u0026repository_url=registry.redhat.io/rhaiis\u0026tag=3.2.5-1765361180"
}
}
}
],
"category": "architecture",
"name": "amd64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:e3b3efcdd86f60b90664a249d45918b2ac5f45bae5eed5399e310d63e878b287_amd64 as a component of Red Hat AI Inference Server 3.2",
"product_id": "Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:e3b3efcdd86f60b90664a249d45918b2ac5f45bae5eed5399e310d63e878b287_amd64"
},
"product_reference": "registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:e3b3efcdd86f60b90664a249d45918b2ac5f45bae5eed5399e310d63e878b287_amd64",
"relates_to_product_reference": "Red Hat AI Inference Server 3.2"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-9230",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2025-09-17T12:15:34.387000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2396054"
}
],
"notes": [
{
"category": "description",
"text": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openssl: Out-of-bounds read \u0026 write in RFC 3211 KEK Unwrap",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The vulnerability was rated as Moderate because, while the potential impact includes an application level denial of service and possible arbitrary code execution, successful exploitation is considered unlikely due to the high attack complexity and the fact that password-based CMS encryption (PWRI) is rarely used in real-world deployments.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:e3b3efcdd86f60b90664a249d45918b2ac5f45bae5eed5399e310d63e878b287_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-9230"
},
{
"category": "external",
"summary": "RHBZ#2396054",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2396054"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-9230",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9230"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-9230",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-9230"
}
],
"release_date": "2025-09-30T23:59:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-12-15T15:38:07+00:00",
"details": "For more information visit https://access.redhat.com/errata/RHSA-2025:23205",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:e3b3efcdd86f60b90664a249d45918b2ac5f45bae5eed5399e310d63e878b287_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:23205"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:e3b3efcdd86f60b90664a249d45918b2ac5f45bae5eed5399e310d63e878b287_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:e3b3efcdd86f60b90664a249d45918b2ac5f45bae5eed5399e310d63e878b287_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "openssl: Out-of-bounds read \u0026 write in RFC 3211 KEK Unwrap"
},
{
"cve": "CVE-2025-9714",
"cwe": {
"id": "CWE-606",
"name": "Unchecked Input for Loop Condition"
},
"discovery_date": "2025-09-02T13:03:56.452000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2392605"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in libxstl/libxml2. The \u0027exsltDynMapFunction\u0027 function in libexslt/dynamic.c does not contain a recursion depth check, which may cause an infinite loop via a specially crafted XSLT document while handling \u0027dyn:map()\u0027, leading to stack exhaustion and a local denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libxslt: libxml2: Inifinite recursion at exsltDynMapFunction function in libexslt/dynamic.c",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "No evidence was found for arbitrary memory corruption through this flaw, limiting its impact to Availability only, and reducing its severity to Moderate.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:e3b3efcdd86f60b90664a249d45918b2ac5f45bae5eed5399e310d63e878b287_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-9714"
},
{
"category": "external",
"summary": "RHBZ#2392605",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2392605"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-9714",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9714"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-9714",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-9714"
},
{
"category": "external",
"summary": "https://gitlab.gnome.org/GNOME/libxml2/-/commit/677a42645ef22b5a50741bad5facf9d8a8bc6d21",
"url": "https://gitlab.gnome.org/GNOME/libxml2/-/commit/677a42645ef22b5a50741bad5facf9d8a8bc6d21"
},
{
"category": "external",
"summary": "https://gitlab.gnome.org/GNOME/libxslt/-/issues/148",
"url": "https://gitlab.gnome.org/GNOME/libxslt/-/issues/148"
}
],
"release_date": "2025-09-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-12-15T15:38:07+00:00",
"details": "For more information visit https://access.redhat.com/errata/RHSA-2025:23205",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:e3b3efcdd86f60b90664a249d45918b2ac5f45bae5eed5399e310d63e878b287_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:23205"
},
{
"category": "workaround",
"details": "The impact of this flaw may be reduced by setting strict resource limits to the stack size of processes at the operational system level. This can be achieved either through the \u0027ulimit\u0027 shell built-in or the \u0027limits.conf\u0027 file.",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:e3b3efcdd86f60b90664a249d45918b2ac5f45bae5eed5399e310d63e878b287_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:e3b3efcdd86f60b90664a249d45918b2ac5f45bae5eed5399e310d63e878b287_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "libxslt: libxml2: Inifinite recursion at exsltDynMapFunction function in libexslt/dynamic.c"
},
{
"acknowledgments": [
{
"names": [
"jub0bs"
]
}
],
"cve": "CVE-2025-22868",
"cwe": {
"id": "CWE-1286",
"name": "Improper Validation of Syntactic Correctness of Input"
},
"discovery_date": "2025-02-26T04:00:44.350024+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2348366"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the `golang.org/x/oauth2/jws` package in the token parsing component. This vulnerability is made possible because of the use of `strings.Split(token, \".\")` to split JWT tokens, which can lead to excessive memory consumption when processing maliciously crafted tokens with a large number of `.` characters. An attacker could exploit this functionality by sending numerous malformed tokens and can trigger memory exhaustion and a Denial of Service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang.org/x/oauth2/jws: Unexpected memory consumption during token parsing in golang.org/x/oauth2/jws",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:e3b3efcdd86f60b90664a249d45918b2ac5f45bae5eed5399e310d63e878b287_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-22868"
},
{
"category": "external",
"summary": "RHBZ#2348366",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2348366"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-22868",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22868"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-22868",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-22868"
},
{
"category": "external",
"summary": "https://go.dev/cl/652155",
"url": "https://go.dev/cl/652155"
},
{
"category": "external",
"summary": "https://go.dev/issue/71490",
"url": "https://go.dev/issue/71490"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-3488",
"url": "https://pkg.go.dev/vuln/GO-2025-3488"
}
],
"release_date": "2025-02-26T03:07:49.012000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-12-15T15:38:07+00:00",
"details": "For more information visit https://access.redhat.com/errata/RHSA-2025:23205",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:e3b3efcdd86f60b90664a249d45918b2ac5f45bae5eed5399e310d63e878b287_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:23205"
},
{
"category": "workaround",
"details": "To mitigate this vulnerability, it is recommended to pre-validate any payloads passed to `go-jose` to check that they do not contain an excessive amount of `.` characters.",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:e3b3efcdd86f60b90664a249d45918b2ac5f45bae5eed5399e310d63e878b287_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:e3b3efcdd86f60b90664a249d45918b2ac5f45bae5eed5399e310d63e878b287_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang.org/x/oauth2/jws: Unexpected memory consumption during token parsing in golang.org/x/oauth2/jws"
},
{
"cve": "CVE-2025-22869",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2025-02-26T04:00:47.683125+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2348367"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the golang.org/x/crypto/ssh package. SSH clients and servers are vulnerable to increased resource consumption, possibly leading to memory exhaustion and a DoS. This can occur during key exchange when the other party is slow to respond during key exchange.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang.org/x/crypto/ssh: Denial of Service in the Key Exchange of golang.org/x/crypto/ssh",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "While this flaw affects both SSH clients and servers implemented with golang.org/x/crypto/ssh, realistically the flaw will only lead to a DoS when transferring large files, greatly reducing the likelihood of exploitation.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:e3b3efcdd86f60b90664a249d45918b2ac5f45bae5eed5399e310d63e878b287_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-22869"
},
{
"category": "external",
"summary": "RHBZ#2348367",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2348367"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-22869",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22869"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-22869",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-22869"
},
{
"category": "external",
"summary": "https://go.dev/cl/652135",
"url": "https://go.dev/cl/652135"
},
{
"category": "external",
"summary": "https://go.dev/issue/71931",
"url": "https://go.dev/issue/71931"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-3487",
"url": "https://pkg.go.dev/vuln/GO-2025-3487"
}
],
"release_date": "2025-02-26T03:07:48.855000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-12-15T15:38:07+00:00",
"details": "For more information visit https://access.redhat.com/errata/RHSA-2025:23205",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:e3b3efcdd86f60b90664a249d45918b2ac5f45bae5eed5399e310d63e878b287_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:23205"
},
{
"category": "workaround",
"details": "This flaw can be mitigated when using the client only connecting to trusted servers.",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:e3b3efcdd86f60b90664a249d45918b2ac5f45bae5eed5399e310d63e878b287_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:e3b3efcdd86f60b90664a249d45918b2ac5f45bae5eed5399e310d63e878b287_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang.org/x/crypto/ssh: Denial of Service in the Key Exchange of golang.org/x/crypto/ssh"
},
{
"cve": "CVE-2025-47906",
"cwe": {
"id": "CWE-440",
"name": "Expected Behavior Violation"
},
"discovery_date": "2025-09-18T19:00:47.541046+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2396546"
}
],
"notes": [
{
"category": "description",
"text": "If the PATH environment variable contains paths which are executables (rather than just directories), passing certain strings to LookPath (\"\", \".\", and \"..\"), can result in the binaries listed in the PATH being unexpectedly returned.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "os/exec: Unexpected paths returned from LookPath in os/exec",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:e3b3efcdd86f60b90664a249d45918b2ac5f45bae5eed5399e310d63e878b287_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-47906"
},
{
"category": "external",
"summary": "RHBZ#2396546",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2396546"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-47906",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47906"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-47906",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-47906"
},
{
"category": "external",
"summary": "https://go.dev/cl/691775",
"url": "https://go.dev/cl/691775"
},
{
"category": "external",
"summary": "https://go.dev/issue/74466",
"url": "https://go.dev/issue/74466"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/x5MKroML2yM",
"url": "https://groups.google.com/g/golang-announce/c/x5MKroML2yM"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-3956",
"url": "https://pkg.go.dev/vuln/GO-2025-3956"
}
],
"release_date": "2025-09-18T18:41:11.847000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-12-15T15:38:07+00:00",
"details": "For more information visit https://access.redhat.com/errata/RHSA-2025:23205",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:e3b3efcdd86f60b90664a249d45918b2ac5f45bae5eed5399e310d63e878b287_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:23205"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:e3b3efcdd86f60b90664a249d45918b2ac5f45bae5eed5399e310d63e878b287_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L",
"version": "3.1"
},
"products": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:e3b3efcdd86f60b90664a249d45918b2ac5f45bae5eed5399e310d63e878b287_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "os/exec: Unexpected paths returned from LookPath in os/exec"
},
{
"cve": "CVE-2025-52565",
"cwe": {
"id": "CWE-59",
"name": "Improper Link Resolution Before File Access (\u0027Link Following\u0027)"
},
"discovery_date": "2025-10-17T14:19:18.653000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2404708"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in runc. CVE-2025-52565 is very similar in concept and application toCVE-2025-31133, except that it exploits a flaw in /dev/console\nbind-mounts. When creating the /dev/console bind-mount (to /dev/pts/$n), if an attacker replaces /dev/pts/$n with a symlink then runc will bind-mount the symlink target over /dev/console.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "runc: container escape with malicious config due to /dev/console mount and related races",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat considers this as an Important flaw since the impact is limited to local attack with minimal privileges in order to jeopardize the environment.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:e3b3efcdd86f60b90664a249d45918b2ac5f45bae5eed5399e310d63e878b287_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-52565"
},
{
"category": "external",
"summary": "RHBZ#2404708",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2404708"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-52565",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-52565"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-52565",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-52565"
}
],
"release_date": "2025-11-05T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-12-15T15:38:07+00:00",
"details": "For more information visit https://access.redhat.com/errata/RHSA-2025:23205",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:e3b3efcdd86f60b90664a249d45918b2ac5f45bae5eed5399e310d63e878b287_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:23205"
},
{
"category": "workaround",
"details": "Potential mitigations for this issue include:\n\n* Using user namespaces, with the host root user not mapped into the container\u0027s namespace. procfs file permissions are managed using Unix DAC and thus user namespaces stop a container process from being able to write to them.\n* Not running as a root user in the container (this includes disabling setuid binaries with noNewPrivileges). As above, procfs file permissions are managed using Unix DAC and thus non-root users cannot write to them.\n* The default SELinux policy should mitigate this issue, as the /dev/console bind-mount does not re-label the mount and so the container process should not be able to write to unsafe procfs files. However, CVE-2025-52881 allows an attacker to bypass LSM labels, and so this mitigation is not helpful when considered in combination with CVE-2025-52881.\n* The default AppArmor profile used by most runtimes will NOT help mitigate this issue, as /dev/console access is permitted. You could create a custom profile that blocks access to /dev/console, but such a profile might break regular containers. In addition, CVE-2025-52881 allows an attacker to bypass LSM labels, and so that mitigation is not helpful when considered in combination with CVE-2025-52881.",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:e3b3efcdd86f60b90664a249d45918b2ac5f45bae5eed5399e310d63e878b287_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:e3b3efcdd86f60b90664a249d45918b2ac5f45bae5eed5399e310d63e878b287_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "runc: container escape with malicious config due to /dev/console mount and related races"
},
{
"cve": "CVE-2025-59375",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2025-09-15T03:00:59.775098+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2395108"
}
],
"notes": [
{
"category": "description",
"text": "A memory amplification vulnerability in libexpat allows attackers to trigger excessive dynamic memory allocations by submitting specially crafted XML input. A small input (~250 KiB) can cause the parser to allocate hundreds of megabytes, leading to denial-of-service (DoS) through memory exhaustion.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "expat: libexpat in Expat allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue is Important rather than Critical because, while it allows for significant resource exhaustion leading to denial-of-service (DoS), it does not enable arbitrary code execution, data leakage, or privilege escalation. The vulnerability stems from an uncontrolled memory amplification behavior in libexpat\u2019s parser, where a relatively small XML payload can cause disproportionately large heap allocations. However, the flaw is limited in scope to service disruption and requires the attacker to submit a crafted XML document\u2014something that can be mitigated with proper input validation and memory usage limits. Therefore, while the exploitability is high, the impact is confined to availability, not confidentiality or integrity, making it a high-severity but not critical flaw.\n\nIn Firefox and Thunderbird, where libexpat is a transitive userspace dependency, exploitation usually just crashes the application (app-level DoS), so it is classify as Moderate instead of Important.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:e3b3efcdd86f60b90664a249d45918b2ac5f45bae5eed5399e310d63e878b287_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-59375"
},
{
"category": "external",
"summary": "RHBZ#2395108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2395108"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-59375",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59375"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-59375",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-59375"
},
{
"category": "external",
"summary": "https://github.com/libexpat/libexpat/blob/676a4c531ec768732fac215da9730b5f50fbd2bf/expat/Changes#L45-L74",
"url": "https://github.com/libexpat/libexpat/blob/676a4c531ec768732fac215da9730b5f50fbd2bf/expat/Changes#L45-L74"
},
{
"category": "external",
"summary": "https://github.com/libexpat/libexpat/issues/1018",
"url": "https://github.com/libexpat/libexpat/issues/1018"
},
{
"category": "external",
"summary": "https://github.com/libexpat/libexpat/pull/1034",
"url": "https://github.com/libexpat/libexpat/pull/1034"
},
{
"category": "external",
"summary": "https://issues.oss-fuzz.com/issues/439133977",
"url": "https://issues.oss-fuzz.com/issues/439133977"
}
],
"release_date": "2025-09-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-12-15T15:38:07+00:00",
"details": "For more information visit https://access.redhat.com/errata/RHSA-2025:23205",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:e3b3efcdd86f60b90664a249d45918b2ac5f45bae5eed5399e310d63e878b287_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:23205"
},
{
"category": "workaround",
"details": "To mitigate the issue, limit XML input size and complexity before parsing, and avoid accepting compressed or deeply nested XML. Use OS-level resource controls (like ulimit or setrlimit()) to cap memory usage, or run the parser in a sandboxed or isolated process with strict memory and CPU limits. This helps prevent denial-of-service by containing excessive resource consumption.",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:e3b3efcdd86f60b90664a249d45918b2ac5f45bae5eed5399e310d63e878b287_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:e3b3efcdd86f60b90664a249d45918b2ac5f45bae5eed5399e310d63e878b287_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "expat: libexpat in Expat allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing"
},
{
"cve": "CVE-2025-62164",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2025-11-21T02:01:11.280042+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2416282"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability in vLLM allows attackers to supply malicious serialized prompt-embedding tensors that are deserialized using torch.load() without validation. Due to PyTorch 2.8.0 disabling sparse-tensor integrity checks by default, a crafted tensor can bypass bounds checks and cause an out-of-bounds write during to_dense(), leading to a crash (DoS) and potentially remote code execution on the vLLM server.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "vllm: VLLM deserialization vulnerability leading to DoS and potential RCE",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is considered important rather than moderate because it involves unsafe deserialization leading to memory corruption in a network-reachable, unauthenticated API path. Unlike typical moderate flaws that may only allow limited DoS or require specific conditions, this issue allows an attacker to supply a crafted sparse tensor that triggers an out-of-bounds memory write during PyTorch\u2019s to_dense() conversion. Memory corruption in a server process handling untrusted input significantly elevates security risk because it can lead not only to a reliable crash but also to potential remote code execution, enabling full compromise of the vLLM service. Additionally, the affected code path is part of the standard Completions API workflow, making the attack surface broadly exposed in real deployments. The combination of remote exploitability, unauthenticated access, memory corruption, and potential RCE clearly positions this issue above a moderate classification and into an important severity level.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:e3b3efcdd86f60b90664a249d45918b2ac5f45bae5eed5399e310d63e878b287_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-62164"
},
{
"category": "external",
"summary": "RHBZ#2416282",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2416282"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-62164",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-62164"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-62164",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-62164"
},
{
"category": "external",
"summary": "https://github.com/vllm-project/vllm/commit/58fab50d82838d5014f4a14d991fdb9352c9c84b",
"url": "https://github.com/vllm-project/vllm/commit/58fab50d82838d5014f4a14d991fdb9352c9c84b"
},
{
"category": "external",
"summary": "https://github.com/vllm-project/vllm/pull/27204",
"url": "https://github.com/vllm-project/vllm/pull/27204"
},
{
"category": "external",
"summary": "https://github.com/vllm-project/vllm/security/advisories/GHSA-mrw7-hf4f-83pf",
"url": "https://github.com/vllm-project/vllm/security/advisories/GHSA-mrw7-hf4f-83pf"
}
],
"release_date": "2025-11-21T01:18:38.803000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-12-15T15:38:07+00:00",
"details": "For more information visit https://access.redhat.com/errata/RHSA-2025:23205",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:e3b3efcdd86f60b90664a249d45918b2ac5f45bae5eed5399e310d63e878b287_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:23205"
},
{
"category": "workaround",
"details": "No mitigation is currently available that meets Red Hat Product Security\u2019s standards for usability, deployment, applicability, or stability.",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:e3b3efcdd86f60b90664a249d45918b2ac5f45bae5eed5399e310d63e878b287_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:e3b3efcdd86f60b90664a249d45918b2ac5f45bae5eed5399e310d63e878b287_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "vllm: VLLM deserialization vulnerability leading to DoS and potential RCE"
},
{
"cve": "CVE-2025-62372",
"cwe": {
"id": "CWE-129",
"name": "Improper Validation of Array Index"
},
"discovery_date": "2025-11-21T02:00:57.180567+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2416280"
}
],
"notes": [
{
"category": "description",
"text": "vLLM is an inference and serving engine for large language models (LLMs). From version 0.5.5 to before 0.11.1, users can crash the vLLM engine serving multimodal models by passing multimodal embedding inputs with correct ndim but incorrect shape (e.g. hidden dimension is wrong), regardless of whether the model is intended to support such inputs (as defined in the Supported Models page). This issue has been patched in version 0.11.1.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "vllm: vLLM vulnerable to DoS with incorrect shape of multimodal embedding inputs",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw is rated Moderate rather than Important because its impact is strictly limited to availability and requires low but existing privileges to exploit. The issue arises from incomplete shape validation of multimodal embedding tensors, which can cause deterministic crashes in the inference engine, but it does not enable memory corruption, data leakage, integrity compromise, or execution of arbitrary code. Exploitation requires an authenticated or API-key-holding user to submit malformed multimodal inputs, meaning it cannot be triggered by an unauthenticated attacker on an exposed endpoint. Additionally, the failure mode is a clean crash rather than undefined behavior, so the blast radius is constrained to service interruption rather than broader systemic compromise. These factors\u2014PR:L requirement, no confidentiality/integrity impact, deterministic failure mode, and scoped DoS only\u2014technically align the issue with Moderate severity instead of an Important flaw.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:e3b3efcdd86f60b90664a249d45918b2ac5f45bae5eed5399e310d63e878b287_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-62372"
},
{
"category": "external",
"summary": "RHBZ#2416280",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2416280"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-62372",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-62372"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-62372",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-62372"
},
{
"category": "external",
"summary": "https://github.com/vllm-project/vllm/commit/58fab50d82838d5014f4a14d991fdb9352c9c84b",
"url": "https://github.com/vllm-project/vllm/commit/58fab50d82838d5014f4a14d991fdb9352c9c84b"
},
{
"category": "external",
"summary": "https://github.com/vllm-project/vllm/pull/27204",
"url": "https://github.com/vllm-project/vllm/pull/27204"
},
{
"category": "external",
"summary": "https://github.com/vllm-project/vllm/pull/6613",
"url": "https://github.com/vllm-project/vllm/pull/6613"
},
{
"category": "external",
"summary": "https://github.com/vllm-project/vllm/security/advisories/GHSA-pmqf-x6x8-p7qw",
"url": "https://github.com/vllm-project/vllm/security/advisories/GHSA-pmqf-x6x8-p7qw"
}
],
"release_date": "2025-11-21T01:22:37.121000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-12-15T15:38:07+00:00",
"details": "For more information visit https://access.redhat.com/errata/RHSA-2025:23205",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:e3b3efcdd86f60b90664a249d45918b2ac5f45bae5eed5399e310d63e878b287_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:23205"
},
{
"category": "workaround",
"details": "No mitigation is currently available that meets Red Hat Product Security\u2019s standards for usability, deployment, applicability, or stability.",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:e3b3efcdd86f60b90664a249d45918b2ac5f45bae5eed5399e310d63e878b287_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:e3b3efcdd86f60b90664a249d45918b2ac5f45bae5eed5399e310d63e878b287_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "vllm: vLLM vulnerable to DoS with incorrect shape of multimodal embedding inputs"
},
{
"cve": "CVE-2025-66448",
"cwe": {
"id": "CWE-94",
"name": "Improper Control of Generation of Code (\u0027Code Injection\u0027)"
},
"discovery_date": "2025-12-01T23:01:07.198041+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2418152"
}
],
"notes": [
{
"category": "description",
"text": "A remote code execution vulnerability has been identified in vLLM. An attacker can exploit a weakness in the model loading process to silently fetch and run unauthorized, malicious Python code on the host system. This happens because the engine mistakenly executes code from a remote repository referenced in a model\u0027s configuration, even when explicit security measures are set to prevent it.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "vllm: vLLM: Remote Code Execution via malicious model configuration",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Important for Red Hat because vLLM, when deployed in a Red Hat environment, is susceptible to remote code execution. An attacker can craft a malicious model configuration that, when loaded, fetches and executes arbitrary Python code from a remote repository, even if `trust_remote_code` is explicitly set to `False`.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:e3b3efcdd86f60b90664a249d45918b2ac5f45bae5eed5399e310d63e878b287_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-66448"
},
{
"category": "external",
"summary": "RHBZ#2418152",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2418152"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-66448",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66448"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-66448",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66448"
},
{
"category": "external",
"summary": "https://github.com/vllm-project/vllm/commit/ffb08379d8870a1a81ba82b72797f196838d0c86",
"url": "https://github.com/vllm-project/vllm/commit/ffb08379d8870a1a81ba82b72797f196838d0c86"
},
{
"category": "external",
"summary": "https://github.com/vllm-project/vllm/pull/28126",
"url": "https://github.com/vllm-project/vllm/pull/28126"
},
{
"category": "external",
"summary": "https://github.com/vllm-project/vllm/security/advisories/GHSA-8fr4-5q9j-m8gm",
"url": "https://github.com/vllm-project/vllm/security/advisories/GHSA-8fr4-5q9j-m8gm"
}
],
"release_date": "2025-12-01T22:45:42.566000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-12-15T15:38:07+00:00",
"details": "For more information visit https://access.redhat.com/errata/RHSA-2025:23205",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:e3b3efcdd86f60b90664a249d45918b2ac5f45bae5eed5399e310d63e878b287_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:23205"
},
{
"category": "workaround",
"details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:e3b3efcdd86f60b90664a249d45918b2ac5f45bae5eed5399e310d63e878b287_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:e3b3efcdd86f60b90664a249d45918b2ac5f45bae5eed5399e310d63e878b287_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "vllm: vLLM: Remote Code Execution via malicious model configuration"
},
{
"cve": "CVE-2025-66506",
"cwe": {
"id": "CWE-405",
"name": "Asymmetric Resource Consumption (Amplification)"
},
"discovery_date": "2025-12-04T23:01:20.507333+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2419056"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Fulcio, a free-to-use certificate authority. This vulnerability allows a denial of service (DoS) due to excessive memory allocation when processing a malicious OpenID Connect (OIDC) identity token containing numerous period characters.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "github.com/sigstore/fulcio: Fulcio: Denial of Service via crafted OpenID Connect (OIDC) token",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Important for Red Hat as Fulcio, a certificate authority used for issuing code signing certificates, is susceptible to a denial of service when processing a specially crafted OpenID Connect (OIDC) token. This could lead to resource exhaustion and service unavailability in affected Red Hat products that utilize Fulcio.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:e3b3efcdd86f60b90664a249d45918b2ac5f45bae5eed5399e310d63e878b287_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-66506"
},
{
"category": "external",
"summary": "RHBZ#2419056",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2419056"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-66506",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66506"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-66506",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66506"
},
{
"category": "external",
"summary": "https://github.com/sigstore/fulcio/commit/765a0e57608b9ef390e1eeeea8595b9054c63a5a",
"url": "https://github.com/sigstore/fulcio/commit/765a0e57608b9ef390e1eeeea8595b9054c63a5a"
},
{
"category": "external",
"summary": "https://github.com/sigstore/fulcio/security/advisories/GHSA-f83f-xpx7-ffpw",
"url": "https://github.com/sigstore/fulcio/security/advisories/GHSA-f83f-xpx7-ffpw"
}
],
"release_date": "2025-12-04T22:04:41.637000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-12-15T15:38:07+00:00",
"details": "For more information visit https://access.redhat.com/errata/RHSA-2025:23205",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:e3b3efcdd86f60b90664a249d45918b2ac5f45bae5eed5399e310d63e878b287_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:23205"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:e3b3efcdd86f60b90664a249d45918b2ac5f45bae5eed5399e310d63e878b287_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "github.com/sigstore/fulcio: Fulcio: Denial of Service via crafted OpenID Connect (OIDC) token"
}
]
}
RHSA-2026:2136
Vulnerability from csaf_redhat - Published: 2026-02-05 15:17 - Updated: 2026-02-08 07:26Summary
Red Hat Security Advisory: RHTAS 1.3.2 - Red Hat Trusted Artifact Signer Release
Notes
Topic
The 1.3.2 release of Red Hat Trusted Artifact Signer OpenShift Operator.
For more details please visit the product documentation at https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.3
Details
The RHTAS Operator can be used with OpenShift Container Platform 4.16, 4.17, 4.18, 4.19, and 4.20
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "The 1.3.2 release of Red Hat Trusted Artifact Signer OpenShift Operator.\nFor more details please visit the product documentation at https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.3",
"title": "Topic"
},
{
"category": "general",
"text": "The RHTAS Operator can be used with OpenShift Container Platform 4.16, 4.17, 4.18, 4.19, and 4.20",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:2136",
"url": "https://access.redhat.com/errata/RHSA-2026:2136"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.3",
"url": "https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.3"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.3/html-single/release_notes/index",
"url": "https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.3/html-single/release_notes/index"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-47913",
"url": "https://access.redhat.com/security/cve/CVE-2025-47913"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-61729",
"url": "https://access.redhat.com/security/cve/CVE-2025-61729"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-66506",
"url": "https://access.redhat.com/security/cve/CVE-2025-66506"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-22772",
"url": "https://access.redhat.com/security/cve/CVE-2026-22772"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_2136.json"
}
],
"title": "Red Hat Security Advisory: RHTAS 1.3.2 - Red Hat Trusted Artifact Signer Release",
"tracking": {
"current_release_date": "2026-02-08T07:26:25+00:00",
"generator": {
"date": "2026-02-08T07:26:25+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.1"
}
},
"id": "RHSA-2026:2136",
"initial_release_date": "2026-02-05T15:17:09+00:00",
"revision_history": [
{
"date": "2026-02-05T15:17:09+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-02-05T15:17:23+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-02-08T07:26:25+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Trusted Artifact Signer 1.3",
"product": {
"name": "Red Hat Trusted Artifact Signer 1.3",
"product_id": "Red Hat Trusted Artifact Signer 1.3",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:trusted_artifact_signer:1.3::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat Trusted Artifact Signer"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/rhtas/cosign-rhel9@sha256:a8289d488491991d454a32784de19476f2c984917eb7a33b4544e55512f2747c_amd64",
"product": {
"name": "registry.redhat.io/rhtas/cosign-rhel9@sha256:a8289d488491991d454a32784de19476f2c984917eb7a33b4544e55512f2747c_amd64",
"product_id": "registry.redhat.io/rhtas/cosign-rhel9@sha256:a8289d488491991d454a32784de19476f2c984917eb7a33b4544e55512f2747c_amd64",
"product_identification_helper": {
"purl": "pkg:oci/cosign-rhel9@sha256%3Aa8289d488491991d454a32784de19476f2c984917eb7a33b4544e55512f2747c?arch=amd64\u0026repository_url=registry.redhat.io/rhtas\u0026tag=1770107585"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhtas/fetch-tsa-certs-rhel9@sha256:358e6addb56ff342bc8d850399b872f039bb9cbd7f108f0838e8e50d54b24857_amd64",
"product": {
"name": "registry.redhat.io/rhtas/fetch-tsa-certs-rhel9@sha256:358e6addb56ff342bc8d850399b872f039bb9cbd7f108f0838e8e50d54b24857_amd64",
"product_id": "registry.redhat.io/rhtas/fetch-tsa-certs-rhel9@sha256:358e6addb56ff342bc8d850399b872f039bb9cbd7f108f0838e8e50d54b24857_amd64",
"product_identification_helper": {
"purl": "pkg:oci/fetch-tsa-certs-rhel9@sha256%3A358e6addb56ff342bc8d850399b872f039bb9cbd7f108f0838e8e50d54b24857?arch=amd64\u0026repository_url=registry.redhat.io/rhtas\u0026tag=1770107440"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhtas/gitsign-rhel9@sha256:3c39718e61d13648afcb5b0f5741aa771caf9b2f8c52e4af9dfa0635d5b05894_amd64",
"product": {
"name": "registry.redhat.io/rhtas/gitsign-rhel9@sha256:3c39718e61d13648afcb5b0f5741aa771caf9b2f8c52e4af9dfa0635d5b05894_amd64",
"product_id": "registry.redhat.io/rhtas/gitsign-rhel9@sha256:3c39718e61d13648afcb5b0f5741aa771caf9b2f8c52e4af9dfa0635d5b05894_amd64",
"product_identification_helper": {
"purl": "pkg:oci/gitsign-rhel9@sha256%3A3c39718e61d13648afcb5b0f5741aa771caf9b2f8c52e4af9dfa0635d5b05894?arch=amd64\u0026repository_url=registry.redhat.io/rhtas\u0026tag=1770108193"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhtas/rekor-cli-rhel9@sha256:63db8fe95e158a74d31bcfca03a4c8d505012870d594e8fd97cc0cb2af13fe65_amd64",
"product": {
"name": "registry.redhat.io/rhtas/rekor-cli-rhel9@sha256:63db8fe95e158a74d31bcfca03a4c8d505012870d594e8fd97cc0cb2af13fe65_amd64",
"product_id": "registry.redhat.io/rhtas/rekor-cli-rhel9@sha256:63db8fe95e158a74d31bcfca03a4c8d505012870d594e8fd97cc0cb2af13fe65_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rekor-cli-rhel9@sha256%3A63db8fe95e158a74d31bcfca03a4c8d505012870d594e8fd97cc0cb2af13fe65?arch=amd64\u0026repository_url=registry.redhat.io/rhtas\u0026tag=1770106163"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhtas/updatetree-rhel9@sha256:67ff8332c09e00cb370355d16f1d06c16ff482e7a8857cdff4f556fae298f951_amd64",
"product": {
"name": "registry.redhat.io/rhtas/updatetree-rhel9@sha256:67ff8332c09e00cb370355d16f1d06c16ff482e7a8857cdff4f556fae298f951_amd64",
"product_id": "registry.redhat.io/rhtas/updatetree-rhel9@sha256:67ff8332c09e00cb370355d16f1d06c16ff482e7a8857cdff4f556fae298f951_amd64",
"product_identification_helper": {
"purl": "pkg:oci/updatetree-rhel9@sha256%3A67ff8332c09e00cb370355d16f1d06c16ff482e7a8857cdff4f556fae298f951?arch=amd64\u0026repository_url=registry.redhat.io/rhtas\u0026tag=1770106156"
}
}
}
],
"category": "architecture",
"name": "amd64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhtas/cosign-rhel9@sha256:a8289d488491991d454a32784de19476f2c984917eb7a33b4544e55512f2747c_amd64 as a component of Red Hat Trusted Artifact Signer 1.3",
"product_id": "Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/cosign-rhel9@sha256:a8289d488491991d454a32784de19476f2c984917eb7a33b4544e55512f2747c_amd64"
},
"product_reference": "registry.redhat.io/rhtas/cosign-rhel9@sha256:a8289d488491991d454a32784de19476f2c984917eb7a33b4544e55512f2747c_amd64",
"relates_to_product_reference": "Red Hat Trusted Artifact Signer 1.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhtas/fetch-tsa-certs-rhel9@sha256:358e6addb56ff342bc8d850399b872f039bb9cbd7f108f0838e8e50d54b24857_amd64 as a component of Red Hat Trusted Artifact Signer 1.3",
"product_id": "Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/fetch-tsa-certs-rhel9@sha256:358e6addb56ff342bc8d850399b872f039bb9cbd7f108f0838e8e50d54b24857_amd64"
},
"product_reference": "registry.redhat.io/rhtas/fetch-tsa-certs-rhel9@sha256:358e6addb56ff342bc8d850399b872f039bb9cbd7f108f0838e8e50d54b24857_amd64",
"relates_to_product_reference": "Red Hat Trusted Artifact Signer 1.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhtas/gitsign-rhel9@sha256:3c39718e61d13648afcb5b0f5741aa771caf9b2f8c52e4af9dfa0635d5b05894_amd64 as a component of Red Hat Trusted Artifact Signer 1.3",
"product_id": "Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/gitsign-rhel9@sha256:3c39718e61d13648afcb5b0f5741aa771caf9b2f8c52e4af9dfa0635d5b05894_amd64"
},
"product_reference": "registry.redhat.io/rhtas/gitsign-rhel9@sha256:3c39718e61d13648afcb5b0f5741aa771caf9b2f8c52e4af9dfa0635d5b05894_amd64",
"relates_to_product_reference": "Red Hat Trusted Artifact Signer 1.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhtas/rekor-cli-rhel9@sha256:63db8fe95e158a74d31bcfca03a4c8d505012870d594e8fd97cc0cb2af13fe65_amd64 as a component of Red Hat Trusted Artifact Signer 1.3",
"product_id": "Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/rekor-cli-rhel9@sha256:63db8fe95e158a74d31bcfca03a4c8d505012870d594e8fd97cc0cb2af13fe65_amd64"
},
"product_reference": "registry.redhat.io/rhtas/rekor-cli-rhel9@sha256:63db8fe95e158a74d31bcfca03a4c8d505012870d594e8fd97cc0cb2af13fe65_amd64",
"relates_to_product_reference": "Red Hat Trusted Artifact Signer 1.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhtas/updatetree-rhel9@sha256:67ff8332c09e00cb370355d16f1d06c16ff482e7a8857cdff4f556fae298f951_amd64 as a component of Red Hat Trusted Artifact Signer 1.3",
"product_id": "Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/updatetree-rhel9@sha256:67ff8332c09e00cb370355d16f1d06c16ff482e7a8857cdff4f556fae298f951_amd64"
},
"product_reference": "registry.redhat.io/rhtas/updatetree-rhel9@sha256:67ff8332c09e00cb370355d16f1d06c16ff482e7a8857cdff4f556fae298f951_amd64",
"relates_to_product_reference": "Red Hat Trusted Artifact Signer 1.3"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-47913",
"discovery_date": "2025-11-13T22:01:26.092452+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/cosign-rhel9@sha256:a8289d488491991d454a32784de19476f2c984917eb7a33b4544e55512f2747c_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/fetch-tsa-certs-rhel9@sha256:358e6addb56ff342bc8d850399b872f039bb9cbd7f108f0838e8e50d54b24857_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/rekor-cli-rhel9@sha256:63db8fe95e158a74d31bcfca03a4c8d505012870d594e8fd97cc0cb2af13fe65_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/updatetree-rhel9@sha256:67ff8332c09e00cb370355d16f1d06c16ff482e7a8857cdff4f556fae298f951_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2414943"
}
],
"notes": [
{
"category": "description",
"text": "A flaw in golang.org/x/crypto/ssh/agent causes the SSH agent client to panic when a peer responds with the generic SSH_AGENT_SUCCESS (0x06) message to requests expecting typed replies (e.g., List, Sign). The unmarshal layer produces an unexpected message type, which the client code does not handle, leading to panic(\"unreachable\") or a nil-pointer dereference. A malicious agent or forwarded connection can exploit this to terminate the client process.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang.org/x/crypto/ssh/agent: golang.org/x/crypto/ssh/agent: SSH client panic due to unexpected SSH_AGENT_SUCCESS",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability was marked as Important because it allows any malicious or misbehaving SSH agent to force a crash in the client process using a single valid protocol byte. The panic occurs before the client has a chance to validate message structure or recover, which means an attacker controlling\u2014or intercepting\u2014SSH agent traffic can reliably terminate processes that rely on agent interactions. In environments where SSH agents operate over forwarded sockets, shared workspaces, or CI/CD runners, this turns into a reliable, unauthenticated remote denial of service against critical automation or developer tooling. The flaw also stems from unsafe assumptions in the unmarshalling logic, where unexpected but protocol-legal message types drop into \u201cunreachable\u201d code paths instead of being handled gracefully\u2014making it a design-level reliability break rather than a simple error-handling bug. For this reason, it is rated as an important availability-impacting vulnerability rather than a moderate issue.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/gitsign-rhel9@sha256:3c39718e61d13648afcb5b0f5741aa771caf9b2f8c52e4af9dfa0635d5b05894_amd64"
],
"known_not_affected": [
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/cosign-rhel9@sha256:a8289d488491991d454a32784de19476f2c984917eb7a33b4544e55512f2747c_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/fetch-tsa-certs-rhel9@sha256:358e6addb56ff342bc8d850399b872f039bb9cbd7f108f0838e8e50d54b24857_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/rekor-cli-rhel9@sha256:63db8fe95e158a74d31bcfca03a4c8d505012870d594e8fd97cc0cb2af13fe65_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/updatetree-rhel9@sha256:67ff8332c09e00cb370355d16f1d06c16ff482e7a8857cdff4f556fae298f951_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-47913"
},
{
"category": "external",
"summary": "RHBZ#2414943",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2414943"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-47913",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47913"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-47913",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-47913"
},
{
"category": "external",
"summary": "https://github.com/advisories/GHSA-hcg3-q754-cr77",
"url": "https://github.com/advisories/GHSA-hcg3-q754-cr77"
},
{
"category": "external",
"summary": "https://go.dev/cl/700295",
"url": "https://go.dev/cl/700295"
},
{
"category": "external",
"summary": "https://go.dev/issue/75178",
"url": "https://go.dev/issue/75178"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-4116",
"url": "https://pkg.go.dev/vuln/GO-2025-4116"
}
],
"release_date": "2025-11-13T21:29:39.907000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-05T15:17:09+00:00",
"details": "Red Hat Trusted Artifact Signer simplifies cryptographic signing and verifying of software artifacts such as container images, binaries and source code changes. It is a self-managed on-premise deployment of the Sigstore project available at https://sigstore.dev\n\nPlatform Engineers, Software Developers and Security Professionals may use RHTAS to ensure the integrity, transparency and assurance of their organization\u0027s software supply chain.\n\nFor details on using the operator, refer to the product documentation at https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.3\n\nYou can find the release notes for this version of Red Hat Trusted Artifact Signer at https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.3/html-single/release_notes/index",
"product_ids": [
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/gitsign-rhel9@sha256:3c39718e61d13648afcb5b0f5741aa771caf9b2f8c52e4af9dfa0635d5b05894_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2136"
},
{
"category": "workaround",
"details": "No mitigation is currently available that meets Red Hat Product Security\u2019s standards for usability, deployment, applicability, or stability.",
"product_ids": [
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/cosign-rhel9@sha256:a8289d488491991d454a32784de19476f2c984917eb7a33b4544e55512f2747c_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/fetch-tsa-certs-rhel9@sha256:358e6addb56ff342bc8d850399b872f039bb9cbd7f108f0838e8e50d54b24857_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/gitsign-rhel9@sha256:3c39718e61d13648afcb5b0f5741aa771caf9b2f8c52e4af9dfa0635d5b05894_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/rekor-cli-rhel9@sha256:63db8fe95e158a74d31bcfca03a4c8d505012870d594e8fd97cc0cb2af13fe65_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/updatetree-rhel9@sha256:67ff8332c09e00cb370355d16f1d06c16ff482e7a8857cdff4f556fae298f951_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/cosign-rhel9@sha256:a8289d488491991d454a32784de19476f2c984917eb7a33b4544e55512f2747c_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/fetch-tsa-certs-rhel9@sha256:358e6addb56ff342bc8d850399b872f039bb9cbd7f108f0838e8e50d54b24857_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/gitsign-rhel9@sha256:3c39718e61d13648afcb5b0f5741aa771caf9b2f8c52e4af9dfa0635d5b05894_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/rekor-cli-rhel9@sha256:63db8fe95e158a74d31bcfca03a4c8d505012870d594e8fd97cc0cb2af13fe65_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/updatetree-rhel9@sha256:67ff8332c09e00cb370355d16f1d06c16ff482e7a8857cdff4f556fae298f951_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang.org/x/crypto/ssh/agent: golang.org/x/crypto/ssh/agent: SSH client panic due to unexpected SSH_AGENT_SUCCESS"
},
{
"cve": "CVE-2025-61729",
"cwe": {
"id": "CWE-1050",
"name": "Excessive Platform Resource Consumption within a Loop"
},
"discovery_date": "2025-12-02T20:01:45.330964+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/fetch-tsa-certs-rhel9@sha256:358e6addb56ff342bc8d850399b872f039bb9cbd7f108f0838e8e50d54b24857_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2418462"
}
],
"notes": [
{
"category": "description",
"text": "Within HostnameError.Error(), when constructing an error string, there is no limit to the number of hosts that will be printed out. Furthermore, the error string is constructed by repeated string concatenation, leading to quadratic runtime. Therefore, a certificate provided by a malicious actor can result in excessive resource consumption.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/cosign-rhel9@sha256:a8289d488491991d454a32784de19476f2c984917eb7a33b4544e55512f2747c_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/gitsign-rhel9@sha256:3c39718e61d13648afcb5b0f5741aa771caf9b2f8c52e4af9dfa0635d5b05894_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/rekor-cli-rhel9@sha256:63db8fe95e158a74d31bcfca03a4c8d505012870d594e8fd97cc0cb2af13fe65_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/updatetree-rhel9@sha256:67ff8332c09e00cb370355d16f1d06c16ff482e7a8857cdff4f556fae298f951_amd64"
],
"known_not_affected": [
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/fetch-tsa-certs-rhel9@sha256:358e6addb56ff342bc8d850399b872f039bb9cbd7f108f0838e8e50d54b24857_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61729"
},
{
"category": "external",
"summary": "RHBZ#2418462",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2418462"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61729",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61729"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61729",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61729"
},
{
"category": "external",
"summary": "https://go.dev/cl/725920",
"url": "https://go.dev/cl/725920"
},
{
"category": "external",
"summary": "https://go.dev/issue/76445",
"url": "https://go.dev/issue/76445"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4",
"url": "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-4155",
"url": "https://pkg.go.dev/vuln/GO-2025-4155"
}
],
"release_date": "2025-12-02T18:54:10.166000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-05T15:17:09+00:00",
"details": "Red Hat Trusted Artifact Signer simplifies cryptographic signing and verifying of software artifacts such as container images, binaries and source code changes. It is a self-managed on-premise deployment of the Sigstore project available at https://sigstore.dev\n\nPlatform Engineers, Software Developers and Security Professionals may use RHTAS to ensure the integrity, transparency and assurance of their organization\u0027s software supply chain.\n\nFor details on using the operator, refer to the product documentation at https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.3\n\nYou can find the release notes for this version of Red Hat Trusted Artifact Signer at https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.3/html-single/release_notes/index",
"product_ids": [
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/cosign-rhel9@sha256:a8289d488491991d454a32784de19476f2c984917eb7a33b4544e55512f2747c_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/gitsign-rhel9@sha256:3c39718e61d13648afcb5b0f5741aa771caf9b2f8c52e4af9dfa0635d5b05894_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/rekor-cli-rhel9@sha256:63db8fe95e158a74d31bcfca03a4c8d505012870d594e8fd97cc0cb2af13fe65_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/updatetree-rhel9@sha256:67ff8332c09e00cb370355d16f1d06c16ff482e7a8857cdff4f556fae298f951_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2136"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/cosign-rhel9@sha256:a8289d488491991d454a32784de19476f2c984917eb7a33b4544e55512f2747c_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/fetch-tsa-certs-rhel9@sha256:358e6addb56ff342bc8d850399b872f039bb9cbd7f108f0838e8e50d54b24857_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/gitsign-rhel9@sha256:3c39718e61d13648afcb5b0f5741aa771caf9b2f8c52e4af9dfa0635d5b05894_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/rekor-cli-rhel9@sha256:63db8fe95e158a74d31bcfca03a4c8d505012870d594e8fd97cc0cb2af13fe65_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/updatetree-rhel9@sha256:67ff8332c09e00cb370355d16f1d06c16ff482e7a8857cdff4f556fae298f951_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate"
},
{
"cve": "CVE-2025-66506",
"cwe": {
"id": "CWE-405",
"name": "Asymmetric Resource Consumption (Amplification)"
},
"discovery_date": "2025-12-04T23:01:20.507333+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/fetch-tsa-certs-rhel9@sha256:358e6addb56ff342bc8d850399b872f039bb9cbd7f108f0838e8e50d54b24857_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/rekor-cli-rhel9@sha256:63db8fe95e158a74d31bcfca03a4c8d505012870d594e8fd97cc0cb2af13fe65_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/updatetree-rhel9@sha256:67ff8332c09e00cb370355d16f1d06c16ff482e7a8857cdff4f556fae298f951_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2419056"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Fulcio, a free-to-use certificate authority. This vulnerability allows a denial of service (DoS) due to excessive memory allocation when processing a malicious OpenID Connect (OIDC) identity token containing numerous period characters.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "github.com/sigstore/fulcio: Fulcio: Denial of Service via crafted OpenID Connect (OIDC) token",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Important for Red Hat as Fulcio, a certificate authority used for issuing code signing certificates, is susceptible to a denial of service when processing a specially crafted OpenID Connect (OIDC) token. This could lead to resource exhaustion and service unavailability in affected Red Hat products that utilize Fulcio.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/cosign-rhel9@sha256:a8289d488491991d454a32784de19476f2c984917eb7a33b4544e55512f2747c_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/gitsign-rhel9@sha256:3c39718e61d13648afcb5b0f5741aa771caf9b2f8c52e4af9dfa0635d5b05894_amd64"
],
"known_not_affected": [
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/fetch-tsa-certs-rhel9@sha256:358e6addb56ff342bc8d850399b872f039bb9cbd7f108f0838e8e50d54b24857_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/rekor-cli-rhel9@sha256:63db8fe95e158a74d31bcfca03a4c8d505012870d594e8fd97cc0cb2af13fe65_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/updatetree-rhel9@sha256:67ff8332c09e00cb370355d16f1d06c16ff482e7a8857cdff4f556fae298f951_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-66506"
},
{
"category": "external",
"summary": "RHBZ#2419056",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2419056"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-66506",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66506"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-66506",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66506"
},
{
"category": "external",
"summary": "https://github.com/sigstore/fulcio/commit/765a0e57608b9ef390e1eeeea8595b9054c63a5a",
"url": "https://github.com/sigstore/fulcio/commit/765a0e57608b9ef390e1eeeea8595b9054c63a5a"
},
{
"category": "external",
"summary": "https://github.com/sigstore/fulcio/security/advisories/GHSA-f83f-xpx7-ffpw",
"url": "https://github.com/sigstore/fulcio/security/advisories/GHSA-f83f-xpx7-ffpw"
}
],
"release_date": "2025-12-04T22:04:41.637000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-05T15:17:09+00:00",
"details": "Red Hat Trusted Artifact Signer simplifies cryptographic signing and verifying of software artifacts such as container images, binaries and source code changes. It is a self-managed on-premise deployment of the Sigstore project available at https://sigstore.dev\n\nPlatform Engineers, Software Developers and Security Professionals may use RHTAS to ensure the integrity, transparency and assurance of their organization\u0027s software supply chain.\n\nFor details on using the operator, refer to the product documentation at https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.3\n\nYou can find the release notes for this version of Red Hat Trusted Artifact Signer at https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.3/html-single/release_notes/index",
"product_ids": [
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/cosign-rhel9@sha256:a8289d488491991d454a32784de19476f2c984917eb7a33b4544e55512f2747c_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/gitsign-rhel9@sha256:3c39718e61d13648afcb5b0f5741aa771caf9b2f8c52e4af9dfa0635d5b05894_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2136"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/cosign-rhel9@sha256:a8289d488491991d454a32784de19476f2c984917eb7a33b4544e55512f2747c_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/fetch-tsa-certs-rhel9@sha256:358e6addb56ff342bc8d850399b872f039bb9cbd7f108f0838e8e50d54b24857_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/gitsign-rhel9@sha256:3c39718e61d13648afcb5b0f5741aa771caf9b2f8c52e4af9dfa0635d5b05894_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/rekor-cli-rhel9@sha256:63db8fe95e158a74d31bcfca03a4c8d505012870d594e8fd97cc0cb2af13fe65_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/updatetree-rhel9@sha256:67ff8332c09e00cb370355d16f1d06c16ff482e7a8857cdff4f556fae298f951_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "github.com/sigstore/fulcio: Fulcio: Denial of Service via crafted OpenID Connect (OIDC) token"
},
{
"cve": "CVE-2026-22772",
"cwe": {
"id": "CWE-918",
"name": "Server-Side Request Forgery (SSRF)"
},
"discovery_date": "2026-01-12T22:01:21.336171+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/fetch-tsa-certs-rhel9@sha256:358e6addb56ff342bc8d850399b872f039bb9cbd7f108f0838e8e50d54b24857_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/rekor-cli-rhel9@sha256:63db8fe95e158a74d31bcfca03a4c8d505012870d594e8fd97cc0cb2af13fe65_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/updatetree-rhel9@sha256:67ff8332c09e00cb370355d16f1d06c16ff482e7a8857cdff4f556fae298f951_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2428808"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Fulcio, a certificate authority for issuing code signing certificates. A remote attacker could exploit this by bypassing MetaIssuer URL validation due to unanchored regular expressions (regex) in the `metaRegex()` function. This vulnerability could lead to Server-Side Request Forgery (SSRF), allowing the attacker to probe internal network services. While the flaw only permits GET requests, preventing state changes or data exfiltration, it still poses a risk for internal network reconnaissance.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "fulcio: Fulcio: Server-Side Request Forgery (SSRF) via unanchored regex in MetaIssuer URL validation",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Moderate for Red Hat products. A flaw in Fulcio\u0027s URL validation allows attackers to bypass security checks, leading to Server-Side Request Forgery (SSRF). This could enable internal network reconnaissance within affected Red Hat OpenShift and Ansible Automation Platform deployments, though it does not permit state changes or data exfiltration.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/cosign-rhel9@sha256:a8289d488491991d454a32784de19476f2c984917eb7a33b4544e55512f2747c_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/gitsign-rhel9@sha256:3c39718e61d13648afcb5b0f5741aa771caf9b2f8c52e4af9dfa0635d5b05894_amd64"
],
"known_not_affected": [
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/fetch-tsa-certs-rhel9@sha256:358e6addb56ff342bc8d850399b872f039bb9cbd7f108f0838e8e50d54b24857_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/rekor-cli-rhel9@sha256:63db8fe95e158a74d31bcfca03a4c8d505012870d594e8fd97cc0cb2af13fe65_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/updatetree-rhel9@sha256:67ff8332c09e00cb370355d16f1d06c16ff482e7a8857cdff4f556fae298f951_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-22772"
},
{
"category": "external",
"summary": "RHBZ#2428808",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2428808"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-22772",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22772"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-22772",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-22772"
},
{
"category": "external",
"summary": "https://github.com/sigstore/fulcio/commit/eaae2f2be56df9dea5f9b439ec81bedae4c0978d",
"url": "https://github.com/sigstore/fulcio/commit/eaae2f2be56df9dea5f9b439ec81bedae4c0978d"
},
{
"category": "external",
"summary": "https://github.com/sigstore/fulcio/security/advisories/GHSA-59jp-pj84-45mr",
"url": "https://github.com/sigstore/fulcio/security/advisories/GHSA-59jp-pj84-45mr"
}
],
"release_date": "2026-01-12T20:58:53.659000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-05T15:17:09+00:00",
"details": "Red Hat Trusted Artifact Signer simplifies cryptographic signing and verifying of software artifacts such as container images, binaries and source code changes. It is a self-managed on-premise deployment of the Sigstore project available at https://sigstore.dev\n\nPlatform Engineers, Software Developers and Security Professionals may use RHTAS to ensure the integrity, transparency and assurance of their organization\u0027s software supply chain.\n\nFor details on using the operator, refer to the product documentation at https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.3\n\nYou can find the release notes for this version of Red Hat Trusted Artifact Signer at https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.3/html-single/release_notes/index",
"product_ids": [
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/cosign-rhel9@sha256:a8289d488491991d454a32784de19476f2c984917eb7a33b4544e55512f2747c_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/gitsign-rhel9@sha256:3c39718e61d13648afcb5b0f5741aa771caf9b2f8c52e4af9dfa0635d5b05894_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2136"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/cosign-rhel9@sha256:a8289d488491991d454a32784de19476f2c984917eb7a33b4544e55512f2747c_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/fetch-tsa-certs-rhel9@sha256:358e6addb56ff342bc8d850399b872f039bb9cbd7f108f0838e8e50d54b24857_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/gitsign-rhel9@sha256:3c39718e61d13648afcb5b0f5741aa771caf9b2f8c52e4af9dfa0635d5b05894_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/rekor-cli-rhel9@sha256:63db8fe95e158a74d31bcfca03a4c8d505012870d594e8fd97cc0cb2af13fe65_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/updatetree-rhel9@sha256:67ff8332c09e00cb370355d16f1d06c16ff482e7a8857cdff4f556fae298f951_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/cosign-rhel9@sha256:a8289d488491991d454a32784de19476f2c984917eb7a33b4544e55512f2747c_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/fetch-tsa-certs-rhel9@sha256:358e6addb56ff342bc8d850399b872f039bb9cbd7f108f0838e8e50d54b24857_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/gitsign-rhel9@sha256:3c39718e61d13648afcb5b0f5741aa771caf9b2f8c52e4af9dfa0635d5b05894_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/rekor-cli-rhel9@sha256:63db8fe95e158a74d31bcfca03a4c8d505012870d594e8fd97cc0cb2af13fe65_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/updatetree-rhel9@sha256:67ff8332c09e00cb370355d16f1d06c16ff482e7a8857cdff4f556fae298f951_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "fulcio: Fulcio: Server-Side Request Forgery (SSRF) via unanchored regex in MetaIssuer URL validation"
}
]
}
RHSA-2026:1049
Vulnerability from csaf_redhat - Published: 2026-01-22 21:04 - Updated: 2026-02-08 07:26Summary
Red Hat Security Advisory: Red Hat OpenShift Pipelines Release 1.21.0
Notes
Topic
The 1.21.0 GA release of Red Hat OpenShift Pipelines Operator..
