cvelistv5 - cve-2025-8415

CVE-2025-8415 (GCVE-0-2025-8415)

Vulnerability from cvelistv5 – Published: 2025-08-20 16:14 – Updated: 2025-11-20 20:59

Summary

A vulnerability was found in the Cryostat HTTP API. Cryostat's HTTP API binds to all network interfaces, allowing possible external visibility and access to the API port if Network Policies are disabled, allowing an unauthenticated, malicious attacker to jeopardize the environment.

Severity ?

5.9 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N

CWE

CWE-289 - Authentication Bypass by Alternate Name

Assigner

redhat

References

URL

RHSA-2025:14919

Vulnerability from csaf_redhat - Published: 2025-09-03 02:15 - Updated: 2025-11-21 19:24

Summary

Red Hat Security Advisory: Red Hat build of Cryostat 4.0.2: new RHEL 9 container image security update

Notes

Topic

New Red Hat build of Cryostat 4.0.2 on RHEL 9 container images are now available. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Details

The Cryostat 4 on RHEL 9 container images have been updated to fix several bugs. Users of Cryostat 4 on RHEL 9 container images are advised to upgrade to these updated images, which contain backported patches to fix these bugs and add these enhancements. Users of these images are also encouraged to rebuild all container images that depend on these images. Security Fix(es): * cryostat: authentication bypass if Network Policies are disabled (CVE-2025-8415) * netty: netty-codec-http2: Netty MadeYouReset HTTP/2 DDoS Vulnerability (CVE-2025-55163) * form-data: Unsafe random function in form-data (CVE-2025-7783) You can find images updated by this advisory in the Red Hat Container Catalog (see the References section).