For more details see [product documentation](https://docs.redhat.com/en/documentation/red_hat_openshift_pipelines).
Details
The 1.21.0 release of Red Hat OpenShift Pipelines Operator.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "The 1.21.0 GA release of Red Hat OpenShift Pipelines Operator..\nFor more details see [product documentation](https://docs.redhat.com/en/documentation/red_hat_openshift_pipelines).",
"title": "Topic"
},
{
"category": "general",
"text": "The 1.21.0 release of Red Hat OpenShift Pipelines Operator.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:1049",
"url": "https://access.redhat.com/errata/RHSA-2026:1049"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-66506",
"url": "https://access.redhat.com/security/cve/CVE-2025-66506"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "external",
"summary": "https://docs.redhat.com/en/documentation/red_hat_openshift_pipelines",
"url": "https://docs.redhat.com/en/documentation/red_hat_openshift_pipelines"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_1049.json"
}
],
"title": "Red Hat Security Advisory: Red Hat OpenShift Pipelines Release 1.21.0",
"tracking": {
"current_release_date": "2026-02-08T07:26:06+00:00",
"generator": {
"date": "2026-02-08T07:26:06+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.1"
}
},
"id": "RHSA-2026:1049",
"initial_release_date": "2026-01-22T21:04:37+00:00",
"revision_history": [
{
"date": "2026-01-22T21:04:37+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-01-22T21:04:43+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-02-08T07:26:06+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat OpenShift Pipelines 1.21.0",
"product": {
"name": "Red Hat OpenShift Pipelines 1.21.0",
"product_id": "Red Hat OpenShift Pipelines 1.21.0",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift_pipelines:1.21::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenShift Pipelines"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/openshift-pipelines/pipelines-operator-bundle@sha256:a5672822c8a59e50317d79a697d7e93c9fca27df13dcbd999c3c7a18475243a2_amd64",
"product": {
"name": "registry.redhat.io/openshift-pipelines/pipelines-operator-bundle@sha256:a5672822c8a59e50317d79a697d7e93c9fca27df13dcbd999c3c7a18475243a2_amd64",
"product_id": "registry.redhat.io/openshift-pipelines/pipelines-operator-bundle@sha256:a5672822c8a59e50317d79a697d7e93c9fca27df13dcbd999c3c7a18475243a2_amd64",
"product_identification_helper": {
"purl": "pkg:oci/pipelines-operator-bundle@sha256%3Aa5672822c8a59e50317d79a697d7e93c9fca27df13dcbd999c3c7a18475243a2?arch=amd64\u0026repository_url=registry.redhat.io/openshift-pipelines\u0026tag=1769115266"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-pipelines/pipelines-rhel9-operator@sha256:055d60f1ce44fdab089475c7fcbadb2764fdb453c05bba7ec918af82e4a2c7c1_amd64",
"product": {
"name": "registry.redhat.io/openshift-pipelines/pipelines-rhel9-operator@sha256:055d60f1ce44fdab089475c7fcbadb2764fdb453c05bba7ec918af82e4a2c7c1_amd64",
"product_id": "registry.redhat.io/openshift-pipelines/pipelines-rhel9-operator@sha256:055d60f1ce44fdab089475c7fcbadb2764fdb453c05bba7ec918af82e4a2c7c1_amd64",
"product_identification_helper": {
"purl": "pkg:oci/pipelines-rhel9-operator@sha256%3A055d60f1ce44fdab089475c7fcbadb2764fdb453c05bba7ec918af82e4a2c7c1?arch=amd64\u0026repository_url=registry.redhat.io/openshift-pipelines\u0026tag=1769114738"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-pipelines/pipelines-operator-proxy-rhel9@sha256:65dda4d1773b5cbb5b192aea81186aacb8e200d5c033527fcc9b236125382df3_amd64",
"product": {
"name": "registry.redhat.io/openshift-pipelines/pipelines-operator-proxy-rhel9@sha256:65dda4d1773b5cbb5b192aea81186aacb8e200d5c033527fcc9b236125382df3_amd64",
"product_id": "registry.redhat.io/openshift-pipelines/pipelines-operator-proxy-rhel9@sha256:65dda4d1773b5cbb5b192aea81186aacb8e200d5c033527fcc9b236125382df3_amd64",
"product_identification_helper": {
"purl": "pkg:oci/pipelines-operator-proxy-rhel9@sha256%3A65dda4d1773b5cbb5b192aea81186aacb8e200d5c033527fcc9b236125382df3?arch=amd64\u0026repository_url=registry.redhat.io/openshift-pipelines\u0026tag=1769114727"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-pipelines/pipelines-operator-webhook-rhel9@sha256:b574aec30943382079ea6c60df7aacce77fe3caacf366a08fe2c37769061a1bd_amd64",
"product": {
"name": "registry.redhat.io/openshift-pipelines/pipelines-operator-webhook-rhel9@sha256:b574aec30943382079ea6c60df7aacce77fe3caacf366a08fe2c37769061a1bd_amd64",
"product_id": "registry.redhat.io/openshift-pipelines/pipelines-operator-webhook-rhel9@sha256:b574aec30943382079ea6c60df7aacce77fe3caacf366a08fe2c37769061a1bd_amd64",
"product_identification_helper": {
"purl": "pkg:oci/pipelines-operator-webhook-rhel9@sha256%3Ab574aec30943382079ea6c60df7aacce77fe3caacf366a08fe2c37769061a1bd?arch=amd64\u0026repository_url=registry.redhat.io/openshift-pipelines\u0026tag=1769114612"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/openshift-pipelines/pipelines-rhel9-operator@sha256:bf1e73f5e9c64d63fa6c283617834f59d11c642ad92bf6ac08ebb0d4b0d2e089_arm64",
"product": {
"name": "registry.redhat.io/openshift-pipelines/pipelines-rhel9-operator@sha256:bf1e73f5e9c64d63fa6c283617834f59d11c642ad92bf6ac08ebb0d4b0d2e089_arm64",
"product_id": "registry.redhat.io/openshift-pipelines/pipelines-rhel9-operator@sha256:bf1e73f5e9c64d63fa6c283617834f59d11c642ad92bf6ac08ebb0d4b0d2e089_arm64",
"product_identification_helper": {
"purl": "pkg:oci/pipelines-rhel9-operator@sha256%3Abf1e73f5e9c64d63fa6c283617834f59d11c642ad92bf6ac08ebb0d4b0d2e089?arch=arm64\u0026repository_url=registry.redhat.io/openshift-pipelines\u0026tag=1769114738"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-pipelines/pipelines-operator-proxy-rhel9@sha256:15d40f853744265a1f4f64e29d1da73056d87033faa393f17e2da75d19265008_arm64",
"product": {
"name": "registry.redhat.io/openshift-pipelines/pipelines-operator-proxy-rhel9@sha256:15d40f853744265a1f4f64e29d1da73056d87033faa393f17e2da75d19265008_arm64",
"product_id": "registry.redhat.io/openshift-pipelines/pipelines-operator-proxy-rhel9@sha256:15d40f853744265a1f4f64e29d1da73056d87033faa393f17e2da75d19265008_arm64",
"product_identification_helper": {
"purl": "pkg:oci/pipelines-operator-proxy-rhel9@sha256%3A15d40f853744265a1f4f64e29d1da73056d87033faa393f17e2da75d19265008?arch=arm64\u0026repository_url=registry.redhat.io/openshift-pipelines\u0026tag=1769114727"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-pipelines/pipelines-operator-webhook-rhel9@sha256:511e668c1ffc13395f57cd53983b4ba6d76a7e4004d8a845bb940d86d775ada6_arm64",
"product": {
"name": "registry.redhat.io/openshift-pipelines/pipelines-operator-webhook-rhel9@sha256:511e668c1ffc13395f57cd53983b4ba6d76a7e4004d8a845bb940d86d775ada6_arm64",
"product_id": "registry.redhat.io/openshift-pipelines/pipelines-operator-webhook-rhel9@sha256:511e668c1ffc13395f57cd53983b4ba6d76a7e4004d8a845bb940d86d775ada6_arm64",
"product_identification_helper": {
"purl": "pkg:oci/pipelines-operator-webhook-rhel9@sha256%3A511e668c1ffc13395f57cd53983b4ba6d76a7e4004d8a845bb940d86d775ada6?arch=arm64\u0026repository_url=registry.redhat.io/openshift-pipelines\u0026tag=1769114612"
}
}
}
],
"category": "architecture",
"name": "arm64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/openshift-pipelines/pipelines-rhel9-operator@sha256:258f160b7fcb75aea2ebf51b9163c58eaad1dc0fbd9285a411564a5f93e8a190_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-pipelines/pipelines-rhel9-operator@sha256:258f160b7fcb75aea2ebf51b9163c58eaad1dc0fbd9285a411564a5f93e8a190_ppc64le",
"product_id": "registry.redhat.io/openshift-pipelines/pipelines-rhel9-operator@sha256:258f160b7fcb75aea2ebf51b9163c58eaad1dc0fbd9285a411564a5f93e8a190_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/pipelines-rhel9-operator@sha256%3A258f160b7fcb75aea2ebf51b9163c58eaad1dc0fbd9285a411564a5f93e8a190?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-pipelines\u0026tag=1769114738"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-pipelines/pipelines-operator-proxy-rhel9@sha256:25aeacd4b3dc9fdc04f3d88b128658c8574798d125efff9496f7a936d85ceb04_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-pipelines/pipelines-operator-proxy-rhel9@sha256:25aeacd4b3dc9fdc04f3d88b128658c8574798d125efff9496f7a936d85ceb04_ppc64le",
"product_id": "registry.redhat.io/openshift-pipelines/pipelines-operator-proxy-rhel9@sha256:25aeacd4b3dc9fdc04f3d88b128658c8574798d125efff9496f7a936d85ceb04_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/pipelines-operator-proxy-rhel9@sha256%3A25aeacd4b3dc9fdc04f3d88b128658c8574798d125efff9496f7a936d85ceb04?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-pipelines\u0026tag=1769114727"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-pipelines/pipelines-operator-webhook-rhel9@sha256:190f972cbf4951f32ccc666075c0c64751a98b4ac95f7b5762b39605084f4938_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-pipelines/pipelines-operator-webhook-rhel9@sha256:190f972cbf4951f32ccc666075c0c64751a98b4ac95f7b5762b39605084f4938_ppc64le",
"product_id": "registry.redhat.io/openshift-pipelines/pipelines-operator-webhook-rhel9@sha256:190f972cbf4951f32ccc666075c0c64751a98b4ac95f7b5762b39605084f4938_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/pipelines-operator-webhook-rhel9@sha256%3A190f972cbf4951f32ccc666075c0c64751a98b4ac95f7b5762b39605084f4938?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-pipelines\u0026tag=1769114612"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/openshift-pipelines/pipelines-rhel9-operator@sha256:87ee30c0e63990331d779ff146fc811bd385f352c7c1d5b57d6d06fac2867f7b_s390x",
"product": {
"name": "registry.redhat.io/openshift-pipelines/pipelines-rhel9-operator@sha256:87ee30c0e63990331d779ff146fc811bd385f352c7c1d5b57d6d06fac2867f7b_s390x",
"product_id": "registry.redhat.io/openshift-pipelines/pipelines-rhel9-operator@sha256:87ee30c0e63990331d779ff146fc811bd385f352c7c1d5b57d6d06fac2867f7b_s390x",
"product_identification_helper": {
"purl": "pkg:oci/pipelines-rhel9-operator@sha256%3A87ee30c0e63990331d779ff146fc811bd385f352c7c1d5b57d6d06fac2867f7b?arch=s390x\u0026repository_url=registry.redhat.io/openshift-pipelines\u0026tag=1769114738"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-pipelines/pipelines-operator-proxy-rhel9@sha256:e3475b5cd64b0a9e597f31fe7b6a7847b2bf924ce4feb123ebbf8e3424938f67_s390x",
"product": {
"name": "registry.redhat.io/openshift-pipelines/pipelines-operator-proxy-rhel9@sha256:e3475b5cd64b0a9e597f31fe7b6a7847b2bf924ce4feb123ebbf8e3424938f67_s390x",
"product_id": "registry.redhat.io/openshift-pipelines/pipelines-operator-proxy-rhel9@sha256:e3475b5cd64b0a9e597f31fe7b6a7847b2bf924ce4feb123ebbf8e3424938f67_s390x",
"product_identification_helper": {
"purl": "pkg:oci/pipelines-operator-proxy-rhel9@sha256%3Ae3475b5cd64b0a9e597f31fe7b6a7847b2bf924ce4feb123ebbf8e3424938f67?arch=s390x\u0026repository_url=registry.redhat.io/openshift-pipelines\u0026tag=1769114727"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-pipelines/pipelines-operator-webhook-rhel9@sha256:81280d1b2568f74e265a8ab579581b44843e6841be4aa55562df84298cceda99_s390x",
"product": {
"name": "registry.redhat.io/openshift-pipelines/pipelines-operator-webhook-rhel9@sha256:81280d1b2568f74e265a8ab579581b44843e6841be4aa55562df84298cceda99_s390x",
"product_id": "registry.redhat.io/openshift-pipelines/pipelines-operator-webhook-rhel9@sha256:81280d1b2568f74e265a8ab579581b44843e6841be4aa55562df84298cceda99_s390x",
"product_identification_helper": {
"purl": "pkg:oci/pipelines-operator-webhook-rhel9@sha256%3A81280d1b2568f74e265a8ab579581b44843e6841be4aa55562df84298cceda99?arch=s390x\u0026repository_url=registry.redhat.io/openshift-pipelines\u0026tag=1769114612"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-pipelines/pipelines-operator-bundle@sha256:a5672822c8a59e50317d79a697d7e93c9fca27df13dcbd999c3c7a18475243a2_amd64 as a component of Red Hat OpenShift Pipelines 1.21.0",
"product_id": "Red Hat OpenShift Pipelines 1.21.0:registry.redhat.io/openshift-pipelines/pipelines-operator-bundle@sha256:a5672822c8a59e50317d79a697d7e93c9fca27df13dcbd999c3c7a18475243a2_amd64"
},
"product_reference": "registry.redhat.io/openshift-pipelines/pipelines-operator-bundle@sha256:a5672822c8a59e50317d79a697d7e93c9fca27df13dcbd999c3c7a18475243a2_amd64",
"relates_to_product_reference": "Red Hat OpenShift Pipelines 1.21.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-pipelines/pipelines-operator-proxy-rhel9@sha256:15d40f853744265a1f4f64e29d1da73056d87033faa393f17e2da75d19265008_arm64 as a component of Red Hat OpenShift Pipelines 1.21.0",
"product_id": "Red Hat OpenShift Pipelines 1.21.0:registry.redhat.io/openshift-pipelines/pipelines-operator-proxy-rhel9@sha256:15d40f853744265a1f4f64e29d1da73056d87033faa393f17e2da75d19265008_arm64"
},
"product_reference": "registry.redhat.io/openshift-pipelines/pipelines-operator-proxy-rhel9@sha256:15d40f853744265a1f4f64e29d1da73056d87033faa393f17e2da75d19265008_arm64",
"relates_to_product_reference": "Red Hat OpenShift Pipelines 1.21.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-pipelines/pipelines-operator-proxy-rhel9@sha256:25aeacd4b3dc9fdc04f3d88b128658c8574798d125efff9496f7a936d85ceb04_ppc64le as a component of Red Hat OpenShift Pipelines 1.21.0",
"product_id": "Red Hat OpenShift Pipelines 1.21.0:registry.redhat.io/openshift-pipelines/pipelines-operator-proxy-rhel9@sha256:25aeacd4b3dc9fdc04f3d88b128658c8574798d125efff9496f7a936d85ceb04_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-pipelines/pipelines-operator-proxy-rhel9@sha256:25aeacd4b3dc9fdc04f3d88b128658c8574798d125efff9496f7a936d85ceb04_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Pipelines 1.21.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-pipelines/pipelines-operator-proxy-rhel9@sha256:65dda4d1773b5cbb5b192aea81186aacb8e200d5c033527fcc9b236125382df3_amd64 as a component of Red Hat OpenShift Pipelines 1.21.0",
"product_id": "Red Hat OpenShift Pipelines 1.21.0:registry.redhat.io/openshift-pipelines/pipelines-operator-proxy-rhel9@sha256:65dda4d1773b5cbb5b192aea81186aacb8e200d5c033527fcc9b236125382df3_amd64"
},
"product_reference": "registry.redhat.io/openshift-pipelines/pipelines-operator-proxy-rhel9@sha256:65dda4d1773b5cbb5b192aea81186aacb8e200d5c033527fcc9b236125382df3_amd64",
"relates_to_product_reference": "Red Hat OpenShift Pipelines 1.21.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-pipelines/pipelines-operator-proxy-rhel9@sha256:e3475b5cd64b0a9e597f31fe7b6a7847b2bf924ce4feb123ebbf8e3424938f67_s390x as a component of Red Hat OpenShift Pipelines 1.21.0",
"product_id": "Red Hat OpenShift Pipelines 1.21.0:registry.redhat.io/openshift-pipelines/pipelines-operator-proxy-rhel9@sha256:e3475b5cd64b0a9e597f31fe7b6a7847b2bf924ce4feb123ebbf8e3424938f67_s390x"
},
"product_reference": "registry.redhat.io/openshift-pipelines/pipelines-operator-proxy-rhel9@sha256:e3475b5cd64b0a9e597f31fe7b6a7847b2bf924ce4feb123ebbf8e3424938f67_s390x",
"relates_to_product_reference": "Red Hat OpenShift Pipelines 1.21.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-pipelines/pipelines-operator-webhook-rhel9@sha256:190f972cbf4951f32ccc666075c0c64751a98b4ac95f7b5762b39605084f4938_ppc64le as a component of Red Hat OpenShift Pipelines 1.21.0",
"product_id": "Red Hat OpenShift Pipelines 1.21.0:registry.redhat.io/openshift-pipelines/pipelines-operator-webhook-rhel9@sha256:190f972cbf4951f32ccc666075c0c64751a98b4ac95f7b5762b39605084f4938_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-pipelines/pipelines-operator-webhook-rhel9@sha256:190f972cbf4951f32ccc666075c0c64751a98b4ac95f7b5762b39605084f4938_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Pipelines 1.21.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-pipelines/pipelines-operator-webhook-rhel9@sha256:511e668c1ffc13395f57cd53983b4ba6d76a7e4004d8a845bb940d86d775ada6_arm64 as a component of Red Hat OpenShift Pipelines 1.21.0",
"product_id": "Red Hat OpenShift Pipelines 1.21.0:registry.redhat.io/openshift-pipelines/pipelines-operator-webhook-rhel9@sha256:511e668c1ffc13395f57cd53983b4ba6d76a7e4004d8a845bb940d86d775ada6_arm64"
},
"product_reference": "registry.redhat.io/openshift-pipelines/pipelines-operator-webhook-rhel9@sha256:511e668c1ffc13395f57cd53983b4ba6d76a7e4004d8a845bb940d86d775ada6_arm64",
"relates_to_product_reference": "Red Hat OpenShift Pipelines 1.21.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-pipelines/pipelines-operator-webhook-rhel9@sha256:81280d1b2568f74e265a8ab579581b44843e6841be4aa55562df84298cceda99_s390x as a component of Red Hat OpenShift Pipelines 1.21.0",
"product_id": "Red Hat OpenShift Pipelines 1.21.0:registry.redhat.io/openshift-pipelines/pipelines-operator-webhook-rhel9@sha256:81280d1b2568f74e265a8ab579581b44843e6841be4aa55562df84298cceda99_s390x"
},
"product_reference": "registry.redhat.io/openshift-pipelines/pipelines-operator-webhook-rhel9@sha256:81280d1b2568f74e265a8ab579581b44843e6841be4aa55562df84298cceda99_s390x",
"relates_to_product_reference": "Red Hat OpenShift Pipelines 1.21.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-pipelines/pipelines-operator-webhook-rhel9@sha256:b574aec30943382079ea6c60df7aacce77fe3caacf366a08fe2c37769061a1bd_amd64 as a component of Red Hat OpenShift Pipelines 1.21.0",
"product_id": "Red Hat OpenShift Pipelines 1.21.0:registry.redhat.io/openshift-pipelines/pipelines-operator-webhook-rhel9@sha256:b574aec30943382079ea6c60df7aacce77fe3caacf366a08fe2c37769061a1bd_amd64"
},
"product_reference": "registry.redhat.io/openshift-pipelines/pipelines-operator-webhook-rhel9@sha256:b574aec30943382079ea6c60df7aacce77fe3caacf366a08fe2c37769061a1bd_amd64",
"relates_to_product_reference": "Red Hat OpenShift Pipelines 1.21.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-pipelines/pipelines-rhel9-operator@sha256:055d60f1ce44fdab089475c7fcbadb2764fdb453c05bba7ec918af82e4a2c7c1_amd64 as a component of Red Hat OpenShift Pipelines 1.21.0",
"product_id": "Red Hat OpenShift Pipelines 1.21.0:registry.redhat.io/openshift-pipelines/pipelines-rhel9-operator@sha256:055d60f1ce44fdab089475c7fcbadb2764fdb453c05bba7ec918af82e4a2c7c1_amd64"
},
"product_reference": "registry.redhat.io/openshift-pipelines/pipelines-rhel9-operator@sha256:055d60f1ce44fdab089475c7fcbadb2764fdb453c05bba7ec918af82e4a2c7c1_amd64",
"relates_to_product_reference": "Red Hat OpenShift Pipelines 1.21.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-pipelines/pipelines-rhel9-operator@sha256:258f160b7fcb75aea2ebf51b9163c58eaad1dc0fbd9285a411564a5f93e8a190_ppc64le as a component of Red Hat OpenShift Pipelines 1.21.0",
"product_id": "Red Hat OpenShift Pipelines 1.21.0:registry.redhat.io/openshift-pipelines/pipelines-rhel9-operator@sha256:258f160b7fcb75aea2ebf51b9163c58eaad1dc0fbd9285a411564a5f93e8a190_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-pipelines/pipelines-rhel9-operator@sha256:258f160b7fcb75aea2ebf51b9163c58eaad1dc0fbd9285a411564a5f93e8a190_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Pipelines 1.21.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-pipelines/pipelines-rhel9-operator@sha256:87ee30c0e63990331d779ff146fc811bd385f352c7c1d5b57d6d06fac2867f7b_s390x as a component of Red Hat OpenShift Pipelines 1.21.0",
"product_id": "Red Hat OpenShift Pipelines 1.21.0:registry.redhat.io/openshift-pipelines/pipelines-rhel9-operator@sha256:87ee30c0e63990331d779ff146fc811bd385f352c7c1d5b57d6d06fac2867f7b_s390x"
},
"product_reference": "registry.redhat.io/openshift-pipelines/pipelines-rhel9-operator@sha256:87ee30c0e63990331d779ff146fc811bd385f352c7c1d5b57d6d06fac2867f7b_s390x",
"relates_to_product_reference": "Red Hat OpenShift Pipelines 1.21.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-pipelines/pipelines-rhel9-operator@sha256:bf1e73f5e9c64d63fa6c283617834f59d11c642ad92bf6ac08ebb0d4b0d2e089_arm64 as a component of Red Hat OpenShift Pipelines 1.21.0",
"product_id": "Red Hat OpenShift Pipelines 1.21.0:registry.redhat.io/openshift-pipelines/pipelines-rhel9-operator@sha256:bf1e73f5e9c64d63fa6c283617834f59d11c642ad92bf6ac08ebb0d4b0d2e089_arm64"
},
"product_reference": "registry.redhat.io/openshift-pipelines/pipelines-rhel9-operator@sha256:bf1e73f5e9c64d63fa6c283617834f59d11c642ad92bf6ac08ebb0d4b0d2e089_arm64",
"relates_to_product_reference": "Red Hat OpenShift Pipelines 1.21.0"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-66506",
"cwe": {
"id": "CWE-405",
"name": "Asymmetric Resource Consumption (Amplification)"
},
"discovery_date": "2025-12-04T23:01:20.507333+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Pipelines 1.21.0:registry.redhat.io/openshift-pipelines/pipelines-operator-proxy-rhel9@sha256:15d40f853744265a1f4f64e29d1da73056d87033faa393f17e2da75d19265008_arm64",
"Red Hat OpenShift Pipelines 1.21.0:registry.redhat.io/openshift-pipelines/pipelines-operator-proxy-rhel9@sha256:25aeacd4b3dc9fdc04f3d88b128658c8574798d125efff9496f7a936d85ceb04_ppc64le",
"Red Hat OpenShift Pipelines 1.21.0:registry.redhat.io/openshift-pipelines/pipelines-operator-proxy-rhel9@sha256:65dda4d1773b5cbb5b192aea81186aacb8e200d5c033527fcc9b236125382df3_amd64",
"Red Hat OpenShift Pipelines 1.21.0:registry.redhat.io/openshift-pipelines/pipelines-operator-proxy-rhel9@sha256:e3475b5cd64b0a9e597f31fe7b6a7847b2bf924ce4feb123ebbf8e3424938f67_s390x",
"Red Hat OpenShift Pipelines 1.21.0:registry.redhat.io/openshift-pipelines/pipelines-operator-webhook-rhel9@sha256:190f972cbf4951f32ccc666075c0c64751a98b4ac95f7b5762b39605084f4938_ppc64le",
"Red Hat OpenShift Pipelines 1.21.0:registry.redhat.io/openshift-pipelines/pipelines-operator-webhook-rhel9@sha256:511e668c1ffc13395f57cd53983b4ba6d76a7e4004d8a845bb940d86d775ada6_arm64",
"Red Hat OpenShift Pipelines 1.21.0:registry.redhat.io/openshift-pipelines/pipelines-operator-webhook-rhel9@sha256:81280d1b2568f74e265a8ab579581b44843e6841be4aa55562df84298cceda99_s390x",
"Red Hat OpenShift Pipelines 1.21.0:registry.redhat.io/openshift-pipelines/pipelines-operator-webhook-rhel9@sha256:b574aec30943382079ea6c60df7aacce77fe3caacf366a08fe2c37769061a1bd_amd64",
"Red Hat OpenShift Pipelines 1.21.0:registry.redhat.io/openshift-pipelines/pipelines-rhel9-operator@sha256:055d60f1ce44fdab089475c7fcbadb2764fdb453c05bba7ec918af82e4a2c7c1_amd64",
"Red Hat OpenShift Pipelines 1.21.0:registry.redhat.io/openshift-pipelines/pipelines-rhel9-operator@sha256:258f160b7fcb75aea2ebf51b9163c58eaad1dc0fbd9285a411564a5f93e8a190_ppc64le",
"Red Hat OpenShift Pipelines 1.21.0:registry.redhat.io/openshift-pipelines/pipelines-rhel9-operator@sha256:87ee30c0e63990331d779ff146fc811bd385f352c7c1d5b57d6d06fac2867f7b_s390x",
"Red Hat OpenShift Pipelines 1.21.0:registry.redhat.io/openshift-pipelines/pipelines-rhel9-operator@sha256:bf1e73f5e9c64d63fa6c283617834f59d11c642ad92bf6ac08ebb0d4b0d2e089_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2419056"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Fulcio, a free-to-use certificate authority. This vulnerability allows a denial of service (DoS) due to excessive memory allocation when processing a malicious OpenID Connect (OIDC) identity token containing numerous period characters.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "github.com/sigstore/fulcio: Fulcio: Denial of Service via crafted OpenID Connect (OIDC) token",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Important for Red Hat as Fulcio, a certificate authority used for issuing code signing certificates, is susceptible to a denial of service when processing a specially crafted OpenID Connect (OIDC) token. This could lead to resource exhaustion and service unavailability in affected Red Hat products that utilize Fulcio.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Pipelines 1.21.0:registry.redhat.io/openshift-pipelines/pipelines-operator-bundle@sha256:a5672822c8a59e50317d79a697d7e93c9fca27df13dcbd999c3c7a18475243a2_amd64"
],
"known_not_affected": [
"Red Hat OpenShift Pipelines 1.21.0:registry.redhat.io/openshift-pipelines/pipelines-operator-proxy-rhel9@sha256:15d40f853744265a1f4f64e29d1da73056d87033faa393f17e2da75d19265008_arm64",
"Red Hat OpenShift Pipelines 1.21.0:registry.redhat.io/openshift-pipelines/pipelines-operator-proxy-rhel9@sha256:25aeacd4b3dc9fdc04f3d88b128658c8574798d125efff9496f7a936d85ceb04_ppc64le",
"Red Hat OpenShift Pipelines 1.21.0:registry.redhat.io/openshift-pipelines/pipelines-operator-proxy-rhel9@sha256:65dda4d1773b5cbb5b192aea81186aacb8e200d5c033527fcc9b236125382df3_amd64",
"Red Hat OpenShift Pipelines 1.21.0:registry.redhat.io/openshift-pipelines/pipelines-operator-proxy-rhel9@sha256:e3475b5cd64b0a9e597f31fe7b6a7847b2bf924ce4feb123ebbf8e3424938f67_s390x",
"Red Hat OpenShift Pipelines 1.21.0:registry.redhat.io/openshift-pipelines/pipelines-operator-webhook-rhel9@sha256:190f972cbf4951f32ccc666075c0c64751a98b4ac95f7b5762b39605084f4938_ppc64le",
"Red Hat OpenShift Pipelines 1.21.0:registry.redhat.io/openshift-pipelines/pipelines-operator-webhook-rhel9@sha256:511e668c1ffc13395f57cd53983b4ba6d76a7e4004d8a845bb940d86d775ada6_arm64",
"Red Hat OpenShift Pipelines 1.21.0:registry.redhat.io/openshift-pipelines/pipelines-operator-webhook-rhel9@sha256:81280d1b2568f74e265a8ab579581b44843e6841be4aa55562df84298cceda99_s390x",
"Red Hat OpenShift Pipelines 1.21.0:registry.redhat.io/openshift-pipelines/pipelines-operator-webhook-rhel9@sha256:b574aec30943382079ea6c60df7aacce77fe3caacf366a08fe2c37769061a1bd_amd64",
"Red Hat OpenShift Pipelines 1.21.0:registry.redhat.io/openshift-pipelines/pipelines-rhel9-operator@sha256:055d60f1ce44fdab089475c7fcbadb2764fdb453c05bba7ec918af82e4a2c7c1_amd64",
"Red Hat OpenShift Pipelines 1.21.0:registry.redhat.io/openshift-pipelines/pipelines-rhel9-operator@sha256:258f160b7fcb75aea2ebf51b9163c58eaad1dc0fbd9285a411564a5f93e8a190_ppc64le",
"Red Hat OpenShift Pipelines 1.21.0:registry.redhat.io/openshift-pipelines/pipelines-rhel9-operator@sha256:87ee30c0e63990331d779ff146fc811bd385f352c7c1d5b57d6d06fac2867f7b_s390x",
"Red Hat OpenShift Pipelines 1.21.0:registry.redhat.io/openshift-pipelines/pipelines-rhel9-operator@sha256:bf1e73f5e9c64d63fa6c283617834f59d11c642ad92bf6ac08ebb0d4b0d2e089_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-66506"
},
{
"category": "external",
"summary": "RHBZ#2419056",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2419056"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-66506",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66506"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-66506",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66506"
},
{
"category": "external",
"summary": "https://github.com/sigstore/fulcio/commit/765a0e57608b9ef390e1eeeea8595b9054c63a5a",
"url": "https://github.com/sigstore/fulcio/commit/765a0e57608b9ef390e1eeeea8595b9054c63a5a"
},
{
"category": "external",
"summary": "https://github.com/sigstore/fulcio/security/advisories/GHSA-f83f-xpx7-ffpw",
"url": "https://github.com/sigstore/fulcio/security/advisories/GHSA-f83f-xpx7-ffpw"
}
],
"release_date": "2025-12-04T22:04:41.637000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-22T21:04:37+00:00",
"details": "Red Hat OpenShift Pipelines is a cloud-native, continuous integration and\ncontinuous delivery (CI/CD) solution based on Kubernetes resources.\nIt uses Tekton building blocks to automate deployments across multiple\nplatforms by abstracting away the underlying implementation details.\nTekton introduces a number of standard custom resource definitions (CRDs)\nfor defining CI/CD pipelines that are portable across Kubernetes distributions.",
"product_ids": [
"Red Hat OpenShift Pipelines 1.21.0:registry.redhat.io/openshift-pipelines/pipelines-operator-bundle@sha256:a5672822c8a59e50317d79a697d7e93c9fca27df13dcbd999c3c7a18475243a2_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:1049"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Pipelines 1.21.0:registry.redhat.io/openshift-pipelines/pipelines-operator-bundle@sha256:a5672822c8a59e50317d79a697d7e93c9fca27df13dcbd999c3c7a18475243a2_amd64",
"Red Hat OpenShift Pipelines 1.21.0:registry.redhat.io/openshift-pipelines/pipelines-operator-proxy-rhel9@sha256:15d40f853744265a1f4f64e29d1da73056d87033faa393f17e2da75d19265008_arm64",
"Red Hat OpenShift Pipelines 1.21.0:registry.redhat.io/openshift-pipelines/pipelines-operator-proxy-rhel9@sha256:25aeacd4b3dc9fdc04f3d88b128658c8574798d125efff9496f7a936d85ceb04_ppc64le",
"Red Hat OpenShift Pipelines 1.21.0:registry.redhat.io/openshift-pipelines/pipelines-operator-proxy-rhel9@sha256:65dda4d1773b5cbb5b192aea81186aacb8e200d5c033527fcc9b236125382df3_amd64",
"Red Hat OpenShift Pipelines 1.21.0:registry.redhat.io/openshift-pipelines/pipelines-operator-proxy-rhel9@sha256:e3475b5cd64b0a9e597f31fe7b6a7847b2bf924ce4feb123ebbf8e3424938f67_s390x",
"Red Hat OpenShift Pipelines 1.21.0:registry.redhat.io/openshift-pipelines/pipelines-operator-webhook-rhel9@sha256:190f972cbf4951f32ccc666075c0c64751a98b4ac95f7b5762b39605084f4938_ppc64le",
"Red Hat OpenShift Pipelines 1.21.0:registry.redhat.io/openshift-pipelines/pipelines-operator-webhook-rhel9@sha256:511e668c1ffc13395f57cd53983b4ba6d76a7e4004d8a845bb940d86d775ada6_arm64",
"Red Hat OpenShift Pipelines 1.21.0:registry.redhat.io/openshift-pipelines/pipelines-operator-webhook-rhel9@sha256:81280d1b2568f74e265a8ab579581b44843e6841be4aa55562df84298cceda99_s390x",
"Red Hat OpenShift Pipelines 1.21.0:registry.redhat.io/openshift-pipelines/pipelines-operator-webhook-rhel9@sha256:b574aec30943382079ea6c60df7aacce77fe3caacf366a08fe2c37769061a1bd_amd64",
"Red Hat OpenShift Pipelines 1.21.0:registry.redhat.io/openshift-pipelines/pipelines-rhel9-operator@sha256:055d60f1ce44fdab089475c7fcbadb2764fdb453c05bba7ec918af82e4a2c7c1_amd64",
"Red Hat OpenShift Pipelines 1.21.0:registry.redhat.io/openshift-pipelines/pipelines-rhel9-operator@sha256:258f160b7fcb75aea2ebf51b9163c58eaad1dc0fbd9285a411564a5f93e8a190_ppc64le",
"Red Hat OpenShift Pipelines 1.21.0:registry.redhat.io/openshift-pipelines/pipelines-rhel9-operator@sha256:87ee30c0e63990331d779ff146fc811bd385f352c7c1d5b57d6d06fac2867f7b_s390x",
"Red Hat OpenShift Pipelines 1.21.0:registry.redhat.io/openshift-pipelines/pipelines-rhel9-operator@sha256:bf1e73f5e9c64d63fa6c283617834f59d11c642ad92bf6ac08ebb0d4b0d2e089_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "github.com/sigstore/fulcio: Fulcio: Denial of Service via crafted OpenID Connect (OIDC) token"
}
]
}
RHSA-2026:1517
Vulnerability from csaf_redhat - Published: 2026-01-28 22:40 - Updated: 2026-02-08 07:26Summary
Red Hat Security Advisory: RHACS 4.8.8 security and bug fix update
Notes
Topic
Updated images are now available for Red Hat Advanced Cluster Security
(RHACS), which typically include new features, bug fixes, and/or
security patches.
Details
See the release notes (link in the references section) for a
description of the fixes and enhancements in this particular release.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Updated images are now available for Red Hat Advanced Cluster Security\n(RHACS), which typically include new features, bug fixes, and/or\nsecurity patches.",
"title": "Topic"
},
{
"category": "general",
"text": "See the release notes (link in the references section) for a\ndescription of the fixes and enhancements in this particular release.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:1517",
"url": "https://access.redhat.com/errata/RHSA-2026:1517"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-12816",
"url": "https://access.redhat.com/security/cve/CVE-2025-12816"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-15284",
"url": "https://access.redhat.com/security/cve/CVE-2025-15284"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-66031",
"url": "https://access.redhat.com/security/cve/CVE-2025-66031"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-66506",
"url": "https://access.redhat.com/security/cve/CVE-2025-66506"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-66564",
"url": "https://access.redhat.com/security/cve/CVE-2025-66564"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-68428",
"url": "https://access.redhat.com/security/cve/CVE-2025-68428"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-68973",
"url": "https://access.redhat.com/security/cve/CVE-2025-68973"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-22029",
"url": "https://access.redhat.com/security/cve/CVE-2026-22029"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "external",
"summary": "https://docs.redhat.com/en/documentation/red_hat_advanced_cluster_security_for_kubernetes/4.8/html-single/release_notes/index#about-this-release-488_release-notes-48",
"url": "https://docs.redhat.com/en/documentation/red_hat_advanced_cluster_security_for_kubernetes/4.8/html-single/release_notes/index#about-this-release-488_release-notes-48"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_1517.json"
}
],
"title": "Red Hat Security Advisory: RHACS 4.8.8 security and bug fix update",
"tracking": {
"current_release_date": "2026-02-08T07:26:19+00:00",
"generator": {
"date": "2026-02-08T07:26:19+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.1"
}
},
"id": "RHSA-2026:1517",
"initial_release_date": "2026-01-28T22:40:02+00:00",
"revision_history": [
{
"date": "2026-01-28T22:40:02+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-01-28T22:40:11+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-02-08T07:26:19+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Advanced Cluster Security 4.8",
"product": {
"name": "Red Hat Advanced Cluster Security 4.8",
"product_id": "Red Hat Advanced Cluster Security 4.8",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:advanced_cluster_security:4.8::el8"
}
}
}
],
"category": "product_family",
"name": "Red Hat Advanced Cluster Security"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:189126988989d9ea557c1356386ee5a7443d5cb01717e0d974f0603a2b659130_amd64",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:189126988989d9ea557c1356386ee5a7443d5cb01717e0d974f0603a2b659130_amd64",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:189126988989d9ea557c1356386ee5a7443d5cb01717e0d974f0603a2b659130_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-central-db-rhel8@sha256%3A189126988989d9ea557c1356386ee5a7443d5cb01717e0d974f0603a2b659130?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security\u0026tag=1769615659"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:ca3b14d4dc352c45cfab525c2c4e2c703c46a948022634b1d023ac27fbf57f89_amd64",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:ca3b14d4dc352c45cfab525c2c4e2c703c46a948022634b1d023ac27fbf57f89_amd64",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:ca3b14d4dc352c45cfab525c2c4e2c703c46a948022634b1d023ac27fbf57f89_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-collector-rhel8@sha256%3Aca3b14d4dc352c45cfab525c2c4e2c703c46a948022634b1d023ac27fbf57f89?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security\u0026tag=1769010086"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:438b4904d97ca6cd51284955f284c0b078af30859460eb1ed608e20535ccc2c8_amd64",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:438b4904d97ca6cd51284955f284c0b078af30859460eb1ed608e20535ccc2c8_amd64",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:438b4904d97ca6cd51284955f284c0b078af30859460eb1ed608e20535ccc2c8_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-main-rhel8@sha256%3A438b4904d97ca6cd51284955f284c0b078af30859460eb1ed608e20535ccc2c8?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security\u0026tag=1769615659"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:f23f9417f4dc4631bb2ab5e51e95d3a28ea7511f96a12f5d717353db4a1b40cd_amd64",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:f23f9417f4dc4631bb2ab5e51e95d3a28ea7511f96a12f5d717353db4a1b40cd_amd64",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:f23f9417f4dc4631bb2ab5e51e95d3a28ea7511f96a12f5d717353db4a1b40cd_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-rhel8-operator@sha256%3Af23f9417f4dc4631bb2ab5e51e95d3a28ea7511f96a12f5d717353db4a1b40cd?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security\u0026tag=1769615659"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle@sha256:b22341e8dfba8b10b70f21f3b597c02874bae485c07517402db0930397d82688_amd64",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle@sha256:b22341e8dfba8b10b70f21f3b597c02874bae485c07517402db0930397d82688_amd64",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle@sha256:b22341e8dfba8b10b70f21f3b597c02874bae485c07517402db0930397d82688_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-operator-bundle@sha256%3Ab22341e8dfba8b10b70f21f3b597c02874bae485c07517402db0930397d82688?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security\u0026tag=1769615659"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:d353cd9e8305138cc186affd8d68256061ca2113208c8969a5b0fa7b4c1eab24_amd64",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:d353cd9e8305138cc186affd8d68256061ca2113208c8969a5b0fa7b4c1eab24_amd64",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:d353cd9e8305138cc186affd8d68256061ca2113208c8969a5b0fa7b4c1eab24_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-roxctl-rhel8@sha256%3Ad353cd9e8305138cc186affd8d68256061ca2113208c8969a5b0fa7b4c1eab24?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security\u0026tag=1769615659"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:c7a63ddb83702fc56250aaf0bf090db1038d7d29eb6025b6e9bc717e3cb3ced4_amd64",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:c7a63ddb83702fc56250aaf0bf090db1038d7d29eb6025b6e9bc717e3cb3ced4_amd64",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:c7a63ddb83702fc56250aaf0bf090db1038d7d29eb6025b6e9bc717e3cb3ced4_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-rhel8@sha256%3Ac7a63ddb83702fc56250aaf0bf090db1038d7d29eb6025b6e9bc717e3cb3ced4?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security\u0026tag=1769125501"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:9386cdac44378229ee4bbae348924e496738eadbb30a5a338886280a5361c91a_amd64",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:9386cdac44378229ee4bbae348924e496738eadbb30a5a338886280a5361c91a_amd64",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:9386cdac44378229ee4bbae348924e496738eadbb30a5a338886280a5361c91a_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-db-rhel8@sha256%3A9386cdac44378229ee4bbae348924e496738eadbb30a5a338886280a5361c91a?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security\u0026tag=1769125501"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:eb98140ad6ba3fe2b9fee5f59130671b490cf2849f5fb68a2abc51748d97ff8d_amd64",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:eb98140ad6ba3fe2b9fee5f59130671b490cf2849f5fb68a2abc51748d97ff8d_amd64",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:eb98140ad6ba3fe2b9fee5f59130671b490cf2849f5fb68a2abc51748d97ff8d_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-db-slim-rhel8@sha256%3Aeb98140ad6ba3fe2b9fee5f59130671b490cf2849f5fb68a2abc51748d97ff8d?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security\u0026tag=1769125501"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:8e4a29ad6b0e226e055bc56ef73b751a94f35fe06e83cf021b1a23204fab64cd_amd64",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:8e4a29ad6b0e226e055bc56ef73b751a94f35fe06e83cf021b1a23204fab64cd_amd64",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:8e4a29ad6b0e226e055bc56ef73b751a94f35fe06e83cf021b1a23204fab64cd_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-slim-rhel8@sha256%3A8e4a29ad6b0e226e055bc56ef73b751a94f35fe06e83cf021b1a23204fab64cd?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security\u0026tag=1769125501"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:4586e2f4308662e5ff54d15fb4a7839982fd59a74a7e0534b7df0537c65da3e7_amd64",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:4586e2f4308662e5ff54d15fb4a7839982fd59a74a7e0534b7df0537c65da3e7_amd64",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:4586e2f4308662e5ff54d15fb4a7839982fd59a74a7e0534b7df0537c65da3e7_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-v4-rhel8@sha256%3A4586e2f4308662e5ff54d15fb4a7839982fd59a74a7e0534b7df0537c65da3e7?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security\u0026tag=1769615659"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1b160193dd2e7612a7cd95e2f3e2863fae06c51b29afe8e67d57fa80ec703884_amd64",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1b160193dd2e7612a7cd95e2f3e2863fae06c51b29afe8e67d57fa80ec703884_amd64",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1b160193dd2e7612a7cd95e2f3e2863fae06c51b29afe8e67d57fa80ec703884_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-v4-db-rhel8@sha256%3A1b160193dd2e7612a7cd95e2f3e2863fae06c51b29afe8e67d57fa80ec703884?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security\u0026tag=1769615659"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:eaea088de3ff04166ec467b67d70f55662a2917441d3d9d4e8dd39677031bc4c_arm64",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:eaea088de3ff04166ec467b67d70f55662a2917441d3d9d4e8dd39677031bc4c_arm64",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:eaea088de3ff04166ec467b67d70f55662a2917441d3d9d4e8dd39677031bc4c_arm64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-central-db-rhel8@sha256%3Aeaea088de3ff04166ec467b67d70f55662a2917441d3d9d4e8dd39677031bc4c?arch=arm64\u0026repository_url=registry.redhat.io/advanced-cluster-security\u0026tag=1769615659"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:5271f61b08c3c593db3285d7d68014792440944ee38c2fff1839f2d401cc27ad_arm64",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:5271f61b08c3c593db3285d7d68014792440944ee38c2fff1839f2d401cc27ad_arm64",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:5271f61b08c3c593db3285d7d68014792440944ee38c2fff1839f2d401cc27ad_arm64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-collector-rhel8@sha256%3A5271f61b08c3c593db3285d7d68014792440944ee38c2fff1839f2d401cc27ad?arch=arm64\u0026repository_url=registry.redhat.io/advanced-cluster-security\u0026tag=1769010086"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:2b5ba43a096f738c776e4fc95ac5afabbe1b80826c7350f85f0ca5987f412406_arm64",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:2b5ba43a096f738c776e4fc95ac5afabbe1b80826c7350f85f0ca5987f412406_arm64",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:2b5ba43a096f738c776e4fc95ac5afabbe1b80826c7350f85f0ca5987f412406_arm64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-main-rhel8@sha256%3A2b5ba43a096f738c776e4fc95ac5afabbe1b80826c7350f85f0ca5987f412406?arch=arm64\u0026repository_url=registry.redhat.io/advanced-cluster-security\u0026tag=1769615659"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:ffc6d43eb11c5cc4672b73597b6cfe0dce6356f40777f4ab2dc26aa1f74cf957_arm64",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:ffc6d43eb11c5cc4672b73597b6cfe0dce6356f40777f4ab2dc26aa1f74cf957_arm64",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:ffc6d43eb11c5cc4672b73597b6cfe0dce6356f40777f4ab2dc26aa1f74cf957_arm64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-rhel8-operator@sha256%3Affc6d43eb11c5cc4672b73597b6cfe0dce6356f40777f4ab2dc26aa1f74cf957?arch=arm64\u0026repository_url=registry.redhat.io/advanced-cluster-security\u0026tag=1769615659"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:cfa4cd81826c4f945fdb2900aa16028919ad0737beb15c424162a34c1f86a46b_arm64",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:cfa4cd81826c4f945fdb2900aa16028919ad0737beb15c424162a34c1f86a46b_arm64",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:cfa4cd81826c4f945fdb2900aa16028919ad0737beb15c424162a34c1f86a46b_arm64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-roxctl-rhel8@sha256%3Acfa4cd81826c4f945fdb2900aa16028919ad0737beb15c424162a34c1f86a46b?arch=arm64\u0026repository_url=registry.redhat.io/advanced-cluster-security\u0026tag=1769615659"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:87359ad896ce3ecce5da9763a34f18b0481cbad50b4f3b0130b948e57645f818_arm64",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:87359ad896ce3ecce5da9763a34f18b0481cbad50b4f3b0130b948e57645f818_arm64",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:87359ad896ce3ecce5da9763a34f18b0481cbad50b4f3b0130b948e57645f818_arm64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-rhel8@sha256%3A87359ad896ce3ecce5da9763a34f18b0481cbad50b4f3b0130b948e57645f818?arch=arm64\u0026repository_url=registry.redhat.io/advanced-cluster-security\u0026tag=1769125501"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:b60ce2debac0fa9a6f0a125775df71c175aa1a0d25489cc63e1caf98464fb6b3_arm64",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:b60ce2debac0fa9a6f0a125775df71c175aa1a0d25489cc63e1caf98464fb6b3_arm64",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:b60ce2debac0fa9a6f0a125775df71c175aa1a0d25489cc63e1caf98464fb6b3_arm64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-db-rhel8@sha256%3Ab60ce2debac0fa9a6f0a125775df71c175aa1a0d25489cc63e1caf98464fb6b3?arch=arm64\u0026repository_url=registry.redhat.io/advanced-cluster-security\u0026tag=1769125501"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:d480afc91510b9422e2d227813052a6a25a759bdd0fee683e399d3dcfa08ab29_arm64",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:d480afc91510b9422e2d227813052a6a25a759bdd0fee683e399d3dcfa08ab29_arm64",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:d480afc91510b9422e2d227813052a6a25a759bdd0fee683e399d3dcfa08ab29_arm64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-db-slim-rhel8@sha256%3Ad480afc91510b9422e2d227813052a6a25a759bdd0fee683e399d3dcfa08ab29?arch=arm64\u0026repository_url=registry.redhat.io/advanced-cluster-security\u0026tag=1769125501"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:1ae07e2c03ed0497812c7f716d05358367bcd6aec9f25141658a86cba4f9361e_arm64",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:1ae07e2c03ed0497812c7f716d05358367bcd6aec9f25141658a86cba4f9361e_arm64",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:1ae07e2c03ed0497812c7f716d05358367bcd6aec9f25141658a86cba4f9361e_arm64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-slim-rhel8@sha256%3A1ae07e2c03ed0497812c7f716d05358367bcd6aec9f25141658a86cba4f9361e?arch=arm64\u0026repository_url=registry.redhat.io/advanced-cluster-security\u0026tag=1769125501"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:c69235da18dcccc515f64615d6e2313423520cff6c3d32b87b2c3e1f1069ffa3_arm64",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:c69235da18dcccc515f64615d6e2313423520cff6c3d32b87b2c3e1f1069ffa3_arm64",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:c69235da18dcccc515f64615d6e2313423520cff6c3d32b87b2c3e1f1069ffa3_arm64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-v4-rhel8@sha256%3Ac69235da18dcccc515f64615d6e2313423520cff6c3d32b87b2c3e1f1069ffa3?arch=arm64\u0026repository_url=registry.redhat.io/advanced-cluster-security\u0026tag=1769615659"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:e7e8edfbe4e6a55628f4d161d42d375f41e45e9bac792e1d33aadb3dbcafe471_arm64",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:e7e8edfbe4e6a55628f4d161d42d375f41e45e9bac792e1d33aadb3dbcafe471_arm64",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:e7e8edfbe4e6a55628f4d161d42d375f41e45e9bac792e1d33aadb3dbcafe471_arm64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-v4-db-rhel8@sha256%3Ae7e8edfbe4e6a55628f4d161d42d375f41e45e9bac792e1d33aadb3dbcafe471?arch=arm64\u0026repository_url=registry.redhat.io/advanced-cluster-security\u0026tag=1769615659"
}
}
}
],
"category": "architecture",
"name": "arm64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:db0681aece90f0ecbd6cebe7dbc60ba59f02258a27cdae938752a7e9dbaf475d_ppc64le",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:db0681aece90f0ecbd6cebe7dbc60ba59f02258a27cdae938752a7e9dbaf475d_ppc64le",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:db0681aece90f0ecbd6cebe7dbc60ba59f02258a27cdae938752a7e9dbaf475d_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-central-db-rhel8@sha256%3Adb0681aece90f0ecbd6cebe7dbc60ba59f02258a27cdae938752a7e9dbaf475d?arch=ppc64le\u0026repository_url=registry.redhat.io/advanced-cluster-security\u0026tag=1769615659"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:97949783533ac35c4c48c3bdfcb5306853779e82b101e52fdc2f95923d4d071f_ppc64le",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:97949783533ac35c4c48c3bdfcb5306853779e82b101e52fdc2f95923d4d071f_ppc64le",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:97949783533ac35c4c48c3bdfcb5306853779e82b101e52fdc2f95923d4d071f_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-collector-rhel8@sha256%3A97949783533ac35c4c48c3bdfcb5306853779e82b101e52fdc2f95923d4d071f?arch=ppc64le\u0026repository_url=registry.redhat.io/advanced-cluster-security\u0026tag=1769010086"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:fe5172976364ca5ef1bd83d25b5a51497d51782ef30706ccbceae3db64d10019_ppc64le",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:fe5172976364ca5ef1bd83d25b5a51497d51782ef30706ccbceae3db64d10019_ppc64le",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:fe5172976364ca5ef1bd83d25b5a51497d51782ef30706ccbceae3db64d10019_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-main-rhel8@sha256%3Afe5172976364ca5ef1bd83d25b5a51497d51782ef30706ccbceae3db64d10019?arch=ppc64le\u0026repository_url=registry.redhat.io/advanced-cluster-security\u0026tag=1769615659"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:074255ff15e39c96ccb0dac16df03a8f3066afa4f2f6d81588e11d0cff5f7dd6_ppc64le",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:074255ff15e39c96ccb0dac16df03a8f3066afa4f2f6d81588e11d0cff5f7dd6_ppc64le",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:074255ff15e39c96ccb0dac16df03a8f3066afa4f2f6d81588e11d0cff5f7dd6_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-rhel8-operator@sha256%3A074255ff15e39c96ccb0dac16df03a8f3066afa4f2f6d81588e11d0cff5f7dd6?arch=ppc64le\u0026repository_url=registry.redhat.io/advanced-cluster-security\u0026tag=1769615659"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:678b96caceeb30a64c2f43395ab291e3035fa122d46eb9d2289e77bfc6b4c3b2_ppc64le",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:678b96caceeb30a64c2f43395ab291e3035fa122d46eb9d2289e77bfc6b4c3b2_ppc64le",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:678b96caceeb30a64c2f43395ab291e3035fa122d46eb9d2289e77bfc6b4c3b2_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-roxctl-rhel8@sha256%3A678b96caceeb30a64c2f43395ab291e3035fa122d46eb9d2289e77bfc6b4c3b2?arch=ppc64le\u0026repository_url=registry.redhat.io/advanced-cluster-security\u0026tag=1769615659"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:14f23c5a1b81122d6c019ee470617da0e4597b9aac42c008797c0be8a0c14b45_ppc64le",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:14f23c5a1b81122d6c019ee470617da0e4597b9aac42c008797c0be8a0c14b45_ppc64le",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:14f23c5a1b81122d6c019ee470617da0e4597b9aac42c008797c0be8a0c14b45_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-rhel8@sha256%3A14f23c5a1b81122d6c019ee470617da0e4597b9aac42c008797c0be8a0c14b45?arch=ppc64le\u0026repository_url=registry.redhat.io/advanced-cluster-security\u0026tag=1769125501"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:f5a834aae45dabf73e50ef426ac18c2a4737c99373aa8705b60778cfa6faebe4_ppc64le",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:f5a834aae45dabf73e50ef426ac18c2a4737c99373aa8705b60778cfa6faebe4_ppc64le",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:f5a834aae45dabf73e50ef426ac18c2a4737c99373aa8705b60778cfa6faebe4_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-db-rhel8@sha256%3Af5a834aae45dabf73e50ef426ac18c2a4737c99373aa8705b60778cfa6faebe4?arch=ppc64le\u0026repository_url=registry.redhat.io/advanced-cluster-security\u0026tag=1769125501"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:e292fc02185514b2e246e4ca7e23572bf24d64b72bb503e80b5f43411d6dd585_ppc64le",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:e292fc02185514b2e246e4ca7e23572bf24d64b72bb503e80b5f43411d6dd585_ppc64le",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:e292fc02185514b2e246e4ca7e23572bf24d64b72bb503e80b5f43411d6dd585_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-db-slim-rhel8@sha256%3Ae292fc02185514b2e246e4ca7e23572bf24d64b72bb503e80b5f43411d6dd585?arch=ppc64le\u0026repository_url=registry.redhat.io/advanced-cluster-security\u0026tag=1769125501"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:deea39a769a89ac2ac4ea6470d4865de5802331e36b81ac167526b7cd92713fa_ppc64le",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:deea39a769a89ac2ac4ea6470d4865de5802331e36b81ac167526b7cd92713fa_ppc64le",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:deea39a769a89ac2ac4ea6470d4865de5802331e36b81ac167526b7cd92713fa_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-slim-rhel8@sha256%3Adeea39a769a89ac2ac4ea6470d4865de5802331e36b81ac167526b7cd92713fa?arch=ppc64le\u0026repository_url=registry.redhat.io/advanced-cluster-security\u0026tag=1769125501"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:ec4c412b018affc913dd6e50fa1ecaba47993619102a235572d30eb354af3599_ppc64le",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:ec4c412b018affc913dd6e50fa1ecaba47993619102a235572d30eb354af3599_ppc64le",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:ec4c412b018affc913dd6e50fa1ecaba47993619102a235572d30eb354af3599_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-v4-rhel8@sha256%3Aec4c412b018affc913dd6e50fa1ecaba47993619102a235572d30eb354af3599?arch=ppc64le\u0026repository_url=registry.redhat.io/advanced-cluster-security\u0026tag=1769615659"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:f7687becdf95ecf98b9fadbc501163c3bc2f4b1906fd59c19ad6717a1897f8e8_ppc64le",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:f7687becdf95ecf98b9fadbc501163c3bc2f4b1906fd59c19ad6717a1897f8e8_ppc64le",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:f7687becdf95ecf98b9fadbc501163c3bc2f4b1906fd59c19ad6717a1897f8e8_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-v4-db-rhel8@sha256%3Af7687becdf95ecf98b9fadbc501163c3bc2f4b1906fd59c19ad6717a1897f8e8?arch=ppc64le\u0026repository_url=registry.redhat.io/advanced-cluster-security\u0026tag=1769615659"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:452b98b484516602e84835289b97d3ce5bfea4de66996fc66381a74e5f47ab44_s390x",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:452b98b484516602e84835289b97d3ce5bfea4de66996fc66381a74e5f47ab44_s390x",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:452b98b484516602e84835289b97d3ce5bfea4de66996fc66381a74e5f47ab44_s390x",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-central-db-rhel8@sha256%3A452b98b484516602e84835289b97d3ce5bfea4de66996fc66381a74e5f47ab44?arch=s390x\u0026repository_url=registry.redhat.io/advanced-cluster-security\u0026tag=1769615659"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:69cbd0e1ffe7abde1ac760e74088a5f98c529fa22b426dd15de013c7308bf325_s390x",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:69cbd0e1ffe7abde1ac760e74088a5f98c529fa22b426dd15de013c7308bf325_s390x",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:69cbd0e1ffe7abde1ac760e74088a5f98c529fa22b426dd15de013c7308bf325_s390x",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-collector-rhel8@sha256%3A69cbd0e1ffe7abde1ac760e74088a5f98c529fa22b426dd15de013c7308bf325?arch=s390x\u0026repository_url=registry.redhat.io/advanced-cluster-security\u0026tag=1769010086"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:f96217aeff1a39024700537986dca70ce7e94949c91c3da815dc715ef6588044_s390x",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:f96217aeff1a39024700537986dca70ce7e94949c91c3da815dc715ef6588044_s390x",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:f96217aeff1a39024700537986dca70ce7e94949c91c3da815dc715ef6588044_s390x",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-main-rhel8@sha256%3Af96217aeff1a39024700537986dca70ce7e94949c91c3da815dc715ef6588044?arch=s390x\u0026repository_url=registry.redhat.io/advanced-cluster-security\u0026tag=1769615659"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:194bed8ce4509622b1802b5b6c528e34c4fa610e7ca2894d2c5a34874e1e393f_s390x",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:194bed8ce4509622b1802b5b6c528e34c4fa610e7ca2894d2c5a34874e1e393f_s390x",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:194bed8ce4509622b1802b5b6c528e34c4fa610e7ca2894d2c5a34874e1e393f_s390x",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-rhel8-operator@sha256%3A194bed8ce4509622b1802b5b6c528e34c4fa610e7ca2894d2c5a34874e1e393f?arch=s390x\u0026repository_url=registry.redhat.io/advanced-cluster-security\u0026tag=1769615659"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:dcfa45646e951547da04021f3f35d7262a95f565366a1c5ebbf12532f783f686_s390x",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:dcfa45646e951547da04021f3f35d7262a95f565366a1c5ebbf12532f783f686_s390x",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:dcfa45646e951547da04021f3f35d7262a95f565366a1c5ebbf12532f783f686_s390x",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-roxctl-rhel8@sha256%3Adcfa45646e951547da04021f3f35d7262a95f565366a1c5ebbf12532f783f686?arch=s390x\u0026repository_url=registry.redhat.io/advanced-cluster-security\u0026tag=1769615659"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:5180c88b2677bb366aea5af964bf40c1bad8bbf4c33cefaba87ce6c22e9e8e17_s390x",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:5180c88b2677bb366aea5af964bf40c1bad8bbf4c33cefaba87ce6c22e9e8e17_s390x",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:5180c88b2677bb366aea5af964bf40c1bad8bbf4c33cefaba87ce6c22e9e8e17_s390x",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-rhel8@sha256%3A5180c88b2677bb366aea5af964bf40c1bad8bbf4c33cefaba87ce6c22e9e8e17?arch=s390x\u0026repository_url=registry.redhat.io/advanced-cluster-security\u0026tag=1769125501"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:cc3f28d099d73edfd4a234b5c6bdd52299a7b3fec9b25275aca413b64c9320e3_s390x",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:cc3f28d099d73edfd4a234b5c6bdd52299a7b3fec9b25275aca413b64c9320e3_s390x",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:cc3f28d099d73edfd4a234b5c6bdd52299a7b3fec9b25275aca413b64c9320e3_s390x",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-db-rhel8@sha256%3Acc3f28d099d73edfd4a234b5c6bdd52299a7b3fec9b25275aca413b64c9320e3?arch=s390x\u0026repository_url=registry.redhat.io/advanced-cluster-security\u0026tag=1769125501"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:670450f25d9a48e836d7ea6196f7da036dde40a13c87ac4e56821a6c255820b1_s390x",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:670450f25d9a48e836d7ea6196f7da036dde40a13c87ac4e56821a6c255820b1_s390x",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:670450f25d9a48e836d7ea6196f7da036dde40a13c87ac4e56821a6c255820b1_s390x",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-db-slim-rhel8@sha256%3A670450f25d9a48e836d7ea6196f7da036dde40a13c87ac4e56821a6c255820b1?arch=s390x\u0026repository_url=registry.redhat.io/advanced-cluster-security\u0026tag=1769125501"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:d5242d47d9ce958769e5986d54eee1522b19341677ef2051bfea3c72b4b86ce5_s390x",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:d5242d47d9ce958769e5986d54eee1522b19341677ef2051bfea3c72b4b86ce5_s390x",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:d5242d47d9ce958769e5986d54eee1522b19341677ef2051bfea3c72b4b86ce5_s390x",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-slim-rhel8@sha256%3Ad5242d47d9ce958769e5986d54eee1522b19341677ef2051bfea3c72b4b86ce5?arch=s390x\u0026repository_url=registry.redhat.io/advanced-cluster-security\u0026tag=1769125501"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:1c5cb619fc844a48f79d2996d8c2239bab7077845d404184515d4e7df7afdc6e_s390x",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:1c5cb619fc844a48f79d2996d8c2239bab7077845d404184515d4e7df7afdc6e_s390x",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:1c5cb619fc844a48f79d2996d8c2239bab7077845d404184515d4e7df7afdc6e_s390x",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-v4-rhel8@sha256%3A1c5cb619fc844a48f79d2996d8c2239bab7077845d404184515d4e7df7afdc6e?arch=s390x\u0026repository_url=registry.redhat.io/advanced-cluster-security\u0026tag=1769615659"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1a3802e374386dd277f1e806a0cc7cdd9327dd57900df2e8af373acb0501a862_s390x",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1a3802e374386dd277f1e806a0cc7cdd9327dd57900df2e8af373acb0501a862_s390x",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1a3802e374386dd277f1e806a0cc7cdd9327dd57900df2e8af373acb0501a862_s390x",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-v4-db-rhel8@sha256%3A1a3802e374386dd277f1e806a0cc7cdd9327dd57900df2e8af373acb0501a862?arch=s390x\u0026repository_url=registry.redhat.io/advanced-cluster-security\u0026tag=1769615659"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:189126988989d9ea557c1356386ee5a7443d5cb01717e0d974f0603a2b659130_amd64 as a component of Red Hat Advanced Cluster Security 4.8",
"product_id": "Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:189126988989d9ea557c1356386ee5a7443d5cb01717e0d974f0603a2b659130_amd64"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:189126988989d9ea557c1356386ee5a7443d5cb01717e0d974f0603a2b659130_amd64",
"relates_to_product_reference": "Red Hat Advanced Cluster Security 4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:452b98b484516602e84835289b97d3ce5bfea4de66996fc66381a74e5f47ab44_s390x as a component of Red Hat Advanced Cluster Security 4.8",
"product_id": "Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:452b98b484516602e84835289b97d3ce5bfea4de66996fc66381a74e5f47ab44_s390x"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:452b98b484516602e84835289b97d3ce5bfea4de66996fc66381a74e5f47ab44_s390x",
"relates_to_product_reference": "Red Hat Advanced Cluster Security 4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:db0681aece90f0ecbd6cebe7dbc60ba59f02258a27cdae938752a7e9dbaf475d_ppc64le as a component of Red Hat Advanced Cluster Security 4.8",
"product_id": "Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:db0681aece90f0ecbd6cebe7dbc60ba59f02258a27cdae938752a7e9dbaf475d_ppc64le"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:db0681aece90f0ecbd6cebe7dbc60ba59f02258a27cdae938752a7e9dbaf475d_ppc64le",
"relates_to_product_reference": "Red Hat Advanced Cluster Security 4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:eaea088de3ff04166ec467b67d70f55662a2917441d3d9d4e8dd39677031bc4c_arm64 as a component of Red Hat Advanced Cluster Security 4.8",
"product_id": "Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:eaea088de3ff04166ec467b67d70f55662a2917441d3d9d4e8dd39677031bc4c_arm64"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:eaea088de3ff04166ec467b67d70f55662a2917441d3d9d4e8dd39677031bc4c_arm64",
"relates_to_product_reference": "Red Hat Advanced Cluster Security 4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:5271f61b08c3c593db3285d7d68014792440944ee38c2fff1839f2d401cc27ad_arm64 as a component of Red Hat Advanced Cluster Security 4.8",
"product_id": "Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:5271f61b08c3c593db3285d7d68014792440944ee38c2fff1839f2d401cc27ad_arm64"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:5271f61b08c3c593db3285d7d68014792440944ee38c2fff1839f2d401cc27ad_arm64",
"relates_to_product_reference": "Red Hat Advanced Cluster Security 4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:69cbd0e1ffe7abde1ac760e74088a5f98c529fa22b426dd15de013c7308bf325_s390x as a component of Red Hat Advanced Cluster Security 4.8",
"product_id": "Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:69cbd0e1ffe7abde1ac760e74088a5f98c529fa22b426dd15de013c7308bf325_s390x"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:69cbd0e1ffe7abde1ac760e74088a5f98c529fa22b426dd15de013c7308bf325_s390x",
"relates_to_product_reference": "Red Hat Advanced Cluster Security 4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:97949783533ac35c4c48c3bdfcb5306853779e82b101e52fdc2f95923d4d071f_ppc64le as a component of Red Hat Advanced Cluster Security 4.8",
"product_id": "Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:97949783533ac35c4c48c3bdfcb5306853779e82b101e52fdc2f95923d4d071f_ppc64le"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:97949783533ac35c4c48c3bdfcb5306853779e82b101e52fdc2f95923d4d071f_ppc64le",
"relates_to_product_reference": "Red Hat Advanced Cluster Security 4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:ca3b14d4dc352c45cfab525c2c4e2c703c46a948022634b1d023ac27fbf57f89_amd64 as a component of Red Hat Advanced Cluster Security 4.8",
"product_id": "Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:ca3b14d4dc352c45cfab525c2c4e2c703c46a948022634b1d023ac27fbf57f89_amd64"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:ca3b14d4dc352c45cfab525c2c4e2c703c46a948022634b1d023ac27fbf57f89_amd64",
"relates_to_product_reference": "Red Hat Advanced Cluster Security 4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:2b5ba43a096f738c776e4fc95ac5afabbe1b80826c7350f85f0ca5987f412406_arm64 as a component of Red Hat Advanced Cluster Security 4.8",
"product_id": "Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:2b5ba43a096f738c776e4fc95ac5afabbe1b80826c7350f85f0ca5987f412406_arm64"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:2b5ba43a096f738c776e4fc95ac5afabbe1b80826c7350f85f0ca5987f412406_arm64",
"relates_to_product_reference": "Red Hat Advanced Cluster Security 4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:438b4904d97ca6cd51284955f284c0b078af30859460eb1ed608e20535ccc2c8_amd64 as a component of Red Hat Advanced Cluster Security 4.8",
"product_id": "Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:438b4904d97ca6cd51284955f284c0b078af30859460eb1ed608e20535ccc2c8_amd64"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:438b4904d97ca6cd51284955f284c0b078af30859460eb1ed608e20535ccc2c8_amd64",
"relates_to_product_reference": "Red Hat Advanced Cluster Security 4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:f96217aeff1a39024700537986dca70ce7e94949c91c3da815dc715ef6588044_s390x as a component of Red Hat Advanced Cluster Security 4.8",
"product_id": "Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:f96217aeff1a39024700537986dca70ce7e94949c91c3da815dc715ef6588044_s390x"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:f96217aeff1a39024700537986dca70ce7e94949c91c3da815dc715ef6588044_s390x",
"relates_to_product_reference": "Red Hat Advanced Cluster Security 4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:fe5172976364ca5ef1bd83d25b5a51497d51782ef30706ccbceae3db64d10019_ppc64le as a component of Red Hat Advanced Cluster Security 4.8",
"product_id": "Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:fe5172976364ca5ef1bd83d25b5a51497d51782ef30706ccbceae3db64d10019_ppc64le"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:fe5172976364ca5ef1bd83d25b5a51497d51782ef30706ccbceae3db64d10019_ppc64le",
"relates_to_product_reference": "Red Hat Advanced Cluster Security 4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle@sha256:b22341e8dfba8b10b70f21f3b597c02874bae485c07517402db0930397d82688_amd64 as a component of Red Hat Advanced Cluster Security 4.8",
"product_id": "Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle@sha256:b22341e8dfba8b10b70f21f3b597c02874bae485c07517402db0930397d82688_amd64"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle@sha256:b22341e8dfba8b10b70f21f3b597c02874bae485c07517402db0930397d82688_amd64",
"relates_to_product_reference": "Red Hat Advanced Cluster Security 4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:074255ff15e39c96ccb0dac16df03a8f3066afa4f2f6d81588e11d0cff5f7dd6_ppc64le as a component of Red Hat Advanced Cluster Security 4.8",
"product_id": "Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:074255ff15e39c96ccb0dac16df03a8f3066afa4f2f6d81588e11d0cff5f7dd6_ppc64le"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:074255ff15e39c96ccb0dac16df03a8f3066afa4f2f6d81588e11d0cff5f7dd6_ppc64le",
"relates_to_product_reference": "Red Hat Advanced Cluster Security 4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:194bed8ce4509622b1802b5b6c528e34c4fa610e7ca2894d2c5a34874e1e393f_s390x as a component of Red Hat Advanced Cluster Security 4.8",
"product_id": "Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:194bed8ce4509622b1802b5b6c528e34c4fa610e7ca2894d2c5a34874e1e393f_s390x"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:194bed8ce4509622b1802b5b6c528e34c4fa610e7ca2894d2c5a34874e1e393f_s390x",
"relates_to_product_reference": "Red Hat Advanced Cluster Security 4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:f23f9417f4dc4631bb2ab5e51e95d3a28ea7511f96a12f5d717353db4a1b40cd_amd64 as a component of Red Hat Advanced Cluster Security 4.8",
"product_id": "Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:f23f9417f4dc4631bb2ab5e51e95d3a28ea7511f96a12f5d717353db4a1b40cd_amd64"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:f23f9417f4dc4631bb2ab5e51e95d3a28ea7511f96a12f5d717353db4a1b40cd_amd64",
"relates_to_product_reference": "Red Hat Advanced Cluster Security 4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:ffc6d43eb11c5cc4672b73597b6cfe0dce6356f40777f4ab2dc26aa1f74cf957_arm64 as a component of Red Hat Advanced Cluster Security 4.8",
"product_id": "Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:ffc6d43eb11c5cc4672b73597b6cfe0dce6356f40777f4ab2dc26aa1f74cf957_arm64"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:ffc6d43eb11c5cc4672b73597b6cfe0dce6356f40777f4ab2dc26aa1f74cf957_arm64",
"relates_to_product_reference": "Red Hat Advanced Cluster Security 4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:678b96caceeb30a64c2f43395ab291e3035fa122d46eb9d2289e77bfc6b4c3b2_ppc64le as a component of Red Hat Advanced Cluster Security 4.8",
"product_id": "Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:678b96caceeb30a64c2f43395ab291e3035fa122d46eb9d2289e77bfc6b4c3b2_ppc64le"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:678b96caceeb30a64c2f43395ab291e3035fa122d46eb9d2289e77bfc6b4c3b2_ppc64le",
"relates_to_product_reference": "Red Hat Advanced Cluster Security 4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:cfa4cd81826c4f945fdb2900aa16028919ad0737beb15c424162a34c1f86a46b_arm64 as a component of Red Hat Advanced Cluster Security 4.8",
"product_id": "Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:cfa4cd81826c4f945fdb2900aa16028919ad0737beb15c424162a34c1f86a46b_arm64"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:cfa4cd81826c4f945fdb2900aa16028919ad0737beb15c424162a34c1f86a46b_arm64",
"relates_to_product_reference": "Red Hat Advanced Cluster Security 4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:d353cd9e8305138cc186affd8d68256061ca2113208c8969a5b0fa7b4c1eab24_amd64 as a component of Red Hat Advanced Cluster Security 4.8",
"product_id": "Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:d353cd9e8305138cc186affd8d68256061ca2113208c8969a5b0fa7b4c1eab24_amd64"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:d353cd9e8305138cc186affd8d68256061ca2113208c8969a5b0fa7b4c1eab24_amd64",
"relates_to_product_reference": "Red Hat Advanced Cluster Security 4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:dcfa45646e951547da04021f3f35d7262a95f565366a1c5ebbf12532f783f686_s390x as a component of Red Hat Advanced Cluster Security 4.8",
"product_id": "Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:dcfa45646e951547da04021f3f35d7262a95f565366a1c5ebbf12532f783f686_s390x"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:dcfa45646e951547da04021f3f35d7262a95f565366a1c5ebbf12532f783f686_s390x",
"relates_to_product_reference": "Red Hat Advanced Cluster Security 4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:9386cdac44378229ee4bbae348924e496738eadbb30a5a338886280a5361c91a_amd64 as a component of Red Hat Advanced Cluster Security 4.8",
"product_id": "Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:9386cdac44378229ee4bbae348924e496738eadbb30a5a338886280a5361c91a_amd64"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:9386cdac44378229ee4bbae348924e496738eadbb30a5a338886280a5361c91a_amd64",
"relates_to_product_reference": "Red Hat Advanced Cluster Security 4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:b60ce2debac0fa9a6f0a125775df71c175aa1a0d25489cc63e1caf98464fb6b3_arm64 as a component of Red Hat Advanced Cluster Security 4.8",
"product_id": "Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:b60ce2debac0fa9a6f0a125775df71c175aa1a0d25489cc63e1caf98464fb6b3_arm64"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:b60ce2debac0fa9a6f0a125775df71c175aa1a0d25489cc63e1caf98464fb6b3_arm64",
"relates_to_product_reference": "Red Hat Advanced Cluster Security 4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:cc3f28d099d73edfd4a234b5c6bdd52299a7b3fec9b25275aca413b64c9320e3_s390x as a component of Red Hat Advanced Cluster Security 4.8",
"product_id": "Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:cc3f28d099d73edfd4a234b5c6bdd52299a7b3fec9b25275aca413b64c9320e3_s390x"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:cc3f28d099d73edfd4a234b5c6bdd52299a7b3fec9b25275aca413b64c9320e3_s390x",
"relates_to_product_reference": "Red Hat Advanced Cluster Security 4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:f5a834aae45dabf73e50ef426ac18c2a4737c99373aa8705b60778cfa6faebe4_ppc64le as a component of Red Hat Advanced Cluster Security 4.8",
"product_id": "Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:f5a834aae45dabf73e50ef426ac18c2a4737c99373aa8705b60778cfa6faebe4_ppc64le"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:f5a834aae45dabf73e50ef426ac18c2a4737c99373aa8705b60778cfa6faebe4_ppc64le",
"relates_to_product_reference": "Red Hat Advanced Cluster Security 4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:670450f25d9a48e836d7ea6196f7da036dde40a13c87ac4e56821a6c255820b1_s390x as a component of Red Hat Advanced Cluster Security 4.8",
"product_id": "Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:670450f25d9a48e836d7ea6196f7da036dde40a13c87ac4e56821a6c255820b1_s390x"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:670450f25d9a48e836d7ea6196f7da036dde40a13c87ac4e56821a6c255820b1_s390x",
"relates_to_product_reference": "Red Hat Advanced Cluster Security 4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:d480afc91510b9422e2d227813052a6a25a759bdd0fee683e399d3dcfa08ab29_arm64 as a component of Red Hat Advanced Cluster Security 4.8",
"product_id": "Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:d480afc91510b9422e2d227813052a6a25a759bdd0fee683e399d3dcfa08ab29_arm64"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:d480afc91510b9422e2d227813052a6a25a759bdd0fee683e399d3dcfa08ab29_arm64",
"relates_to_product_reference": "Red Hat Advanced Cluster Security 4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:e292fc02185514b2e246e4ca7e23572bf24d64b72bb503e80b5f43411d6dd585_ppc64le as a component of Red Hat Advanced Cluster Security 4.8",
"product_id": "Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:e292fc02185514b2e246e4ca7e23572bf24d64b72bb503e80b5f43411d6dd585_ppc64le"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:e292fc02185514b2e246e4ca7e23572bf24d64b72bb503e80b5f43411d6dd585_ppc64le",
"relates_to_product_reference": "Red Hat Advanced Cluster Security 4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:eb98140ad6ba3fe2b9fee5f59130671b490cf2849f5fb68a2abc51748d97ff8d_amd64 as a component of Red Hat Advanced Cluster Security 4.8",
"product_id": "Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:eb98140ad6ba3fe2b9fee5f59130671b490cf2849f5fb68a2abc51748d97ff8d_amd64"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:eb98140ad6ba3fe2b9fee5f59130671b490cf2849f5fb68a2abc51748d97ff8d_amd64",
"relates_to_product_reference": "Red Hat Advanced Cluster Security 4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:14f23c5a1b81122d6c019ee470617da0e4597b9aac42c008797c0be8a0c14b45_ppc64le as a component of Red Hat Advanced Cluster Security 4.8",
"product_id": "Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:14f23c5a1b81122d6c019ee470617da0e4597b9aac42c008797c0be8a0c14b45_ppc64le"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:14f23c5a1b81122d6c019ee470617da0e4597b9aac42c008797c0be8a0c14b45_ppc64le",
"relates_to_product_reference": "Red Hat Advanced Cluster Security 4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:5180c88b2677bb366aea5af964bf40c1bad8bbf4c33cefaba87ce6c22e9e8e17_s390x as a component of Red Hat Advanced Cluster Security 4.8",
"product_id": "Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:5180c88b2677bb366aea5af964bf40c1bad8bbf4c33cefaba87ce6c22e9e8e17_s390x"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:5180c88b2677bb366aea5af964bf40c1bad8bbf4c33cefaba87ce6c22e9e8e17_s390x",
"relates_to_product_reference": "Red Hat Advanced Cluster Security 4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:87359ad896ce3ecce5da9763a34f18b0481cbad50b4f3b0130b948e57645f818_arm64 as a component of Red Hat Advanced Cluster Security 4.8",
"product_id": "Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:87359ad896ce3ecce5da9763a34f18b0481cbad50b4f3b0130b948e57645f818_arm64"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:87359ad896ce3ecce5da9763a34f18b0481cbad50b4f3b0130b948e57645f818_arm64",
"relates_to_product_reference": "Red Hat Advanced Cluster Security 4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:c7a63ddb83702fc56250aaf0bf090db1038d7d29eb6025b6e9bc717e3cb3ced4_amd64 as a component of Red Hat Advanced Cluster Security 4.8",