This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "New Red Hat build of Cryostat 4.0.2 on RHEL 9 container images are now available.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "The Cryostat 4 on RHEL 9 container images have been updated to fix several bugs.\n\nUsers of Cryostat 4 on RHEL 9 container images are advised to upgrade to these updated images, which contain backported patches to fix these bugs and add these enhancements. Users of these images are also encouraged to rebuild all container images that depend on these images.\n\nSecurity Fix(es):\n\n* cryostat: authentication bypass if Network Policies are disabled (CVE-2025-8415)\n* netty: netty-codec-http2: Netty MadeYouReset HTTP/2 DDoS Vulnerability (CVE-2025-55163)\n* form-data: Unsafe random function in form-data (CVE-2025-7783)\n\nYou can find images updated by this advisory in the Red Hat Container Catalog (see the References section).",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2025:14919",
        "url": "https://access.redhat.com/errata/RHSA-2025:14919"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#important",
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "category": "external",
        "summary": "2381959",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2381959"
      },
      {
        "category": "external",
        "summary": "2385773",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2385773"
      },
      {
        "category": "external",
        "summary": "2388252",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2388252"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_14919.json"
      }
    ],
    "title": "Red Hat Security Advisory: Red Hat build of Cryostat 4.0.2: new RHEL 9 container image security update",
    "tracking": {
      "current_release_date": "2025-11-21T19:24:20+00:00",
      "generator": {
        "date": "2025-11-21T19:24:20+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.6.12"
        }
      },
      "id": "RHSA-2025:14919",
      "initial_release_date": "2025-09-03T02:15:18+00:00",
      "revision_history": [
        {
          "date": "2025-09-03T02:15:18+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2025-09-03T02:15:18+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2025-11-21T19:24:20+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Cryostat 4 on RHEL 9",
                "product": {
                  "name": "Cryostat 4 on RHEL 9",
                  "product_id": "9Base-Cryostat-4",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:cryostat:4::el9"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Cryostat"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "cryostat/cryostat-agent-init-rhel9@sha256:0e5ffd83db750fb85c1e6e268a6be392bf084558e9b07d29bb6b752b756f98e8_amd64",
                "product": {
                  "name": "cryostat/cryostat-agent-init-rhel9@sha256:0e5ffd83db750fb85c1e6e268a6be392bf084558e9b07d29bb6b752b756f98e8_amd64",
                  "product_id": "cryostat/cryostat-agent-init-rhel9@sha256:0e5ffd83db750fb85c1e6e268a6be392bf084558e9b07d29bb6b752b756f98e8_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/cryostat-agent-init-rhel9@sha256:0e5ffd83db750fb85c1e6e268a6be392bf084558e9b07d29bb6b752b756f98e8?arch=amd64\u0026repository_url=registry.redhat.io/cryostat/cryostat-agent-init-rhel9\u0026tag=0.5.2-3"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "cryostat/cryostat-db-rhel9@sha256:a598e40bbe2ce6243d1eb583dc57041c4ced8a4a5bcba2d0a4f9d8decc8bfb5e_amd64",
                "product": {
                  "name": "cryostat/cryostat-db-rhel9@sha256:a598e40bbe2ce6243d1eb583dc57041c4ced8a4a5bcba2d0a4f9d8decc8bfb5e_amd64",
                  "product_id": "cryostat/cryostat-db-rhel9@sha256:a598e40bbe2ce6243d1eb583dc57041c4ced8a4a5bcba2d0a4f9d8decc8bfb5e_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/cryostat-db-rhel9@sha256:a598e40bbe2ce6243d1eb583dc57041c4ced8a4a5bcba2d0a4f9d8decc8bfb5e?arch=amd64\u0026repository_url=registry.redhat.io/cryostat/cryostat-db-rhel9\u0026tag=4.0.2-3"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "cryostat/cryostat-grafana-dashboard-rhel9@sha256:1b2c837ef2ae61f187d4d3b7be3f9fb3a2f8910d99a5b7d02929edb993631cc9_amd64",
                "product": {
                  "name": "cryostat/cryostat-grafana-dashboard-rhel9@sha256:1b2c837ef2ae61f187d4d3b7be3f9fb3a2f8910d99a5b7d02929edb993631cc9_amd64",
                  "product_id": "cryostat/cryostat-grafana-dashboard-rhel9@sha256:1b2c837ef2ae61f187d4d3b7be3f9fb3a2f8910d99a5b7d02929edb993631cc9_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/cryostat-grafana-dashboard-rhel9@sha256:1b2c837ef2ae61f187d4d3b7be3f9fb3a2f8910d99a5b7d02929edb993631cc9?arch=amd64\u0026repository_url=registry.redhat.io/cryostat/cryostat-grafana-dashboard-rhel9\u0026tag=4.0.2-3"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "cryostat/cryostat-openshift-console-plugin-rhel9@sha256:04c736cd3efff1a2d894bd7bfb2d982cc2de938aeb859ce01fe5c237275305a5_amd64",
                "product": {
                  "name": "cryostat/cryostat-openshift-console-plugin-rhel9@sha256:04c736cd3efff1a2d894bd7bfb2d982cc2de938aeb859ce01fe5c237275305a5_amd64",
                  "product_id": "cryostat/cryostat-openshift-console-plugin-rhel9@sha256:04c736cd3efff1a2d894bd7bfb2d982cc2de938aeb859ce01fe5c237275305a5_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/cryostat-openshift-console-plugin-rhel9@sha256:04c736cd3efff1a2d894bd7bfb2d982cc2de938aeb859ce01fe5c237275305a5?arch=amd64\u0026repository_url=registry.redhat.io/cryostat/cryostat-openshift-console-plugin-rhel9\u0026tag=4.0.2-3"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "cryostat/cryostat-ose-oauth-proxy-rhel9@sha256:a049c80f0fdbdd21ee6513c703b057aae78259e2077357b84a3faf01a002db1f_amd64",
                "product": {
                  "name": "cryostat/cryostat-ose-oauth-proxy-rhel9@sha256:a049c80f0fdbdd21ee6513c703b057aae78259e2077357b84a3faf01a002db1f_amd64",
                  "product_id": "cryostat/cryostat-ose-oauth-proxy-rhel9@sha256:a049c80f0fdbdd21ee6513c703b057aae78259e2077357b84a3faf01a002db1f_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/cryostat-ose-oauth-proxy-rhel9@sha256:a049c80f0fdbdd21ee6513c703b057aae78259e2077357b84a3faf01a002db1f?arch=amd64\u0026repository_url=registry.redhat.io/cryostat/cryostat-ose-oauth-proxy-rhel9\u0026tag=4.0.2-3"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "cryostat/cryostat-reports-rhel9@sha256:577db510c36a906d7583f9daec87f1df593167ecaac881573a9fb9511e7786c0_amd64",