"product_id": "Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:c7a63ddb83702fc56250aaf0bf090db1038d7d29eb6025b6e9bc717e3cb3ced4_amd64"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:c7a63ddb83702fc56250aaf0bf090db1038d7d29eb6025b6e9bc717e3cb3ced4_amd64",
"relates_to_product_reference": "Red Hat Advanced Cluster Security 4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:1ae07e2c03ed0497812c7f716d05358367bcd6aec9f25141658a86cba4f9361e_arm64 as a component of Red Hat Advanced Cluster Security 4.8",
"product_id": "Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:1ae07e2c03ed0497812c7f716d05358367bcd6aec9f25141658a86cba4f9361e_arm64"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:1ae07e2c03ed0497812c7f716d05358367bcd6aec9f25141658a86cba4f9361e_arm64",
"relates_to_product_reference": "Red Hat Advanced Cluster Security 4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:8e4a29ad6b0e226e055bc56ef73b751a94f35fe06e83cf021b1a23204fab64cd_amd64 as a component of Red Hat Advanced Cluster Security 4.8",
"product_id": "Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:8e4a29ad6b0e226e055bc56ef73b751a94f35fe06e83cf021b1a23204fab64cd_amd64"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:8e4a29ad6b0e226e055bc56ef73b751a94f35fe06e83cf021b1a23204fab64cd_amd64",
"relates_to_product_reference": "Red Hat Advanced Cluster Security 4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:d5242d47d9ce958769e5986d54eee1522b19341677ef2051bfea3c72b4b86ce5_s390x as a component of Red Hat Advanced Cluster Security 4.8",
"product_id": "Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:d5242d47d9ce958769e5986d54eee1522b19341677ef2051bfea3c72b4b86ce5_s390x"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:d5242d47d9ce958769e5986d54eee1522b19341677ef2051bfea3c72b4b86ce5_s390x",
"relates_to_product_reference": "Red Hat Advanced Cluster Security 4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:deea39a769a89ac2ac4ea6470d4865de5802331e36b81ac167526b7cd92713fa_ppc64le as a component of Red Hat Advanced Cluster Security 4.8",
"product_id": "Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:deea39a769a89ac2ac4ea6470d4865de5802331e36b81ac167526b7cd92713fa_ppc64le"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:deea39a769a89ac2ac4ea6470d4865de5802331e36b81ac167526b7cd92713fa_ppc64le",
"relates_to_product_reference": "Red Hat Advanced Cluster Security 4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1a3802e374386dd277f1e806a0cc7cdd9327dd57900df2e8af373acb0501a862_s390x as a component of Red Hat Advanced Cluster Security 4.8",
"product_id": "Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1a3802e374386dd277f1e806a0cc7cdd9327dd57900df2e8af373acb0501a862_s390x"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1a3802e374386dd277f1e806a0cc7cdd9327dd57900df2e8af373acb0501a862_s390x",
"relates_to_product_reference": "Red Hat Advanced Cluster Security 4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1b160193dd2e7612a7cd95e2f3e2863fae06c51b29afe8e67d57fa80ec703884_amd64 as a component of Red Hat Advanced Cluster Security 4.8",
"product_id": "Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1b160193dd2e7612a7cd95e2f3e2863fae06c51b29afe8e67d57fa80ec703884_amd64"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1b160193dd2e7612a7cd95e2f3e2863fae06c51b29afe8e67d57fa80ec703884_amd64",
"relates_to_product_reference": "Red Hat Advanced Cluster Security 4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:e7e8edfbe4e6a55628f4d161d42d375f41e45e9bac792e1d33aadb3dbcafe471_arm64 as a component of Red Hat Advanced Cluster Security 4.8",
"product_id": "Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:e7e8edfbe4e6a55628f4d161d42d375f41e45e9bac792e1d33aadb3dbcafe471_arm64"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:e7e8edfbe4e6a55628f4d161d42d375f41e45e9bac792e1d33aadb3dbcafe471_arm64",
"relates_to_product_reference": "Red Hat Advanced Cluster Security 4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:f7687becdf95ecf98b9fadbc501163c3bc2f4b1906fd59c19ad6717a1897f8e8_ppc64le as a component of Red Hat Advanced Cluster Security 4.8",
"product_id": "Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:f7687becdf95ecf98b9fadbc501163c3bc2f4b1906fd59c19ad6717a1897f8e8_ppc64le"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:f7687becdf95ecf98b9fadbc501163c3bc2f4b1906fd59c19ad6717a1897f8e8_ppc64le",
"relates_to_product_reference": "Red Hat Advanced Cluster Security 4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:1c5cb619fc844a48f79d2996d8c2239bab7077845d404184515d4e7df7afdc6e_s390x as a component of Red Hat Advanced Cluster Security 4.8",
"product_id": "Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:1c5cb619fc844a48f79d2996d8c2239bab7077845d404184515d4e7df7afdc6e_s390x"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:1c5cb619fc844a48f79d2996d8c2239bab7077845d404184515d4e7df7afdc6e_s390x",
"relates_to_product_reference": "Red Hat Advanced Cluster Security 4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:4586e2f4308662e5ff54d15fb4a7839982fd59a74a7e0534b7df0537c65da3e7_amd64 as a component of Red Hat Advanced Cluster Security 4.8",
"product_id": "Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:4586e2f4308662e5ff54d15fb4a7839982fd59a74a7e0534b7df0537c65da3e7_amd64"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:4586e2f4308662e5ff54d15fb4a7839982fd59a74a7e0534b7df0537c65da3e7_amd64",
"relates_to_product_reference": "Red Hat Advanced Cluster Security 4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:c69235da18dcccc515f64615d6e2313423520cff6c3d32b87b2c3e1f1069ffa3_arm64 as a component of Red Hat Advanced Cluster Security 4.8",
"product_id": "Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:c69235da18dcccc515f64615d6e2313423520cff6c3d32b87b2c3e1f1069ffa3_arm64"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:c69235da18dcccc515f64615d6e2313423520cff6c3d32b87b2c3e1f1069ffa3_arm64",
"relates_to_product_reference": "Red Hat Advanced Cluster Security 4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:ec4c412b018affc913dd6e50fa1ecaba47993619102a235572d30eb354af3599_ppc64le as a component of Red Hat Advanced Cluster Security 4.8",
"product_id": "Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:ec4c412b018affc913dd6e50fa1ecaba47993619102a235572d30eb354af3599_ppc64le"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:ec4c412b018affc913dd6e50fa1ecaba47993619102a235572d30eb354af3599_ppc64le",
"relates_to_product_reference": "Red Hat Advanced Cluster Security 4.8"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-12816",
"cwe": {
"id": "CWE-179",
"name": "Incorrect Behavior Order: Early Validation"
},
"discovery_date": "2025-11-25T20:01:05.875196+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:189126988989d9ea557c1356386ee5a7443d5cb01717e0d974f0603a2b659130_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:452b98b484516602e84835289b97d3ce5bfea4de66996fc66381a74e5f47ab44_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:db0681aece90f0ecbd6cebe7dbc60ba59f02258a27cdae938752a7e9dbaf475d_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:eaea088de3ff04166ec467b67d70f55662a2917441d3d9d4e8dd39677031bc4c_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:5271f61b08c3c593db3285d7d68014792440944ee38c2fff1839f2d401cc27ad_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:69cbd0e1ffe7abde1ac760e74088a5f98c529fa22b426dd15de013c7308bf325_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:97949783533ac35c4c48c3bdfcb5306853779e82b101e52fdc2f95923d4d071f_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:ca3b14d4dc352c45cfab525c2c4e2c703c46a948022634b1d023ac27fbf57f89_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle@sha256:b22341e8dfba8b10b70f21f3b597c02874bae485c07517402db0930397d82688_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:074255ff15e39c96ccb0dac16df03a8f3066afa4f2f6d81588e11d0cff5f7dd6_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:194bed8ce4509622b1802b5b6c528e34c4fa610e7ca2894d2c5a34874e1e393f_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:f23f9417f4dc4631bb2ab5e51e95d3a28ea7511f96a12f5d717353db4a1b40cd_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:ffc6d43eb11c5cc4672b73597b6cfe0dce6356f40777f4ab2dc26aa1f74cf957_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:678b96caceeb30a64c2f43395ab291e3035fa122d46eb9d2289e77bfc6b4c3b2_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:cfa4cd81826c4f945fdb2900aa16028919ad0737beb15c424162a34c1f86a46b_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:d353cd9e8305138cc186affd8d68256061ca2113208c8969a5b0fa7b4c1eab24_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:dcfa45646e951547da04021f3f35d7262a95f565366a1c5ebbf12532f783f686_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:9386cdac44378229ee4bbae348924e496738eadbb30a5a338886280a5361c91a_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:b60ce2debac0fa9a6f0a125775df71c175aa1a0d25489cc63e1caf98464fb6b3_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:cc3f28d099d73edfd4a234b5c6bdd52299a7b3fec9b25275aca413b64c9320e3_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:f5a834aae45dabf73e50ef426ac18c2a4737c99373aa8705b60778cfa6faebe4_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:670450f25d9a48e836d7ea6196f7da036dde40a13c87ac4e56821a6c255820b1_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:d480afc91510b9422e2d227813052a6a25a759bdd0fee683e399d3dcfa08ab29_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:e292fc02185514b2e246e4ca7e23572bf24d64b72bb503e80b5f43411d6dd585_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:eb98140ad6ba3fe2b9fee5f59130671b490cf2849f5fb68a2abc51748d97ff8d_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:14f23c5a1b81122d6c019ee470617da0e4597b9aac42c008797c0be8a0c14b45_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:5180c88b2677bb366aea5af964bf40c1bad8bbf4c33cefaba87ce6c22e9e8e17_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:87359ad896ce3ecce5da9763a34f18b0481cbad50b4f3b0130b948e57645f818_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:c7a63ddb83702fc56250aaf0bf090db1038d7d29eb6025b6e9bc717e3cb3ced4_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:1ae07e2c03ed0497812c7f716d05358367bcd6aec9f25141658a86cba4f9361e_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:8e4a29ad6b0e226e055bc56ef73b751a94f35fe06e83cf021b1a23204fab64cd_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:d5242d47d9ce958769e5986d54eee1522b19341677ef2051bfea3c72b4b86ce5_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:deea39a769a89ac2ac4ea6470d4865de5802331e36b81ac167526b7cd92713fa_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1a3802e374386dd277f1e806a0cc7cdd9327dd57900df2e8af373acb0501a862_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1b160193dd2e7612a7cd95e2f3e2863fae06c51b29afe8e67d57fa80ec703884_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:e7e8edfbe4e6a55628f4d161d42d375f41e45e9bac792e1d33aadb3dbcafe471_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:f7687becdf95ecf98b9fadbc501163c3bc2f4b1906fd59c19ad6717a1897f8e8_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:1c5cb619fc844a48f79d2996d8c2239bab7077845d404184515d4e7df7afdc6e_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:4586e2f4308662e5ff54d15fb4a7839982fd59a74a7e0534b7df0537c65da3e7_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:c69235da18dcccc515f64615d6e2313423520cff6c3d32b87b2c3e1f1069ffa3_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:ec4c412b018affc913dd6e50fa1ecaba47993619102a235572d30eb354af3599_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2417097"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in node-forge. This vulnerability allows unauthenticated attackers to bypass downstream cryptographic verifications and security decisions via crafting ASN.1 (Abstract Syntax Notation One) structures to desynchronize schema validations, yielding a semantic divergence.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "node-forge: node-forge: Interpretation conflict vulnerability allows bypassing cryptographic verifications",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Important for Red Hat products due to an interpretation conflict in the node-forge library. An unauthenticated attacker could exploit this flaw by crafting malicious ASN.1 structures, leading to a bypass of cryptographic verifications and security decisions in affected applications. This impacts various Red Hat products that utilize node-forge for cryptographic operations.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:2b5ba43a096f738c776e4fc95ac5afabbe1b80826c7350f85f0ca5987f412406_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:438b4904d97ca6cd51284955f284c0b078af30859460eb1ed608e20535ccc2c8_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:f96217aeff1a39024700537986dca70ce7e94949c91c3da815dc715ef6588044_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:fe5172976364ca5ef1bd83d25b5a51497d51782ef30706ccbceae3db64d10019_ppc64le"
],
"known_not_affected": [
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:189126988989d9ea557c1356386ee5a7443d5cb01717e0d974f0603a2b659130_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:452b98b484516602e84835289b97d3ce5bfea4de66996fc66381a74e5f47ab44_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:db0681aece90f0ecbd6cebe7dbc60ba59f02258a27cdae938752a7e9dbaf475d_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:eaea088de3ff04166ec467b67d70f55662a2917441d3d9d4e8dd39677031bc4c_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:5271f61b08c3c593db3285d7d68014792440944ee38c2fff1839f2d401cc27ad_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:69cbd0e1ffe7abde1ac760e74088a5f98c529fa22b426dd15de013c7308bf325_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:97949783533ac35c4c48c3bdfcb5306853779e82b101e52fdc2f95923d4d071f_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:ca3b14d4dc352c45cfab525c2c4e2c703c46a948022634b1d023ac27fbf57f89_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle@sha256:b22341e8dfba8b10b70f21f3b597c02874bae485c07517402db0930397d82688_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:074255ff15e39c96ccb0dac16df03a8f3066afa4f2f6d81588e11d0cff5f7dd6_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:194bed8ce4509622b1802b5b6c528e34c4fa610e7ca2894d2c5a34874e1e393f_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:f23f9417f4dc4631bb2ab5e51e95d3a28ea7511f96a12f5d717353db4a1b40cd_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:ffc6d43eb11c5cc4672b73597b6cfe0dce6356f40777f4ab2dc26aa1f74cf957_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:678b96caceeb30a64c2f43395ab291e3035fa122d46eb9d2289e77bfc6b4c3b2_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:cfa4cd81826c4f945fdb2900aa16028919ad0737beb15c424162a34c1f86a46b_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:d353cd9e8305138cc186affd8d68256061ca2113208c8969a5b0fa7b4c1eab24_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:dcfa45646e951547da04021f3f35d7262a95f565366a1c5ebbf12532f783f686_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:9386cdac44378229ee4bbae348924e496738eadbb30a5a338886280a5361c91a_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:b60ce2debac0fa9a6f0a125775df71c175aa1a0d25489cc63e1caf98464fb6b3_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:cc3f28d099d73edfd4a234b5c6bdd52299a7b3fec9b25275aca413b64c9320e3_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:f5a834aae45dabf73e50ef426ac18c2a4737c99373aa8705b60778cfa6faebe4_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:670450f25d9a48e836d7ea6196f7da036dde40a13c87ac4e56821a6c255820b1_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:d480afc91510b9422e2d227813052a6a25a759bdd0fee683e399d3dcfa08ab29_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:e292fc02185514b2e246e4ca7e23572bf24d64b72bb503e80b5f43411d6dd585_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:eb98140ad6ba3fe2b9fee5f59130671b490cf2849f5fb68a2abc51748d97ff8d_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:14f23c5a1b81122d6c019ee470617da0e4597b9aac42c008797c0be8a0c14b45_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:5180c88b2677bb366aea5af964bf40c1bad8bbf4c33cefaba87ce6c22e9e8e17_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:87359ad896ce3ecce5da9763a34f18b0481cbad50b4f3b0130b948e57645f818_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:c7a63ddb83702fc56250aaf0bf090db1038d7d29eb6025b6e9bc717e3cb3ced4_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:1ae07e2c03ed0497812c7f716d05358367bcd6aec9f25141658a86cba4f9361e_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:8e4a29ad6b0e226e055bc56ef73b751a94f35fe06e83cf021b1a23204fab64cd_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:d5242d47d9ce958769e5986d54eee1522b19341677ef2051bfea3c72b4b86ce5_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:deea39a769a89ac2ac4ea6470d4865de5802331e36b81ac167526b7cd92713fa_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1a3802e374386dd277f1e806a0cc7cdd9327dd57900df2e8af373acb0501a862_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1b160193dd2e7612a7cd95e2f3e2863fae06c51b29afe8e67d57fa80ec703884_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:e7e8edfbe4e6a55628f4d161d42d375f41e45e9bac792e1d33aadb3dbcafe471_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:f7687becdf95ecf98b9fadbc501163c3bc2f4b1906fd59c19ad6717a1897f8e8_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:1c5cb619fc844a48f79d2996d8c2239bab7077845d404184515d4e7df7afdc6e_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:4586e2f4308662e5ff54d15fb4a7839982fd59a74a7e0534b7df0537c65da3e7_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:c69235da18dcccc515f64615d6e2313423520cff6c3d32b87b2c3e1f1069ffa3_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:ec4c412b018affc913dd6e50fa1ecaba47993619102a235572d30eb354af3599_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-12816"
},
{
"category": "external",
"summary": "RHBZ#2417097",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2417097"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-12816",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-12816"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-12816",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-12816"
},
{
"category": "external",
"summary": "https://github.com/digitalbazaar/forge",
"url": "https://github.com/digitalbazaar/forge"
},
{
"category": "external",
"summary": "https://github.com/digitalbazaar/forge/pull/1124",
"url": "https://github.com/digitalbazaar/forge/pull/1124"
},
{
"category": "external",
"summary": "https://github.com/digitalbazaar/forge/security/advisories/GHSA-5gfm-wpxj-wjgq",
"url": "https://github.com/digitalbazaar/forge/security/advisories/GHSA-5gfm-wpxj-wjgq"
},
{
"category": "external",
"summary": "https://kb.cert.org/vuls/id/521113",
"url": "https://kb.cert.org/vuls/id/521113"
},
{
"category": "external",
"summary": "https://www.npmjs.com/package/node-forge",
"url": "https://www.npmjs.com/package/node-forge"
}
],
"release_date": "2025-11-25T19:15:50.243000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-28T22:40:02+00:00",
"details": "If you are using an earlier version of RHACS, you are advised to\nupgrade to the version of RHACS mentioned in the synopsis and release\nnotes in order to take advantage of the enhancements, bug fixes, and/or\nsecurity patches in the release.",
"product_ids": [
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:2b5ba43a096f738c776e4fc95ac5afabbe1b80826c7350f85f0ca5987f412406_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:438b4904d97ca6cd51284955f284c0b078af30859460eb1ed608e20535ccc2c8_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:f96217aeff1a39024700537986dca70ce7e94949c91c3da815dc715ef6588044_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:fe5172976364ca5ef1bd83d25b5a51497d51782ef30706ccbceae3db64d10019_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:1517"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:189126988989d9ea557c1356386ee5a7443d5cb01717e0d974f0603a2b659130_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:452b98b484516602e84835289b97d3ce5bfea4de66996fc66381a74e5f47ab44_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:db0681aece90f0ecbd6cebe7dbc60ba59f02258a27cdae938752a7e9dbaf475d_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:eaea088de3ff04166ec467b67d70f55662a2917441d3d9d4e8dd39677031bc4c_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:5271f61b08c3c593db3285d7d68014792440944ee38c2fff1839f2d401cc27ad_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:69cbd0e1ffe7abde1ac760e74088a5f98c529fa22b426dd15de013c7308bf325_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:97949783533ac35c4c48c3bdfcb5306853779e82b101e52fdc2f95923d4d071f_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:ca3b14d4dc352c45cfab525c2c4e2c703c46a948022634b1d023ac27fbf57f89_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:2b5ba43a096f738c776e4fc95ac5afabbe1b80826c7350f85f0ca5987f412406_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:438b4904d97ca6cd51284955f284c0b078af30859460eb1ed608e20535ccc2c8_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:f96217aeff1a39024700537986dca70ce7e94949c91c3da815dc715ef6588044_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:fe5172976364ca5ef1bd83d25b5a51497d51782ef30706ccbceae3db64d10019_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle@sha256:b22341e8dfba8b10b70f21f3b597c02874bae485c07517402db0930397d82688_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:074255ff15e39c96ccb0dac16df03a8f3066afa4f2f6d81588e11d0cff5f7dd6_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:194bed8ce4509622b1802b5b6c528e34c4fa610e7ca2894d2c5a34874e1e393f_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:f23f9417f4dc4631bb2ab5e51e95d3a28ea7511f96a12f5d717353db4a1b40cd_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:ffc6d43eb11c5cc4672b73597b6cfe0dce6356f40777f4ab2dc26aa1f74cf957_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:678b96caceeb30a64c2f43395ab291e3035fa122d46eb9d2289e77bfc6b4c3b2_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:cfa4cd81826c4f945fdb2900aa16028919ad0737beb15c424162a34c1f86a46b_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:d353cd9e8305138cc186affd8d68256061ca2113208c8969a5b0fa7b4c1eab24_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:dcfa45646e951547da04021f3f35d7262a95f565366a1c5ebbf12532f783f686_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:9386cdac44378229ee4bbae348924e496738eadbb30a5a338886280a5361c91a_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:b60ce2debac0fa9a6f0a125775df71c175aa1a0d25489cc63e1caf98464fb6b3_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:cc3f28d099d73edfd4a234b5c6bdd52299a7b3fec9b25275aca413b64c9320e3_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:f5a834aae45dabf73e50ef426ac18c2a4737c99373aa8705b60778cfa6faebe4_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:670450f25d9a48e836d7ea6196f7da036dde40a13c87ac4e56821a6c255820b1_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:d480afc91510b9422e2d227813052a6a25a759bdd0fee683e399d3dcfa08ab29_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:e292fc02185514b2e246e4ca7e23572bf24d64b72bb503e80b5f43411d6dd585_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:eb98140ad6ba3fe2b9fee5f59130671b490cf2849f5fb68a2abc51748d97ff8d_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:14f23c5a1b81122d6c019ee470617da0e4597b9aac42c008797c0be8a0c14b45_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:5180c88b2677bb366aea5af964bf40c1bad8bbf4c33cefaba87ce6c22e9e8e17_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:87359ad896ce3ecce5da9763a34f18b0481cbad50b4f3b0130b948e57645f818_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:c7a63ddb83702fc56250aaf0bf090db1038d7d29eb6025b6e9bc717e3cb3ced4_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:1ae07e2c03ed0497812c7f716d05358367bcd6aec9f25141658a86cba4f9361e_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:8e4a29ad6b0e226e055bc56ef73b751a94f35fe06e83cf021b1a23204fab64cd_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:d5242d47d9ce958769e5986d54eee1522b19341677ef2051bfea3c72b4b86ce5_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:deea39a769a89ac2ac4ea6470d4865de5802331e36b81ac167526b7cd92713fa_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1a3802e374386dd277f1e806a0cc7cdd9327dd57900df2e8af373acb0501a862_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1b160193dd2e7612a7cd95e2f3e2863fae06c51b29afe8e67d57fa80ec703884_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:e7e8edfbe4e6a55628f4d161d42d375f41e45e9bac792e1d33aadb3dbcafe471_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:f7687becdf95ecf98b9fadbc501163c3bc2f4b1906fd59c19ad6717a1897f8e8_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:1c5cb619fc844a48f79d2996d8c2239bab7077845d404184515d4e7df7afdc6e_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:4586e2f4308662e5ff54d15fb4a7839982fd59a74a7e0534b7df0537c65da3e7_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:c69235da18dcccc515f64615d6e2313423520cff6c3d32b87b2c3e1f1069ffa3_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:ec4c412b018affc913dd6e50fa1ecaba47993619102a235572d30eb354af3599_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:189126988989d9ea557c1356386ee5a7443d5cb01717e0d974f0603a2b659130_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:452b98b484516602e84835289b97d3ce5bfea4de66996fc66381a74e5f47ab44_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:db0681aece90f0ecbd6cebe7dbc60ba59f02258a27cdae938752a7e9dbaf475d_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:eaea088de3ff04166ec467b67d70f55662a2917441d3d9d4e8dd39677031bc4c_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:5271f61b08c3c593db3285d7d68014792440944ee38c2fff1839f2d401cc27ad_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:69cbd0e1ffe7abde1ac760e74088a5f98c529fa22b426dd15de013c7308bf325_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:97949783533ac35c4c48c3bdfcb5306853779e82b101e52fdc2f95923d4d071f_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:ca3b14d4dc352c45cfab525c2c4e2c703c46a948022634b1d023ac27fbf57f89_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:2b5ba43a096f738c776e4fc95ac5afabbe1b80826c7350f85f0ca5987f412406_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:438b4904d97ca6cd51284955f284c0b078af30859460eb1ed608e20535ccc2c8_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:f96217aeff1a39024700537986dca70ce7e94949c91c3da815dc715ef6588044_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:fe5172976364ca5ef1bd83d25b5a51497d51782ef30706ccbceae3db64d10019_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle@sha256:b22341e8dfba8b10b70f21f3b597c02874bae485c07517402db0930397d82688_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:074255ff15e39c96ccb0dac16df03a8f3066afa4f2f6d81588e11d0cff5f7dd6_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:194bed8ce4509622b1802b5b6c528e34c4fa610e7ca2894d2c5a34874e1e393f_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:f23f9417f4dc4631bb2ab5e51e95d3a28ea7511f96a12f5d717353db4a1b40cd_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:ffc6d43eb11c5cc4672b73597b6cfe0dce6356f40777f4ab2dc26aa1f74cf957_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:678b96caceeb30a64c2f43395ab291e3035fa122d46eb9d2289e77bfc6b4c3b2_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:cfa4cd81826c4f945fdb2900aa16028919ad0737beb15c424162a34c1f86a46b_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:d353cd9e8305138cc186affd8d68256061ca2113208c8969a5b0fa7b4c1eab24_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:dcfa45646e951547da04021f3f35d7262a95f565366a1c5ebbf12532f783f686_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:9386cdac44378229ee4bbae348924e496738eadbb30a5a338886280a5361c91a_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:b60ce2debac0fa9a6f0a125775df71c175aa1a0d25489cc63e1caf98464fb6b3_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:cc3f28d099d73edfd4a234b5c6bdd52299a7b3fec9b25275aca413b64c9320e3_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:f5a834aae45dabf73e50ef426ac18c2a4737c99373aa8705b60778cfa6faebe4_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:670450f25d9a48e836d7ea6196f7da036dde40a13c87ac4e56821a6c255820b1_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:d480afc91510b9422e2d227813052a6a25a759bdd0fee683e399d3dcfa08ab29_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:e292fc02185514b2e246e4ca7e23572bf24d64b72bb503e80b5f43411d6dd585_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:eb98140ad6ba3fe2b9fee5f59130671b490cf2849f5fb68a2abc51748d97ff8d_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:14f23c5a1b81122d6c019ee470617da0e4597b9aac42c008797c0be8a0c14b45_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:5180c88b2677bb366aea5af964bf40c1bad8bbf4c33cefaba87ce6c22e9e8e17_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:87359ad896ce3ecce5da9763a34f18b0481cbad50b4f3b0130b948e57645f818_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:c7a63ddb83702fc56250aaf0bf090db1038d7d29eb6025b6e9bc717e3cb3ced4_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:1ae07e2c03ed0497812c7f716d05358367bcd6aec9f25141658a86cba4f9361e_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:8e4a29ad6b0e226e055bc56ef73b751a94f35fe06e83cf021b1a23204fab64cd_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:d5242d47d9ce958769e5986d54eee1522b19341677ef2051bfea3c72b4b86ce5_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:deea39a769a89ac2ac4ea6470d4865de5802331e36b81ac167526b7cd92713fa_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1a3802e374386dd277f1e806a0cc7cdd9327dd57900df2e8af373acb0501a862_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1b160193dd2e7612a7cd95e2f3e2863fae06c51b29afe8e67d57fa80ec703884_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:e7e8edfbe4e6a55628f4d161d42d375f41e45e9bac792e1d33aadb3dbcafe471_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:f7687becdf95ecf98b9fadbc501163c3bc2f4b1906fd59c19ad6717a1897f8e8_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:1c5cb619fc844a48f79d2996d8c2239bab7077845d404184515d4e7df7afdc6e_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:4586e2f4308662e5ff54d15fb4a7839982fd59a74a7e0534b7df0537c65da3e7_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:c69235da18dcccc515f64615d6e2313423520cff6c3d32b87b2c3e1f1069ffa3_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:ec4c412b018affc913dd6e50fa1ecaba47993619102a235572d30eb354af3599_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "node-forge: node-forge: Interpretation conflict vulnerability allows bypassing cryptographic verifications"
},
{
"cve": "CVE-2025-15284",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2025-12-29T23:00:58.541337+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:189126988989d9ea557c1356386ee5a7443d5cb01717e0d974f0603a2b659130_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:452b98b484516602e84835289b97d3ce5bfea4de66996fc66381a74e5f47ab44_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:db0681aece90f0ecbd6cebe7dbc60ba59f02258a27cdae938752a7e9dbaf475d_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:eaea088de3ff04166ec467b67d70f55662a2917441d3d9d4e8dd39677031bc4c_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:5271f61b08c3c593db3285d7d68014792440944ee38c2fff1839f2d401cc27ad_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:69cbd0e1ffe7abde1ac760e74088a5f98c529fa22b426dd15de013c7308bf325_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:97949783533ac35c4c48c3bdfcb5306853779e82b101e52fdc2f95923d4d071f_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:ca3b14d4dc352c45cfab525c2c4e2c703c46a948022634b1d023ac27fbf57f89_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle@sha256:b22341e8dfba8b10b70f21f3b597c02874bae485c07517402db0930397d82688_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:074255ff15e39c96ccb0dac16df03a8f3066afa4f2f6d81588e11d0cff5f7dd6_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:194bed8ce4509622b1802b5b6c528e34c4fa610e7ca2894d2c5a34874e1e393f_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:f23f9417f4dc4631bb2ab5e51e95d3a28ea7511f96a12f5d717353db4a1b40cd_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:ffc6d43eb11c5cc4672b73597b6cfe0dce6356f40777f4ab2dc26aa1f74cf957_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:678b96caceeb30a64c2f43395ab291e3035fa122d46eb9d2289e77bfc6b4c3b2_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:cfa4cd81826c4f945fdb2900aa16028919ad0737beb15c424162a34c1f86a46b_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:d353cd9e8305138cc186affd8d68256061ca2113208c8969a5b0fa7b4c1eab24_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:dcfa45646e951547da04021f3f35d7262a95f565366a1c5ebbf12532f783f686_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:9386cdac44378229ee4bbae348924e496738eadbb30a5a338886280a5361c91a_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:b60ce2debac0fa9a6f0a125775df71c175aa1a0d25489cc63e1caf98464fb6b3_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:cc3f28d099d73edfd4a234b5c6bdd52299a7b3fec9b25275aca413b64c9320e3_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:f5a834aae45dabf73e50ef426ac18c2a4737c99373aa8705b60778cfa6faebe4_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:670450f25d9a48e836d7ea6196f7da036dde40a13c87ac4e56821a6c255820b1_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:d480afc91510b9422e2d227813052a6a25a759bdd0fee683e399d3dcfa08ab29_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:e292fc02185514b2e246e4ca7e23572bf24d64b72bb503e80b5f43411d6dd585_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:eb98140ad6ba3fe2b9fee5f59130671b490cf2849f5fb68a2abc51748d97ff8d_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:14f23c5a1b81122d6c019ee470617da0e4597b9aac42c008797c0be8a0c14b45_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:5180c88b2677bb366aea5af964bf40c1bad8bbf4c33cefaba87ce6c22e9e8e17_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:87359ad896ce3ecce5da9763a34f18b0481cbad50b4f3b0130b948e57645f818_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:c7a63ddb83702fc56250aaf0bf090db1038d7d29eb6025b6e9bc717e3cb3ced4_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:1ae07e2c03ed0497812c7f716d05358367bcd6aec9f25141658a86cba4f9361e_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:8e4a29ad6b0e226e055bc56ef73b751a94f35fe06e83cf021b1a23204fab64cd_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:d5242d47d9ce958769e5986d54eee1522b19341677ef2051bfea3c72b4b86ce5_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:deea39a769a89ac2ac4ea6470d4865de5802331e36b81ac167526b7cd92713fa_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1a3802e374386dd277f1e806a0cc7cdd9327dd57900df2e8af373acb0501a862_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1b160193dd2e7612a7cd95e2f3e2863fae06c51b29afe8e67d57fa80ec703884_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:e7e8edfbe4e6a55628f4d161d42d375f41e45e9bac792e1d33aadb3dbcafe471_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:f7687becdf95ecf98b9fadbc501163c3bc2f4b1906fd59c19ad6717a1897f8e8_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:1c5cb619fc844a48f79d2996d8c2239bab7077845d404184515d4e7df7afdc6e_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:4586e2f4308662e5ff54d15fb4a7839982fd59a74a7e0534b7df0537c65da3e7_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:c69235da18dcccc515f64615d6e2313423520cff6c3d32b87b2c3e1f1069ffa3_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:ec4c412b018affc913dd6e50fa1ecaba47993619102a235572d30eb354af3599_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2425946"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in qs, a module used for parsing query strings. A remote attacker can exploit an improper input validation vulnerability by sending specially crafted HTTP requests that use bracket notation (e.g., `a[]=value`). This bypasses the `arrayLimit` option, which is designed to limit the size of parsed arrays and prevent resource exhaustion. Successful exploitation can lead to memory exhaustion, causing a Denial of Service (DoS) where the application crashes or becomes unresponsive, making the service unavailable to users.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "qs: qs: Denial of Service via improper input validation in array parsing",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Important for Red Hat products that utilize the `qs` module for parsing query strings, particularly when processing user-controlled input with bracket notation. The `arrayLimit` option, intended to prevent resource exhaustion, is bypassed when bracket notation (`a[]=value`) is used, allowing a remote attacker to cause a denial of service through memory exhaustion. This can lead to application crashes or unresponsiveness, making the service unavailable.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:2b5ba43a096f738c776e4fc95ac5afabbe1b80826c7350f85f0ca5987f412406_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:438b4904d97ca6cd51284955f284c0b078af30859460eb1ed608e20535ccc2c8_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:f96217aeff1a39024700537986dca70ce7e94949c91c3da815dc715ef6588044_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:fe5172976364ca5ef1bd83d25b5a51497d51782ef30706ccbceae3db64d10019_ppc64le"
],
"known_not_affected": [
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:189126988989d9ea557c1356386ee5a7443d5cb01717e0d974f0603a2b659130_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:452b98b484516602e84835289b97d3ce5bfea4de66996fc66381a74e5f47ab44_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:db0681aece90f0ecbd6cebe7dbc60ba59f02258a27cdae938752a7e9dbaf475d_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:eaea088de3ff04166ec467b67d70f55662a2917441d3d9d4e8dd39677031bc4c_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:5271f61b08c3c593db3285d7d68014792440944ee38c2fff1839f2d401cc27ad_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:69cbd0e1ffe7abde1ac760e74088a5f98c529fa22b426dd15de013c7308bf325_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:97949783533ac35c4c48c3bdfcb5306853779e82b101e52fdc2f95923d4d071f_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:ca3b14d4dc352c45cfab525c2c4e2c703c46a948022634b1d023ac27fbf57f89_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle@sha256:b22341e8dfba8b10b70f21f3b597c02874bae485c07517402db0930397d82688_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:074255ff15e39c96ccb0dac16df03a8f3066afa4f2f6d81588e11d0cff5f7dd6_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:194bed8ce4509622b1802b5b6c528e34c4fa610e7ca2894d2c5a34874e1e393f_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:f23f9417f4dc4631bb2ab5e51e95d3a28ea7511f96a12f5d717353db4a1b40cd_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:ffc6d43eb11c5cc4672b73597b6cfe0dce6356f40777f4ab2dc26aa1f74cf957_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:678b96caceeb30a64c2f43395ab291e3035fa122d46eb9d2289e77bfc6b4c3b2_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:cfa4cd81826c4f945fdb2900aa16028919ad0737beb15c424162a34c1f86a46b_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:d353cd9e8305138cc186affd8d68256061ca2113208c8969a5b0fa7b4c1eab24_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:dcfa45646e951547da04021f3f35d7262a95f565366a1c5ebbf12532f783f686_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:9386cdac44378229ee4bbae348924e496738eadbb30a5a338886280a5361c91a_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:b60ce2debac0fa9a6f0a125775df71c175aa1a0d25489cc63e1caf98464fb6b3_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:cc3f28d099d73edfd4a234b5c6bdd52299a7b3fec9b25275aca413b64c9320e3_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:f5a834aae45dabf73e50ef426ac18c2a4737c99373aa8705b60778cfa6faebe4_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:670450f25d9a48e836d7ea6196f7da036dde40a13c87ac4e56821a6c255820b1_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:d480afc91510b9422e2d227813052a6a25a759bdd0fee683e399d3dcfa08ab29_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:e292fc02185514b2e246e4ca7e23572bf24d64b72bb503e80b5f43411d6dd585_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:eb98140ad6ba3fe2b9fee5f59130671b490cf2849f5fb68a2abc51748d97ff8d_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:14f23c5a1b81122d6c019ee470617da0e4597b9aac42c008797c0be8a0c14b45_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:5180c88b2677bb366aea5af964bf40c1bad8bbf4c33cefaba87ce6c22e9e8e17_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:87359ad896ce3ecce5da9763a34f18b0481cbad50b4f3b0130b948e57645f818_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:c7a63ddb83702fc56250aaf0bf090db1038d7d29eb6025b6e9bc717e3cb3ced4_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:1ae07e2c03ed0497812c7f716d05358367bcd6aec9f25141658a86cba4f9361e_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:8e4a29ad6b0e226e055bc56ef73b751a94f35fe06e83cf021b1a23204fab64cd_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:d5242d47d9ce958769e5986d54eee1522b19341677ef2051bfea3c72b4b86ce5_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:deea39a769a89ac2ac4ea6470d4865de5802331e36b81ac167526b7cd92713fa_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1a3802e374386dd277f1e806a0cc7cdd9327dd57900df2e8af373acb0501a862_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1b160193dd2e7612a7cd95e2f3e2863fae06c51b29afe8e67d57fa80ec703884_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:e7e8edfbe4e6a55628f4d161d42d375f41e45e9bac792e1d33aadb3dbcafe471_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:f7687becdf95ecf98b9fadbc501163c3bc2f4b1906fd59c19ad6717a1897f8e8_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:1c5cb619fc844a48f79d2996d8c2239bab7077845d404184515d4e7df7afdc6e_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:4586e2f4308662e5ff54d15fb4a7839982fd59a74a7e0534b7df0537c65da3e7_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:c69235da18dcccc515f64615d6e2313423520cff6c3d32b87b2c3e1f1069ffa3_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:ec4c412b018affc913dd6e50fa1ecaba47993619102a235572d30eb354af3599_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-15284"
},
{
"category": "external",
"summary": "RHBZ#2425946",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2425946"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-15284",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-15284"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-15284",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-15284"
},
{
"category": "external",
"summary": "https://github.com/ljharb/qs/commit/3086902ecf7f088d0d1803887643ac6c03d415b9",
"url": "https://github.com/ljharb/qs/commit/3086902ecf7f088d0d1803887643ac6c03d415b9"
},
{
"category": "external",
"summary": "https://github.com/ljharb/qs/security/advisories/GHSA-6rw7-vpxm-498p",
"url": "https://github.com/ljharb/qs/security/advisories/GHSA-6rw7-vpxm-498p"
}
],
"release_date": "2025-12-29T22:56:45.240000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-28T22:40:02+00:00",
"details": "If you are using an earlier version of RHACS, you are advised to\nupgrade to the version of RHACS mentioned in the synopsis and release\nnotes in order to take advantage of the enhancements, bug fixes, and/or\nsecurity patches in the release.",
"product_ids": [