                "product": {
                  "name": "cryostat/cryostat-reports-rhel9@sha256:577db510c36a906d7583f9daec87f1df593167ecaac881573a9fb9511e7786c0_amd64",
                  "product_id": "cryostat/cryostat-reports-rhel9@sha256:577db510c36a906d7583f9daec87f1df593167ecaac881573a9fb9511e7786c0_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/cryostat-reports-rhel9@sha256:577db510c36a906d7583f9daec87f1df593167ecaac881573a9fb9511e7786c0?arch=amd64\u0026repository_url=registry.redhat.io/cryostat/cryostat-reports-rhel9\u0026tag=4.0.2-3"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "cryostat/cryostat-rhel9@sha256:813522e91ba44510abfb6802cfbfe0dbdde1df678fb72c0954458d9485ff9469_amd64",
                "product": {
                  "name": "cryostat/cryostat-rhel9@sha256:813522e91ba44510abfb6802cfbfe0dbdde1df678fb72c0954458d9485ff9469_amd64",
                  "product_id": "cryostat/cryostat-rhel9@sha256:813522e91ba44510abfb6802cfbfe0dbdde1df678fb72c0954458d9485ff9469_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/cryostat-rhel9@sha256:813522e91ba44510abfb6802cfbfe0dbdde1df678fb72c0954458d9485ff9469?arch=amd64\u0026repository_url=registry.redhat.io/cryostat/cryostat-rhel9\u0026tag=4.0.2-3"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "cryostat/cryostat-operator-bundle@sha256:52f04cfb6bbc0a04ef61a1d061e45dc4a44e98fba9413961d69a6a97cf45e084_amd64",
                "product": {
                  "name": "cryostat/cryostat-operator-bundle@sha256:52f04cfb6bbc0a04ef61a1d061e45dc4a44e98fba9413961d69a6a97cf45e084_amd64",
                  "product_id": "cryostat/cryostat-operator-bundle@sha256:52f04cfb6bbc0a04ef61a1d061e45dc4a44e98fba9413961d69a6a97cf45e084_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/cryostat-operator-bundle@sha256:52f04cfb6bbc0a04ef61a1d061e45dc4a44e98fba9413961d69a6a97cf45e084?arch=amd64\u0026repository_url=registry.redhat.io/cryostat/cryostat-operator-bundle\u0026tag=4.0.2-3"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "cryostat/cryostat-rhel9-operator@sha256:a2b8104352ac48cf5a076e0a4ab48e435535913e1f0301ba69bc7c4ff1ea70c2_amd64",
                "product": {
                  "name": "cryostat/cryostat-rhel9-operator@sha256:a2b8104352ac48cf5a076e0a4ab48e435535913e1f0301ba69bc7c4ff1ea70c2_amd64",
                  "product_id": "cryostat/cryostat-rhel9-operator@sha256:a2b8104352ac48cf5a076e0a4ab48e435535913e1f0301ba69bc7c4ff1ea70c2_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/cryostat-rhel9-operator@sha256:a2b8104352ac48cf5a076e0a4ab48e435535913e1f0301ba69bc7c4ff1ea70c2?arch=amd64\u0026repository_url=registry.redhat.io/cryostat/cryostat-rhel9-operator\u0026tag=4.0.2-3"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "cryostat/cryostat-storage-rhel9@sha256:415e55fd5a49c4de08af32f2efa76de4f5bbeeb48e868de5f8cdb79d7c8ce526_amd64",
                "product": {
                  "name": "cryostat/cryostat-storage-rhel9@sha256:415e55fd5a49c4de08af32f2efa76de4f5bbeeb48e868de5f8cdb79d7c8ce526_amd64",
                  "product_id": "cryostat/cryostat-storage-rhel9@sha256:415e55fd5a49c4de08af32f2efa76de4f5bbeeb48e868de5f8cdb79d7c8ce526_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/cryostat-storage-rhel9@sha256:415e55fd5a49c4de08af32f2efa76de4f5bbeeb48e868de5f8cdb79d7c8ce526?arch=amd64\u0026repository_url=registry.redhat.io/cryostat/cryostat-storage-rhel9\u0026tag=4.0.2-3"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "cryostat/jfr-datasource-rhel9@sha256:36f0386024588220c316c6dcc442a709491d5d6adb217ae1dd8dd1aca7c6b94a_amd64",
                "product": {
                  "name": "cryostat/jfr-datasource-rhel9@sha256:36f0386024588220c316c6dcc442a709491d5d6adb217ae1dd8dd1aca7c6b94a_amd64",
                  "product_id": "cryostat/jfr-datasource-rhel9@sha256:36f0386024588220c316c6dcc442a709491d5d6adb217ae1dd8dd1aca7c6b94a_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/jfr-datasource-rhel9@sha256:36f0386024588220c316c6dcc442a709491d5d6adb217ae1dd8dd1aca7c6b94a?arch=amd64\u0026repository_url=registry.redhat.io/cryostat/jfr-datasource-rhel9\u0026tag=4.0.2-3"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "amd64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "cryostat/cryostat-agent-init-rhel9@sha256:d6d38a85fabf58e7dabcc9088f0c5271f1f03616e883175ad67081232fd08189_arm64",
                "product": {
                  "name": "cryostat/cryostat-agent-init-rhel9@sha256:d6d38a85fabf58e7dabcc9088f0c5271f1f03616e883175ad67081232fd08189_arm64",
                  "product_id": "cryostat/cryostat-agent-init-rhel9@sha256:d6d38a85fabf58e7dabcc9088f0c5271f1f03616e883175ad67081232fd08189_arm64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/cryostat-agent-init-rhel9@sha256:d6d38a85fabf58e7dabcc9088f0c5271f1f03616e883175ad67081232fd08189?arch=arm64\u0026repository_url=registry.redhat.io/cryostat/cryostat-agent-init-rhel9\u0026tag=0.5.2-3"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "cryostat/cryostat-db-rhel9@sha256:98289ddd46c3b9e3ed22cb76f4f5372b28d84637f84e0e24fcfd75f1b6cdfc4c_arm64",
                "product": {
                  "name": "cryostat/cryostat-db-rhel9@sha256:98289ddd46c3b9e3ed22cb76f4f5372b28d84637f84e0e24fcfd75f1b6cdfc4c_arm64",
                  "product_id": "cryostat/cryostat-db-rhel9@sha256:98289ddd46c3b9e3ed22cb76f4f5372b28d84637f84e0e24fcfd75f1b6cdfc4c_arm64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/cryostat-db-rhel9@sha256:98289ddd46c3b9e3ed22cb76f4f5372b28d84637f84e0e24fcfd75f1b6cdfc4c?arch=arm64\u0026repository_url=registry.redhat.io/cryostat/cryostat-db-rhel9\u0026tag=4.0.2-3"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "cryostat/cryostat-grafana-dashboard-rhel9@sha256:7c1d1bee4b41222a89ccff05f96c718c230779cd123c33ce5150c1c6df69abe4_arm64",
                "product": {
                  "name": "cryostat/cryostat-grafana-dashboard-rhel9@sha256:7c1d1bee4b41222a89ccff05f96c718c230779cd123c33ce5150c1c6df69abe4_arm64",
                  "product_id": "cryostat/cryostat-grafana-dashboard-rhel9@sha256:7c1d1bee4b41222a89ccff05f96c718c230779cd123c33ce5150c1c6df69abe4_arm64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/cryostat-grafana-dashboard-rhel9@sha256:7c1d1bee4b41222a89ccff05f96c718c230779cd123c33ce5150c1c6df69abe4?arch=arm64\u0026repository_url=registry.redhat.io/cryostat/cryostat-grafana-dashboard-rhel9\u0026tag=4.0.2-3"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "cryostat/cryostat-openshift-console-plugin-rhel9@sha256:72e93e32df5c0af848dfae42aee3633069df0cbdaacfc4bb9c68b54a161c1bd9_arm64",
                "product": {
                  "name": "cryostat/cryostat-openshift-console-plugin-rhel9@sha256:72e93e32df5c0af848dfae42aee3633069df0cbdaacfc4bb9c68b54a161c1bd9_arm64",
                  "product_id": "cryostat/cryostat-openshift-console-plugin-rhel9@sha256:72e93e32df5c0af848dfae42aee3633069df0cbdaacfc4bb9c68b54a161c1bd9_arm64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/cryostat-openshift-console-plugin-rhel9@sha256:72e93e32df5c0af848dfae42aee3633069df0cbdaacfc4bb9c68b54a161c1bd9?arch=arm64\u0026repository_url=registry.redhat.io/cryostat/cryostat-openshift-console-plugin-rhel9\u0026tag=4.0.2-3"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "cryostat/cryostat-ose-oauth-proxy-rhel9@sha256:de2537a6036e88a9eb3821851b1f8e3fcaa069d46f18e9a999848058c2923872_arm64",
                "product": {
                  "name": "cryostat/cryostat-ose-oauth-proxy-rhel9@sha256:de2537a6036e88a9eb3821851b1f8e3fcaa069d46f18e9a999848058c2923872_arm64",
                  "product_id": "cryostat/cryostat-ose-oauth-proxy-rhel9@sha256:de2537a6036e88a9eb3821851b1f8e3fcaa069d46f18e9a999848058c2923872_arm64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/cryostat-ose-oauth-proxy-rhel9@sha256:de2537a6036e88a9eb3821851b1f8e3fcaa069d46f18e9a999848058c2923872?arch=arm64\u0026repository_url=registry.redhat.io/cryostat/cryostat-ose-oauth-proxy-rhel9\u0026tag=4.0.2-3"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "cryostat/cryostat-reports-rhel9@sha256:2eef8c97381bc0c8418be415384f2cef5b59bcc2f286fe65fc18873d8719c628_arm64",
                "product": {
                  "name": "cryostat/cryostat-reports-rhel9@sha256:2eef8c97381bc0c8418be415384f2cef5b59bcc2f286fe65fc18873d8719c628_arm64",
                  "product_id": "cryostat/cryostat-reports-rhel9@sha256:2eef8c97381bc0c8418be415384f2cef5b59bcc2f286fe65fc18873d8719c628_arm64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/cryostat-reports-rhel9@sha256:2eef8c97381bc0c8418be415384f2cef5b59bcc2f286fe65fc18873d8719c628?arch=arm64\u0026repository_url=registry.redhat.io/cryostat/cryostat-reports-rhel9\u0026tag=4.0.2-3"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "cryostat/cryostat-rhel9@sha256:54fd86c9f83b0a690b5a2effd8bb1c1a91440c284f5c7c64a603bb62bb915e6f_arm64",
                "product": {
                  "name": "cryostat/cryostat-rhel9@sha256:54fd86c9f83b0a690b5a2effd8bb1c1a91440c284f5c7c64a603bb62bb915e6f_arm64",
                  "product_id": "cryostat/cryostat-rhel9@sha256:54fd86c9f83b0a690b5a2effd8bb1c1a91440c284f5c7c64a603bb62bb915e6f_arm64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/cryostat-rhel9@sha256:54fd86c9f83b0a690b5a2effd8bb1c1a91440c284f5c7c64a603bb62bb915e6f?arch=arm64\u0026repository_url=registry.redhat.io/cryostat/cryostat-rhel9\u0026tag=4.0.2-3"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "cryostat/cryostat-operator-bundle@sha256:808f35402b5b20c395a26436d6a121fb8e81ff56fd6a60e8e84ad8e4f64d37d4_arm64",
                "product": {
                  "name": "cryostat/cryostat-operator-bundle@sha256:808f35402b5b20c395a26436d6a121fb8e81ff56fd6a60e8e84ad8e4f64d37d4_arm64",
                  "product_id": "cryostat/cryostat-operator-bundle@sha256:808f35402b5b20c395a26436d6a121fb8e81ff56fd6a60e8e84ad8e4f64d37d4_arm64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/cryostat-operator-bundle@sha256:808f35402b5b20c395a26436d6a121fb8e81ff56fd6a60e8e84ad8e4f64d37d4?arch=arm64\u0026repository_url=registry.redhat.io/cryostat/cryostat-operator-bundle\u0026tag=4.0.2-3"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "cryostat/cryostat-rhel9-operator@sha256:a4dd6911c3fcd3b1fffcb24b54f798cfd1f1113020556685333d8c8e3857a9ca_arm64",
                "product": {
                  "name": "cryostat/cryostat-rhel9-operator@sha256:a4dd6911c3fcd3b1fffcb24b54f798cfd1f1113020556685333d8c8e3857a9ca_arm64",
                  "product_id": "cryostat/cryostat-rhel9-operator@sha256:a4dd6911c3fcd3b1fffcb24b54f798cfd1f1113020556685333d8c8e3857a9ca_arm64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/cryostat-rhel9-operator@sha256:a4dd6911c3fcd3b1fffcb24b54f798cfd1f1113020556685333d8c8e3857a9ca?arch=arm64\u0026repository_url=registry.redhat.io/cryostat/cryostat-rhel9-operator\u0026tag=4.0.2-3"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "cryostat/cryostat-storage-rhel9@sha256:0468feecc78f056ed30ab07ec3d8b53d0be37f4a00d49009ea6e3f9b20c9c509_arm64",
                "product": {
                  "name": "cryostat/cryostat-storage-rhel9@sha256:0468feecc78f056ed30ab07ec3d8b53d0be37f4a00d49009ea6e3f9b20c9c509_arm64",
                  "product_id": "cryostat/cryostat-storage-rhel9@sha256:0468feecc78f056ed30ab07ec3d8b53d0be37f4a00d49009ea6e3f9b20c9c509_arm64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/cryostat-storage-rhel9@sha256:0468feecc78f056ed30ab07ec3d8b53d0be37f4a00d49009ea6e3f9b20c9c509?arch=arm64\u0026repository_url=registry.redhat.io/cryostat/cryostat-storage-rhel9\u0026tag=4.0.2-3"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "cryostat/jfr-datasource-rhel9@sha256:3c714df80db3d94b1e70cd81fd70b5f012f5e85b9cc974d8a56d0eb59174a823_arm64",
                "product": {
                  "name": "cryostat/jfr-datasource-rhel9@sha256:3c714df80db3d94b1e70cd81fd70b5f012f5e85b9cc974d8a56d0eb59174a823_arm64",
                  "product_id": "cryostat/jfr-datasource-rhel9@sha256:3c714df80db3d94b1e70cd81fd70b5f012f5e85b9cc974d8a56d0eb59174a823_arm64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/jfr-datasource-rhel9@sha256:3c714df80db3d94b1e70cd81fd70b5f012f5e85b9cc974d8a56d0eb59174a823?arch=arm64\u0026repository_url=registry.redhat.io/cryostat/jfr-datasource-rhel9\u0026tag=4.0.2-3"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "arm64"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cryostat/cryostat-agent-init-rhel9@sha256:0e5ffd83db750fb85c1e6e268a6be392bf084558e9b07d29bb6b752b756f98e8_amd64 as a component of Cryostat 4 on RHEL 9",
          "product_id": "9Base-Cryostat-4:cryostat/cryostat-agent-init-rhel9@sha256:0e5ffd83db750fb85c1e6e268a6be392bf084558e9b07d29bb6b752b756f98e8_amd64"
        },
        "product_reference": "cryostat/cryostat-agent-init-rhel9@sha256:0e5ffd83db750fb85c1e6e268a6be392bf084558e9b07d29bb6b752b756f98e8_amd64",
        "relates_to_product_reference": "9Base-Cryostat-4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cryostat/cryostat-agent-init-rhel9@sha256:d6d38a85fabf58e7dabcc9088f0c5271f1f03616e883175ad67081232fd08189_arm64 as a component of Cryostat 4 on RHEL 9",