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:2b5ba43a096f738c776e4fc95ac5afabbe1b80826c7350f85f0ca5987f412406_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:438b4904d97ca6cd51284955f284c0b078af30859460eb1ed608e20535ccc2c8_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:f96217aeff1a39024700537986dca70ce7e94949c91c3da815dc715ef6588044_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:fe5172976364ca5ef1bd83d25b5a51497d51782ef30706ccbceae3db64d10019_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:1517"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:189126988989d9ea557c1356386ee5a7443d5cb01717e0d974f0603a2b659130_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:452b98b484516602e84835289b97d3ce5bfea4de66996fc66381a74e5f47ab44_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:db0681aece90f0ecbd6cebe7dbc60ba59f02258a27cdae938752a7e9dbaf475d_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:eaea088de3ff04166ec467b67d70f55662a2917441d3d9d4e8dd39677031bc4c_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:5271f61b08c3c593db3285d7d68014792440944ee38c2fff1839f2d401cc27ad_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:69cbd0e1ffe7abde1ac760e74088a5f98c529fa22b426dd15de013c7308bf325_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:97949783533ac35c4c48c3bdfcb5306853779e82b101e52fdc2f95923d4d071f_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:ca3b14d4dc352c45cfab525c2c4e2c703c46a948022634b1d023ac27fbf57f89_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:2b5ba43a096f738c776e4fc95ac5afabbe1b80826c7350f85f0ca5987f412406_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:438b4904d97ca6cd51284955f284c0b078af30859460eb1ed608e20535ccc2c8_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:f96217aeff1a39024700537986dca70ce7e94949c91c3da815dc715ef6588044_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:fe5172976364ca5ef1bd83d25b5a51497d51782ef30706ccbceae3db64d10019_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle@sha256:b22341e8dfba8b10b70f21f3b597c02874bae485c07517402db0930397d82688_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:074255ff15e39c96ccb0dac16df03a8f3066afa4f2f6d81588e11d0cff5f7dd6_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:194bed8ce4509622b1802b5b6c528e34c4fa610e7ca2894d2c5a34874e1e393f_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:f23f9417f4dc4631bb2ab5e51e95d3a28ea7511f96a12f5d717353db4a1b40cd_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:ffc6d43eb11c5cc4672b73597b6cfe0dce6356f40777f4ab2dc26aa1f74cf957_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:678b96caceeb30a64c2f43395ab291e3035fa122d46eb9d2289e77bfc6b4c3b2_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:cfa4cd81826c4f945fdb2900aa16028919ad0737beb15c424162a34c1f86a46b_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:d353cd9e8305138cc186affd8d68256061ca2113208c8969a5b0fa7b4c1eab24_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:dcfa45646e951547da04021f3f35d7262a95f565366a1c5ebbf12532f783f686_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:9386cdac44378229ee4bbae348924e496738eadbb30a5a338886280a5361c91a_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:b60ce2debac0fa9a6f0a125775df71c175aa1a0d25489cc63e1caf98464fb6b3_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:cc3f28d099d73edfd4a234b5c6bdd52299a7b3fec9b25275aca413b64c9320e3_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:f5a834aae45dabf73e50ef426ac18c2a4737c99373aa8705b60778cfa6faebe4_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:670450f25d9a48e836d7ea6196f7da036dde40a13c87ac4e56821a6c255820b1_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:d480afc91510b9422e2d227813052a6a25a759bdd0fee683e399d3dcfa08ab29_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:e292fc02185514b2e246e4ca7e23572bf24d64b72bb503e80b5f43411d6dd585_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:eb98140ad6ba3fe2b9fee5f59130671b490cf2849f5fb68a2abc51748d97ff8d_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:14f23c5a1b81122d6c019ee470617da0e4597b9aac42c008797c0be8a0c14b45_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:5180c88b2677bb366aea5af964bf40c1bad8bbf4c33cefaba87ce6c22e9e8e17_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:87359ad896ce3ecce5da9763a34f18b0481cbad50b4f3b0130b948e57645f818_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:c7a63ddb83702fc56250aaf0bf090db1038d7d29eb6025b6e9bc717e3cb3ced4_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:1ae07e2c03ed0497812c7f716d05358367bcd6aec9f25141658a86cba4f9361e_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:8e4a29ad6b0e226e055bc56ef73b751a94f35fe06e83cf021b1a23204fab64cd_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:d5242d47d9ce958769e5986d54eee1522b19341677ef2051bfea3c72b4b86ce5_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:deea39a769a89ac2ac4ea6470d4865de5802331e36b81ac167526b7cd92713fa_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1a3802e374386dd277f1e806a0cc7cdd9327dd57900df2e8af373acb0501a862_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1b160193dd2e7612a7cd95e2f3e2863fae06c51b29afe8e67d57fa80ec703884_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:e7e8edfbe4e6a55628f4d161d42d375f41e45e9bac792e1d33aadb3dbcafe471_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:f7687becdf95ecf98b9fadbc501163c3bc2f4b1906fd59c19ad6717a1897f8e8_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:1c5cb619fc844a48f79d2996d8c2239bab7077845d404184515d4e7df7afdc6e_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:4586e2f4308662e5ff54d15fb4a7839982fd59a74a7e0534b7df0537c65da3e7_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:c69235da18dcccc515f64615d6e2313423520cff6c3d32b87b2c3e1f1069ffa3_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:ec4c412b018affc913dd6e50fa1ecaba47993619102a235572d30eb354af3599_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:189126988989d9ea557c1356386ee5a7443d5cb01717e0d974f0603a2b659130_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:452b98b484516602e84835289b97d3ce5bfea4de66996fc66381a74e5f47ab44_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:db0681aece90f0ecbd6cebe7dbc60ba59f02258a27cdae938752a7e9dbaf475d_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:eaea088de3ff04166ec467b67d70f55662a2917441d3d9d4e8dd39677031bc4c_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:5271f61b08c3c593db3285d7d68014792440944ee38c2fff1839f2d401cc27ad_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:69cbd0e1ffe7abde1ac760e74088a5f98c529fa22b426dd15de013c7308bf325_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:97949783533ac35c4c48c3bdfcb5306853779e82b101e52fdc2f95923d4d071f_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:ca3b14d4dc352c45cfab525c2c4e2c703c46a948022634b1d023ac27fbf57f89_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:2b5ba43a096f738c776e4fc95ac5afabbe1b80826c7350f85f0ca5987f412406_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:438b4904d97ca6cd51284955f284c0b078af30859460eb1ed608e20535ccc2c8_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:f96217aeff1a39024700537986dca70ce7e94949c91c3da815dc715ef6588044_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:fe5172976364ca5ef1bd83d25b5a51497d51782ef30706ccbceae3db64d10019_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle@sha256:b22341e8dfba8b10b70f21f3b597c02874bae485c07517402db0930397d82688_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:074255ff15e39c96ccb0dac16df03a8f3066afa4f2f6d81588e11d0cff5f7dd6_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:194bed8ce4509622b1802b5b6c528e34c4fa610e7ca2894d2c5a34874e1e393f_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:f23f9417f4dc4631bb2ab5e51e95d3a28ea7511f96a12f5d717353db4a1b40cd_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:ffc6d43eb11c5cc4672b73597b6cfe0dce6356f40777f4ab2dc26aa1f74cf957_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:678b96caceeb30a64c2f43395ab291e3035fa122d46eb9d2289e77bfc6b4c3b2_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:cfa4cd81826c4f945fdb2900aa16028919ad0737beb15c424162a34c1f86a46b_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:d353cd9e8305138cc186affd8d68256061ca2113208c8969a5b0fa7b4c1eab24_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:dcfa45646e951547da04021f3f35d7262a95f565366a1c5ebbf12532f783f686_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:9386cdac44378229ee4bbae348924e496738eadbb30a5a338886280a5361c91a_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:b60ce2debac0fa9a6f0a125775df71c175aa1a0d25489cc63e1caf98464fb6b3_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:cc3f28d099d73edfd4a234b5c6bdd52299a7b3fec9b25275aca413b64c9320e3_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:f5a834aae45dabf73e50ef426ac18c2a4737c99373aa8705b60778cfa6faebe4_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:670450f25d9a48e836d7ea6196f7da036dde40a13c87ac4e56821a6c255820b1_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:d480afc91510b9422e2d227813052a6a25a759bdd0fee683e399d3dcfa08ab29_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:e292fc02185514b2e246e4ca7e23572bf24d64b72bb503e80b5f43411d6dd585_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:eb98140ad6ba3fe2b9fee5f59130671b490cf2849f5fb68a2abc51748d97ff8d_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:14f23c5a1b81122d6c019ee470617da0e4597b9aac42c008797c0be8a0c14b45_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:5180c88b2677bb366aea5af964bf40c1bad8bbf4c33cefaba87ce6c22e9e8e17_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:87359ad896ce3ecce5da9763a34f18b0481cbad50b4f3b0130b948e57645f818_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:c7a63ddb83702fc56250aaf0bf090db1038d7d29eb6025b6e9bc717e3cb3ced4_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:1ae07e2c03ed0497812c7f716d05358367bcd6aec9f25141658a86cba4f9361e_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:8e4a29ad6b0e226e055bc56ef73b751a94f35fe06e83cf021b1a23204fab64cd_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:d5242d47d9ce958769e5986d54eee1522b19341677ef2051bfea3c72b4b86ce5_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:deea39a769a89ac2ac4ea6470d4865de5802331e36b81ac167526b7cd92713fa_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1a3802e374386dd277f1e806a0cc7cdd9327dd57900df2e8af373acb0501a862_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1b160193dd2e7612a7cd95e2f3e2863fae06c51b29afe8e67d57fa80ec703884_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:e7e8edfbe4e6a55628f4d161d42d375f41e45e9bac792e1d33aadb3dbcafe471_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:f7687becdf95ecf98b9fadbc501163c3bc2f4b1906fd59c19ad6717a1897f8e8_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:1c5cb619fc844a48f79d2996d8c2239bab7077845d404184515d4e7df7afdc6e_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:4586e2f4308662e5ff54d15fb4a7839982fd59a74a7e0534b7df0537c65da3e7_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:c69235da18dcccc515f64615d6e2313423520cff6c3d32b87b2c3e1f1069ffa3_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:ec4c412b018affc913dd6e50fa1ecaba47993619102a235572d30eb354af3599_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "qs: qs: Denial of Service via improper input validation in array parsing"
},
{
"cve": "CVE-2025-66031",
"cwe": {
"id": "CWE-674",
"name": "Uncontrolled Recursion"
},
"discovery_date": "2025-11-26T23:01:36.363253+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:189126988989d9ea557c1356386ee5a7443d5cb01717e0d974f0603a2b659130_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:452b98b484516602e84835289b97d3ce5bfea4de66996fc66381a74e5f47ab44_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:db0681aece90f0ecbd6cebe7dbc60ba59f02258a27cdae938752a7e9dbaf475d_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:eaea088de3ff04166ec467b67d70f55662a2917441d3d9d4e8dd39677031bc4c_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:5271f61b08c3c593db3285d7d68014792440944ee38c2fff1839f2d401cc27ad_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:69cbd0e1ffe7abde1ac760e74088a5f98c529fa22b426dd15de013c7308bf325_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:97949783533ac35c4c48c3bdfcb5306853779e82b101e52fdc2f95923d4d071f_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:ca3b14d4dc352c45cfab525c2c4e2c703c46a948022634b1d023ac27fbf57f89_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle@sha256:b22341e8dfba8b10b70f21f3b597c02874bae485c07517402db0930397d82688_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:074255ff15e39c96ccb0dac16df03a8f3066afa4f2f6d81588e11d0cff5f7dd6_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:194bed8ce4509622b1802b5b6c528e34c4fa610e7ca2894d2c5a34874e1e393f_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:f23f9417f4dc4631bb2ab5e51e95d3a28ea7511f96a12f5d717353db4a1b40cd_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:ffc6d43eb11c5cc4672b73597b6cfe0dce6356f40777f4ab2dc26aa1f74cf957_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:678b96caceeb30a64c2f43395ab291e3035fa122d46eb9d2289e77bfc6b4c3b2_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:cfa4cd81826c4f945fdb2900aa16028919ad0737beb15c424162a34c1f86a46b_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:d353cd9e8305138cc186affd8d68256061ca2113208c8969a5b0fa7b4c1eab24_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:dcfa45646e951547da04021f3f35d7262a95f565366a1c5ebbf12532f783f686_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:9386cdac44378229ee4bbae348924e496738eadbb30a5a338886280a5361c91a_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:b60ce2debac0fa9a6f0a125775df71c175aa1a0d25489cc63e1caf98464fb6b3_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:cc3f28d099d73edfd4a234b5c6bdd52299a7b3fec9b25275aca413b64c9320e3_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:f5a834aae45dabf73e50ef426ac18c2a4737c99373aa8705b60778cfa6faebe4_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:670450f25d9a48e836d7ea6196f7da036dde40a13c87ac4e56821a6c255820b1_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:d480afc91510b9422e2d227813052a6a25a759bdd0fee683e399d3dcfa08ab29_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:e292fc02185514b2e246e4ca7e23572bf24d64b72bb503e80b5f43411d6dd585_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:eb98140ad6ba3fe2b9fee5f59130671b490cf2849f5fb68a2abc51748d97ff8d_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:14f23c5a1b81122d6c019ee470617da0e4597b9aac42c008797c0be8a0c14b45_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:5180c88b2677bb366aea5af964bf40c1bad8bbf4c33cefaba87ce6c22e9e8e17_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:87359ad896ce3ecce5da9763a34f18b0481cbad50b4f3b0130b948e57645f818_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:c7a63ddb83702fc56250aaf0bf090db1038d7d29eb6025b6e9bc717e3cb3ced4_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:1ae07e2c03ed0497812c7f716d05358367bcd6aec9f25141658a86cba4f9361e_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:8e4a29ad6b0e226e055bc56ef73b751a94f35fe06e83cf021b1a23204fab64cd_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:d5242d47d9ce958769e5986d54eee1522b19341677ef2051bfea3c72b4b86ce5_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:deea39a769a89ac2ac4ea6470d4865de5802331e36b81ac167526b7cd92713fa_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1a3802e374386dd277f1e806a0cc7cdd9327dd57900df2e8af373acb0501a862_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1b160193dd2e7612a7cd95e2f3e2863fae06c51b29afe8e67d57fa80ec703884_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:e7e8edfbe4e6a55628f4d161d42d375f41e45e9bac792e1d33aadb3dbcafe471_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:f7687becdf95ecf98b9fadbc501163c3bc2f4b1906fd59c19ad6717a1897f8e8_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:1c5cb619fc844a48f79d2996d8c2239bab7077845d404184515d4e7df7afdc6e_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:4586e2f4308662e5ff54d15fb4a7839982fd59a74a7e0534b7df0537c65da3e7_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:c69235da18dcccc515f64615d6e2313423520cff6c3d32b87b2c3e1f1069ffa3_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:ec4c412b018affc913dd6e50fa1ecaba47993619102a235572d30eb354af3599_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2417397"
}
],
"notes": [
{
"category": "description",
"text": "Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. An Uncontrolled Recursion vulnerability in node-forge versions 1.3.1 and below enables remote, unauthenticated attackers to craft deep ASN.1 structures that trigger unbounded recursive parsing. This leads to a Denial-of-Service (DoS) via stack exhaustion when parsing untrusted DER inputs. This issue has been patched in version 1.3.2.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "node-forge: node-forge ASN.1 Unbounded Recursion",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:2b5ba43a096f738c776e4fc95ac5afabbe1b80826c7350f85f0ca5987f412406_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:438b4904d97ca6cd51284955f284c0b078af30859460eb1ed608e20535ccc2c8_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:f96217aeff1a39024700537986dca70ce7e94949c91c3da815dc715ef6588044_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:fe5172976364ca5ef1bd83d25b5a51497d51782ef30706ccbceae3db64d10019_ppc64le"
],
"known_not_affected": [
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:189126988989d9ea557c1356386ee5a7443d5cb01717e0d974f0603a2b659130_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:452b98b484516602e84835289b97d3ce5bfea4de66996fc66381a74e5f47ab44_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:db0681aece90f0ecbd6cebe7dbc60ba59f02258a27cdae938752a7e9dbaf475d_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:eaea088de3ff04166ec467b67d70f55662a2917441d3d9d4e8dd39677031bc4c_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:5271f61b08c3c593db3285d7d68014792440944ee38c2fff1839f2d401cc27ad_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:69cbd0e1ffe7abde1ac760e74088a5f98c529fa22b426dd15de013c7308bf325_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:97949783533ac35c4c48c3bdfcb5306853779e82b101e52fdc2f95923d4d071f_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:ca3b14d4dc352c45cfab525c2c4e2c703c46a948022634b1d023ac27fbf57f89_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle@sha256:b22341e8dfba8b10b70f21f3b597c02874bae485c07517402db0930397d82688_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:074255ff15e39c96ccb0dac16df03a8f3066afa4f2f6d81588e11d0cff5f7dd6_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:194bed8ce4509622b1802b5b6c528e34c4fa610e7ca2894d2c5a34874e1e393f_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:f23f9417f4dc4631bb2ab5e51e95d3a28ea7511f96a12f5d717353db4a1b40cd_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:ffc6d43eb11c5cc4672b73597b6cfe0dce6356f40777f4ab2dc26aa1f74cf957_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:678b96caceeb30a64c2f43395ab291e3035fa122d46eb9d2289e77bfc6b4c3b2_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:cfa4cd81826c4f945fdb2900aa16028919ad0737beb15c424162a34c1f86a46b_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:d353cd9e8305138cc186affd8d68256061ca2113208c8969a5b0fa7b4c1eab24_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:dcfa45646e951547da04021f3f35d7262a95f565366a1c5ebbf12532f783f686_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:9386cdac44378229ee4bbae348924e496738eadbb30a5a338886280a5361c91a_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:b60ce2debac0fa9a6f0a125775df71c175aa1a0d25489cc63e1caf98464fb6b3_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:cc3f28d099d73edfd4a234b5c6bdd52299a7b3fec9b25275aca413b64c9320e3_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:f5a834aae45dabf73e50ef426ac18c2a4737c99373aa8705b60778cfa6faebe4_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:670450f25d9a48e836d7ea6196f7da036dde40a13c87ac4e56821a6c255820b1_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:d480afc91510b9422e2d227813052a6a25a759bdd0fee683e399d3dcfa08ab29_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:e292fc02185514b2e246e4ca7e23572bf24d64b72bb503e80b5f43411d6dd585_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:eb98140ad6ba3fe2b9fee5f59130671b490cf2849f5fb68a2abc51748d97ff8d_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:14f23c5a1b81122d6c019ee470617da0e4597b9aac42c008797c0be8a0c14b45_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:5180c88b2677bb366aea5af964bf40c1bad8bbf4c33cefaba87ce6c22e9e8e17_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:87359ad896ce3ecce5da9763a34f18b0481cbad50b4f3b0130b948e57645f818_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:c7a63ddb83702fc56250aaf0bf090db1038d7d29eb6025b6e9bc717e3cb3ced4_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:1ae07e2c03ed0497812c7f716d05358367bcd6aec9f25141658a86cba4f9361e_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:8e4a29ad6b0e226e055bc56ef73b751a94f35fe06e83cf021b1a23204fab64cd_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:d5242d47d9ce958769e5986d54eee1522b19341677ef2051bfea3c72b4b86ce5_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:deea39a769a89ac2ac4ea6470d4865de5802331e36b81ac167526b7cd92713fa_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1a3802e374386dd277f1e806a0cc7cdd9327dd57900df2e8af373acb0501a862_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1b160193dd2e7612a7cd95e2f3e2863fae06c51b29afe8e67d57fa80ec703884_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:e7e8edfbe4e6a55628f4d161d42d375f41e45e9bac792e1d33aadb3dbcafe471_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:f7687becdf95ecf98b9fadbc501163c3bc2f4b1906fd59c19ad6717a1897f8e8_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:1c5cb619fc844a48f79d2996d8c2239bab7077845d404184515d4e7df7afdc6e_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:4586e2f4308662e5ff54d15fb4a7839982fd59a74a7e0534b7df0537c65da3e7_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:c69235da18dcccc515f64615d6e2313423520cff6c3d32b87b2c3e1f1069ffa3_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:ec4c412b018affc913dd6e50fa1ecaba47993619102a235572d30eb354af3599_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-66031"
},
{
"category": "external",
"summary": "RHBZ#2417397",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2417397"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-66031",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66031"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-66031",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66031"
},
{
"category": "external",
"summary": "https://github.com/digitalbazaar/forge/commit/260425c6167a38aae038697132483b5517b26451",
"url": "https://github.com/digitalbazaar/forge/commit/260425c6167a38aae038697132483b5517b26451"
},
{
"category": "external",
"summary": "https://github.com/digitalbazaar/forge/security/advisories/GHSA-554w-wpv2-vw27",
"url": "https://github.com/digitalbazaar/forge/security/advisories/GHSA-554w-wpv2-vw27"
}
],
"release_date": "2025-11-26T22:23:26.013000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-28T22:40:02+00:00",
"details": "If you are using an earlier version of RHACS, you are advised to\nupgrade to the version of RHACS mentioned in the synopsis and release\nnotes in order to take advantage of the enhancements, bug fixes, and/or\nsecurity patches in the release.",
"product_ids": [
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:2b5ba43a096f738c776e4fc95ac5afabbe1b80826c7350f85f0ca5987f412406_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:438b4904d97ca6cd51284955f284c0b078af30859460eb1ed608e20535ccc2c8_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:f96217aeff1a39024700537986dca70ce7e94949c91c3da815dc715ef6588044_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:fe5172976364ca5ef1bd83d25b5a51497d51782ef30706ccbceae3db64d10019_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:1517"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:189126988989d9ea557c1356386ee5a7443d5cb01717e0d974f0603a2b659130_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:452b98b484516602e84835289b97d3ce5bfea4de66996fc66381a74e5f47ab44_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:db0681aece90f0ecbd6cebe7dbc60ba59f02258a27cdae938752a7e9dbaf475d_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:eaea088de3ff04166ec467b67d70f55662a2917441d3d9d4e8dd39677031bc4c_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:5271f61b08c3c593db3285d7d68014792440944ee38c2fff1839f2d401cc27ad_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:69cbd0e1ffe7abde1ac760e74088a5f98c529fa22b426dd15de013c7308bf325_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:97949783533ac35c4c48c3bdfcb5306853779e82b101e52fdc2f95923d4d071f_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:ca3b14d4dc352c45cfab525c2c4e2c703c46a948022634b1d023ac27fbf57f89_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:2b5ba43a096f738c776e4fc95ac5afabbe1b80826c7350f85f0ca5987f412406_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:438b4904d97ca6cd51284955f284c0b078af30859460eb1ed608e20535ccc2c8_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:f96217aeff1a39024700537986dca70ce7e94949c91c3da815dc715ef6588044_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:fe5172976364ca5ef1bd83d25b5a51497d51782ef30706ccbceae3db64d10019_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle@sha256:b22341e8dfba8b10b70f21f3b597c02874bae485c07517402db0930397d82688_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:074255ff15e39c96ccb0dac16df03a8f3066afa4f2f6d81588e11d0cff5f7dd6_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:194bed8ce4509622b1802b5b6c528e34c4fa610e7ca2894d2c5a34874e1e393f_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:f23f9417f4dc4631bb2ab5e51e95d3a28ea7511f96a12f5d717353db4a1b40cd_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:ffc6d43eb11c5cc4672b73597b6cfe0dce6356f40777f4ab2dc26aa1f74cf957_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:678b96caceeb30a64c2f43395ab291e3035fa122d46eb9d2289e77bfc6b4c3b2_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:cfa4cd81826c4f945fdb2900aa16028919ad0737beb15c424162a34c1f86a46b_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:d353cd9e8305138cc186affd8d68256061ca2113208c8969a5b0fa7b4c1eab24_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:dcfa45646e951547da04021f3f35d7262a95f565366a1c5ebbf12532f783f686_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:9386cdac44378229ee4bbae348924e496738eadbb30a5a338886280a5361c91a_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:b60ce2debac0fa9a6f0a125775df71c175aa1a0d25489cc63e1caf98464fb6b3_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:cc3f28d099d73edfd4a234b5c6bdd52299a7b3fec9b25275aca413b64c9320e3_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:f5a834aae45dabf73e50ef426ac18c2a4737c99373aa8705b60778cfa6faebe4_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:670450f25d9a48e836d7ea6196f7da036dde40a13c87ac4e56821a6c255820b1_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:d480afc91510b9422e2d227813052a6a25a759bdd0fee683e399d3dcfa08ab29_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:e292fc02185514b2e246e4ca7e23572bf24d64b72bb503e80b5f43411d6dd585_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:eb98140ad6ba3fe2b9fee5f59130671b490cf2849f5fb68a2abc51748d97ff8d_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:14f23c5a1b81122d6c019ee470617da0e4597b9aac42c008797c0be8a0c14b45_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:5180c88b2677bb366aea5af964bf40c1bad8bbf4c33cefaba87ce6c22e9e8e17_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:87359ad896ce3ecce5da9763a34f18b0481cbad50b4f3b0130b948e57645f818_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:c7a63ddb83702fc56250aaf0bf090db1038d7d29eb6025b6e9bc717e3cb3ced4_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:1ae07e2c03ed0497812c7f716d05358367bcd6aec9f25141658a86cba4f9361e_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:8e4a29ad6b0e226e055bc56ef73b751a94f35fe06e83cf021b1a23204fab64cd_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:d5242d47d9ce958769e5986d54eee1522b19341677ef2051bfea3c72b4b86ce5_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:deea39a769a89ac2ac4ea6470d4865de5802331e36b81ac167526b7cd92713fa_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1a3802e374386dd277f1e806a0cc7cdd9327dd57900df2e8af373acb0501a862_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1b160193dd2e7612a7cd95e2f3e2863fae06c51b29afe8e67d57fa80ec703884_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:e7e8edfbe4e6a55628f4d161d42d375f41e45e9bac792e1d33aadb3dbcafe471_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:f7687becdf95ecf98b9fadbc501163c3bc2f4b1906fd59c19ad6717a1897f8e8_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:1c5cb619fc844a48f79d2996d8c2239bab7077845d404184515d4e7df7afdc6e_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:4586e2f4308662e5ff54d15fb4a7839982fd59a74a7e0534b7df0537c65da3e7_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:c69235da18dcccc515f64615d6e2313423520cff6c3d32b87b2c3e1f1069ffa3_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:ec4c412b018affc913dd6e50fa1ecaba47993619102a235572d30eb354af3599_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:189126988989d9ea557c1356386ee5a7443d5cb01717e0d974f0603a2b659130_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:452b98b484516602e84835289b97d3ce5bfea4de66996fc66381a74e5f47ab44_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:db0681aece90f0ecbd6cebe7dbc60ba59f02258a27cdae938752a7e9dbaf475d_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:eaea088de3ff04166ec467b67d70f55662a2917441d3d9d4e8dd39677031bc4c_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:5271f61b08c3c593db3285d7d68014792440944ee38c2fff1839f2d401cc27ad_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:69cbd0e1ffe7abde1ac760e74088a5f98c529fa22b426dd15de013c7308bf325_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:97949783533ac35c4c48c3bdfcb5306853779e82b101e52fdc2f95923d4d071f_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:ca3b14d4dc352c45cfab525c2c4e2c703c46a948022634b1d023ac27fbf57f89_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:2b5ba43a096f738c776e4fc95ac5afabbe1b80826c7350f85f0ca5987f412406_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:438b4904d97ca6cd51284955f284c0b078af30859460eb1ed608e20535ccc2c8_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:f96217aeff1a39024700537986dca70ce7e94949c91c3da815dc715ef6588044_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:fe5172976364ca5ef1bd83d25b5a51497d51782ef30706ccbceae3db64d10019_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle@sha256:b22341e8dfba8b10b70f21f3b597c02874bae485c07517402db0930397d82688_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:074255ff15e39c96ccb0dac16df03a8f3066afa4f2f6d81588e11d0cff5f7dd6_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:194bed8ce4509622b1802b5b6c528e34c4fa610e7ca2894d2c5a34874e1e393f_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:f23f9417f4dc4631bb2ab5e51e95d3a28ea7511f96a12f5d717353db4a1b40cd_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:ffc6d43eb11c5cc4672b73597b6cfe0dce6356f40777f4ab2dc26aa1f74cf957_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:678b96caceeb30a64c2f43395ab291e3035fa122d46eb9d2289e77bfc6b4c3b2_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:cfa4cd81826c4f945fdb2900aa16028919ad0737beb15c424162a34c1f86a46b_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:d353cd9e8305138cc186affd8d68256061ca2113208c8969a5b0fa7b4c1eab24_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:dcfa45646e951547da04021f3f35d7262a95f565366a1c5ebbf12532f783f686_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:9386cdac44378229ee4bbae348924e496738eadbb30a5a338886280a5361c91a_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:b60ce2debac0fa9a6f0a125775df71c175aa1a0d25489cc63e1caf98464fb6b3_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:cc3f28d099d73edfd4a234b5c6bdd52299a7b3fec9b25275aca413b64c9320e3_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:f5a834aae45dabf73e50ef426ac18c2a4737c99373aa8705b60778cfa6faebe4_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:670450f25d9a48e836d7ea6196f7da036dde40a13c87ac4e56821a6c255820b1_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:d480afc91510b9422e2d227813052a6a25a759bdd0fee683e399d3dcfa08ab29_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:e292fc02185514b2e246e4ca7e23572bf24d64b72bb503e80b5f43411d6dd585_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:eb98140ad6ba3fe2b9fee5f59130671b490cf2849f5fb68a2abc51748d97ff8d_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:14f23c5a1b81122d6c019ee470617da0e4597b9aac42c008797c0be8a0c14b45_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:5180c88b2677bb366aea5af964bf40c1bad8bbf4c33cefaba87ce6c22e9e8e17_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:87359ad896ce3ecce5da9763a34f18b0481cbad50b4f3b0130b948e57645f818_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:c7a63ddb83702fc56250aaf0bf090db1038d7d29eb6025b6e9bc717e3cb3ced4_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:1ae07e2c03ed0497812c7f716d05358367bcd6aec9f25141658a86cba4f9361e_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:8e4a29ad6b0e226e055bc56ef73b751a94f35fe06e83cf021b1a23204fab64cd_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:d5242d47d9ce958769e5986d54eee1522b19341677ef2051bfea3c72b4b86ce5_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:deea39a769a89ac2ac4ea6470d4865de5802331e36b81ac167526b7cd92713fa_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1a3802e374386dd277f1e806a0cc7cdd9327dd57900df2e8af373acb0501a862_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1b160193dd2e7612a7cd95e2f3e2863fae06c51b29afe8e67d57fa80ec703884_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:e7e8edfbe4e6a55628f4d161d42d375f41e45e9bac792e1d33aadb3dbcafe471_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:f7687becdf95ecf98b9fadbc501163c3bc2f4b1906fd59c19ad6717a1897f8e8_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:1c5cb619fc844a48f79d2996d8c2239bab7077845d404184515d4e7df7afdc6e_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:4586e2f4308662e5ff54d15fb4a7839982fd59a74a7e0534b7df0537c65da3e7_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:c69235da18dcccc515f64615d6e2313423520cff6c3d32b87b2c3e1f1069ffa3_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:ec4c412b018affc913dd6e50fa1ecaba47993619102a235572d30eb354af3599_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "node-forge: node-forge ASN.1 Unbounded Recursion"
},
{
"cve": "CVE-2025-66506",
"cwe": {
"id": "CWE-405",
"name": "Asymmetric Resource Consumption (Amplification)"
},
"discovery_date": "2025-12-04T23:01:20.507333+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:189126988989d9ea557c1356386ee5a7443d5cb01717e0d974f0603a2b659130_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:452b98b484516602e84835289b97d3ce5bfea4de66996fc66381a74e5f47ab44_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:db0681aece90f0ecbd6cebe7dbc60ba59f02258a27cdae938752a7e9dbaf475d_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:eaea088de3ff04166ec467b67d70f55662a2917441d3d9d4e8dd39677031bc4c_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:5271f61b08c3c593db3285d7d68014792440944ee38c2fff1839f2d401cc27ad_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:69cbd0e1ffe7abde1ac760e74088a5f98c529fa22b426dd15de013c7308bf325_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:97949783533ac35c4c48c3bdfcb5306853779e82b101e52fdc2f95923d4d071f_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:ca3b14d4dc352c45cfab525c2c4e2c703c46a948022634b1d023ac27fbf57f89_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle@sha256:b22341e8dfba8b10b70f21f3b597c02874bae485c07517402db0930397d82688_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:074255ff15e39c96ccb0dac16df03a8f3066afa4f2f6d81588e11d0cff5f7dd6_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:194bed8ce4509622b1802b5b6c528e34c4fa610e7ca2894d2c5a34874e1e393f_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:f23f9417f4dc4631bb2ab5e51e95d3a28ea7511f96a12f5d717353db4a1b40cd_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:ffc6d43eb11c5cc4672b73597b6cfe0dce6356f40777f4ab2dc26aa1f74cf957_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:678b96caceeb30a64c2f43395ab291e3035fa122d46eb9d2289e77bfc6b4c3b2_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:cfa4cd81826c4f945fdb2900aa16028919ad0737beb15c424162a34c1f86a46b_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:d353cd9e8305138cc186affd8d68256061ca2113208c8969a5b0fa7b4c1eab24_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:dcfa45646e951547da04021f3f35d7262a95f565366a1c5ebbf12532f783f686_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:9386cdac44378229ee4bbae348924e496738eadbb30a5a338886280a5361c91a_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:b60ce2debac0fa9a6f0a125775df71c175aa1a0d25489cc63e1caf98464fb6b3_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:cc3f28d099d73edfd4a234b5c6bdd52299a7b3fec9b25275aca413b64c9320e3_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:f5a834aae45dabf73e50ef426ac18c2a4737c99373aa8705b60778cfa6faebe4_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:670450f25d9a48e836d7ea6196f7da036dde40a13c87ac4e56821a6c255820b1_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:d480afc91510b9422e2d227813052a6a25a759bdd0fee683e399d3dcfa08ab29_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:e292fc02185514b2e246e4ca7e23572bf24d64b72bb503e80b5f43411d6dd585_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:eb98140ad6ba3fe2b9fee5f59130671b490cf2849f5fb68a2abc51748d97ff8d_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:14f23c5a1b81122d6c019ee470617da0e4597b9aac42c008797c0be8a0c14b45_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:5180c88b2677bb366aea5af964bf40c1bad8bbf4c33cefaba87ce6c22e9e8e17_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:87359ad896ce3ecce5da9763a34f18b0481cbad50b4f3b0130b948e57645f818_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:c7a63ddb83702fc56250aaf0bf090db1038d7d29eb6025b6e9bc717e3cb3ced4_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:1ae07e2c03ed0497812c7f716d05358367bcd6aec9f25141658a86cba4f9361e_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:8e4a29ad6b0e226e055bc56ef73b751a94f35fe06e83cf021b1a23204fab64cd_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:d5242d47d9ce958769e5986d54eee1522b19341677ef2051bfea3c72b4b86ce5_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:deea39a769a89ac2ac4ea6470d4865de5802331e36b81ac167526b7cd92713fa_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1a3802e374386dd277f1e806a0cc7cdd9327dd57900df2e8af373acb0501a862_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1b160193dd2e7612a7cd95e2f3e2863fae06c51b29afe8e67d57fa80ec703884_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:e7e8edfbe4e6a55628f4d161d42d375f41e45e9bac792e1d33aadb3dbcafe471_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:f7687becdf95ecf98b9fadbc501163c3bc2f4b1906fd59c19ad6717a1897f8e8_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:1c5cb619fc844a48f79d2996d8c2239bab7077845d404184515d4e7df7afdc6e_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:4586e2f4308662e5ff54d15fb4a7839982fd59a74a7e0534b7df0537c65da3e7_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:c69235da18dcccc515f64615d6e2313423520cff6c3d32b87b2c3e1f1069ffa3_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:ec4c412b018affc913dd6e50fa1ecaba47993619102a235572d30eb354af3599_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2419056"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Fulcio, a free-to-use certificate authority. This vulnerability allows a denial of service (DoS) due to excessive memory allocation when processing a malicious OpenID Connect (OIDC) identity token containing numerous period characters.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "github.com/sigstore/fulcio: Fulcio: Denial of Service via crafted OpenID Connect (OIDC) token",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Important for Red Hat as Fulcio, a certificate authority used for issuing code signing certificates, is susceptible to a denial of service when processing a specially crafted OpenID Connect (OIDC) token. This could lead to resource exhaustion and service unavailability in affected Red Hat products that utilize Fulcio.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:2b5ba43a096f738c776e4fc95ac5afabbe1b80826c7350f85f0ca5987f412406_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:438b4904d97ca6cd51284955f284c0b078af30859460eb1ed608e20535ccc2c8_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:f96217aeff1a39024700537986dca70ce7e94949c91c3da815dc715ef6588044_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:fe5172976364ca5ef1bd83d25b5a51497d51782ef30706ccbceae3db64d10019_ppc64le"
],
"known_not_affected": [
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:189126988989d9ea557c1356386ee5a7443d5cb01717e0d974f0603a2b659130_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:452b98b484516602e84835289b97d3ce5bfea4de66996fc66381a74e5f47ab44_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:db0681aece90f0ecbd6cebe7dbc60ba59f02258a27cdae938752a7e9dbaf475d_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:eaea088de3ff04166ec467b67d70f55662a2917441d3d9d4e8dd39677031bc4c_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:5271f61b08c3c593db3285d7d68014792440944ee38c2fff1839f2d401cc27ad_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:69cbd0e1ffe7abde1ac760e74088a5f98c529fa22b426dd15de013c7308bf325_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:97949783533ac35c4c48c3bdfcb5306853779e82b101e52fdc2f95923d4d071f_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:ca3b14d4dc352c45cfab525c2c4e2c703c46a948022634b1d023ac27fbf57f89_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle@sha256:b22341e8dfba8b10b70f21f3b597c02874bae485c07517402db0930397d82688_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:074255ff15e39c96ccb0dac16df03a8f3066afa4f2f6d81588e11d0cff5f7dd6_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:194bed8ce4509622b1802b5b6c528e34c4fa610e7ca2894d2c5a34874e1e393f_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:f23f9417f4dc4631bb2ab5e51e95d3a28ea7511f96a12f5d717353db4a1b40cd_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:ffc6d43eb11c5cc4672b73597b6cfe0dce6356f40777f4ab2dc26aa1f74cf957_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:678b96caceeb30a64c2f43395ab291e3035fa122d46eb9d2289e77bfc6b4c3b2_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:cfa4cd81826c4f945fdb2900aa16028919ad0737beb15c424162a34c1f86a46b_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:d353cd9e8305138cc186affd8d68256061ca2113208c8969a5b0fa7b4c1eab24_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:dcfa45646e951547da04021f3f35d7262a95f565366a1c5ebbf12532f783f686_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:9386cdac44378229ee4bbae348924e496738eadbb30a5a338886280a5361c91a_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:b60ce2debac0fa9a6f0a125775df71c175aa1a0d25489cc63e1caf98464fb6b3_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:cc3f28d099d73edfd4a234b5c6bdd52299a7b3fec9b25275aca413b64c9320e3_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:f5a834aae45dabf73e50ef426ac18c2a4737c99373aa8705b60778cfa6faebe4_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:670450f25d9a48e836d7ea6196f7da036dde40a13c87ac4e56821a6c255820b1_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:d480afc91510b9422e2d227813052a6a25a759bdd0fee683e399d3dcfa08ab29_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:e292fc02185514b2e246e4ca7e23572bf24d64b72bb503e80b5f43411d6dd585_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:eb98140ad6ba3fe2b9fee5f59130671b490cf2849f5fb68a2abc51748d97ff8d_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:14f23c5a1b81122d6c019ee470617da0e4597b9aac42c008797c0be8a0c14b45_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:5180c88b2677bb366aea5af964bf40c1bad8bbf4c33cefaba87ce6c22e9e8e17_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:87359ad896ce3ecce5da9763a34f18b0481cbad50b4f3b0130b948e57645f818_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:c7a63ddb83702fc56250aaf0bf090db1038d7d29eb6025b6e9bc717e3cb3ced4_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:1ae07e2c03ed0497812c7f716d05358367bcd6aec9f25141658a86cba4f9361e_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:8e4a29ad6b0e226e055bc56ef73b751a94f35fe06e83cf021b1a23204fab64cd_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:d5242d47d9ce958769e5986d54eee1522b19341677ef2051bfea3c72b4b86ce5_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:deea39a769a89ac2ac4ea6470d4865de5802331e36b81ac167526b7cd92713fa_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1a3802e374386dd277f1e806a0cc7cdd9327dd57900df2e8af373acb0501a862_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1b160193dd2e7612a7cd95e2f3e2863fae06c51b29afe8e67d57fa80ec703884_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:e7e8edfbe4e6a55628f4d161d42d375f41e45e9bac792e1d33aadb3dbcafe471_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:f7687becdf95ecf98b9fadbc501163c3bc2f4b1906fd59c19ad6717a1897f8e8_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:1c5cb619fc844a48f79d2996d8c2239bab7077845d404184515d4e7df7afdc6e_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:4586e2f4308662e5ff54d15fb4a7839982fd59a74a7e0534b7df0537c65da3e7_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:c69235da18dcccc515f64615d6e2313423520cff6c3d32b87b2c3e1f1069ffa3_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:ec4c412b018affc913dd6e50fa1ecaba47993619102a235572d30eb354af3599_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-66506"
},
{
"category": "external",
"summary": "RHBZ#2419056",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2419056"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-66506",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66506"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-66506",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66506"
},
{
"category": "external",
"summary": "https://github.com/sigstore/fulcio/commit/765a0e57608b9ef390e1eeeea8595b9054c63a5a",
"url": "https://github.com/sigstore/fulcio/commit/765a0e57608b9ef390e1eeeea8595b9054c63a5a"
},
{
"category": "external",
"summary": "https://github.com/sigstore/fulcio/security/advisories/GHSA-f83f-xpx7-ffpw",
"url": "https://github.com/sigstore/fulcio/security/advisories/GHSA-f83f-xpx7-ffpw"
}
],
"release_date": "2025-12-04T22:04:41.637000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-28T22:40:02+00:00",
"details": "If you are using an earlier version of RHACS, you are advised to\nupgrade to the version of RHACS mentioned in the synopsis and release\nnotes in order to take advantage of the enhancements, bug fixes, and/or\nsecurity patches in the release.",
"product_ids": [
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:2b5ba43a096f738c776e4fc95ac5afabbe1b80826c7350f85f0ca5987f412406_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:438b4904d97ca6cd51284955f284c0b078af30859460eb1ed608e20535ccc2c8_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:f96217aeff1a39024700537986dca70ce7e94949c91c3da815dc715ef6588044_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:fe5172976364ca5ef1bd83d25b5a51497d51782ef30706ccbceae3db64d10019_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:1517"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:189126988989d9ea557c1356386ee5a7443d5cb01717e0d974f0603a2b659130_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:452b98b484516602e84835289b97d3ce5bfea4de66996fc66381a74e5f47ab44_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:db0681aece90f0ecbd6cebe7dbc60ba59f02258a27cdae938752a7e9dbaf475d_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:eaea088de3ff04166ec467b67d70f55662a2917441d3d9d4e8dd39677031bc4c_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:5271f61b08c3c593db3285d7d68014792440944ee38c2fff1839f2d401cc27ad_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:69cbd0e1ffe7abde1ac760e74088a5f98c529fa22b426dd15de013c7308bf325_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:97949783533ac35c4c48c3bdfcb5306853779e82b101e52fdc2f95923d4d071f_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:ca3b14d4dc352c45cfab525c2c4e2c703c46a948022634b1d023ac27fbf57f89_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:2b5ba43a096f738c776e4fc95ac5afabbe1b80826c7350f85f0ca5987f412406_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:438b4904d97ca6cd51284955f284c0b078af30859460eb1ed608e20535ccc2c8_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:f96217aeff1a39024700537986dca70ce7e94949c91c3da815dc715ef6588044_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:fe5172976364ca5ef1bd83d25b5a51497d51782ef30706ccbceae3db64d10019_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle@sha256:b22341e8dfba8b10b70f21f3b597c02874bae485c07517402db0930397d82688_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:074255ff15e39c96ccb0dac16df03a8f3066afa4f2f6d81588e11d0cff5f7dd6_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:194bed8ce4509622b1802b5b6c528e34c4fa610e7ca2894d2c5a34874e1e393f_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:f23f9417f4dc4631bb2ab5e51e95d3a28ea7511f96a12f5d717353db4a1b40cd_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:ffc6d43eb11c5cc4672b73597b6cfe0dce6356f40777f4ab2dc26aa1f74cf957_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:678b96caceeb30a64c2f43395ab291e3035fa122d46eb9d2289e77bfc6b4c3b2_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:cfa4cd81826c4f945fdb2900aa16028919ad0737beb15c424162a34c1f86a46b_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:d353cd9e8305138cc186affd8d68256061ca2113208c8969a5b0fa7b4c1eab24_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:dcfa45646e951547da04021f3f35d7262a95f565366a1c5ebbf12532f783f686_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:9386cdac44378229ee4bbae348924e496738eadbb30a5a338886280a5361c91a_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:b60ce2debac0fa9a6f0a125775df71c175aa1a0d25489cc63e1caf98464fb6b3_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:cc3f28d099d73edfd4a234b5c6bdd52299a7b3fec9b25275aca413b64c9320e3_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:f5a834aae45dabf73e50ef426ac18c2a4737c99373aa8705b60778cfa6faebe4_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:670450f25d9a48e836d7ea6196f7da036dde40a13c87ac4e56821a6c255820b1_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:d480afc91510b9422e2d227813052a6a25a759bdd0fee683e399d3dcfa08ab29_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:e292fc02185514b2e246e4ca7e23572bf24d64b72bb503e80b5f43411d6dd585_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:eb98140ad6ba3fe2b9fee5f59130671b490cf2849f5fb68a2abc51748d97ff8d_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:14f23c5a1b81122d6c019ee470617da0e4597b9aac42c008797c0be8a0c14b45_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:5180c88b2677bb366aea5af964bf40c1bad8bbf4c33cefaba87ce6c22e9e8e17_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:87359ad896ce3ecce5da9763a34f18b0481cbad50b4f3b0130b948e57645f818_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:c7a63ddb83702fc56250aaf0bf090db1038d7d29eb6025b6e9bc717e3cb3ced4_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:1ae07e2c03ed0497812c7f716d05358367bcd6aec9f25141658a86cba4f9361e_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:8e4a29ad6b0e226e055bc56ef73b751a94f35fe06e83cf021b1a23204fab64cd_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:d5242d47d9ce958769e5986d54eee1522b19341677ef2051bfea3c72b4b86ce5_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:deea39a769a89ac2ac4ea6470d4865de5802331e36b81ac167526b7cd92713fa_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1a3802e374386dd277f1e806a0cc7cdd9327dd57900df2e8af373acb0501a862_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1b160193dd2e7612a7cd95e2f3e2863fae06c51b29afe8e67d57fa80ec703884_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:e7e8edfbe4e6a55628f4d161d42d375f41e45e9bac792e1d33aadb3dbcafe471_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:f7687becdf95ecf98b9fadbc501163c3bc2f4b1906fd59c19ad6717a1897f8e8_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:1c5cb619fc844a48f79d2996d8c2239bab7077845d404184515d4e7df7afdc6e_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:4586e2f4308662e5ff54d15fb4a7839982fd59a74a7e0534b7df0537c65da3e7_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:c69235da18dcccc515f64615d6e2313423520cff6c3d32b87b2c3e1f1069ffa3_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:ec4c412b018affc913dd6e50fa1ecaba47993619102a235572d30eb354af3599_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "github.com/sigstore/fulcio: Fulcio: Denial of Service via crafted OpenID Connect (OIDC) token"