          "product_id": "9Base-Cryostat-4:cryostat/cryostat-agent-init-rhel9@sha256:d6d38a85fabf58e7dabcc9088f0c5271f1f03616e883175ad67081232fd08189_arm64"
        },
        "product_reference": "cryostat/cryostat-agent-init-rhel9@sha256:d6d38a85fabf58e7dabcc9088f0c5271f1f03616e883175ad67081232fd08189_arm64",
        "relates_to_product_reference": "9Base-Cryostat-4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cryostat/cryostat-db-rhel9@sha256:98289ddd46c3b9e3ed22cb76f4f5372b28d84637f84e0e24fcfd75f1b6cdfc4c_arm64 as a component of Cryostat 4 on RHEL 9",
          "product_id": "9Base-Cryostat-4:cryostat/cryostat-db-rhel9@sha256:98289ddd46c3b9e3ed22cb76f4f5372b28d84637f84e0e24fcfd75f1b6cdfc4c_arm64"
        },
        "product_reference": "cryostat/cryostat-db-rhel9@sha256:98289ddd46c3b9e3ed22cb76f4f5372b28d84637f84e0e24fcfd75f1b6cdfc4c_arm64",
        "relates_to_product_reference": "9Base-Cryostat-4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cryostat/cryostat-db-rhel9@sha256:a598e40bbe2ce6243d1eb583dc57041c4ced8a4a5bcba2d0a4f9d8decc8bfb5e_amd64 as a component of Cryostat 4 on RHEL 9",
          "product_id": "9Base-Cryostat-4:cryostat/cryostat-db-rhel9@sha256:a598e40bbe2ce6243d1eb583dc57041c4ced8a4a5bcba2d0a4f9d8decc8bfb5e_amd64"
        },
        "product_reference": "cryostat/cryostat-db-rhel9@sha256:a598e40bbe2ce6243d1eb583dc57041c4ced8a4a5bcba2d0a4f9d8decc8bfb5e_amd64",
        "relates_to_product_reference": "9Base-Cryostat-4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cryostat/cryostat-grafana-dashboard-rhel9@sha256:1b2c837ef2ae61f187d4d3b7be3f9fb3a2f8910d99a5b7d02929edb993631cc9_amd64 as a component of Cryostat 4 on RHEL 9",
          "product_id": "9Base-Cryostat-4:cryostat/cryostat-grafana-dashboard-rhel9@sha256:1b2c837ef2ae61f187d4d3b7be3f9fb3a2f8910d99a5b7d02929edb993631cc9_amd64"
        },
        "product_reference": "cryostat/cryostat-grafana-dashboard-rhel9@sha256:1b2c837ef2ae61f187d4d3b7be3f9fb3a2f8910d99a5b7d02929edb993631cc9_amd64",
        "relates_to_product_reference": "9Base-Cryostat-4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cryostat/cryostat-grafana-dashboard-rhel9@sha256:7c1d1bee4b41222a89ccff05f96c718c230779cd123c33ce5150c1c6df69abe4_arm64 as a component of Cryostat 4 on RHEL 9",
          "product_id": "9Base-Cryostat-4:cryostat/cryostat-grafana-dashboard-rhel9@sha256:7c1d1bee4b41222a89ccff05f96c718c230779cd123c33ce5150c1c6df69abe4_arm64"
        },
        "product_reference": "cryostat/cryostat-grafana-dashboard-rhel9@sha256:7c1d1bee4b41222a89ccff05f96c718c230779cd123c33ce5150c1c6df69abe4_arm64",
        "relates_to_product_reference": "9Base-Cryostat-4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cryostat/cryostat-openshift-console-plugin-rhel9@sha256:04c736cd3efff1a2d894bd7bfb2d982cc2de938aeb859ce01fe5c237275305a5_amd64 as a component of Cryostat 4 on RHEL 9",
          "product_id": "9Base-Cryostat-4:cryostat/cryostat-openshift-console-plugin-rhel9@sha256:04c736cd3efff1a2d894bd7bfb2d982cc2de938aeb859ce01fe5c237275305a5_amd64"
        },
        "product_reference": "cryostat/cryostat-openshift-console-plugin-rhel9@sha256:04c736cd3efff1a2d894bd7bfb2d982cc2de938aeb859ce01fe5c237275305a5_amd64",
        "relates_to_product_reference": "9Base-Cryostat-4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cryostat/cryostat-openshift-console-plugin-rhel9@sha256:72e93e32df5c0af848dfae42aee3633069df0cbdaacfc4bb9c68b54a161c1bd9_arm64 as a component of Cryostat 4 on RHEL 9",
          "product_id": "9Base-Cryostat-4:cryostat/cryostat-openshift-console-plugin-rhel9@sha256:72e93e32df5c0af848dfae42aee3633069df0cbdaacfc4bb9c68b54a161c1bd9_arm64"
        },
        "product_reference": "cryostat/cryostat-openshift-console-plugin-rhel9@sha256:72e93e32df5c0af848dfae42aee3633069df0cbdaacfc4bb9c68b54a161c1bd9_arm64",
        "relates_to_product_reference": "9Base-Cryostat-4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cryostat/cryostat-operator-bundle@sha256:52f04cfb6bbc0a04ef61a1d061e45dc4a44e98fba9413961d69a6a97cf45e084_amd64 as a component of Cryostat 4 on RHEL 9",
          "product_id": "9Base-Cryostat-4:cryostat/cryostat-operator-bundle@sha256:52f04cfb6bbc0a04ef61a1d061e45dc4a44e98fba9413961d69a6a97cf45e084_amd64"
        },
        "product_reference": "cryostat/cryostat-operator-bundle@sha256:52f04cfb6bbc0a04ef61a1d061e45dc4a44e98fba9413961d69a6a97cf45e084_amd64",
        "relates_to_product_reference": "9Base-Cryostat-4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cryostat/cryostat-operator-bundle@sha256:808f35402b5b20c395a26436d6a121fb8e81ff56fd6a60e8e84ad8e4f64d37d4_arm64 as a component of Cryostat 4 on RHEL 9",
          "product_id": "9Base-Cryostat-4:cryostat/cryostat-operator-bundle@sha256:808f35402b5b20c395a26436d6a121fb8e81ff56fd6a60e8e84ad8e4f64d37d4_arm64"
        },
        "product_reference": "cryostat/cryostat-operator-bundle@sha256:808f35402b5b20c395a26436d6a121fb8e81ff56fd6a60e8e84ad8e4f64d37d4_arm64",
        "relates_to_product_reference": "9Base-Cryostat-4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cryostat/cryostat-ose-oauth-proxy-rhel9@sha256:a049c80f0fdbdd21ee6513c703b057aae78259e2077357b84a3faf01a002db1f_amd64 as a component of Cryostat 4 on RHEL 9",
          "product_id": "9Base-Cryostat-4:cryostat/cryostat-ose-oauth-proxy-rhel9@sha256:a049c80f0fdbdd21ee6513c703b057aae78259e2077357b84a3faf01a002db1f_amd64"
        },
        "product_reference": "cryostat/cryostat-ose-oauth-proxy-rhel9@sha256:a049c80f0fdbdd21ee6513c703b057aae78259e2077357b84a3faf01a002db1f_amd64",
        "relates_to_product_reference": "9Base-Cryostat-4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cryostat/cryostat-ose-oauth-proxy-rhel9@sha256:de2537a6036e88a9eb3821851b1f8e3fcaa069d46f18e9a999848058c2923872_arm64 as a component of Cryostat 4 on RHEL 9",
          "product_id": "9Base-Cryostat-4:cryostat/cryostat-ose-oauth-proxy-rhel9@sha256:de2537a6036e88a9eb3821851b1f8e3fcaa069d46f18e9a999848058c2923872_arm64"
        },
        "product_reference": "cryostat/cryostat-ose-oauth-proxy-rhel9@sha256:de2537a6036e88a9eb3821851b1f8e3fcaa069d46f18e9a999848058c2923872_arm64",
        "relates_to_product_reference": "9Base-Cryostat-4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cryostat/cryostat-reports-rhel9@sha256:2eef8c97381bc0c8418be415384f2cef5b59bcc2f286fe65fc18873d8719c628_arm64 as a component of Cryostat 4 on RHEL 9",
          "product_id": "9Base-Cryostat-4:cryostat/cryostat-reports-rhel9@sha256:2eef8c97381bc0c8418be415384f2cef5b59bcc2f286fe65fc18873d8719c628_arm64"
        },
        "product_reference": "cryostat/cryostat-reports-rhel9@sha256:2eef8c97381bc0c8418be415384f2cef5b59bcc2f286fe65fc18873d8719c628_arm64",
        "relates_to_product_reference": "9Base-Cryostat-4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cryostat/cryostat-reports-rhel9@sha256:577db510c36a906d7583f9daec87f1df593167ecaac881573a9fb9511e7786c0_amd64 as a component of Cryostat 4 on RHEL 9",
          "product_id": "9Base-Cryostat-4:cryostat/cryostat-reports-rhel9@sha256:577db510c36a906d7583f9daec87f1df593167ecaac881573a9fb9511e7786c0_amd64"
        },
        "product_reference": "cryostat/cryostat-reports-rhel9@sha256:577db510c36a906d7583f9daec87f1df593167ecaac881573a9fb9511e7786c0_amd64",
        "relates_to_product_reference": "9Base-Cryostat-4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cryostat/cryostat-rhel9-operator@sha256:a2b8104352ac48cf5a076e0a4ab48e435535913e1f0301ba69bc7c4ff1ea70c2_amd64 as a component of Cryostat 4 on RHEL 9",
          "product_id": "9Base-Cryostat-4:cryostat/cryostat-rhel9-operator@sha256:a2b8104352ac48cf5a076e0a4ab48e435535913e1f0301ba69bc7c4ff1ea70c2_amd64"
        },
        "product_reference": "cryostat/cryostat-rhel9-operator@sha256:a2b8104352ac48cf5a076e0a4ab48e435535913e1f0301ba69bc7c4ff1ea70c2_amd64",
        "relates_to_product_reference": "9Base-Cryostat-4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cryostat/cryostat-rhel9-operator@sha256:a4dd6911c3fcd3b1fffcb24b54f798cfd1f1113020556685333d8c8e3857a9ca_arm64 as a component of Cryostat 4 on RHEL 9",
          "product_id": "9Base-Cryostat-4:cryostat/cryostat-rhel9-operator@sha256:a4dd6911c3fcd3b1fffcb24b54f798cfd1f1113020556685333d8c8e3857a9ca_arm64"
        },
        "product_reference": "cryostat/cryostat-rhel9-operator@sha256:a4dd6911c3fcd3b1fffcb24b54f798cfd1f1113020556685333d8c8e3857a9ca_arm64",
        "relates_to_product_reference": "9Base-Cryostat-4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cryostat/cryostat-rhel9@sha256:54fd86c9f83b0a690b5a2effd8bb1c1a91440c284f5c7c64a603bb62bb915e6f_arm64 as a component of Cryostat 4 on RHEL 9",
          "product_id": "9Base-Cryostat-4:cryostat/cryostat-rhel9@sha256:54fd86c9f83b0a690b5a2effd8bb1c1a91440c284f5c7c64a603bb62bb915e6f_arm64"
        },
        "product_reference": "cryostat/cryostat-rhel9@sha256:54fd86c9f83b0a690b5a2effd8bb1c1a91440c284f5c7c64a603bb62bb915e6f_arm64",
        "relates_to_product_reference": "9Base-Cryostat-4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cryostat/cryostat-rhel9@sha256:813522e91ba44510abfb6802cfbfe0dbdde1df678fb72c0954458d9485ff9469_amd64 as a component of Cryostat 4 on RHEL 9",
          "product_id": "9Base-Cryostat-4:cryostat/cryostat-rhel9@sha256:813522e91ba44510abfb6802cfbfe0dbdde1df678fb72c0954458d9485ff9469_amd64"
        },
        "product_reference": "cryostat/cryostat-rhel9@sha256:813522e91ba44510abfb6802cfbfe0dbdde1df678fb72c0954458d9485ff9469_amd64",
        "relates_to_product_reference": "9Base-Cryostat-4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cryostat/cryostat-storage-rhel9@sha256:0468feecc78f056ed30ab07ec3d8b53d0be37f4a00d49009ea6e3f9b20c9c509_arm64 as a component of Cryostat 4 on RHEL 9",
          "product_id": "9Base-Cryostat-4:cryostat/cryostat-storage-rhel9@sha256:0468feecc78f056ed30ab07ec3d8b53d0be37f4a00d49009ea6e3f9b20c9c509_arm64"
        },
        "product_reference": "cryostat/cryostat-storage-rhel9@sha256:0468feecc78f056ed30ab07ec3d8b53d0be37f4a00d49009ea6e3f9b20c9c509_arm64",
        "relates_to_product_reference": "9Base-Cryostat-4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cryostat/cryostat-storage-rhel9@sha256:415e55fd5a49c4de08af32f2efa76de4f5bbeeb48e868de5f8cdb79d7c8ce526_amd64 as a component of Cryostat 4 on RHEL 9",
          "product_id": "9Base-Cryostat-4:cryostat/cryostat-storage-rhel9@sha256:415e55fd5a49c4de08af32f2efa76de4f5bbeeb48e868de5f8cdb79d7c8ce526_amd64"
        },
        "product_reference": "cryostat/cryostat-storage-rhel9@sha256:415e55fd5a49c4de08af32f2efa76de4f5bbeeb48e868de5f8cdb79d7c8ce526_amd64",
        "relates_to_product_reference": "9Base-Cryostat-4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cryostat/jfr-datasource-rhel9@sha256:36f0386024588220c316c6dcc442a709491d5d6adb217ae1dd8dd1aca7c6b94a_amd64 as a component of Cryostat 4 on RHEL 9",
          "product_id": "9Base-Cryostat-4:cryostat/jfr-datasource-rhel9@sha256:36f0386024588220c316c6dcc442a709491d5d6adb217ae1dd8dd1aca7c6b94a_amd64"
        },
        "product_reference": "cryostat/jfr-datasource-rhel9@sha256:36f0386024588220c316c6dcc442a709491d5d6adb217ae1dd8dd1aca7c6b94a_amd64",
        "relates_to_product_reference": "9Base-Cryostat-4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cryostat/jfr-datasource-rhel9@sha256:3c714df80db3d94b1e70cd81fd70b5f012f5e85b9cc974d8a56d0eb59174a823_arm64 as a component of Cryostat 4 on RHEL 9",
          "product_id": "9Base-Cryostat-4:cryostat/jfr-datasource-rhel9@sha256:3c714df80db3d94b1e70cd81fd70b5f012f5e85b9cc974d8a56d0eb59174a823_arm64"
        },
        "product_reference": "cryostat/jfr-datasource-rhel9@sha256:3c714df80db3d94b1e70cd81fd70b5f012f5e85b9cc974d8a56d0eb59174a823_arm64",
        "relates_to_product_reference": "9Base-Cryostat-4"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2025-7783",
      "cwe": {
        "id": "CWE-330",
        "name": "Use of Insufficiently Random Values"
      },
      "discovery_date": "2025-07-18T17:00:43.396637+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2381959"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A vulnerability related to predictable random number generation has been discovered in the form-data JavaScript library. The library utilizes Math.random() to determine boundary values for multipart form-encoded data.\n\nThis presents a security risk if an attacker can observe other values generated by Math.random() within the target application and simultaneously control at least one field of a request made using form-data. Under these conditions, the attacker could potentially predict or determine the boundary values. This predictability could be leveraged to bypass security controls, manipulate form data, or potentially lead to data integrity issues or other forms of exploitation.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "form-data: Unsafe random function in form-data",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This flaw does not affect host systems. The impact of this vulnerability is limited to specific applications which integrate the `form-data` library. As a result the impact of this CVE is limited on RedHat systems.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "9Base-Cryostat-4:cryostat/cryostat-agent-init-rhel9@sha256:0e5ffd83db750fb85c1e6e268a6be392bf084558e9b07d29bb6b752b756f98e8_amd64",