},
{
"cve": "CVE-2025-66564",
"cwe": {
"id": "CWE-405",
"name": "Asymmetric Resource Consumption (Amplification)"
},
"discovery_date": "2025-12-04T23:01:11.786030+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:189126988989d9ea557c1356386ee5a7443d5cb01717e0d974f0603a2b659130_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:452b98b484516602e84835289b97d3ce5bfea4de66996fc66381a74e5f47ab44_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:db0681aece90f0ecbd6cebe7dbc60ba59f02258a27cdae938752a7e9dbaf475d_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:eaea088de3ff04166ec467b67d70f55662a2917441d3d9d4e8dd39677031bc4c_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:5271f61b08c3c593db3285d7d68014792440944ee38c2fff1839f2d401cc27ad_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:69cbd0e1ffe7abde1ac760e74088a5f98c529fa22b426dd15de013c7308bf325_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:97949783533ac35c4c48c3bdfcb5306853779e82b101e52fdc2f95923d4d071f_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:ca3b14d4dc352c45cfab525c2c4e2c703c46a948022634b1d023ac27fbf57f89_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle@sha256:b22341e8dfba8b10b70f21f3b597c02874bae485c07517402db0930397d82688_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:074255ff15e39c96ccb0dac16df03a8f3066afa4f2f6d81588e11d0cff5f7dd6_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:194bed8ce4509622b1802b5b6c528e34c4fa610e7ca2894d2c5a34874e1e393f_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:f23f9417f4dc4631bb2ab5e51e95d3a28ea7511f96a12f5d717353db4a1b40cd_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:ffc6d43eb11c5cc4672b73597b6cfe0dce6356f40777f4ab2dc26aa1f74cf957_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:678b96caceeb30a64c2f43395ab291e3035fa122d46eb9d2289e77bfc6b4c3b2_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:cfa4cd81826c4f945fdb2900aa16028919ad0737beb15c424162a34c1f86a46b_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:d353cd9e8305138cc186affd8d68256061ca2113208c8969a5b0fa7b4c1eab24_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:dcfa45646e951547da04021f3f35d7262a95f565366a1c5ebbf12532f783f686_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:9386cdac44378229ee4bbae348924e496738eadbb30a5a338886280a5361c91a_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:b60ce2debac0fa9a6f0a125775df71c175aa1a0d25489cc63e1caf98464fb6b3_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:cc3f28d099d73edfd4a234b5c6bdd52299a7b3fec9b25275aca413b64c9320e3_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:f5a834aae45dabf73e50ef426ac18c2a4737c99373aa8705b60778cfa6faebe4_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:670450f25d9a48e836d7ea6196f7da036dde40a13c87ac4e56821a6c255820b1_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:d480afc91510b9422e2d227813052a6a25a759bdd0fee683e399d3dcfa08ab29_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:e292fc02185514b2e246e4ca7e23572bf24d64b72bb503e80b5f43411d6dd585_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:eb98140ad6ba3fe2b9fee5f59130671b490cf2849f5fb68a2abc51748d97ff8d_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:14f23c5a1b81122d6c019ee470617da0e4597b9aac42c008797c0be8a0c14b45_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:5180c88b2677bb366aea5af964bf40c1bad8bbf4c33cefaba87ce6c22e9e8e17_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:87359ad896ce3ecce5da9763a34f18b0481cbad50b4f3b0130b948e57645f818_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:c7a63ddb83702fc56250aaf0bf090db1038d7d29eb6025b6e9bc717e3cb3ced4_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:1ae07e2c03ed0497812c7f716d05358367bcd6aec9f25141658a86cba4f9361e_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:8e4a29ad6b0e226e055bc56ef73b751a94f35fe06e83cf021b1a23204fab64cd_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:d5242d47d9ce958769e5986d54eee1522b19341677ef2051bfea3c72b4b86ce5_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:deea39a769a89ac2ac4ea6470d4865de5802331e36b81ac167526b7cd92713fa_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1a3802e374386dd277f1e806a0cc7cdd9327dd57900df2e8af373acb0501a862_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1b160193dd2e7612a7cd95e2f3e2863fae06c51b29afe8e67d57fa80ec703884_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:e7e8edfbe4e6a55628f4d161d42d375f41e45e9bac792e1d33aadb3dbcafe471_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:f7687becdf95ecf98b9fadbc501163c3bc2f4b1906fd59c19ad6717a1897f8e8_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:1c5cb619fc844a48f79d2996d8c2239bab7077845d404184515d4e7df7afdc6e_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:4586e2f4308662e5ff54d15fb4a7839982fd59a74a7e0534b7df0537c65da3e7_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:c69235da18dcccc515f64615d6e2313423520cff6c3d32b87b2c3e1f1069ffa3_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:ec4c412b018affc913dd6e50fa1ecaba47993619102a235572d30eb354af3599_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2419054"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Sigstore Timestamp Authority. This vulnerability allows a denial of service via excessive memory allocation when processing a specially crafted Object Identifier or Content-Type header.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "github.com/sigstore/timestamp-authority: Sigstore Timestamp Authority: Denial of Service via excessive OID or Content-Type header parsing",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Important for Red Hat products. The Sigstore Timestamp Authority, a service for issuing RFC 3161 timestamps, is prone to excessive memory allocation. This occurs when processing untrusted OID payloads with many period characters or malformed Content-Type headers. An unauthenticated attacker could exploit this flaw to trigger a denial of service in affected Red Hat products that utilize this component.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:2b5ba43a096f738c776e4fc95ac5afabbe1b80826c7350f85f0ca5987f412406_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:438b4904d97ca6cd51284955f284c0b078af30859460eb1ed608e20535ccc2c8_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:f96217aeff1a39024700537986dca70ce7e94949c91c3da815dc715ef6588044_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:fe5172976364ca5ef1bd83d25b5a51497d51782ef30706ccbceae3db64d10019_ppc64le"
],
"known_not_affected": [
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:189126988989d9ea557c1356386ee5a7443d5cb01717e0d974f0603a2b659130_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:452b98b484516602e84835289b97d3ce5bfea4de66996fc66381a74e5f47ab44_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:db0681aece90f0ecbd6cebe7dbc60ba59f02258a27cdae938752a7e9dbaf475d_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:eaea088de3ff04166ec467b67d70f55662a2917441d3d9d4e8dd39677031bc4c_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:5271f61b08c3c593db3285d7d68014792440944ee38c2fff1839f2d401cc27ad_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:69cbd0e1ffe7abde1ac760e74088a5f98c529fa22b426dd15de013c7308bf325_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:97949783533ac35c4c48c3bdfcb5306853779e82b101e52fdc2f95923d4d071f_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:ca3b14d4dc352c45cfab525c2c4e2c703c46a948022634b1d023ac27fbf57f89_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle@sha256:b22341e8dfba8b10b70f21f3b597c02874bae485c07517402db0930397d82688_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:074255ff15e39c96ccb0dac16df03a8f3066afa4f2f6d81588e11d0cff5f7dd6_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:194bed8ce4509622b1802b5b6c528e34c4fa610e7ca2894d2c5a34874e1e393f_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:f23f9417f4dc4631bb2ab5e51e95d3a28ea7511f96a12f5d717353db4a1b40cd_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:ffc6d43eb11c5cc4672b73597b6cfe0dce6356f40777f4ab2dc26aa1f74cf957_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:678b96caceeb30a64c2f43395ab291e3035fa122d46eb9d2289e77bfc6b4c3b2_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:cfa4cd81826c4f945fdb2900aa16028919ad0737beb15c424162a34c1f86a46b_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:d353cd9e8305138cc186affd8d68256061ca2113208c8969a5b0fa7b4c1eab24_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:dcfa45646e951547da04021f3f35d7262a95f565366a1c5ebbf12532f783f686_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:9386cdac44378229ee4bbae348924e496738eadbb30a5a338886280a5361c91a_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:b60ce2debac0fa9a6f0a125775df71c175aa1a0d25489cc63e1caf98464fb6b3_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:cc3f28d099d73edfd4a234b5c6bdd52299a7b3fec9b25275aca413b64c9320e3_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:f5a834aae45dabf73e50ef426ac18c2a4737c99373aa8705b60778cfa6faebe4_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:670450f25d9a48e836d7ea6196f7da036dde40a13c87ac4e56821a6c255820b1_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:d480afc91510b9422e2d227813052a6a25a759bdd0fee683e399d3dcfa08ab29_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:e292fc02185514b2e246e4ca7e23572bf24d64b72bb503e80b5f43411d6dd585_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:eb98140ad6ba3fe2b9fee5f59130671b490cf2849f5fb68a2abc51748d97ff8d_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:14f23c5a1b81122d6c019ee470617da0e4597b9aac42c008797c0be8a0c14b45_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:5180c88b2677bb366aea5af964bf40c1bad8bbf4c33cefaba87ce6c22e9e8e17_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:87359ad896ce3ecce5da9763a34f18b0481cbad50b4f3b0130b948e57645f818_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:c7a63ddb83702fc56250aaf0bf090db1038d7d29eb6025b6e9bc717e3cb3ced4_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:1ae07e2c03ed0497812c7f716d05358367bcd6aec9f25141658a86cba4f9361e_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:8e4a29ad6b0e226e055bc56ef73b751a94f35fe06e83cf021b1a23204fab64cd_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:d5242d47d9ce958769e5986d54eee1522b19341677ef2051bfea3c72b4b86ce5_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:deea39a769a89ac2ac4ea6470d4865de5802331e36b81ac167526b7cd92713fa_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1a3802e374386dd277f1e806a0cc7cdd9327dd57900df2e8af373acb0501a862_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1b160193dd2e7612a7cd95e2f3e2863fae06c51b29afe8e67d57fa80ec703884_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:e7e8edfbe4e6a55628f4d161d42d375f41e45e9bac792e1d33aadb3dbcafe471_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:f7687becdf95ecf98b9fadbc501163c3bc2f4b1906fd59c19ad6717a1897f8e8_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:1c5cb619fc844a48f79d2996d8c2239bab7077845d404184515d4e7df7afdc6e_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:4586e2f4308662e5ff54d15fb4a7839982fd59a74a7e0534b7df0537c65da3e7_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:c69235da18dcccc515f64615d6e2313423520cff6c3d32b87b2c3e1f1069ffa3_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:ec4c412b018affc913dd6e50fa1ecaba47993619102a235572d30eb354af3599_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-66564"
},
{
"category": "external",
"summary": "RHBZ#2419054",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2419054"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-66564",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66564"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-66564",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66564"
},
{
"category": "external",
"summary": "https://github.com/sigstore/timestamp-authority/commit/0cae34e197d685a14904e0bad135b89d13b69421",
"url": "https://github.com/sigstore/timestamp-authority/commit/0cae34e197d685a14904e0bad135b89d13b69421"
},
{
"category": "external",
"summary": "https://github.com/sigstore/timestamp-authority/security/advisories/GHSA-4qg8-fj49-pxjh",
"url": "https://github.com/sigstore/timestamp-authority/security/advisories/GHSA-4qg8-fj49-pxjh"
}
],
"release_date": "2025-12-04T22:37:13.307000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-28T22:40:02+00:00",
"details": "If you are using an earlier version of RHACS, you are advised to\nupgrade to the version of RHACS mentioned in the synopsis and release\nnotes in order to take advantage of the enhancements, bug fixes, and/or\nsecurity patches in the release.",
"product_ids": [
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:2b5ba43a096f738c776e4fc95ac5afabbe1b80826c7350f85f0ca5987f412406_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:438b4904d97ca6cd51284955f284c0b078af30859460eb1ed608e20535ccc2c8_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:f96217aeff1a39024700537986dca70ce7e94949c91c3da815dc715ef6588044_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:fe5172976364ca5ef1bd83d25b5a51497d51782ef30706ccbceae3db64d10019_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:1517"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:189126988989d9ea557c1356386ee5a7443d5cb01717e0d974f0603a2b659130_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:452b98b484516602e84835289b97d3ce5bfea4de66996fc66381a74e5f47ab44_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:db0681aece90f0ecbd6cebe7dbc60ba59f02258a27cdae938752a7e9dbaf475d_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:eaea088de3ff04166ec467b67d70f55662a2917441d3d9d4e8dd39677031bc4c_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:5271f61b08c3c593db3285d7d68014792440944ee38c2fff1839f2d401cc27ad_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:69cbd0e1ffe7abde1ac760e74088a5f98c529fa22b426dd15de013c7308bf325_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:97949783533ac35c4c48c3bdfcb5306853779e82b101e52fdc2f95923d4d071f_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:ca3b14d4dc352c45cfab525c2c4e2c703c46a948022634b1d023ac27fbf57f89_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:2b5ba43a096f738c776e4fc95ac5afabbe1b80826c7350f85f0ca5987f412406_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:438b4904d97ca6cd51284955f284c0b078af30859460eb1ed608e20535ccc2c8_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:f96217aeff1a39024700537986dca70ce7e94949c91c3da815dc715ef6588044_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:fe5172976364ca5ef1bd83d25b5a51497d51782ef30706ccbceae3db64d10019_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle@sha256:b22341e8dfba8b10b70f21f3b597c02874bae485c07517402db0930397d82688_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:074255ff15e39c96ccb0dac16df03a8f3066afa4f2f6d81588e11d0cff5f7dd6_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:194bed8ce4509622b1802b5b6c528e34c4fa610e7ca2894d2c5a34874e1e393f_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:f23f9417f4dc4631bb2ab5e51e95d3a28ea7511f96a12f5d717353db4a1b40cd_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:ffc6d43eb11c5cc4672b73597b6cfe0dce6356f40777f4ab2dc26aa1f74cf957_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:678b96caceeb30a64c2f43395ab291e3035fa122d46eb9d2289e77bfc6b4c3b2_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:cfa4cd81826c4f945fdb2900aa16028919ad0737beb15c424162a34c1f86a46b_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:d353cd9e8305138cc186affd8d68256061ca2113208c8969a5b0fa7b4c1eab24_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:dcfa45646e951547da04021f3f35d7262a95f565366a1c5ebbf12532f783f686_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:9386cdac44378229ee4bbae348924e496738eadbb30a5a338886280a5361c91a_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:b60ce2debac0fa9a6f0a125775df71c175aa1a0d25489cc63e1caf98464fb6b3_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:cc3f28d099d73edfd4a234b5c6bdd52299a7b3fec9b25275aca413b64c9320e3_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:f5a834aae45dabf73e50ef426ac18c2a4737c99373aa8705b60778cfa6faebe4_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:670450f25d9a48e836d7ea6196f7da036dde40a13c87ac4e56821a6c255820b1_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:d480afc91510b9422e2d227813052a6a25a759bdd0fee683e399d3dcfa08ab29_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:e292fc02185514b2e246e4ca7e23572bf24d64b72bb503e80b5f43411d6dd585_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:eb98140ad6ba3fe2b9fee5f59130671b490cf2849f5fb68a2abc51748d97ff8d_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:14f23c5a1b81122d6c019ee470617da0e4597b9aac42c008797c0be8a0c14b45_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:5180c88b2677bb366aea5af964bf40c1bad8bbf4c33cefaba87ce6c22e9e8e17_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:87359ad896ce3ecce5da9763a34f18b0481cbad50b4f3b0130b948e57645f818_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:c7a63ddb83702fc56250aaf0bf090db1038d7d29eb6025b6e9bc717e3cb3ced4_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:1ae07e2c03ed0497812c7f716d05358367bcd6aec9f25141658a86cba4f9361e_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:8e4a29ad6b0e226e055bc56ef73b751a94f35fe06e83cf021b1a23204fab64cd_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:d5242d47d9ce958769e5986d54eee1522b19341677ef2051bfea3c72b4b86ce5_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:deea39a769a89ac2ac4ea6470d4865de5802331e36b81ac167526b7cd92713fa_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1a3802e374386dd277f1e806a0cc7cdd9327dd57900df2e8af373acb0501a862_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1b160193dd2e7612a7cd95e2f3e2863fae06c51b29afe8e67d57fa80ec703884_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:e7e8edfbe4e6a55628f4d161d42d375f41e45e9bac792e1d33aadb3dbcafe471_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:f7687becdf95ecf98b9fadbc501163c3bc2f4b1906fd59c19ad6717a1897f8e8_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:1c5cb619fc844a48f79d2996d8c2239bab7077845d404184515d4e7df7afdc6e_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:4586e2f4308662e5ff54d15fb4a7839982fd59a74a7e0534b7df0537c65da3e7_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:c69235da18dcccc515f64615d6e2313423520cff6c3d32b87b2c3e1f1069ffa3_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:ec4c412b018affc913dd6e50fa1ecaba47993619102a235572d30eb354af3599_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "github.com/sigstore/timestamp-authority: Sigstore Timestamp Authority: Denial of Service via excessive OID or Content-Type header parsing"
},
{
"cve": "CVE-2025-68428",
"cwe": {
"id": "CWE-73",
"name": "External Control of File Name or Path"
},
"discovery_date": "2026-01-05T22:01:15.703824+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:189126988989d9ea557c1356386ee5a7443d5cb01717e0d974f0603a2b659130_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:452b98b484516602e84835289b97d3ce5bfea4de66996fc66381a74e5f47ab44_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:db0681aece90f0ecbd6cebe7dbc60ba59f02258a27cdae938752a7e9dbaf475d_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:eaea088de3ff04166ec467b67d70f55662a2917441d3d9d4e8dd39677031bc4c_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:5271f61b08c3c593db3285d7d68014792440944ee38c2fff1839f2d401cc27ad_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:69cbd0e1ffe7abde1ac760e74088a5f98c529fa22b426dd15de013c7308bf325_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:97949783533ac35c4c48c3bdfcb5306853779e82b101e52fdc2f95923d4d071f_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:ca3b14d4dc352c45cfab525c2c4e2c703c46a948022634b1d023ac27fbf57f89_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle@sha256:b22341e8dfba8b10b70f21f3b597c02874bae485c07517402db0930397d82688_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:074255ff15e39c96ccb0dac16df03a8f3066afa4f2f6d81588e11d0cff5f7dd6_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:194bed8ce4509622b1802b5b6c528e34c4fa610e7ca2894d2c5a34874e1e393f_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:f23f9417f4dc4631bb2ab5e51e95d3a28ea7511f96a12f5d717353db4a1b40cd_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:ffc6d43eb11c5cc4672b73597b6cfe0dce6356f40777f4ab2dc26aa1f74cf957_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:678b96caceeb30a64c2f43395ab291e3035fa122d46eb9d2289e77bfc6b4c3b2_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:cfa4cd81826c4f945fdb2900aa16028919ad0737beb15c424162a34c1f86a46b_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:d353cd9e8305138cc186affd8d68256061ca2113208c8969a5b0fa7b4c1eab24_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:dcfa45646e951547da04021f3f35d7262a95f565366a1c5ebbf12532f783f686_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:9386cdac44378229ee4bbae348924e496738eadbb30a5a338886280a5361c91a_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:b60ce2debac0fa9a6f0a125775df71c175aa1a0d25489cc63e1caf98464fb6b3_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:cc3f28d099d73edfd4a234b5c6bdd52299a7b3fec9b25275aca413b64c9320e3_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:f5a834aae45dabf73e50ef426ac18c2a4737c99373aa8705b60778cfa6faebe4_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:670450f25d9a48e836d7ea6196f7da036dde40a13c87ac4e56821a6c255820b1_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:d480afc91510b9422e2d227813052a6a25a759bdd0fee683e399d3dcfa08ab29_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:e292fc02185514b2e246e4ca7e23572bf24d64b72bb503e80b5f43411d6dd585_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:eb98140ad6ba3fe2b9fee5f59130671b490cf2849f5fb68a2abc51748d97ff8d_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:14f23c5a1b81122d6c019ee470617da0e4597b9aac42c008797c0be8a0c14b45_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:5180c88b2677bb366aea5af964bf40c1bad8bbf4c33cefaba87ce6c22e9e8e17_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:87359ad896ce3ecce5da9763a34f18b0481cbad50b4f3b0130b948e57645f818_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:c7a63ddb83702fc56250aaf0bf090db1038d7d29eb6025b6e9bc717e3cb3ced4_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:1ae07e2c03ed0497812c7f716d05358367bcd6aec9f25141658a86cba4f9361e_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:8e4a29ad6b0e226e055bc56ef73b751a94f35fe06e83cf021b1a23204fab64cd_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:d5242d47d9ce958769e5986d54eee1522b19341677ef2051bfea3c72b4b86ce5_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:deea39a769a89ac2ac4ea6470d4865de5802331e36b81ac167526b7cd92713fa_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1a3802e374386dd277f1e806a0cc7cdd9327dd57900df2e8af373acb0501a862_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1b160193dd2e7612a7cd95e2f3e2863fae06c51b29afe8e67d57fa80ec703884_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:e7e8edfbe4e6a55628f4d161d42d375f41e45e9bac792e1d33aadb3dbcafe471_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:f7687becdf95ecf98b9fadbc501163c3bc2f4b1906fd59c19ad6717a1897f8e8_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:1c5cb619fc844a48f79d2996d8c2239bab7077845d404184515d4e7df7afdc6e_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:4586e2f4308662e5ff54d15fb4a7839982fd59a74a7e0534b7df0537c65da3e7_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:c69235da18dcccc515f64615d6e2313423520cff6c3d32b87b2c3e1f1069ffa3_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:ec4c412b018affc913dd6e50fa1ecaba47993619102a235572d30eb354af3599_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2427236"
}
],
"notes": [
{
"category": "description",
"text": "jsPDF is a library to generate PDFs in JavaScript. Prior to version 4.0.0, user control of the first argument of the loadFile method in the node.js build allows local file inclusion/path traversal. If given the possibility to pass unsanitized paths to the loadFile method, a user can retrieve file contents of arbitrary files in the local file system the node process is running in. The file contents are included verbatim in the generated PDFs. Other affected methods are `addImage`, `html`, and `addFont`. Only the node.js builds of the library are affected, namely the `dist/jspdf.node.js` and `dist/jspdf.node.min.js` files. The vulnerability has been fixed in jsPDF@4.0.0. This version restricts file system access per default. This semver-major update does not introduce other breaking changes. Some workarounds areavailable. With recent node versions, jsPDF recommends using the `--permission` flag in production. The feature was introduced experimentally in v20.0.0 and is stable since v22.13.0/v23.5.0/v24.0.0. For older node versions, sanitize user-provided paths before passing them to jsPDF.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jspdf: jsPDF Local File Inclusion/Path Traversal vulnerability",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:2b5ba43a096f738c776e4fc95ac5afabbe1b80826c7350f85f0ca5987f412406_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:438b4904d97ca6cd51284955f284c0b078af30859460eb1ed608e20535ccc2c8_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:f96217aeff1a39024700537986dca70ce7e94949c91c3da815dc715ef6588044_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:fe5172976364ca5ef1bd83d25b5a51497d51782ef30706ccbceae3db64d10019_ppc64le"
],
"known_not_affected": [
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:189126988989d9ea557c1356386ee5a7443d5cb01717e0d974f0603a2b659130_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:452b98b484516602e84835289b97d3ce5bfea4de66996fc66381a74e5f47ab44_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:db0681aece90f0ecbd6cebe7dbc60ba59f02258a27cdae938752a7e9dbaf475d_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:eaea088de3ff04166ec467b67d70f55662a2917441d3d9d4e8dd39677031bc4c_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:5271f61b08c3c593db3285d7d68014792440944ee38c2fff1839f2d401cc27ad_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:69cbd0e1ffe7abde1ac760e74088a5f98c529fa22b426dd15de013c7308bf325_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:97949783533ac35c4c48c3bdfcb5306853779e82b101e52fdc2f95923d4d071f_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:ca3b14d4dc352c45cfab525c2c4e2c703c46a948022634b1d023ac27fbf57f89_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle@sha256:b22341e8dfba8b10b70f21f3b597c02874bae485c07517402db0930397d82688_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:074255ff15e39c96ccb0dac16df03a8f3066afa4f2f6d81588e11d0cff5f7dd6_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:194bed8ce4509622b1802b5b6c528e34c4fa610e7ca2894d2c5a34874e1e393f_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:f23f9417f4dc4631bb2ab5e51e95d3a28ea7511f96a12f5d717353db4a1b40cd_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:ffc6d43eb11c5cc4672b73597b6cfe0dce6356f40777f4ab2dc26aa1f74cf957_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:678b96caceeb30a64c2f43395ab291e3035fa122d46eb9d2289e77bfc6b4c3b2_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:cfa4cd81826c4f945fdb2900aa16028919ad0737beb15c424162a34c1f86a46b_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:d353cd9e8305138cc186affd8d68256061ca2113208c8969a5b0fa7b4c1eab24_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:dcfa45646e951547da04021f3f35d7262a95f565366a1c5ebbf12532f783f686_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:9386cdac44378229ee4bbae348924e496738eadbb30a5a338886280a5361c91a_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:b60ce2debac0fa9a6f0a125775df71c175aa1a0d25489cc63e1caf98464fb6b3_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:cc3f28d099d73edfd4a234b5c6bdd52299a7b3fec9b25275aca413b64c9320e3_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:f5a834aae45dabf73e50ef426ac18c2a4737c99373aa8705b60778cfa6faebe4_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:670450f25d9a48e836d7ea6196f7da036dde40a13c87ac4e56821a6c255820b1_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:d480afc91510b9422e2d227813052a6a25a759bdd0fee683e399d3dcfa08ab29_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:e292fc02185514b2e246e4ca7e23572bf24d64b72bb503e80b5f43411d6dd585_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:eb98140ad6ba3fe2b9fee5f59130671b490cf2849f5fb68a2abc51748d97ff8d_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:14f23c5a1b81122d6c019ee470617da0e4597b9aac42c008797c0be8a0c14b45_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:5180c88b2677bb366aea5af964bf40c1bad8bbf4c33cefaba87ce6c22e9e8e17_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:87359ad896ce3ecce5da9763a34f18b0481cbad50b4f3b0130b948e57645f818_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:c7a63ddb83702fc56250aaf0bf090db1038d7d29eb6025b6e9bc717e3cb3ced4_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:1ae07e2c03ed0497812c7f716d05358367bcd6aec9f25141658a86cba4f9361e_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:8e4a29ad6b0e226e055bc56ef73b751a94f35fe06e83cf021b1a23204fab64cd_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:d5242d47d9ce958769e5986d54eee1522b19341677ef2051bfea3c72b4b86ce5_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:deea39a769a89ac2ac4ea6470d4865de5802331e36b81ac167526b7cd92713fa_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1a3802e374386dd277f1e806a0cc7cdd9327dd57900df2e8af373acb0501a862_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1b160193dd2e7612a7cd95e2f3e2863fae06c51b29afe8e67d57fa80ec703884_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:e7e8edfbe4e6a55628f4d161d42d375f41e45e9bac792e1d33aadb3dbcafe471_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:f7687becdf95ecf98b9fadbc501163c3bc2f4b1906fd59c19ad6717a1897f8e8_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:1c5cb619fc844a48f79d2996d8c2239bab7077845d404184515d4e7df7afdc6e_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:4586e2f4308662e5ff54d15fb4a7839982fd59a74a7e0534b7df0537c65da3e7_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:c69235da18dcccc515f64615d6e2313423520cff6c3d32b87b2c3e1f1069ffa3_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:ec4c412b018affc913dd6e50fa1ecaba47993619102a235572d30eb354af3599_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-68428"
},
{
"category": "external",
"summary": "RHBZ#2427236",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2427236"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-68428",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68428"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-68428",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-68428"
},
{
"category": "external",
"summary": "https://github.com/parallax/jsPDF/commit/a688c8f479929b24a6543b1fa2d6364abb03066d",
"url": "https://github.com/parallax/jsPDF/commit/a688c8f479929b24a6543b1fa2d6364abb03066d"
},
{
"category": "external",
"summary": "https://github.com/parallax/jsPDF/releases/tag/v4.0.0",
"url": "https://github.com/parallax/jsPDF/releases/tag/v4.0.0"
},
{
"category": "external",
"summary": "https://github.com/parallax/jsPDF/security/advisories/GHSA-f8cm-6447-x5h2",
"url": "https://github.com/parallax/jsPDF/security/advisories/GHSA-f8cm-6447-x5h2"
}
],
"release_date": "2026-01-05T21:43:55.169000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-28T22:40:02+00:00",
"details": "If you are using an earlier version of RHACS, you are advised to\nupgrade to the version of RHACS mentioned in the synopsis and release\nnotes in order to take advantage of the enhancements, bug fixes, and/or\nsecurity patches in the release.",
"product_ids": [
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:2b5ba43a096f738c776e4fc95ac5afabbe1b80826c7350f85f0ca5987f412406_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:438b4904d97ca6cd51284955f284c0b078af30859460eb1ed608e20535ccc2c8_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:f96217aeff1a39024700537986dca70ce7e94949c91c3da815dc715ef6588044_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:fe5172976364ca5ef1bd83d25b5a51497d51782ef30706ccbceae3db64d10019_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:1517"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:189126988989d9ea557c1356386ee5a7443d5cb01717e0d974f0603a2b659130_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:452b98b484516602e84835289b97d3ce5bfea4de66996fc66381a74e5f47ab44_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:db0681aece90f0ecbd6cebe7dbc60ba59f02258a27cdae938752a7e9dbaf475d_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:eaea088de3ff04166ec467b67d70f55662a2917441d3d9d4e8dd39677031bc4c_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:5271f61b08c3c593db3285d7d68014792440944ee38c2fff1839f2d401cc27ad_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:69cbd0e1ffe7abde1ac760e74088a5f98c529fa22b426dd15de013c7308bf325_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:97949783533ac35c4c48c3bdfcb5306853779e82b101e52fdc2f95923d4d071f_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:ca3b14d4dc352c45cfab525c2c4e2c703c46a948022634b1d023ac27fbf57f89_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:2b5ba43a096f738c776e4fc95ac5afabbe1b80826c7350f85f0ca5987f412406_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:438b4904d97ca6cd51284955f284c0b078af30859460eb1ed608e20535ccc2c8_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:f96217aeff1a39024700537986dca70ce7e94949c91c3da815dc715ef6588044_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:fe5172976364ca5ef1bd83d25b5a51497d51782ef30706ccbceae3db64d10019_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle@sha256:b22341e8dfba8b10b70f21f3b597c02874bae485c07517402db0930397d82688_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:074255ff15e39c96ccb0dac16df03a8f3066afa4f2f6d81588e11d0cff5f7dd6_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:194bed8ce4509622b1802b5b6c528e34c4fa610e7ca2894d2c5a34874e1e393f_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:f23f9417f4dc4631bb2ab5e51e95d3a28ea7511f96a12f5d717353db4a1b40cd_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:ffc6d43eb11c5cc4672b73597b6cfe0dce6356f40777f4ab2dc26aa1f74cf957_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:678b96caceeb30a64c2f43395ab291e3035fa122d46eb9d2289e77bfc6b4c3b2_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:cfa4cd81826c4f945fdb2900aa16028919ad0737beb15c424162a34c1f86a46b_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:d353cd9e8305138cc186affd8d68256061ca2113208c8969a5b0fa7b4c1eab24_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:dcfa45646e951547da04021f3f35d7262a95f565366a1c5ebbf12532f783f686_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:9386cdac44378229ee4bbae348924e496738eadbb30a5a338886280a5361c91a_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:b60ce2debac0fa9a6f0a125775df71c175aa1a0d25489cc63e1caf98464fb6b3_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:cc3f28d099d73edfd4a234b5c6bdd52299a7b3fec9b25275aca413b64c9320e3_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:f5a834aae45dabf73e50ef426ac18c2a4737c99373aa8705b60778cfa6faebe4_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:670450f25d9a48e836d7ea6196f7da036dde40a13c87ac4e56821a6c255820b1_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:d480afc91510b9422e2d227813052a6a25a759bdd0fee683e399d3dcfa08ab29_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:e292fc02185514b2e246e4ca7e23572bf24d64b72bb503e80b5f43411d6dd585_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:eb98140ad6ba3fe2b9fee5f59130671b490cf2849f5fb68a2abc51748d97ff8d_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:14f23c5a1b81122d6c019ee470617da0e4597b9aac42c008797c0be8a0c14b45_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:5180c88b2677bb366aea5af964bf40c1bad8bbf4c33cefaba87ce6c22e9e8e17_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:87359ad896ce3ecce5da9763a34f18b0481cbad50b4f3b0130b948e57645f818_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:c7a63ddb83702fc56250aaf0bf090db1038d7d29eb6025b6e9bc717e3cb3ced4_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:1ae07e2c03ed0497812c7f716d05358367bcd6aec9f25141658a86cba4f9361e_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:8e4a29ad6b0e226e055bc56ef73b751a94f35fe06e83cf021b1a23204fab64cd_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:d5242d47d9ce958769e5986d54eee1522b19341677ef2051bfea3c72b4b86ce5_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:deea39a769a89ac2ac4ea6470d4865de5802331e36b81ac167526b7cd92713fa_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1a3802e374386dd277f1e806a0cc7cdd9327dd57900df2e8af373acb0501a862_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1b160193dd2e7612a7cd95e2f3e2863fae06c51b29afe8e67d57fa80ec703884_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:e7e8edfbe4e6a55628f4d161d42d375f41e45e9bac792e1d33aadb3dbcafe471_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:f7687becdf95ecf98b9fadbc501163c3bc2f4b1906fd59c19ad6717a1897f8e8_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:1c5cb619fc844a48f79d2996d8c2239bab7077845d404184515d4e7df7afdc6e_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:4586e2f4308662e5ff54d15fb4a7839982fd59a74a7e0534b7df0537c65da3e7_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:c69235da18dcccc515f64615d6e2313423520cff6c3d32b87b2c3e1f1069ffa3_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:ec4c412b018affc913dd6e50fa1ecaba47993619102a235572d30eb354af3599_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:189126988989d9ea557c1356386ee5a7443d5cb01717e0d974f0603a2b659130_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:452b98b484516602e84835289b97d3ce5bfea4de66996fc66381a74e5f47ab44_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:db0681aece90f0ecbd6cebe7dbc60ba59f02258a27cdae938752a7e9dbaf475d_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:eaea088de3ff04166ec467b67d70f55662a2917441d3d9d4e8dd39677031bc4c_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:5271f61b08c3c593db3285d7d68014792440944ee38c2fff1839f2d401cc27ad_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:69cbd0e1ffe7abde1ac760e74088a5f98c529fa22b426dd15de013c7308bf325_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:97949783533ac35c4c48c3bdfcb5306853779e82b101e52fdc2f95923d4d071f_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:ca3b14d4dc352c45cfab525c2c4e2c703c46a948022634b1d023ac27fbf57f89_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:2b5ba43a096f738c776e4fc95ac5afabbe1b80826c7350f85f0ca5987f412406_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:438b4904d97ca6cd51284955f284c0b078af30859460eb1ed608e20535ccc2c8_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:f96217aeff1a39024700537986dca70ce7e94949c91c3da815dc715ef6588044_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:fe5172976364ca5ef1bd83d25b5a51497d51782ef30706ccbceae3db64d10019_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle@sha256:b22341e8dfba8b10b70f21f3b597c02874bae485c07517402db0930397d82688_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:074255ff15e39c96ccb0dac16df03a8f3066afa4f2f6d81588e11d0cff5f7dd6_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:194bed8ce4509622b1802b5b6c528e34c4fa610e7ca2894d2c5a34874e1e393f_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:f23f9417f4dc4631bb2ab5e51e95d3a28ea7511f96a12f5d717353db4a1b40cd_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:ffc6d43eb11c5cc4672b73597b6cfe0dce6356f40777f4ab2dc26aa1f74cf957_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:678b96caceeb30a64c2f43395ab291e3035fa122d46eb9d2289e77bfc6b4c3b2_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:cfa4cd81826c4f945fdb2900aa16028919ad0737beb15c424162a34c1f86a46b_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:d353cd9e8305138cc186affd8d68256061ca2113208c8969a5b0fa7b4c1eab24_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:dcfa45646e951547da04021f3f35d7262a95f565366a1c5ebbf12532f783f686_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:9386cdac44378229ee4bbae348924e496738eadbb30a5a338886280a5361c91a_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:b60ce2debac0fa9a6f0a125775df71c175aa1a0d25489cc63e1caf98464fb6b3_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:cc3f28d099d73edfd4a234b5c6bdd52299a7b3fec9b25275aca413b64c9320e3_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:f5a834aae45dabf73e50ef426ac18c2a4737c99373aa8705b60778cfa6faebe4_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:670450f25d9a48e836d7ea6196f7da036dde40a13c87ac4e56821a6c255820b1_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:d480afc91510b9422e2d227813052a6a25a759bdd0fee683e399d3dcfa08ab29_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:e292fc02185514b2e246e4ca7e23572bf24d64b72bb503e80b5f43411d6dd585_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:eb98140ad6ba3fe2b9fee5f59130671b490cf2849f5fb68a2abc51748d97ff8d_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:14f23c5a1b81122d6c019ee470617da0e4597b9aac42c008797c0be8a0c14b45_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:5180c88b2677bb366aea5af964bf40c1bad8bbf4c33cefaba87ce6c22e9e8e17_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:87359ad896ce3ecce5da9763a34f18b0481cbad50b4f3b0130b948e57645f818_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:c7a63ddb83702fc56250aaf0bf090db1038d7d29eb6025b6e9bc717e3cb3ced4_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:1ae07e2c03ed0497812c7f716d05358367bcd6aec9f25141658a86cba4f9361e_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:8e4a29ad6b0e226e055bc56ef73b751a94f35fe06e83cf021b1a23204fab64cd_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:d5242d47d9ce958769e5986d54eee1522b19341677ef2051bfea3c72b4b86ce5_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:deea39a769a89ac2ac4ea6470d4865de5802331e36b81ac167526b7cd92713fa_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1a3802e374386dd277f1e806a0cc7cdd9327dd57900df2e8af373acb0501a862_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1b160193dd2e7612a7cd95e2f3e2863fae06c51b29afe8e67d57fa80ec703884_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:e7e8edfbe4e6a55628f4d161d42d375f41e45e9bac792e1d33aadb3dbcafe471_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:f7687becdf95ecf98b9fadbc501163c3bc2f4b1906fd59c19ad6717a1897f8e8_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:1c5cb619fc844a48f79d2996d8c2239bab7077845d404184515d4e7df7afdc6e_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:4586e2f4308662e5ff54d15fb4a7839982fd59a74a7e0534b7df0537c65da3e7_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:c69235da18dcccc515f64615d6e2313423520cff6c3d32b87b2c3e1f1069ffa3_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:ec4c412b018affc913dd6e50fa1ecaba47993619102a235572d30eb354af3599_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "jspdf: jsPDF Local File Inclusion/Path Traversal vulnerability"
},
{
"cve": "CVE-2025-68973",
"cwe": {
"id": "CWE-675",
"name": "Multiple Operations on Resource in Single-Operation Context"
},