          "9Base-Cryostat-4:cryostat/cryostat-agent-init-rhel9@sha256:d6d38a85fabf58e7dabcc9088f0c5271f1f03616e883175ad67081232fd08189_arm64",
          "9Base-Cryostat-4:cryostat/cryostat-db-rhel9@sha256:98289ddd46c3b9e3ed22cb76f4f5372b28d84637f84e0e24fcfd75f1b6cdfc4c_arm64",
          "9Base-Cryostat-4:cryostat/cryostat-db-rhel9@sha256:a598e40bbe2ce6243d1eb583dc57041c4ced8a4a5bcba2d0a4f9d8decc8bfb5e_amd64",
          "9Base-Cryostat-4:cryostat/cryostat-grafana-dashboard-rhel9@sha256:1b2c837ef2ae61f187d4d3b7be3f9fb3a2f8910d99a5b7d02929edb993631cc9_amd64",
          "9Base-Cryostat-4:cryostat/cryostat-grafana-dashboard-rhel9@sha256:7c1d1bee4b41222a89ccff05f96c718c230779cd123c33ce5150c1c6df69abe4_arm64",
          "9Base-Cryostat-4:cryostat/cryostat-openshift-console-plugin-rhel9@sha256:04c736cd3efff1a2d894bd7bfb2d982cc2de938aeb859ce01fe5c237275305a5_amd64",
          "9Base-Cryostat-4:cryostat/cryostat-openshift-console-plugin-rhel9@sha256:72e93e32df5c0af848dfae42aee3633069df0cbdaacfc4bb9c68b54a161c1bd9_arm64",
          "9Base-Cryostat-4:cryostat/cryostat-operator-bundle@sha256:52f04cfb6bbc0a04ef61a1d061e45dc4a44e98fba9413961d69a6a97cf45e084_amd64",
          "9Base-Cryostat-4:cryostat/cryostat-operator-bundle@sha256:808f35402b5b20c395a26436d6a121fb8e81ff56fd6a60e8e84ad8e4f64d37d4_arm64",
          "9Base-Cryostat-4:cryostat/cryostat-ose-oauth-proxy-rhel9@sha256:a049c80f0fdbdd21ee6513c703b057aae78259e2077357b84a3faf01a002db1f_amd64",
          "9Base-Cryostat-4:cryostat/cryostat-ose-oauth-proxy-rhel9@sha256:de2537a6036e88a9eb3821851b1f8e3fcaa069d46f18e9a999848058c2923872_arm64",
          "9Base-Cryostat-4:cryostat/cryostat-reports-rhel9@sha256:2eef8c97381bc0c8418be415384f2cef5b59bcc2f286fe65fc18873d8719c628_arm64",
          "9Base-Cryostat-4:cryostat/cryostat-reports-rhel9@sha256:577db510c36a906d7583f9daec87f1df593167ecaac881573a9fb9511e7786c0_amd64",
          "9Base-Cryostat-4:cryostat/cryostat-rhel9-operator@sha256:a2b8104352ac48cf5a076e0a4ab48e435535913e1f0301ba69bc7c4ff1ea70c2_amd64",
          "9Base-Cryostat-4:cryostat/cryostat-rhel9-operator@sha256:a4dd6911c3fcd3b1fffcb24b54f798cfd1f1113020556685333d8c8e3857a9ca_arm64",
          "9Base-Cryostat-4:cryostat/cryostat-rhel9@sha256:54fd86c9f83b0a690b5a2effd8bb1c1a91440c284f5c7c64a603bb62bb915e6f_arm64",
          "9Base-Cryostat-4:cryostat/cryostat-rhel9@sha256:813522e91ba44510abfb6802cfbfe0dbdde1df678fb72c0954458d9485ff9469_amd64",
          "9Base-Cryostat-4:cryostat/cryostat-storage-rhel9@sha256:0468feecc78f056ed30ab07ec3d8b53d0be37f4a00d49009ea6e3f9b20c9c509_arm64",
          "9Base-Cryostat-4:cryostat/cryostat-storage-rhel9@sha256:415e55fd5a49c4de08af32f2efa76de4f5bbeeb48e868de5f8cdb79d7c8ce526_amd64",
          "9Base-Cryostat-4:cryostat/jfr-datasource-rhel9@sha256:36f0386024588220c316c6dcc442a709491d5d6adb217ae1dd8dd1aca7c6b94a_amd64",
          "9Base-Cryostat-4:cryostat/jfr-datasource-rhel9@sha256:3c714df80db3d94b1e70cd81fd70b5f012f5e85b9cc974d8a56d0eb59174a823_arm64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2025-7783"
        },
        {
          "category": "external",
          "summary": "RHBZ#2381959",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2381959"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2025-7783",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-7783"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-7783",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-7783"
        },
        {
          "category": "external",
          "summary": "https://github.com/form-data/form-data/commit/3d1723080e6577a66f17f163ecd345a21d8d0fd0",
          "url": "https://github.com/form-data/form-data/commit/3d1723080e6577a66f17f163ecd345a21d8d0fd0"
        },
        {
          "category": "external",
          "summary": "https://github.com/form-data/form-data/security/advisories/GHSA-fjxv-7rqg-78g4",
          "url": "https://github.com/form-data/form-data/security/advisories/GHSA-fjxv-7rqg-78g4"
        }
      ],
      "release_date": "2025-07-18T16:34:44.889000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2025-09-03T02:15:18+00:00",
          "details": "You can download the Cryostat 4 on RHEL 9 container images that this update provides from the Red Hat Container Registry at registry.access.redhat.com. Installation instructions for your platform are available in the Red Hat Container Catalog (see the References section).\n\nDockerfiles and scripts should be amended to refer to this new image specifically or to the latest image generally.",
          "product_ids": [
            "9Base-Cryostat-4:cryostat/cryostat-agent-init-rhel9@sha256:0e5ffd83db750fb85c1e6e268a6be392bf084558e9b07d29bb6b752b756f98e8_amd64",
            "9Base-Cryostat-4:cryostat/cryostat-agent-init-rhel9@sha256:d6d38a85fabf58e7dabcc9088f0c5271f1f03616e883175ad67081232fd08189_arm64",
            "9Base-Cryostat-4:cryostat/cryostat-db-rhel9@sha256:98289ddd46c3b9e3ed22cb76f4f5372b28d84637f84e0e24fcfd75f1b6cdfc4c_arm64",
            "9Base-Cryostat-4:cryostat/cryostat-db-rhel9@sha256:a598e40bbe2ce6243d1eb583dc57041c4ced8a4a5bcba2d0a4f9d8decc8bfb5e_amd64",
            "9Base-Cryostat-4:cryostat/cryostat-grafana-dashboard-rhel9@sha256:1b2c837ef2ae61f187d4d3b7be3f9fb3a2f8910d99a5b7d02929edb993631cc9_amd64",
            "9Base-Cryostat-4:cryostat/cryostat-grafana-dashboard-rhel9@sha256:7c1d1bee4b41222a89ccff05f96c718c230779cd123c33ce5150c1c6df69abe4_arm64",
            "9Base-Cryostat-4:cryostat/cryostat-openshift-console-plugin-rhel9@sha256:04c736cd3efff1a2d894bd7bfb2d982cc2de938aeb859ce01fe5c237275305a5_amd64",
            "9Base-Cryostat-4:cryostat/cryostat-openshift-console-plugin-rhel9@sha256:72e93e32df5c0af848dfae42aee3633069df0cbdaacfc4bb9c68b54a161c1bd9_arm64",
            "9Base-Cryostat-4:cryostat/cryostat-operator-bundle@sha256:52f04cfb6bbc0a04ef61a1d061e45dc4a44e98fba9413961d69a6a97cf45e084_amd64",
            "9Base-Cryostat-4:cryostat/cryostat-operator-bundle@sha256:808f35402b5b20c395a26436d6a121fb8e81ff56fd6a60e8e84ad8e4f64d37d4_arm64",
            "9Base-Cryostat-4:cryostat/cryostat-ose-oauth-proxy-rhel9@sha256:a049c80f0fdbdd21ee6513c703b057aae78259e2077357b84a3faf01a002db1f_amd64",
            "9Base-Cryostat-4:cryostat/cryostat-ose-oauth-proxy-rhel9@sha256:de2537a6036e88a9eb3821851b1f8e3fcaa069d46f18e9a999848058c2923872_arm64",