"discovery_date": "2025-12-28T17:00:44.161022+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle@sha256:b22341e8dfba8b10b70f21f3b597c02874bae485c07517402db0930397d82688_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:670450f25d9a48e836d7ea6196f7da036dde40a13c87ac4e56821a6c255820b1_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:d480afc91510b9422e2d227813052a6a25a759bdd0fee683e399d3dcfa08ab29_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:e292fc02185514b2e246e4ca7e23572bf24d64b72bb503e80b5f43411d6dd585_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:eb98140ad6ba3fe2b9fee5f59130671b490cf2849f5fb68a2abc51748d97ff8d_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:1ae07e2c03ed0497812c7f716d05358367bcd6aec9f25141658a86cba4f9361e_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:8e4a29ad6b0e226e055bc56ef73b751a94f35fe06e83cf021b1a23204fab64cd_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:d5242d47d9ce958769e5986d54eee1522b19341677ef2051bfea3c72b4b86ce5_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:deea39a769a89ac2ac4ea6470d4865de5802331e36b81ac167526b7cd92713fa_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2425966"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in GnuPG. An attacker can provide crafted input to the `armor_filter` function, which incorrectly increments an index variable, leading to an out-of-bounds write. This memory corruption vulnerability may allow for information disclosure and could potentially lead to arbitrary code execution.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "GnuPG: GnuPG: Information disclosure and potential arbitrary code execution via out-of-bounds write",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Important for Red Hat products. The flaw in GnuPG\u0027s `armor_filter` function allows an attacker with local access to provide crafted input, potentially leading to information disclosure and arbitrary code execution due to an out-of-bounds write. Exploitation requires high attack complexity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:189126988989d9ea557c1356386ee5a7443d5cb01717e0d974f0603a2b659130_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:452b98b484516602e84835289b97d3ce5bfea4de66996fc66381a74e5f47ab44_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:db0681aece90f0ecbd6cebe7dbc60ba59f02258a27cdae938752a7e9dbaf475d_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:eaea088de3ff04166ec467b67d70f55662a2917441d3d9d4e8dd39677031bc4c_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:5271f61b08c3c593db3285d7d68014792440944ee38c2fff1839f2d401cc27ad_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:69cbd0e1ffe7abde1ac760e74088a5f98c529fa22b426dd15de013c7308bf325_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:97949783533ac35c4c48c3bdfcb5306853779e82b101e52fdc2f95923d4d071f_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:ca3b14d4dc352c45cfab525c2c4e2c703c46a948022634b1d023ac27fbf57f89_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:2b5ba43a096f738c776e4fc95ac5afabbe1b80826c7350f85f0ca5987f412406_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:438b4904d97ca6cd51284955f284c0b078af30859460eb1ed608e20535ccc2c8_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:f96217aeff1a39024700537986dca70ce7e94949c91c3da815dc715ef6588044_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:fe5172976364ca5ef1bd83d25b5a51497d51782ef30706ccbceae3db64d10019_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:074255ff15e39c96ccb0dac16df03a8f3066afa4f2f6d81588e11d0cff5f7dd6_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:194bed8ce4509622b1802b5b6c528e34c4fa610e7ca2894d2c5a34874e1e393f_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:f23f9417f4dc4631bb2ab5e51e95d3a28ea7511f96a12f5d717353db4a1b40cd_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:ffc6d43eb11c5cc4672b73597b6cfe0dce6356f40777f4ab2dc26aa1f74cf957_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:678b96caceeb30a64c2f43395ab291e3035fa122d46eb9d2289e77bfc6b4c3b2_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:cfa4cd81826c4f945fdb2900aa16028919ad0737beb15c424162a34c1f86a46b_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:d353cd9e8305138cc186affd8d68256061ca2113208c8969a5b0fa7b4c1eab24_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:dcfa45646e951547da04021f3f35d7262a95f565366a1c5ebbf12532f783f686_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:9386cdac44378229ee4bbae348924e496738eadbb30a5a338886280a5361c91a_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:b60ce2debac0fa9a6f0a125775df71c175aa1a0d25489cc63e1caf98464fb6b3_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:cc3f28d099d73edfd4a234b5c6bdd52299a7b3fec9b25275aca413b64c9320e3_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:f5a834aae45dabf73e50ef426ac18c2a4737c99373aa8705b60778cfa6faebe4_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:14f23c5a1b81122d6c019ee470617da0e4597b9aac42c008797c0be8a0c14b45_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:5180c88b2677bb366aea5af964bf40c1bad8bbf4c33cefaba87ce6c22e9e8e17_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:87359ad896ce3ecce5da9763a34f18b0481cbad50b4f3b0130b948e57645f818_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:c7a63ddb83702fc56250aaf0bf090db1038d7d29eb6025b6e9bc717e3cb3ced4_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1a3802e374386dd277f1e806a0cc7cdd9327dd57900df2e8af373acb0501a862_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1b160193dd2e7612a7cd95e2f3e2863fae06c51b29afe8e67d57fa80ec703884_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:e7e8edfbe4e6a55628f4d161d42d375f41e45e9bac792e1d33aadb3dbcafe471_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:f7687becdf95ecf98b9fadbc501163c3bc2f4b1906fd59c19ad6717a1897f8e8_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:1c5cb619fc844a48f79d2996d8c2239bab7077845d404184515d4e7df7afdc6e_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:4586e2f4308662e5ff54d15fb4a7839982fd59a74a7e0534b7df0537c65da3e7_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:c69235da18dcccc515f64615d6e2313423520cff6c3d32b87b2c3e1f1069ffa3_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:ec4c412b018affc913dd6e50fa1ecaba47993619102a235572d30eb354af3599_ppc64le"
],
"known_not_affected": [
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle@sha256:b22341e8dfba8b10b70f21f3b597c02874bae485c07517402db0930397d82688_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:670450f25d9a48e836d7ea6196f7da036dde40a13c87ac4e56821a6c255820b1_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:d480afc91510b9422e2d227813052a6a25a759bdd0fee683e399d3dcfa08ab29_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:e292fc02185514b2e246e4ca7e23572bf24d64b72bb503e80b5f43411d6dd585_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:eb98140ad6ba3fe2b9fee5f59130671b490cf2849f5fb68a2abc51748d97ff8d_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:1ae07e2c03ed0497812c7f716d05358367bcd6aec9f25141658a86cba4f9361e_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:8e4a29ad6b0e226e055bc56ef73b751a94f35fe06e83cf021b1a23204fab64cd_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:d5242d47d9ce958769e5986d54eee1522b19341677ef2051bfea3c72b4b86ce5_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:deea39a769a89ac2ac4ea6470d4865de5802331e36b81ac167526b7cd92713fa_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-68973"
},
{
"category": "external",
"summary": "RHBZ#2425966",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2425966"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-68973",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68973"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-68973",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-68973"
},
{
"category": "external",
"summary": "https://github.com/gpg/gnupg/blob/ff30683418695f5d2cc9e6cf8c9418e09378ebe4/g10/armor.c#L1305-L1306",
"url": "https://github.com/gpg/gnupg/blob/ff30683418695f5d2cc9e6cf8c9418e09378ebe4/g10/armor.c#L1305-L1306"
},
{
"category": "external",
"summary": "https://github.com/gpg/gnupg/commit/115d138ba599328005c5321c0ef9f00355838ca9",
"url": "https://github.com/gpg/gnupg/commit/115d138ba599328005c5321c0ef9f00355838ca9"
},
{
"category": "external",
"summary": "https://gpg.fail/memcpy",
"url": "https://gpg.fail/memcpy"
},
{
"category": "external",
"summary": "https://news.ycombinator.com/item?id=46403200",
"url": "https://news.ycombinator.com/item?id=46403200"
},
{
"category": "external",
"summary": "https://www.openwall.com/lists/oss-security/2025/12/28/5",
"url": "https://www.openwall.com/lists/oss-security/2025/12/28/5"
}
],
"release_date": "2025-12-28T16:19:11.019000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-28T22:40:02+00:00",
"details": "If you are using an earlier version of RHACS, you are advised to\nupgrade to the version of RHACS mentioned in the synopsis and release\nnotes in order to take advantage of the enhancements, bug fixes, and/or\nsecurity patches in the release.",
"product_ids": [
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:189126988989d9ea557c1356386ee5a7443d5cb01717e0d974f0603a2b659130_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:452b98b484516602e84835289b97d3ce5bfea4de66996fc66381a74e5f47ab44_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:db0681aece90f0ecbd6cebe7dbc60ba59f02258a27cdae938752a7e9dbaf475d_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:eaea088de3ff04166ec467b67d70f55662a2917441d3d9d4e8dd39677031bc4c_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:5271f61b08c3c593db3285d7d68014792440944ee38c2fff1839f2d401cc27ad_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:69cbd0e1ffe7abde1ac760e74088a5f98c529fa22b426dd15de013c7308bf325_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:97949783533ac35c4c48c3bdfcb5306853779e82b101e52fdc2f95923d4d071f_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:ca3b14d4dc352c45cfab525c2c4e2c703c46a948022634b1d023ac27fbf57f89_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:2b5ba43a096f738c776e4fc95ac5afabbe1b80826c7350f85f0ca5987f412406_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:438b4904d97ca6cd51284955f284c0b078af30859460eb1ed608e20535ccc2c8_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:f96217aeff1a39024700537986dca70ce7e94949c91c3da815dc715ef6588044_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:fe5172976364ca5ef1bd83d25b5a51497d51782ef30706ccbceae3db64d10019_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:074255ff15e39c96ccb0dac16df03a8f3066afa4f2f6d81588e11d0cff5f7dd6_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:194bed8ce4509622b1802b5b6c528e34c4fa610e7ca2894d2c5a34874e1e393f_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:f23f9417f4dc4631bb2ab5e51e95d3a28ea7511f96a12f5d717353db4a1b40cd_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:ffc6d43eb11c5cc4672b73597b6cfe0dce6356f40777f4ab2dc26aa1f74cf957_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:678b96caceeb30a64c2f43395ab291e3035fa122d46eb9d2289e77bfc6b4c3b2_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:cfa4cd81826c4f945fdb2900aa16028919ad0737beb15c424162a34c1f86a46b_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:d353cd9e8305138cc186affd8d68256061ca2113208c8969a5b0fa7b4c1eab24_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:dcfa45646e951547da04021f3f35d7262a95f565366a1c5ebbf12532f783f686_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:9386cdac44378229ee4bbae348924e496738eadbb30a5a338886280a5361c91a_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:b60ce2debac0fa9a6f0a125775df71c175aa1a0d25489cc63e1caf98464fb6b3_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:cc3f28d099d73edfd4a234b5c6bdd52299a7b3fec9b25275aca413b64c9320e3_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:f5a834aae45dabf73e50ef426ac18c2a4737c99373aa8705b60778cfa6faebe4_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:14f23c5a1b81122d6c019ee470617da0e4597b9aac42c008797c0be8a0c14b45_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:5180c88b2677bb366aea5af964bf40c1bad8bbf4c33cefaba87ce6c22e9e8e17_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:87359ad896ce3ecce5da9763a34f18b0481cbad50b4f3b0130b948e57645f818_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:c7a63ddb83702fc56250aaf0bf090db1038d7d29eb6025b6e9bc717e3cb3ced4_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1a3802e374386dd277f1e806a0cc7cdd9327dd57900df2e8af373acb0501a862_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1b160193dd2e7612a7cd95e2f3e2863fae06c51b29afe8e67d57fa80ec703884_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:e7e8edfbe4e6a55628f4d161d42d375f41e45e9bac792e1d33aadb3dbcafe471_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:f7687becdf95ecf98b9fadbc501163c3bc2f4b1906fd59c19ad6717a1897f8e8_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:1c5cb619fc844a48f79d2996d8c2239bab7077845d404184515d4e7df7afdc6e_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:4586e2f4308662e5ff54d15fb4a7839982fd59a74a7e0534b7df0537c65da3e7_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:c69235da18dcccc515f64615d6e2313423520cff6c3d32b87b2c3e1f1069ffa3_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:ec4c412b018affc913dd6e50fa1ecaba47993619102a235572d30eb354af3599_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:1517"
},
{
"category": "workaround",
"details": "To mitigate this issue, users should avoid processing untrusted or unverified input with GnuPG. Exercise caution when handling GnuPG-encrypted or signed data from unknown or suspicious sources, as specially crafted input could trigger the vulnerability. This operational control reduces the attack surface by limiting exposure to malicious data.",
"product_ids": [
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:189126988989d9ea557c1356386ee5a7443d5cb01717e0d974f0603a2b659130_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:452b98b484516602e84835289b97d3ce5bfea4de66996fc66381a74e5f47ab44_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:db0681aece90f0ecbd6cebe7dbc60ba59f02258a27cdae938752a7e9dbaf475d_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:eaea088de3ff04166ec467b67d70f55662a2917441d3d9d4e8dd39677031bc4c_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:5271f61b08c3c593db3285d7d68014792440944ee38c2fff1839f2d401cc27ad_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:69cbd0e1ffe7abde1ac760e74088a5f98c529fa22b426dd15de013c7308bf325_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:97949783533ac35c4c48c3bdfcb5306853779e82b101e52fdc2f95923d4d071f_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:ca3b14d4dc352c45cfab525c2c4e2c703c46a948022634b1d023ac27fbf57f89_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:2b5ba43a096f738c776e4fc95ac5afabbe1b80826c7350f85f0ca5987f412406_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:438b4904d97ca6cd51284955f284c0b078af30859460eb1ed608e20535ccc2c8_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:f96217aeff1a39024700537986dca70ce7e94949c91c3da815dc715ef6588044_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:fe5172976364ca5ef1bd83d25b5a51497d51782ef30706ccbceae3db64d10019_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle@sha256:b22341e8dfba8b10b70f21f3b597c02874bae485c07517402db0930397d82688_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:074255ff15e39c96ccb0dac16df03a8f3066afa4f2f6d81588e11d0cff5f7dd6_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:194bed8ce4509622b1802b5b6c528e34c4fa610e7ca2894d2c5a34874e1e393f_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:f23f9417f4dc4631bb2ab5e51e95d3a28ea7511f96a12f5d717353db4a1b40cd_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:ffc6d43eb11c5cc4672b73597b6cfe0dce6356f40777f4ab2dc26aa1f74cf957_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:678b96caceeb30a64c2f43395ab291e3035fa122d46eb9d2289e77bfc6b4c3b2_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:cfa4cd81826c4f945fdb2900aa16028919ad0737beb15c424162a34c1f86a46b_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:d353cd9e8305138cc186affd8d68256061ca2113208c8969a5b0fa7b4c1eab24_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:dcfa45646e951547da04021f3f35d7262a95f565366a1c5ebbf12532f783f686_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:9386cdac44378229ee4bbae348924e496738eadbb30a5a338886280a5361c91a_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:b60ce2debac0fa9a6f0a125775df71c175aa1a0d25489cc63e1caf98464fb6b3_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:cc3f28d099d73edfd4a234b5c6bdd52299a7b3fec9b25275aca413b64c9320e3_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:f5a834aae45dabf73e50ef426ac18c2a4737c99373aa8705b60778cfa6faebe4_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:670450f25d9a48e836d7ea6196f7da036dde40a13c87ac4e56821a6c255820b1_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:d480afc91510b9422e2d227813052a6a25a759bdd0fee683e399d3dcfa08ab29_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:e292fc02185514b2e246e4ca7e23572bf24d64b72bb503e80b5f43411d6dd585_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:eb98140ad6ba3fe2b9fee5f59130671b490cf2849f5fb68a2abc51748d97ff8d_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:14f23c5a1b81122d6c019ee470617da0e4597b9aac42c008797c0be8a0c14b45_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:5180c88b2677bb366aea5af964bf40c1bad8bbf4c33cefaba87ce6c22e9e8e17_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:87359ad896ce3ecce5da9763a34f18b0481cbad50b4f3b0130b948e57645f818_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:c7a63ddb83702fc56250aaf0bf090db1038d7d29eb6025b6e9bc717e3cb3ced4_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:1ae07e2c03ed0497812c7f716d05358367bcd6aec9f25141658a86cba4f9361e_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:8e4a29ad6b0e226e055bc56ef73b751a94f35fe06e83cf021b1a23204fab64cd_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:d5242d47d9ce958769e5986d54eee1522b19341677ef2051bfea3c72b4b86ce5_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:deea39a769a89ac2ac4ea6470d4865de5802331e36b81ac167526b7cd92713fa_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1a3802e374386dd277f1e806a0cc7cdd9327dd57900df2e8af373acb0501a862_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1b160193dd2e7612a7cd95e2f3e2863fae06c51b29afe8e67d57fa80ec703884_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:e7e8edfbe4e6a55628f4d161d42d375f41e45e9bac792e1d33aadb3dbcafe471_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:f7687becdf95ecf98b9fadbc501163c3bc2f4b1906fd59c19ad6717a1897f8e8_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:1c5cb619fc844a48f79d2996d8c2239bab7077845d404184515d4e7df7afdc6e_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:4586e2f4308662e5ff54d15fb4a7839982fd59a74a7e0534b7df0537c65da3e7_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:c69235da18dcccc515f64615d6e2313423520cff6c3d32b87b2c3e1f1069ffa3_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:ec4c412b018affc913dd6e50fa1ecaba47993619102a235572d30eb354af3599_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:189126988989d9ea557c1356386ee5a7443d5cb01717e0d974f0603a2b659130_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:452b98b484516602e84835289b97d3ce5bfea4de66996fc66381a74e5f47ab44_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:db0681aece90f0ecbd6cebe7dbc60ba59f02258a27cdae938752a7e9dbaf475d_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:eaea088de3ff04166ec467b67d70f55662a2917441d3d9d4e8dd39677031bc4c_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:5271f61b08c3c593db3285d7d68014792440944ee38c2fff1839f2d401cc27ad_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:69cbd0e1ffe7abde1ac760e74088a5f98c529fa22b426dd15de013c7308bf325_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:97949783533ac35c4c48c3bdfcb5306853779e82b101e52fdc2f95923d4d071f_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:ca3b14d4dc352c45cfab525c2c4e2c703c46a948022634b1d023ac27fbf57f89_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:2b5ba43a096f738c776e4fc95ac5afabbe1b80826c7350f85f0ca5987f412406_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:438b4904d97ca6cd51284955f284c0b078af30859460eb1ed608e20535ccc2c8_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:f96217aeff1a39024700537986dca70ce7e94949c91c3da815dc715ef6588044_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:fe5172976364ca5ef1bd83d25b5a51497d51782ef30706ccbceae3db64d10019_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle@sha256:b22341e8dfba8b10b70f21f3b597c02874bae485c07517402db0930397d82688_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:074255ff15e39c96ccb0dac16df03a8f3066afa4f2f6d81588e11d0cff5f7dd6_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:194bed8ce4509622b1802b5b6c528e34c4fa610e7ca2894d2c5a34874e1e393f_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:f23f9417f4dc4631bb2ab5e51e95d3a28ea7511f96a12f5d717353db4a1b40cd_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:ffc6d43eb11c5cc4672b73597b6cfe0dce6356f40777f4ab2dc26aa1f74cf957_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:678b96caceeb30a64c2f43395ab291e3035fa122d46eb9d2289e77bfc6b4c3b2_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:cfa4cd81826c4f945fdb2900aa16028919ad0737beb15c424162a34c1f86a46b_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:d353cd9e8305138cc186affd8d68256061ca2113208c8969a5b0fa7b4c1eab24_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:dcfa45646e951547da04021f3f35d7262a95f565366a1c5ebbf12532f783f686_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:9386cdac44378229ee4bbae348924e496738eadbb30a5a338886280a5361c91a_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:b60ce2debac0fa9a6f0a125775df71c175aa1a0d25489cc63e1caf98464fb6b3_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:cc3f28d099d73edfd4a234b5c6bdd52299a7b3fec9b25275aca413b64c9320e3_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:f5a834aae45dabf73e50ef426ac18c2a4737c99373aa8705b60778cfa6faebe4_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:670450f25d9a48e836d7ea6196f7da036dde40a13c87ac4e56821a6c255820b1_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:d480afc91510b9422e2d227813052a6a25a759bdd0fee683e399d3dcfa08ab29_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:e292fc02185514b2e246e4ca7e23572bf24d64b72bb503e80b5f43411d6dd585_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:eb98140ad6ba3fe2b9fee5f59130671b490cf2849f5fb68a2abc51748d97ff8d_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:14f23c5a1b81122d6c019ee470617da0e4597b9aac42c008797c0be8a0c14b45_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:5180c88b2677bb366aea5af964bf40c1bad8bbf4c33cefaba87ce6c22e9e8e17_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:87359ad896ce3ecce5da9763a34f18b0481cbad50b4f3b0130b948e57645f818_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:c7a63ddb83702fc56250aaf0bf090db1038d7d29eb6025b6e9bc717e3cb3ced4_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:1ae07e2c03ed0497812c7f716d05358367bcd6aec9f25141658a86cba4f9361e_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:8e4a29ad6b0e226e055bc56ef73b751a94f35fe06e83cf021b1a23204fab64cd_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:d5242d47d9ce958769e5986d54eee1522b19341677ef2051bfea3c72b4b86ce5_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:deea39a769a89ac2ac4ea6470d4865de5802331e36b81ac167526b7cd92713fa_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1a3802e374386dd277f1e806a0cc7cdd9327dd57900df2e8af373acb0501a862_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1b160193dd2e7612a7cd95e2f3e2863fae06c51b29afe8e67d57fa80ec703884_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:e7e8edfbe4e6a55628f4d161d42d375f41e45e9bac792e1d33aadb3dbcafe471_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:f7687becdf95ecf98b9fadbc501163c3bc2f4b1906fd59c19ad6717a1897f8e8_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:1c5cb619fc844a48f79d2996d8c2239bab7077845d404184515d4e7df7afdc6e_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:4586e2f4308662e5ff54d15fb4a7839982fd59a74a7e0534b7df0537c65da3e7_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:c69235da18dcccc515f64615d6e2313423520cff6c3d32b87b2c3e1f1069ffa3_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:ec4c412b018affc913dd6e50fa1ecaba47993619102a235572d30eb354af3599_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "GnuPG: GnuPG: Information disclosure and potential arbitrary code execution via out-of-bounds write"
},
{
"cve": "CVE-2026-22029",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2026-01-10T04:01:03.694749+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:189126988989d9ea557c1356386ee5a7443d5cb01717e0d974f0603a2b659130_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:452b98b484516602e84835289b97d3ce5bfea4de66996fc66381a74e5f47ab44_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:db0681aece90f0ecbd6cebe7dbc60ba59f02258a27cdae938752a7e9dbaf475d_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:eaea088de3ff04166ec467b67d70f55662a2917441d3d9d4e8dd39677031bc4c_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:5271f61b08c3c593db3285d7d68014792440944ee38c2fff1839f2d401cc27ad_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:69cbd0e1ffe7abde1ac760e74088a5f98c529fa22b426dd15de013c7308bf325_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:97949783533ac35c4c48c3bdfcb5306853779e82b101e52fdc2f95923d4d071f_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:ca3b14d4dc352c45cfab525c2c4e2c703c46a948022634b1d023ac27fbf57f89_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle@sha256:b22341e8dfba8b10b70f21f3b597c02874bae485c07517402db0930397d82688_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:074255ff15e39c96ccb0dac16df03a8f3066afa4f2f6d81588e11d0cff5f7dd6_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:194bed8ce4509622b1802b5b6c528e34c4fa610e7ca2894d2c5a34874e1e393f_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:f23f9417f4dc4631bb2ab5e51e95d3a28ea7511f96a12f5d717353db4a1b40cd_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:ffc6d43eb11c5cc4672b73597b6cfe0dce6356f40777f4ab2dc26aa1f74cf957_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:678b96caceeb30a64c2f43395ab291e3035fa122d46eb9d2289e77bfc6b4c3b2_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:cfa4cd81826c4f945fdb2900aa16028919ad0737beb15c424162a34c1f86a46b_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:d353cd9e8305138cc186affd8d68256061ca2113208c8969a5b0fa7b4c1eab24_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:dcfa45646e951547da04021f3f35d7262a95f565366a1c5ebbf12532f783f686_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:9386cdac44378229ee4bbae348924e496738eadbb30a5a338886280a5361c91a_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:b60ce2debac0fa9a6f0a125775df71c175aa1a0d25489cc63e1caf98464fb6b3_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:cc3f28d099d73edfd4a234b5c6bdd52299a7b3fec9b25275aca413b64c9320e3_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:f5a834aae45dabf73e50ef426ac18c2a4737c99373aa8705b60778cfa6faebe4_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:670450f25d9a48e836d7ea6196f7da036dde40a13c87ac4e56821a6c255820b1_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:d480afc91510b9422e2d227813052a6a25a759bdd0fee683e399d3dcfa08ab29_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:e292fc02185514b2e246e4ca7e23572bf24d64b72bb503e80b5f43411d6dd585_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:eb98140ad6ba3fe2b9fee5f59130671b490cf2849f5fb68a2abc51748d97ff8d_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:14f23c5a1b81122d6c019ee470617da0e4597b9aac42c008797c0be8a0c14b45_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:5180c88b2677bb366aea5af964bf40c1bad8bbf4c33cefaba87ce6c22e9e8e17_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:87359ad896ce3ecce5da9763a34f18b0481cbad50b4f3b0130b948e57645f818_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:c7a63ddb83702fc56250aaf0bf090db1038d7d29eb6025b6e9bc717e3cb3ced4_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:1ae07e2c03ed0497812c7f716d05358367bcd6aec9f25141658a86cba4f9361e_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:8e4a29ad6b0e226e055bc56ef73b751a94f35fe06e83cf021b1a23204fab64cd_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:d5242d47d9ce958769e5986d54eee1522b19341677ef2051bfea3c72b4b86ce5_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:deea39a769a89ac2ac4ea6470d4865de5802331e36b81ac167526b7cd92713fa_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1a3802e374386dd277f1e806a0cc7cdd9327dd57900df2e8af373acb0501a862_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1b160193dd2e7612a7cd95e2f3e2863fae06c51b29afe8e67d57fa80ec703884_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:e7e8edfbe4e6a55628f4d161d42d375f41e45e9bac792e1d33aadb3dbcafe471_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:f7687becdf95ecf98b9fadbc501163c3bc2f4b1906fd59c19ad6717a1897f8e8_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:1c5cb619fc844a48f79d2996d8c2239bab7077845d404184515d4e7df7afdc6e_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:4586e2f4308662e5ff54d15fb4a7839982fd59a74a7e0534b7df0537c65da3e7_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:c69235da18dcccc515f64615d6e2313423520cff6c3d32b87b2c3e1f1069ffa3_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:ec4c412b018affc913dd6e50fa1ecaba47993619102a235572d30eb354af3599_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2428412"
}
],
"notes": [
{
"category": "description",
"text": "React Router is a router for React. In @remix-run/router version prior to 1.23.2. and react-router 7.0.0 through 7.11.0, React Router (and Remix v1/v2) SPA open navigation redirects originating from loaders or actions in Framework Mode, Data Mode, or the unstable RSC modes can result in unsafe URLs causing unintended javascript execution on the client. This is only an issue if you are creating redirect paths from untrusted content or via an open redirect. There is no impact if Declarative Mode (\u003cBrowserRouter\u003e) is being used. This issue has been patched in @remix-run/router version 1.23.2 and react-router version 7.12.0.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "@remix-run/router: react-router: React Router vulnerable to XSS via Open Redirects",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:2b5ba43a096f738c776e4fc95ac5afabbe1b80826c7350f85f0ca5987f412406_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:438b4904d97ca6cd51284955f284c0b078af30859460eb1ed608e20535ccc2c8_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:f96217aeff1a39024700537986dca70ce7e94949c91c3da815dc715ef6588044_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:fe5172976364ca5ef1bd83d25b5a51497d51782ef30706ccbceae3db64d10019_ppc64le"
],
"known_not_affected": [
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:189126988989d9ea557c1356386ee5a7443d5cb01717e0d974f0603a2b659130_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:452b98b484516602e84835289b97d3ce5bfea4de66996fc66381a74e5f47ab44_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:db0681aece90f0ecbd6cebe7dbc60ba59f02258a27cdae938752a7e9dbaf475d_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:eaea088de3ff04166ec467b67d70f55662a2917441d3d9d4e8dd39677031bc4c_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:5271f61b08c3c593db3285d7d68014792440944ee38c2fff1839f2d401cc27ad_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:69cbd0e1ffe7abde1ac760e74088a5f98c529fa22b426dd15de013c7308bf325_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:97949783533ac35c4c48c3bdfcb5306853779e82b101e52fdc2f95923d4d071f_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:ca3b14d4dc352c45cfab525c2c4e2c703c46a948022634b1d023ac27fbf57f89_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle@sha256:b22341e8dfba8b10b70f21f3b597c02874bae485c07517402db0930397d82688_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:074255ff15e39c96ccb0dac16df03a8f3066afa4f2f6d81588e11d0cff5f7dd6_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:194bed8ce4509622b1802b5b6c528e34c4fa610e7ca2894d2c5a34874e1e393f_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:f23f9417f4dc4631bb2ab5e51e95d3a28ea7511f96a12f5d717353db4a1b40cd_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:ffc6d43eb11c5cc4672b73597b6cfe0dce6356f40777f4ab2dc26aa1f74cf957_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:678b96caceeb30a64c2f43395ab291e3035fa122d46eb9d2289e77bfc6b4c3b2_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:cfa4cd81826c4f945fdb2900aa16028919ad0737beb15c424162a34c1f86a46b_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:d353cd9e8305138cc186affd8d68256061ca2113208c8969a5b0fa7b4c1eab24_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:dcfa45646e951547da04021f3f35d7262a95f565366a1c5ebbf12532f783f686_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:9386cdac44378229ee4bbae348924e496738eadbb30a5a338886280a5361c91a_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:b60ce2debac0fa9a6f0a125775df71c175aa1a0d25489cc63e1caf98464fb6b3_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:cc3f28d099d73edfd4a234b5c6bdd52299a7b3fec9b25275aca413b64c9320e3_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:f5a834aae45dabf73e50ef426ac18c2a4737c99373aa8705b60778cfa6faebe4_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:670450f25d9a48e836d7ea6196f7da036dde40a13c87ac4e56821a6c255820b1_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:d480afc91510b9422e2d227813052a6a25a759bdd0fee683e399d3dcfa08ab29_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:e292fc02185514b2e246e4ca7e23572bf24d64b72bb503e80b5f43411d6dd585_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:eb98140ad6ba3fe2b9fee5f59130671b490cf2849f5fb68a2abc51748d97ff8d_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:14f23c5a1b81122d6c019ee470617da0e4597b9aac42c008797c0be8a0c14b45_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:5180c88b2677bb366aea5af964bf40c1bad8bbf4c33cefaba87ce6c22e9e8e17_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:87359ad896ce3ecce5da9763a34f18b0481cbad50b4f3b0130b948e57645f818_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:c7a63ddb83702fc56250aaf0bf090db1038d7d29eb6025b6e9bc717e3cb3ced4_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:1ae07e2c03ed0497812c7f716d05358367bcd6aec9f25141658a86cba4f9361e_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:8e4a29ad6b0e226e055bc56ef73b751a94f35fe06e83cf021b1a23204fab64cd_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:d5242d47d9ce958769e5986d54eee1522b19341677ef2051bfea3c72b4b86ce5_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:deea39a769a89ac2ac4ea6470d4865de5802331e36b81ac167526b7cd92713fa_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1a3802e374386dd277f1e806a0cc7cdd9327dd57900df2e8af373acb0501a862_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1b160193dd2e7612a7cd95e2f3e2863fae06c51b29afe8e67d57fa80ec703884_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:e7e8edfbe4e6a55628f4d161d42d375f41e45e9bac792e1d33aadb3dbcafe471_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:f7687becdf95ecf98b9fadbc501163c3bc2f4b1906fd59c19ad6717a1897f8e8_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:1c5cb619fc844a48f79d2996d8c2239bab7077845d404184515d4e7df7afdc6e_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:4586e2f4308662e5ff54d15fb4a7839982fd59a74a7e0534b7df0537c65da3e7_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:c69235da18dcccc515f64615d6e2313423520cff6c3d32b87b2c3e1f1069ffa3_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:ec4c412b018affc913dd6e50fa1ecaba47993619102a235572d30eb354af3599_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-22029"
},
{
"category": "external",
"summary": "RHBZ#2428412",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2428412"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-22029",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22029"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-22029",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-22029"
},
{
"category": "external",
"summary": "https://github.com/remix-run/react-router/security/advisories/GHSA-2w69-qvjg-hvjx",
"url": "https://github.com/remix-run/react-router/security/advisories/GHSA-2w69-qvjg-hvjx"
}
],
"release_date": "2026-01-10T02:42:32.736000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-28T22:40:02+00:00",
"details": "If you are using an earlier version of RHACS, you are advised to\nupgrade to the version of RHACS mentioned in the synopsis and release\nnotes in order to take advantage of the enhancements, bug fixes, and/or\nsecurity patches in the release.",
"product_ids": [
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:2b5ba43a096f738c776e4fc95ac5afabbe1b80826c7350f85f0ca5987f412406_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:438b4904d97ca6cd51284955f284c0b078af30859460eb1ed608e20535ccc2c8_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:f96217aeff1a39024700537986dca70ce7e94949c91c3da815dc715ef6588044_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:fe5172976364ca5ef1bd83d25b5a51497d51782ef30706ccbceae3db64d10019_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:1517"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:189126988989d9ea557c1356386ee5a7443d5cb01717e0d974f0603a2b659130_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:452b98b484516602e84835289b97d3ce5bfea4de66996fc66381a74e5f47ab44_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:db0681aece90f0ecbd6cebe7dbc60ba59f02258a27cdae938752a7e9dbaf475d_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:eaea088de3ff04166ec467b67d70f55662a2917441d3d9d4e8dd39677031bc4c_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:5271f61b08c3c593db3285d7d68014792440944ee38c2fff1839f2d401cc27ad_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:69cbd0e1ffe7abde1ac760e74088a5f98c529fa22b426dd15de013c7308bf325_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:97949783533ac35c4c48c3bdfcb5306853779e82b101e52fdc2f95923d4d071f_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:ca3b14d4dc352c45cfab525c2c4e2c703c46a948022634b1d023ac27fbf57f89_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:2b5ba43a096f738c776e4fc95ac5afabbe1b80826c7350f85f0ca5987f412406_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:438b4904d97ca6cd51284955f284c0b078af30859460eb1ed608e20535ccc2c8_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:f96217aeff1a39024700537986dca70ce7e94949c91c3da815dc715ef6588044_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:fe5172976364ca5ef1bd83d25b5a51497d51782ef30706ccbceae3db64d10019_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle@sha256:b22341e8dfba8b10b70f21f3b597c02874bae485c07517402db0930397d82688_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:074255ff15e39c96ccb0dac16df03a8f3066afa4f2f6d81588e11d0cff5f7dd6_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:194bed8ce4509622b1802b5b6c528e34c4fa610e7ca2894d2c5a34874e1e393f_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:f23f9417f4dc4631bb2ab5e51e95d3a28ea7511f96a12f5d717353db4a1b40cd_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:ffc6d43eb11c5cc4672b73597b6cfe0dce6356f40777f4ab2dc26aa1f74cf957_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:678b96caceeb30a64c2f43395ab291e3035fa122d46eb9d2289e77bfc6b4c3b2_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:cfa4cd81826c4f945fdb2900aa16028919ad0737beb15c424162a34c1f86a46b_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:d353cd9e8305138cc186affd8d68256061ca2113208c8969a5b0fa7b4c1eab24_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:dcfa45646e951547da04021f3f35d7262a95f565366a1c5ebbf12532f783f686_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:9386cdac44378229ee4bbae348924e496738eadbb30a5a338886280a5361c91a_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:b60ce2debac0fa9a6f0a125775df71c175aa1a0d25489cc63e1caf98464fb6b3_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:cc3f28d099d73edfd4a234b5c6bdd52299a7b3fec9b25275aca413b64c9320e3_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:f5a834aae45dabf73e50ef426ac18c2a4737c99373aa8705b60778cfa6faebe4_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:670450f25d9a48e836d7ea6196f7da036dde40a13c87ac4e56821a6c255820b1_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:d480afc91510b9422e2d227813052a6a25a759bdd0fee683e399d3dcfa08ab29_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:e292fc02185514b2e246e4ca7e23572bf24d64b72bb503e80b5f43411d6dd585_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:eb98140ad6ba3fe2b9fee5f59130671b490cf2849f5fb68a2abc51748d97ff8d_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:14f23c5a1b81122d6c019ee470617da0e4597b9aac42c008797c0be8a0c14b45_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:5180c88b2677bb366aea5af964bf40c1bad8bbf4c33cefaba87ce6c22e9e8e17_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:87359ad896ce3ecce5da9763a34f18b0481cbad50b4f3b0130b948e57645f818_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:c7a63ddb83702fc56250aaf0bf090db1038d7d29eb6025b6e9bc717e3cb3ced4_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:1ae07e2c03ed0497812c7f716d05358367bcd6aec9f25141658a86cba4f9361e_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:8e4a29ad6b0e226e055bc56ef73b751a94f35fe06e83cf021b1a23204fab64cd_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:d5242d47d9ce958769e5986d54eee1522b19341677ef2051bfea3c72b4b86ce5_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:deea39a769a89ac2ac4ea6470d4865de5802331e36b81ac167526b7cd92713fa_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1a3802e374386dd277f1e806a0cc7cdd9327dd57900df2e8af373acb0501a862_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1b160193dd2e7612a7cd95e2f3e2863fae06c51b29afe8e67d57fa80ec703884_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:e7e8edfbe4e6a55628f4d161d42d375f41e45e9bac792e1d33aadb3dbcafe471_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:f7687becdf95ecf98b9fadbc501163c3bc2f4b1906fd59c19ad6717a1897f8e8_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:1c5cb619fc844a48f79d2996d8c2239bab7077845d404184515d4e7df7afdc6e_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:4586e2f4308662e5ff54d15fb4a7839982fd59a74a7e0534b7df0537c65da3e7_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:c69235da18dcccc515f64615d6e2313423520cff6c3d32b87b2c3e1f1069ffa3_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:ec4c412b018affc913dd6e50fa1ecaba47993619102a235572d30eb354af3599_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:189126988989d9ea557c1356386ee5a7443d5cb01717e0d974f0603a2b659130_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:452b98b484516602e84835289b97d3ce5bfea4de66996fc66381a74e5f47ab44_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:db0681aece90f0ecbd6cebe7dbc60ba59f02258a27cdae938752a7e9dbaf475d_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:eaea088de3ff04166ec467b67d70f55662a2917441d3d9d4e8dd39677031bc4c_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:5271f61b08c3c593db3285d7d68014792440944ee38c2fff1839f2d401cc27ad_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:69cbd0e1ffe7abde1ac760e74088a5f98c529fa22b426dd15de013c7308bf325_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:97949783533ac35c4c48c3bdfcb5306853779e82b101e52fdc2f95923d4d071f_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:ca3b14d4dc352c45cfab525c2c4e2c703c46a948022634b1d023ac27fbf57f89_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:2b5ba43a096f738c776e4fc95ac5afabbe1b80826c7350f85f0ca5987f412406_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:438b4904d97ca6cd51284955f284c0b078af30859460eb1ed608e20535ccc2c8_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:f96217aeff1a39024700537986dca70ce7e94949c91c3da815dc715ef6588044_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:fe5172976364ca5ef1bd83d25b5a51497d51782ef30706ccbceae3db64d10019_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle@sha256:b22341e8dfba8b10b70f21f3b597c02874bae485c07517402db0930397d82688_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:074255ff15e39c96ccb0dac16df03a8f3066afa4f2f6d81588e11d0cff5f7dd6_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:194bed8ce4509622b1802b5b6c528e34c4fa610e7ca2894d2c5a34874e1e393f_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:f23f9417f4dc4631bb2ab5e51e95d3a28ea7511f96a12f5d717353db4a1b40cd_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:ffc6d43eb11c5cc4672b73597b6cfe0dce6356f40777f4ab2dc26aa1f74cf957_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:678b96caceeb30a64c2f43395ab291e3035fa122d46eb9d2289e77bfc6b4c3b2_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:cfa4cd81826c4f945fdb2900aa16028919ad0737beb15c424162a34c1f86a46b_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:d353cd9e8305138cc186affd8d68256061ca2113208c8969a5b0fa7b4c1eab24_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:dcfa45646e951547da04021f3f35d7262a95f565366a1c5ebbf12532f783f686_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:9386cdac44378229ee4bbae348924e496738eadbb30a5a338886280a5361c91a_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:b60ce2debac0fa9a6f0a125775df71c175aa1a0d25489cc63e1caf98464fb6b3_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:cc3f28d099d73edfd4a234b5c6bdd52299a7b3fec9b25275aca413b64c9320e3_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:f5a834aae45dabf73e50ef426ac18c2a4737c99373aa8705b60778cfa6faebe4_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:670450f25d9a48e836d7ea6196f7da036dde40a13c87ac4e56821a6c255820b1_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:d480afc91510b9422e2d227813052a6a25a759bdd0fee683e399d3dcfa08ab29_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:e292fc02185514b2e246e4ca7e23572bf24d64b72bb503e80b5f43411d6dd585_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:eb98140ad6ba3fe2b9fee5f59130671b490cf2849f5fb68a2abc51748d97ff8d_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:14f23c5a1b81122d6c019ee470617da0e4597b9aac42c008797c0be8a0c14b45_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:5180c88b2677bb366aea5af964bf40c1bad8bbf4c33cefaba87ce6c22e9e8e17_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:87359ad896ce3ecce5da9763a34f18b0481cbad50b4f3b0130b948e57645f818_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:c7a63ddb83702fc56250aaf0bf090db1038d7d29eb6025b6e9bc717e3cb3ced4_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:1ae07e2c03ed0497812c7f716d05358367bcd6aec9f25141658a86cba4f9361e_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:8e4a29ad6b0e226e055bc56ef73b751a94f35fe06e83cf021b1a23204fab64cd_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:d5242d47d9ce958769e5986d54eee1522b19341677ef2051bfea3c72b4b86ce5_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:deea39a769a89ac2ac4ea6470d4865de5802331e36b81ac167526b7cd92713fa_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1a3802e374386dd277f1e806a0cc7cdd9327dd57900df2e8af373acb0501a862_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1b160193dd2e7612a7cd95e2f3e2863fae06c51b29afe8e67d57fa80ec703884_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:e7e8edfbe4e6a55628f4d161d42d375f41e45e9bac792e1d33aadb3dbcafe471_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:f7687becdf95ecf98b9fadbc501163c3bc2f4b1906fd59c19ad6717a1897f8e8_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:1c5cb619fc844a48f79d2996d8c2239bab7077845d404184515d4e7df7afdc6e_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:4586e2f4308662e5ff54d15fb4a7839982fd59a74a7e0534b7df0537c65da3e7_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:c69235da18dcccc515f64615d6e2313423520cff6c3d32b87b2c3e1f1069ffa3_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:ec4c412b018affc913dd6e50fa1ecaba47993619102a235572d30eb354af3599_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "@remix-run/router: react-router: React Router vulnerable to XSS via Open Redirects"
}
]
}
RHSA-2025:23204
Vulnerability from csaf_redhat - Published: 2025-12-15 15:38 - Updated: 2026-02-08 07:22Summary
Red Hat Security Advisory: Red Hat AI Inference Server 3.2.5 (CUDA)
Notes
Topic
Red Hat AI Inference Server 3.2.5 (CUDA) is now available.
Details
Red Hat® AI Inference Server
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat AI Inference Server 3.2.5 (CUDA) is now available.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat\u00ae AI Inference Server",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:23204",
"url": "https://access.redhat.com/errata/RHSA-2025:23204"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-22868",
"url": "https://access.redhat.com/security/cve/CVE-2025-22868"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-22869",
"url": "https://access.redhat.com/security/cve/CVE-2025-22869"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-52565",
"url": "https://access.redhat.com/security/cve/CVE-2025-52565"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-59375",
"url": "https://access.redhat.com/security/cve/CVE-2025-59375"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-62164",
"url": "https://access.redhat.com/security/cve/CVE-2025-62164"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-62372",
"url": "https://access.redhat.com/security/cve/CVE-2025-62372"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-62593",
"url": "https://access.redhat.com/security/cve/CVE-2025-62593"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-66448",
"url": "https://access.redhat.com/security/cve/CVE-2025-66448"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-66506",
"url": "https://access.redhat.com/security/cve/CVE-2025-66506"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-9230",
"url": "https://access.redhat.com/security/cve/CVE-2025-9230"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-9714",
"url": "https://access.redhat.com/security/cve/CVE-2025-9714"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "external",
"summary": "https://www.redhat.com/en/products/ai/inference-server",
"url": "https://www.redhat.com/en/products/ai/inference-server"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_23204.json"
}
],
"title": "Red Hat Security Advisory: Red Hat AI Inference Server 3.2.5 (CUDA)",
"tracking": {
"current_release_date": "2026-02-08T07:22:39+00:00",
"generator": {
"date": "2026-02-08T07:22:39+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.1"
}
},
"id": "RHSA-2025:23204",
"initial_release_date": "2025-12-15T15:38:04+00:00",
"revision_history": [
{
"date": "2025-12-15T15:38:04+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-12-15T15:38:10+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-02-08T07:22:39+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat AI Inference Server 3.2",
"product": {
"name": "Red Hat AI Inference Server 3.2",
"product_id": "Red Hat AI Inference Server 3.2",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:ai_inference_server:3.2::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat AI Inference Server"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:7b04c0154c486aa7dd103ddeaf6bea7b9851859c33a4b979a85261a44a7b77f2_amd64",
"product": {
"name": "registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:7b04c0154c486aa7dd103ddeaf6bea7b9851859c33a4b979a85261a44a7b77f2_amd64",
"product_id": "registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:7b04c0154c486aa7dd103ddeaf6bea7b9851859c33a4b979a85261a44a7b77f2_amd64",
"product_identification_helper": {
"purl": "pkg:oci/vllm-cuda-rhel9@sha256%3A7b04c0154c486aa7dd103ddeaf6bea7b9851859c33a4b979a85261a44a7b77f2?arch=amd64\u0026repository_url=registry.redhat.io/rhaiis\u0026tag=3.2.5-1765552580"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:f0ab1b678e9447eae4b6b2fe5c58531aa8524133db157f196726164e4dc20492_arm64",
"product": {
"name": "registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:f0ab1b678e9447eae4b6b2fe5c58531aa8524133db157f196726164e4dc20492_arm64",
"product_id": "registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:f0ab1b678e9447eae4b6b2fe5c58531aa8524133db157f196726164e4dc20492_arm64",
"product_identification_helper": {
"purl": "pkg:oci/vllm-cuda-rhel9@sha256%3Af0ab1b678e9447eae4b6b2fe5c58531aa8524133db157f196726164e4dc20492?arch=arm64\u0026repository_url=registry.redhat.io/rhaiis\u0026tag=3.2.5-1765552580"
}
}
}
],
"category": "architecture",
"name": "arm64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:7b04c0154c486aa7dd103ddeaf6bea7b9851859c33a4b979a85261a44a7b77f2_amd64 as a component of Red Hat AI Inference Server 3.2",
"product_id": "Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:7b04c0154c486aa7dd103ddeaf6bea7b9851859c33a4b979a85261a44a7b77f2_amd64"
},
"product_reference": "registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:7b04c0154c486aa7dd103ddeaf6bea7b9851859c33a4b979a85261a44a7b77f2_amd64",
"relates_to_product_reference": "Red Hat AI Inference Server 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:f0ab1b678e9447eae4b6b2fe5c58531aa8524133db157f196726164e4dc20492_arm64 as a component of Red Hat AI Inference Server 3.2",
"product_id": "Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:f0ab1b678e9447eae4b6b2fe5c58531aa8524133db157f196726164e4dc20492_arm64"
},
"product_reference": "registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:f0ab1b678e9447eae4b6b2fe5c58531aa8524133db157f196726164e4dc20492_arm64",
"relates_to_product_reference": "Red Hat AI Inference Server 3.2"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-9230",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2025-09-17T12:15:34.387000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2396054"
}
],
"notes": [
{
"category": "description",
"text": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openssl: Out-of-bounds read \u0026 write in RFC 3211 KEK Unwrap",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The vulnerability was rated as Moderate because, while the potential impact includes an application level denial of service and possible arbitrary code execution, successful exploitation is considered unlikely due to the high attack complexity and the fact that password-based CMS encryption (PWRI) is rarely used in real-world deployments.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:7b04c0154c486aa7dd103ddeaf6bea7b9851859c33a4b979a85261a44a7b77f2_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:f0ab1b678e9447eae4b6b2fe5c58531aa8524133db157f196726164e4dc20492_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-9230"
},
{
"category": "external",
"summary": "RHBZ#2396054",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2396054"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-9230",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9230"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-9230",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-9230"
}
],
"release_date": "2025-09-30T23:59:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-12-15T15:38:04+00:00",
"details": "For more information visit https://access.redhat.com/errata/RHSA-2025:23204",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:7b04c0154c486aa7dd103ddeaf6bea7b9851859c33a4b979a85261a44a7b77f2_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:f0ab1b678e9447eae4b6b2fe5c58531aa8524133db157f196726164e4dc20492_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:23204"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:7b04c0154c486aa7dd103ddeaf6bea7b9851859c33a4b979a85261a44a7b77f2_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:f0ab1b678e9447eae4b6b2fe5c58531aa8524133db157f196726164e4dc20492_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:7b04c0154c486aa7dd103ddeaf6bea7b9851859c33a4b979a85261a44a7b77f2_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:f0ab1b678e9447eae4b6b2fe5c58531aa8524133db157f196726164e4dc20492_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "openssl: Out-of-bounds read \u0026 write in RFC 3211 KEK Unwrap"
},
{
"cve": "CVE-2025-9714",
"cwe": {
"id": "CWE-606",
"name": "Unchecked Input for Loop Condition"
},
"discovery_date": "2025-09-02T13:03:56.452000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2392605"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in libxstl/libxml2. The \u0027exsltDynMapFunction\u0027 function in libexslt/dynamic.c does not contain a recursion depth check, which may cause an infinite loop via a specially crafted XSLT document while handling \u0027dyn:map()\u0027, leading to stack exhaustion and a local denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libxslt: libxml2: Inifinite recursion at exsltDynMapFunction function in libexslt/dynamic.c",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "No evidence was found for arbitrary memory corruption through this flaw, limiting its impact to Availability only, and reducing its severity to Moderate.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:7b04c0154c486aa7dd103ddeaf6bea7b9851859c33a4b979a85261a44a7b77f2_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:f0ab1b678e9447eae4b6b2fe5c58531aa8524133db157f196726164e4dc20492_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-9714"
},
{
"category": "external",
"summary": "RHBZ#2392605",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2392605"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-9714",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9714"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-9714",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-9714"
},
{
"category": "external",
"summary": "https://gitlab.gnome.org/GNOME/libxml2/-/commit/677a42645ef22b5a50741bad5facf9d8a8bc6d21",
"url": "https://gitlab.gnome.org/GNOME/libxml2/-/commit/677a42645ef22b5a50741bad5facf9d8a8bc6d21"
},
{
"category": "external",
"summary": "https://gitlab.gnome.org/GNOME/libxslt/-/issues/148",
"url": "https://gitlab.gnome.org/GNOME/libxslt/-/issues/148"
}
],
"release_date": "2025-09-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-12-15T15:38:04+00:00",
"details": "For more information visit https://access.redhat.com/errata/RHSA-2025:23204",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:7b04c0154c486aa7dd103ddeaf6bea7b9851859c33a4b979a85261a44a7b77f2_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:f0ab1b678e9447eae4b6b2fe5c58531aa8524133db157f196726164e4dc20492_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:23204"
},
{
"category": "workaround",
"details": "The impact of this flaw may be reduced by setting strict resource limits to the stack size of processes at the operational system level. This can be achieved either through the \u0027ulimit\u0027 shell built-in or the \u0027limits.conf\u0027 file.",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:7b04c0154c486aa7dd103ddeaf6bea7b9851859c33a4b979a85261a44a7b77f2_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:f0ab1b678e9447eae4b6b2fe5c58531aa8524133db157f196726164e4dc20492_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:7b04c0154c486aa7dd103ddeaf6bea7b9851859c33a4b979a85261a44a7b77f2_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:f0ab1b678e9447eae4b6b2fe5c58531aa8524133db157f196726164e4dc20492_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "libxslt: libxml2: Inifinite recursion at exsltDynMapFunction function in libexslt/dynamic.c"
},
{
"acknowledgments": [
{
"names": [
"jub0bs"
]
}
],
"cve": "CVE-2025-22868",
"cwe": {
"id": "CWE-1286",
"name": "Improper Validation of Syntactic Correctness of Input"
},
"discovery_date": "2025-02-26T04:00:44.350024+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2348366"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the `golang.org/x/oauth2/jws` package in the token parsing component. This vulnerability is made possible because of the use of `strings.Split(token, \".\")` to split JWT tokens, which can lead to excessive memory consumption when processing maliciously crafted tokens with a large number of `.` characters. An attacker could exploit this functionality by sending numerous malformed tokens and can trigger memory exhaustion and a Denial of Service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang.org/x/oauth2/jws: Unexpected memory consumption during token parsing in golang.org/x/oauth2/jws",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:7b04c0154c486aa7dd103ddeaf6bea7b9851859c33a4b979a85261a44a7b77f2_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:f0ab1b678e9447eae4b6b2fe5c58531aa8524133db157f196726164e4dc20492_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-22868"
},
{
"category": "external",
"summary": "RHBZ#2348366",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2348366"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-22868",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22868"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-22868",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-22868"
},
{
"category": "external",
"summary": "https://go.dev/cl/652155",
"url": "https://go.dev/cl/652155"
},
{
"category": "external",
"summary": "https://go.dev/issue/71490",
"url": "https://go.dev/issue/71490"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-3488",
"url": "https://pkg.go.dev/vuln/GO-2025-3488"
}
],
"release_date": "2025-02-26T03:07:49.012000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-12-15T15:38:04+00:00",
"details": "For more information visit https://access.redhat.com/errata/RHSA-2025:23204",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:7b04c0154c486aa7dd103ddeaf6bea7b9851859c33a4b979a85261a44a7b77f2_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:f0ab1b678e9447eae4b6b2fe5c58531aa8524133db157f196726164e4dc20492_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:23204"
},
{
"category": "workaround",
"details": "To mitigate this vulnerability, it is recommended to pre-validate any payloads passed to `go-jose` to check that they do not contain an excessive amount of `.` characters.",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:7b04c0154c486aa7dd103ddeaf6bea7b9851859c33a4b979a85261a44a7b77f2_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:f0ab1b678e9447eae4b6b2fe5c58531aa8524133db157f196726164e4dc20492_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:7b04c0154c486aa7dd103ddeaf6bea7b9851859c33a4b979a85261a44a7b77f2_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:f0ab1b678e9447eae4b6b2fe5c58531aa8524133db157f196726164e4dc20492_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang.org/x/oauth2/jws: Unexpected memory consumption during token parsing in golang.org/x/oauth2/jws"
},
{
"cve": "CVE-2025-22869",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2025-02-26T04:00:47.683125+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2348367"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the golang.org/x/crypto/ssh package. SSH clients and servers are vulnerable to increased resource consumption, possibly leading to memory exhaustion and a DoS. This can occur during key exchange when the other party is slow to respond during key exchange.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang.org/x/crypto/ssh: Denial of Service in the Key Exchange of golang.org/x/crypto/ssh",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "While this flaw affects both SSH clients and servers implemented with golang.org/x/crypto/ssh, realistically the flaw will only lead to a DoS when transferring large files, greatly reducing the likelihood of exploitation.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:7b04c0154c486aa7dd103ddeaf6bea7b9851859c33a4b979a85261a44a7b77f2_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:f0ab1b678e9447eae4b6b2fe5c58531aa8524133db157f196726164e4dc20492_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-22869"
},
{
"category": "external",
"summary": "RHBZ#2348367",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2348367"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-22869",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22869"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-22869",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-22869"
},
{
"category": "external",
"summary": "https://go.dev/cl/652135",
"url": "https://go.dev/cl/652135"
},
{
"category": "external",
"summary": "https://go.dev/issue/71931",
"url": "https://go.dev/issue/71931"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-3487",
"url": "https://pkg.go.dev/vuln/GO-2025-3487"
}
],
"release_date": "2025-02-26T03:07:48.855000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-12-15T15:38:04+00:00",
"details": "For more information visit https://access.redhat.com/errata/RHSA-2025:23204",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:7b04c0154c486aa7dd103ddeaf6bea7b9851859c33a4b979a85261a44a7b77f2_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:f0ab1b678e9447eae4b6b2fe5c58531aa8524133db157f196726164e4dc20492_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:23204"
},
{
"category": "workaround",
"details": "This flaw can be mitigated when using the client only connecting to trusted servers.",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:7b04c0154c486aa7dd103ddeaf6bea7b9851859c33a4b979a85261a44a7b77f2_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:f0ab1b678e9447eae4b6b2fe5c58531aa8524133db157f196726164e4dc20492_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:7b04c0154c486aa7dd103ddeaf6bea7b9851859c33a4b979a85261a44a7b77f2_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:f0ab1b678e9447eae4b6b2fe5c58531aa8524133db157f196726164e4dc20492_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang.org/x/crypto/ssh: Denial of Service in the Key Exchange of golang.org/x/crypto/ssh"
},
{
"cve": "CVE-2025-52565",
"cwe": {
"id": "CWE-59",
"name": "Improper Link Resolution Before File Access (\u0027Link Following\u0027)"
},
"discovery_date": "2025-10-17T14:19:18.653000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2404708"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in runc. CVE-2025-52565 is very similar in concept and application toCVE-2025-31133, except that it exploits a flaw in /dev/console\nbind-mounts. When creating the /dev/console bind-mount (to /dev/pts/$n), if an attacker replaces /dev/pts/$n with a symlink then runc will bind-mount the symlink target over /dev/console.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "runc: container escape with malicious config due to /dev/console mount and related races",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat considers this as an Important flaw since the impact is limited to local attack with minimal privileges in order to jeopardize the environment.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:7b04c0154c486aa7dd103ddeaf6bea7b9851859c33a4b979a85261a44a7b77f2_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:f0ab1b678e9447eae4b6b2fe5c58531aa8524133db157f196726164e4dc20492_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-52565"
},
{
"category": "external",
"summary": "RHBZ#2404708",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2404708"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-52565",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-52565"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-52565",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-52565"
}
],
"release_date": "2025-11-05T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-12-15T15:38:04+00:00",
"details": "For more information visit https://access.redhat.com/errata/RHSA-2025:23204",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:7b04c0154c486aa7dd103ddeaf6bea7b9851859c33a4b979a85261a44a7b77f2_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:f0ab1b678e9447eae4b6b2fe5c58531aa8524133db157f196726164e4dc20492_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:23204"
},
{
"category": "workaround",
"details": "Potential mitigations for this issue include:\n\n* Using user namespaces, with the host root user not mapped into the container\u0027s namespace. procfs file permissions are managed using Unix DAC and thus user namespaces stop a container process from being able to write to them.\n* Not running as a root user in the container (this includes disabling setuid binaries with noNewPrivileges). As above, procfs file permissions are managed using Unix DAC and thus non-root users cannot write to them.\n* The default SELinux policy should mitigate this issue, as the /dev/console bind-mount does not re-label the mount and so the container process should not be able to write to unsafe procfs files. However, CVE-2025-52881 allows an attacker to bypass LSM labels, and so this mitigation is not helpful when considered in combination with CVE-2025-52881.\n* The default AppArmor profile used by most runtimes will NOT help mitigate this issue, as /dev/console access is permitted. You could create a custom profile that blocks access to /dev/console, but such a profile might break regular containers. In addition, CVE-2025-52881 allows an attacker to bypass LSM labels, and so that mitigation is not helpful when considered in combination with CVE-2025-52881.",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:7b04c0154c486aa7dd103ddeaf6bea7b9851859c33a4b979a85261a44a7b77f2_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:f0ab1b678e9447eae4b6b2fe5c58531aa8524133db157f196726164e4dc20492_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:7b04c0154c486aa7dd103ddeaf6bea7b9851859c33a4b979a85261a44a7b77f2_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:f0ab1b678e9447eae4b6b2fe5c58531aa8524133db157f196726164e4dc20492_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "runc: container escape with malicious config due to /dev/console mount and related races"
},
{
"cve": "CVE-2025-59375",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2025-09-15T03:00:59.775098+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2395108"
}
],
"notes": [
{
"category": "description",
"text": "A memory amplification vulnerability in libexpat allows attackers to trigger excessive dynamic memory allocations by submitting specially crafted XML input. A small input (~250 KiB) can cause the parser to allocate hundreds of megabytes, leading to denial-of-service (DoS) through memory exhaustion.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "expat: libexpat in Expat allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue is Important rather than Critical because, while it allows for significant resource exhaustion leading to denial-of-service (DoS), it does not enable arbitrary code execution, data leakage, or privilege escalation. The vulnerability stems from an uncontrolled memory amplification behavior in libexpat\u2019s parser, where a relatively small XML payload can cause disproportionately large heap allocations. However, the flaw is limited in scope to service disruption and requires the attacker to submit a crafted XML document\u2014something that can be mitigated with proper input validation and memory usage limits. Therefore, while the exploitability is high, the impact is confined to availability, not confidentiality or integrity, making it a high-severity but not critical flaw.\n\nIn Firefox and Thunderbird, where libexpat is a transitive userspace dependency, exploitation usually just crashes the application (app-level DoS), so it is classify as Moderate instead of Important.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:7b04c0154c486aa7dd103ddeaf6bea7b9851859c33a4b979a85261a44a7b77f2_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:f0ab1b678e9447eae4b6b2fe5c58531aa8524133db157f196726164e4dc20492_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-59375"
},
{
"category": "external",
"summary": "RHBZ#2395108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2395108"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-59375",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59375"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-59375",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-59375"
},
{
"category": "external",
"summary": "https://github.com/libexpat/libexpat/blob/676a4c531ec768732fac215da9730b5f50fbd2bf/expat/Changes#L45-L74",
"url": "https://github.com/libexpat/libexpat/blob/676a4c531ec768732fac215da9730b5f50fbd2bf/expat/Changes#L45-L74"
},
{
"category": "external",
"summary": "https://github.com/libexpat/libexpat/issues/1018",
"url": "https://github.com/libexpat/libexpat/issues/1018"
},
{
"category": "external",
"summary": "https://github.com/libexpat/libexpat/pull/1034",
"url": "https://github.com/libexpat/libexpat/pull/1034"
},
{
"category": "external",
"summary": "https://issues.oss-fuzz.com/issues/439133977",
"url": "https://issues.oss-fuzz.com/issues/439133977"
}
],
"release_date": "2025-09-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-12-15T15:38:04+00:00",
"details": "For more information visit https://access.redhat.com/errata/RHSA-2025:23204",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:7b04c0154c486aa7dd103ddeaf6bea7b9851859c33a4b979a85261a44a7b77f2_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:f0ab1b678e9447eae4b6b2fe5c58531aa8524133db157f196726164e4dc20492_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:23204"
},
{
"category": "workaround",
"details": "To mitigate the issue, limit XML input size and complexity before parsing, and avoid accepting compressed or deeply nested XML. Use OS-level resource controls (like ulimit or setrlimit()) to cap memory usage, or run the parser in a sandboxed or isolated process with strict memory and CPU limits. This helps prevent denial-of-service by containing excessive resource consumption.",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:7b04c0154c486aa7dd103ddeaf6bea7b9851859c33a4b979a85261a44a7b77f2_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:f0ab1b678e9447eae4b6b2fe5c58531aa8524133db157f196726164e4dc20492_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:7b04c0154c486aa7dd103ddeaf6bea7b9851859c33a4b979a85261a44a7b77f2_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:f0ab1b678e9447eae4b6b2fe5c58531aa8524133db157f196726164e4dc20492_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "expat: libexpat in Expat allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing"
},
{
"cve": "CVE-2025-62164",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2025-11-21T02:01:11.280042+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2416282"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability in vLLM allows attackers to supply malicious serialized prompt-embedding tensors that are deserialized using torch.load() without validation. Due to PyTorch 2.8.0 disabling sparse-tensor integrity checks by default, a crafted tensor can bypass bounds checks and cause an out-of-bounds write during to_dense(), leading to a crash (DoS) and potentially remote code execution on the vLLM server.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "vllm: VLLM deserialization vulnerability leading to DoS and potential RCE",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is considered important rather than moderate because it involves unsafe deserialization leading to memory corruption in a network-reachable, unauthenticated API path. Unlike typical moderate flaws that may only allow limited DoS or require specific conditions, this issue allows an attacker to supply a crafted sparse tensor that triggers an out-of-bounds memory write during PyTorch\u2019s to_dense() conversion. Memory corruption in a server process handling untrusted input significantly elevates security risk because it can lead not only to a reliable crash but also to potential remote code execution, enabling full compromise of the vLLM service. Additionally, the affected code path is part of the standard Completions API workflow, making the attack surface broadly exposed in real deployments. The combination of remote exploitability, unauthenticated access, memory corruption, and potential RCE clearly positions this issue above a moderate classification and into an important severity level.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:7b04c0154c486aa7dd103ddeaf6bea7b9851859c33a4b979a85261a44a7b77f2_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:f0ab1b678e9447eae4b6b2fe5c58531aa8524133db157f196726164e4dc20492_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-62164"
},
{
"category": "external",
"summary": "RHBZ#2416282",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2416282"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-62164",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-62164"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-62164",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-62164"
},
{
"category": "external",
"summary": "https://github.com/vllm-project/vllm/commit/58fab50d82838d5014f4a14d991fdb9352c9c84b",
"url": "https://github.com/vllm-project/vllm/commit/58fab50d82838d5014f4a14d991fdb9352c9c84b"
},
{
"category": "external",
"summary": "https://github.com/vllm-project/vllm/pull/27204",
"url": "https://github.com/vllm-project/vllm/pull/27204"
},
{
"category": "external",
"summary": "https://github.com/vllm-project/vllm/security/advisories/GHSA-mrw7-hf4f-83pf",
"url": "https://github.com/vllm-project/vllm/security/advisories/GHSA-mrw7-hf4f-83pf"
}
],
"release_date": "2025-11-21T01:18:38.803000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-12-15T15:38:04+00:00",
"details": "For more information visit https://access.redhat.com/errata/RHSA-2025:23204",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:7b04c0154c486aa7dd103ddeaf6bea7b9851859c33a4b979a85261a44a7b77f2_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:f0ab1b678e9447eae4b6b2fe5c58531aa8524133db157f196726164e4dc20492_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:23204"
},
{
"category": "workaround",
"details": "No mitigation is currently available that meets Red Hat Product Security\u2019s standards for usability, deployment, applicability, or stability.",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:7b04c0154c486aa7dd103ddeaf6bea7b9851859c33a4b979a85261a44a7b77f2_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:f0ab1b678e9447eae4b6b2fe5c58531aa8524133db157f196726164e4dc20492_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:7b04c0154c486aa7dd103ddeaf6bea7b9851859c33a4b979a85261a44a7b77f2_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:f0ab1b678e9447eae4b6b2fe5c58531aa8524133db157f196726164e4dc20492_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "vllm: VLLM deserialization vulnerability leading to DoS and potential RCE"
},
{
"cve": "CVE-2025-62372",
"cwe": {
"id": "CWE-129",
"name": "Improper Validation of Array Index"
},
"discovery_date": "2025-11-21T02:00:57.180567+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2416280"
}
],
"notes": [
{
"category": "description",
"text": "vLLM is an inference and serving engine for large language models (LLMs). From version 0.5.5 to before 0.11.1, users can crash the vLLM engine serving multimodal models by passing multimodal embedding inputs with correct ndim but incorrect shape (e.g. hidden dimension is wrong), regardless of whether the model is intended to support such inputs (as defined in the Supported Models page). This issue has been patched in version 0.11.1.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "vllm: vLLM vulnerable to DoS with incorrect shape of multimodal embedding inputs",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw is rated Moderate rather than Important because its impact is strictly limited to availability and requires low but existing privileges to exploit. The issue arises from incomplete shape validation of multimodal embedding tensors, which can cause deterministic crashes in the inference engine, but it does not enable memory corruption, data leakage, integrity compromise, or execution of arbitrary code. Exploitation requires an authenticated or API-key-holding user to submit malformed multimodal inputs, meaning it cannot be triggered by an unauthenticated attacker on an exposed endpoint. Additionally, the failure mode is a clean crash rather than undefined behavior, so the blast radius is constrained to service interruption rather than broader systemic compromise. These factors\u2014PR:L requirement, no confidentiality/integrity impact, deterministic failure mode, and scoped DoS only\u2014technically align the issue with Moderate severity instead of an Important flaw.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:7b04c0154c486aa7dd103ddeaf6bea7b9851859c33a4b979a85261a44a7b77f2_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:f0ab1b678e9447eae4b6b2fe5c58531aa8524133db157f196726164e4dc20492_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-62372"
},
{
"category": "external",
"summary": "RHBZ#2416280",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2416280"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-62372",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-62372"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-62372",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-62372"
},
{
"category": "external",
"summary": "https://github.com/vllm-project/vllm/commit/58fab50d82838d5014f4a14d991fdb9352c9c84b",
"url": "https://github.com/vllm-project/vllm/commit/58fab50d82838d5014f4a14d991fdb9352c9c84b"
},
{
"category": "external",
"summary": "https://github.com/vllm-project/vllm/pull/27204",
"url": "https://github.com/vllm-project/vllm/pull/27204"
},
{
"category": "external",
"summary": "https://github.com/vllm-project/vllm/pull/6613",
"url": "https://github.com/vllm-project/vllm/pull/6613"
},
{
"category": "external",
"summary": "https://github.com/vllm-project/vllm/security/advisories/GHSA-pmqf-x6x8-p7qw",
"url": "https://github.com/vllm-project/vllm/security/advisories/GHSA-pmqf-x6x8-p7qw"
}
],
"release_date": "2025-11-21T01:22:37.121000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-12-15T15:38:04+00:00",
"details": "For more information visit https://access.redhat.com/errata/RHSA-2025:23204",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:7b04c0154c486aa7dd103ddeaf6bea7b9851859c33a4b979a85261a44a7b77f2_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:f0ab1b678e9447eae4b6b2fe5c58531aa8524133db157f196726164e4dc20492_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:23204"
},
{
"category": "workaround",
"details": "No mitigation is currently available that meets Red Hat Product Security\u2019s standards for usability, deployment, applicability, or stability.",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:7b04c0154c486aa7dd103ddeaf6bea7b9851859c33a4b979a85261a44a7b77f2_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:f0ab1b678e9447eae4b6b2fe5c58531aa8524133db157f196726164e4dc20492_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:7b04c0154c486aa7dd103ddeaf6bea7b9851859c33a4b979a85261a44a7b77f2_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:f0ab1b678e9447eae4b6b2fe5c58531aa8524133db157f196726164e4dc20492_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "vllm: vLLM vulnerable to DoS with incorrect shape of multimodal embedding inputs"
},
{
"cve": "CVE-2025-62593",
"cwe": {
"id": "CWE-94",
"name": "Improper Control of Generation of Code (\u0027Code Injection\u0027)"
},
"discovery_date": "2025-11-26T23:01:25.307125+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2417394"
}
],
"notes": [
{
"category": "description",
"text": "Ray is an AI compute engine. Prior to version 2.52.0, developers working with Ray as a development tool can be exploited via a critical RCE vulnerability exploitable via Firefox and Safari. This vulnerability is due to an insufficient guard against browser-based attacks, as the current defense uses the User-Agent header starting with the string \"Mozilla\" as a defense mechanism. This defense is insufficient as the fetch specification allows the User-Agent header to be modified. Combined with a DNS rebinding attack against the browser, and this vulnerability is exploitable against a developer running Ray who inadvertently visits a malicious website, or is served a malicious advertisement (malvertising). This issue has been patched in version 2.52.0.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "ray: Ray is vulnerable to RCE via Safari \u0026 Firefox Browsers through DNS Rebinding Attack",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat has chosen to keep this as Important instead of Critical severity because the successful exploitation of this vulnerability requires user interaction in conjunction with a DNS rebinding attack.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:7b04c0154c486aa7dd103ddeaf6bea7b9851859c33a4b979a85261a44a7b77f2_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:f0ab1b678e9447eae4b6b2fe5c58531aa8524133db157f196726164e4dc20492_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-62593"
},
{
"category": "external",
"summary": "RHBZ#2417394",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2417394"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-62593",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-62593"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-62593",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-62593"
},
{
"category": "external",
"summary": "https://github.com/ray-project/ray/commit/70e7c72780bdec075dba6cad1afe0832772bfe09",
"url": "https://github.com/ray-project/ray/commit/70e7c72780bdec075dba6cad1afe0832772bfe09"
},
{
"category": "external",
"summary": "https://github.com/ray-project/ray/security/advisories/GHSA-q279-jhrf-cc6v",
"url": "https://github.com/ray-project/ray/security/advisories/GHSA-q279-jhrf-cc6v"
}
],
"release_date": "2025-11-26T22:28:28.577000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-12-15T15:38:04+00:00",
"details": "For more information visit https://access.redhat.com/errata/RHSA-2025:23204",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:7b04c0154c486aa7dd103ddeaf6bea7b9851859c33a4b979a85261a44a7b77f2_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:f0ab1b678e9447eae4b6b2fe5c58531aa8524133db157f196726164e4dc20492_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:23204"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:7b04c0154c486aa7dd103ddeaf6bea7b9851859c33a4b979a85261a44a7b77f2_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:f0ab1b678e9447eae4b6b2fe5c58531aa8524133db157f196726164e4dc20492_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:7b04c0154c486aa7dd103ddeaf6bea7b9851859c33a4b979a85261a44a7b77f2_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:f0ab1b678e9447eae4b6b2fe5c58531aa8524133db157f196726164e4dc20492_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "ray: Ray is vulnerable to RCE via Safari \u0026 Firefox Browsers through DNS Rebinding Attack"
},
{
"cve": "CVE-2025-66448",
"cwe": {
"id": "CWE-94",
"name": "Improper Control of Generation of Code (\u0027Code Injection\u0027)"
},
"discovery_date": "2025-12-01T23:01:07.198041+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2418152"
}
],
"notes": [
{
"category": "description",
"text": "A remote code execution vulnerability has been identified in vLLM. An attacker can exploit a weakness in the model loading process to silently fetch and run unauthorized, malicious Python code on the host system. This happens because the engine mistakenly executes code from a remote repository referenced in a model\u0027s configuration, even when explicit security measures are set to prevent it.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "vllm: vLLM: Remote Code Execution via malicious model configuration",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Important for Red Hat because vLLM, when deployed in a Red Hat environment, is susceptible to remote code execution. An attacker can craft a malicious model configuration that, when loaded, fetches and executes arbitrary Python code from a remote repository, even if `trust_remote_code` is explicitly set to `False`.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:7b04c0154c486aa7dd103ddeaf6bea7b9851859c33a4b979a85261a44a7b77f2_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:f0ab1b678e9447eae4b6b2fe5c58531aa8524133db157f196726164e4dc20492_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-66448"
},
{
"category": "external",
"summary": "RHBZ#2418152",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2418152"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-66448",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66448"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-66448",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66448"
},
{
"category": "external",
"summary": "https://github.com/vllm-project/vllm/commit/ffb08379d8870a1a81ba82b72797f196838d0c86",
"url": "https://github.com/vllm-project/vllm/commit/ffb08379d8870a1a81ba82b72797f196838d0c86"
},
{
"category": "external",
"summary": "https://github.com/vllm-project/vllm/pull/28126",
"url": "https://github.com/vllm-project/vllm/pull/28126"
},
{
"category": "external",
"summary": "https://github.com/vllm-project/vllm/security/advisories/GHSA-8fr4-5q9j-m8gm",
"url": "https://github.com/vllm-project/vllm/security/advisories/GHSA-8fr4-5q9j-m8gm"
}
],
"release_date": "2025-12-01T22:45:42.566000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-12-15T15:38:04+00:00",
"details": "For more information visit https://access.redhat.com/errata/RHSA-2025:23204",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:7b04c0154c486aa7dd103ddeaf6bea7b9851859c33a4b979a85261a44a7b77f2_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:f0ab1b678e9447eae4b6b2fe5c58531aa8524133db157f196726164e4dc20492_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:23204"
},
{
"category": "workaround",
"details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:7b04c0154c486aa7dd103ddeaf6bea7b9851859c33a4b979a85261a44a7b77f2_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:f0ab1b678e9447eae4b6b2fe5c58531aa8524133db157f196726164e4dc20492_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:7b04c0154c486aa7dd103ddeaf6bea7b9851859c33a4b979a85261a44a7b77f2_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:f0ab1b678e9447eae4b6b2fe5c58531aa8524133db157f196726164e4dc20492_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "vllm: vLLM: Remote Code Execution via malicious model configuration"
},
{
"cve": "CVE-2025-66506",
"cwe": {
"id": "CWE-405",
"name": "Asymmetric Resource Consumption (Amplification)"
},
"discovery_date": "2025-12-04T23:01:20.507333+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2419056"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Fulcio, a free-to-use certificate authority. This vulnerability allows a denial of service (DoS) due to excessive memory allocation when processing a malicious OpenID Connect (OIDC) identity token containing numerous period characters.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "github.com/sigstore/fulcio: Fulcio: Denial of Service via crafted OpenID Connect (OIDC) token",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Important for Red Hat as Fulcio, a certificate authority used for issuing code signing certificates, is susceptible to a denial of service when processing a specially crafted OpenID Connect (OIDC) token. This could lead to resource exhaustion and service unavailability in affected Red Hat products that utilize Fulcio.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:7b04c0154c486aa7dd103ddeaf6bea7b9851859c33a4b979a85261a44a7b77f2_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:f0ab1b678e9447eae4b6b2fe5c58531aa8524133db157f196726164e4dc20492_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-66506"
},
{
"category": "external",
"summary": "RHBZ#2419056",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2419056"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-66506",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66506"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-66506",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66506"
},
{
"category": "external",
"summary": "https://github.com/sigstore/fulcio/commit/765a0e57608b9ef390e1eeeea8595b9054c63a5a",
"url": "https://github.com/sigstore/fulcio/commit/765a0e57608b9ef390e1eeeea8595b9054c63a5a"
},
{
"category": "external",
"summary": "https://github.com/sigstore/fulcio/security/advisories/GHSA-f83f-xpx7-ffpw",
"url": "https://github.com/sigstore/fulcio/security/advisories/GHSA-f83f-xpx7-ffpw"
}
],
"release_date": "2025-12-04T22:04:41.637000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-12-15T15:38:04+00:00",
"details": "For more information visit https://access.redhat.com/errata/RHSA-2025:23204",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:7b04c0154c486aa7dd103ddeaf6bea7b9851859c33a4b979a85261a44a7b77f2_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:f0ab1b678e9447eae4b6b2fe5c58531aa8524133db157f196726164e4dc20492_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:23204"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:7b04c0154c486aa7dd103ddeaf6bea7b9851859c33a4b979a85261a44a7b77f2_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:f0ab1b678e9447eae4b6b2fe5c58531aa8524133db157f196726164e4dc20492_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "github.com/sigstore/fulcio: Fulcio: Denial of Service via crafted OpenID Connect (OIDC) token"
}
]
}
GHSA-F83F-XPX7-FFPW
Vulnerability from github – Published: 2025-12-05 18:18 – Updated: 2025-12-05 18:18
VLAI?
Summary
Fulcio allocates excessive memory during token parsing
Details
Function identity.extractIssuerURL currently splits (via a call to strings.Split) its argument (which is untrusted data) on periods.
As a result, in the face of a malicious request with an (invalid) OIDC identity token in the payload containing many period characters, a call to extractIssuerURL incurs allocations to the tune of O(n) bytes (where n stands for the length of the function's argument), with a constant factor of about 16. Relevant weakness: CWE-405: Asymmetric Resource Consumption (Amplification)
Details See identity.extractIssuerURL
Impact Excessive memory allocation
Severity ?
7.5 (High)
{
"affected": [
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 1.8.2"
},
"package": {
"ecosystem": "Go",
"name": "github.com/sigstore/fulcio"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.8.3"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2025-66506"
],
"database_specific": {
"cwe_ids": [
"CWE-405"
],
"github_reviewed": true,
"github_reviewed_at": "2025-12-05T18:18:26Z",
"nvd_published_at": "2025-12-04T22:15:49Z",
"severity": "HIGH"
},
"details": "Function [identity.extractIssuerURL](https://github.com/sigstore/fulcio/blob/main/pkg/identity/issuerpool.go#L44-L45) currently splits (via a call to [strings.Split](https://pkg.go.dev/strings#Split)) its argument (which is untrusted data) on periods.\n\nAs a result, in the face of a malicious request with an (invalid) OIDC identity token in the payload containing many period characters, a call to `extractIssuerURL` incurs allocations to the tune of O(n) bytes (where n stands for the length of the function\u0027s argument), with a constant factor of about 16. Relevant weakness: [CWE-405: Asymmetric Resource Consumption (Amplification)](https://cwe.mitre.org/data/definitions/405.html)\n\nDetails\nSee [identity.extractIssuerURL](https://github.com/sigstore/fulcio/blob/main/pkg/identity/issuerpool.go#L44-L45)\n\nImpact\nExcessive memory allocation",
"id": "GHSA-f83f-xpx7-ffpw",
"modified": "2025-12-05T18:18:26Z",
"published": "2025-12-05T18:18:26Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/sigstore/fulcio/security/advisories/GHSA-f83f-xpx7-ffpw"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66506"
},
{
"type": "WEB",
"url": "https://github.com/sigstore/fulcio/commit/765a0e57608b9ef390e1eeeea8595b9054c63a5a"
},
{
"type": "PACKAGE",
"url": "https://github.com/sigstore/fulcio"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
],
"summary": "Fulcio allocates excessive memory during token parsing"
}
FKIE_CVE-2025-66506
Vulnerability from fkie_nvd - Published: 2025-12-04 22:15 - Updated: 2025-12-08 18:27
Severity ?
Summary
Fulcio is a free-to-use certificate authority for issuing code signing certificates for an OpenID Connect (OIDC) identity. Prior to 1.8.3, function identity.extractIssuerURL splits (via a call to strings.Split) its argument (which is untrusted data) on periods. As a result, in the face of a malicious request with an (invalid) OIDC identity token in the payload containing many period characters, a call to extractIssuerURL incurs allocations to the tune of O(n) bytes (where n stands for the length of the function's argument), with a constant factor of about 16. This vulnerability is fixed in 1.8.3.
References
Impacted products
| Vendor | Product | Version |
|---|
{
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Fulcio is a free-to-use certificate authority for issuing code signing certificates for an OpenID Connect (OIDC) identity. Prior to 1.8.3, function identity.extractIssuerURL splits (via a call to strings.Split) its argument (which is untrusted data) on periods. As a result, in the face of a malicious request with an (invalid) OIDC identity token in the payload containing many period characters, a call to extractIssuerURL incurs allocations to the tune of O(n) bytes (where n stands for the length of the function\u0027s argument), with a constant factor of about 16. This vulnerability is fixed in 1.8.3."
}
],
"id": "CVE-2025-66506",
"lastModified": "2025-12-08T18:27:15.857",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "security-advisories@github.com",
"type": "Secondary"
}
]
},
"published": "2025-12-04T22:15:49.503",
"references": [
{
"source": "security-advisories@github.com",
"url": "https://github.com/sigstore/fulcio/commit/765a0e57608b9ef390e1eeeea8595b9054c63a5a"
},
{
"source": "security-advisories@github.com",
"url": "https://github.com/sigstore/fulcio/security/advisories/GHSA-f83f-xpx7-ffpw"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Awaiting Analysis",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-405"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
}
]
}
WID-SEC-W-2026-0199
Vulnerability from csaf_certbund - Published: 2026-01-22 23:00 - Updated: 2026-02-04 23:00Summary
Red Hat OpenShift Pipelines Operator (Fulcio): Schwachstelle ermöglicht Denial of Service
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Red Hat OpenShift ist eine "Platform as a Service" (PaaS) Lösung zur Bereitstellung von Applikationen in der Cloud.
Angriff
Ein entfernter, anonymer Angreifer kann eine Schwachstelle in Red Hat OpenShift Pipelines Operator ausnutzen, um einen Denial of Service Angriff durchzuführen.
Betroffene Betriebssysteme
- Sonstiges
- UNIX
{
"document": {
"aggregate_severity": {
"text": "mittel"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Red Hat OpenShift ist eine \"Platform as a Service\" (PaaS) L\u00f6sung zur Bereitstellung von Applikationen in der Cloud.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer Angreifer kann eine Schwachstelle in Red Hat OpenShift Pipelines Operator ausnutzen, um einen Denial of Service Angriff durchzuf\u00fchren.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Sonstiges\n- UNIX",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2026-0199 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2026/wid-sec-w-2026-0199.json"
},
{
"category": "self",
"summary": "WID-SEC-2026-0199 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-0199"
},
{
"category": "external",
"summary": "Red Hat Security Advisory vom 2026-01-22",
"url": "https://access.redhat.com/errata/RHSA-2026:1049"
},
{
"category": "external",
"summary": "RedHat Customer Portal vom 2026-01-22",
"url": "https://access.redhat.com/security/cve/cve-2025-66506"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:1517 vom 2026-01-29",
"url": "https://access.redhat.com/errata/RHSA-2026:1517"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:1730 vom 2026-02-02",
"url": "https://access.redhat.com/errata/RHSA-2026:1730"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:1942 vom 2026-02-04",
"url": "https://access.redhat.com/errata/RHSA-2026:1942"
}
],
"source_lang": "en-US",
"title": "Red Hat OpenShift Pipelines Operator (Fulcio): Schwachstelle erm\u00f6glicht Denial of Service",
"tracking": {
"current_release_date": "2026-02-04T23:00:00.000+00:00",
"generator": {
"date": "2026-02-05T09:40:07.914+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.5.0"
}
},
"id": "WID-SEC-W-2026-0199",
"initial_release_date": "2026-01-22T23:00:00.000+00:00",
"revision_history": [
{
"date": "2026-01-22T23:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2026-01-28T23:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2026-02-02T23:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2026-02-04T23:00:00.000+00:00",
"number": "4",
"summary": "Neue Updates von Red Hat aufgenommen"
}
],
"status": "final",
"version": "4"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux",
"product": {
"name": "Red Hat Enterprise Linux",
"product_id": "67646",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:-"
}
}
},
{
"branches": [
{
"category": "product_version_range",
"name": "Pipelines Operator \u003c1.21.0",
"product": {
"name": "Red Hat OpenShift Pipelines Operator \u003c1.21.0",
"product_id": "T050269"
}
},
{
"category": "product_version",
"name": "Pipelines Operator 1.21.0",
"product": {
"name": "Red Hat OpenShift Pipelines Operator 1.21.0",
"product_id": "T050269-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:pipelines_operator__1.21.0"
}
}
}
],
"category": "product_name",
"name": "OpenShift"
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-66506",
"product_status": {
"known_affected": [
"67646",
"T050269"
]
},
"release_date": "2026-01-22T23:00:00.000+00:00",
"title": "CVE-2025-66506"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…