            "9Base-Cryostat-4:cryostat/cryostat-reports-rhel9@sha256:2eef8c97381bc0c8418be415384f2cef5b59bcc2f286fe65fc18873d8719c628_arm64",
            "9Base-Cryostat-4:cryostat/cryostat-reports-rhel9@sha256:577db510c36a906d7583f9daec87f1df593167ecaac881573a9fb9511e7786c0_amd64",
            "9Base-Cryostat-4:cryostat/cryostat-rhel9-operator@sha256:a2b8104352ac48cf5a076e0a4ab48e435535913e1f0301ba69bc7c4ff1ea70c2_amd64",
            "9Base-Cryostat-4:cryostat/cryostat-rhel9-operator@sha256:a4dd6911c3fcd3b1fffcb24b54f798cfd1f1113020556685333d8c8e3857a9ca_arm64",
            "9Base-Cryostat-4:cryostat/cryostat-rhel9@sha256:54fd86c9f83b0a690b5a2effd8bb1c1a91440c284f5c7c64a603bb62bb915e6f_arm64",
            "9Base-Cryostat-4:cryostat/cryostat-rhel9@sha256:813522e91ba44510abfb6802cfbfe0dbdde1df678fb72c0954458d9485ff9469_amd64",
            "9Base-Cryostat-4:cryostat/cryostat-storage-rhel9@sha256:0468feecc78f056ed30ab07ec3d8b53d0be37f4a00d49009ea6e3f9b20c9c509_arm64",
            "9Base-Cryostat-4:cryostat/cryostat-storage-rhel9@sha256:415e55fd5a49c4de08af32f2efa76de4f5bbeeb48e868de5f8cdb79d7c8ce526_amd64",
            "9Base-Cryostat-4:cryostat/jfr-datasource-rhel9@sha256:36f0386024588220c316c6dcc442a709491d5d6adb217ae1dd8dd1aca7c6b94a_amd64",
            "9Base-Cryostat-4:cryostat/jfr-datasource-rhel9@sha256:3c714df80db3d94b1e70cd81fd70b5f012f5e85b9cc974d8a56d0eb59174a823_arm64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2025:14919"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
          "product_ids": [
            "9Base-Cryostat-4:cryostat/cryostat-agent-init-rhel9@sha256:0e5ffd83db750fb85c1e6e268a6be392bf084558e9b07d29bb6b752b756f98e8_amd64",
            "9Base-Cryostat-4:cryostat/cryostat-agent-init-rhel9@sha256:d6d38a85fabf58e7dabcc9088f0c5271f1f03616e883175ad67081232fd08189_arm64",
            "9Base-Cryostat-4:cryostat/cryostat-db-rhel9@sha256:98289ddd46c3b9e3ed22cb76f4f5372b28d84637f84e0e24fcfd75f1b6cdfc4c_arm64",
            "9Base-Cryostat-4:cryostat/cryostat-db-rhel9@sha256:a598e40bbe2ce6243d1eb583dc57041c4ced8a4a5bcba2d0a4f9d8decc8bfb5e_amd64",
            "9Base-Cryostat-4:cryostat/cryostat-grafana-dashboard-rhel9@sha256:1b2c837ef2ae61f187d4d3b7be3f9fb3a2f8910d99a5b7d02929edb993631cc9_amd64",
            "9Base-Cryostat-4:cryostat/cryostat-grafana-dashboard-rhel9@sha256:7c1d1bee4b41222a89ccff05f96c718c230779cd123c33ce5150c1c6df69abe4_arm64",
            "9Base-Cryostat-4:cryostat/cryostat-openshift-console-plugin-rhel9@sha256:04c736cd3efff1a2d894bd7bfb2d982cc2de938aeb859ce01fe5c237275305a5_amd64",
            "9Base-Cryostat-4:cryostat/cryostat-openshift-console-plugin-rhel9@sha256:72e93e32df5c0af848dfae42aee3633069df0cbdaacfc4bb9c68b54a161c1bd9_arm64",
            "9Base-Cryostat-4:cryostat/cryostat-operator-bundle@sha256:52f04cfb6bbc0a04ef61a1d061e45dc4a44e98fba9413961d69a6a97cf45e084_amd64",
            "9Base-Cryostat-4:cryostat/cryostat-operator-bundle@sha256:808f35402b5b20c395a26436d6a121fb8e81ff56fd6a60e8e84ad8e4f64d37d4_arm64",
            "9Base-Cryostat-4:cryostat/cryostat-ose-oauth-proxy-rhel9@sha256:a049c80f0fdbdd21ee6513c703b057aae78259e2077357b84a3faf01a002db1f_amd64",
            "9Base-Cryostat-4:cryostat/cryostat-ose-oauth-proxy-rhel9@sha256:de2537a6036e88a9eb3821851b1f8e3fcaa069d46f18e9a999848058c2923872_arm64",
            "9Base-Cryostat-4:cryostat/cryostat-reports-rhel9@sha256:2eef8c97381bc0c8418be415384f2cef5b59bcc2f286fe65fc18873d8719c628_arm64",
            "9Base-Cryostat-4:cryostat/cryostat-reports-rhel9@sha256:577db510c36a906d7583f9daec87f1df593167ecaac881573a9fb9511e7786c0_amd64",
            "9Base-Cryostat-4:cryostat/cryostat-rhel9-operator@sha256:a2b8104352ac48cf5a076e0a4ab48e435535913e1f0301ba69bc7c4ff1ea70c2_amd64",
            "9Base-Cryostat-4:cryostat/cryostat-rhel9-operator@sha256:a4dd6911c3fcd3b1fffcb24b54f798cfd1f1113020556685333d8c8e3857a9ca_arm64",
            "9Base-Cryostat-4:cryostat/cryostat-rhel9@sha256:54fd86c9f83b0a690b5a2effd8bb1c1a91440c284f5c7c64a603bb62bb915e6f_arm64",
            "9Base-Cryostat-4:cryostat/cryostat-rhel9@sha256:813522e91ba44510abfb6802cfbfe0dbdde1df678fb72c0954458d9485ff9469_amd64",
            "9Base-Cryostat-4:cryostat/cryostat-storage-rhel9@sha256:0468feecc78f056ed30ab07ec3d8b53d0be37f4a00d49009ea6e3f9b20c9c509_arm64",
            "9Base-Cryostat-4:cryostat/cryostat-storage-rhel9@sha256:415e55fd5a49c4de08af32f2efa76de4f5bbeeb48e868de5f8cdb79d7c8ce526_amd64",
            "9Base-Cryostat-4:cryostat/jfr-datasource-rhel9@sha256:36f0386024588220c316c6dcc442a709491d5d6adb217ae1dd8dd1aca7c6b94a_amd64",
            "9Base-Cryostat-4:cryostat/jfr-datasource-rhel9@sha256:3c714df80db3d94b1e70cd81fd70b5f012f5e85b9cc974d8a56d0eb59174a823_arm64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "9Base-Cryostat-4:cryostat/cryostat-agent-init-rhel9@sha256:0e5ffd83db750fb85c1e6e268a6be392bf084558e9b07d29bb6b752b756f98e8_amd64",
            "9Base-Cryostat-4:cryostat/cryostat-agent-init-rhel9@sha256:d6d38a85fabf58e7dabcc9088f0c5271f1f03616e883175ad67081232fd08189_arm64",
            "9Base-Cryostat-4:cryostat/cryostat-db-rhel9@sha256:98289ddd46c3b9e3ed22cb76f4f5372b28d84637f84e0e24fcfd75f1b6cdfc4c_arm64",
            "9Base-Cryostat-4:cryostat/cryostat-db-rhel9@sha256:a598e40bbe2ce6243d1eb583dc57041c4ced8a4a5bcba2d0a4f9d8decc8bfb5e_amd64",
            "9Base-Cryostat-4:cryostat/cryostat-grafana-dashboard-rhel9@sha256:1b2c837ef2ae61f187d4d3b7be3f9fb3a2f8910d99a5b7d02929edb993631cc9_amd64",
            "9Base-Cryostat-4:cryostat/cryostat-grafana-dashboard-rhel9@sha256:7c1d1bee4b41222a89ccff05f96c718c230779cd123c33ce5150c1c6df69abe4_arm64",
            "9Base-Cryostat-4:cryostat/cryostat-openshift-console-plugin-rhel9@sha256:04c736cd3efff1a2d894bd7bfb2d982cc2de938aeb859ce01fe5c237275305a5_amd64",
            "9Base-Cryostat-4:cryostat/cryostat-openshift-console-plugin-rhel9@sha256:72e93e32df5c0af848dfae42aee3633069df0cbdaacfc4bb9c68b54a161c1bd9_arm64",
            "9Base-Cryostat-4:cryostat/cryostat-operator-bundle@sha256:52f04cfb6bbc0a04ef61a1d061e45dc4a44e98fba9413961d69a6a97cf45e084_amd64",
            "9Base-Cryostat-4:cryostat/cryostat-operator-bundle@sha256:808f35402b5b20c395a26436d6a121fb8e81ff56fd6a60e8e84ad8e4f64d37d4_arm64",
            "9Base-Cryostat-4:cryostat/cryostat-ose-oauth-proxy-rhel9@sha256:a049c80f0fdbdd21ee6513c703b057aae78259e2077357b84a3faf01a002db1f_amd64",
            "9Base-Cryostat-4:cryostat/cryostat-ose-oauth-proxy-rhel9@sha256:de2537a6036e88a9eb3821851b1f8e3fcaa069d46f18e9a999848058c2923872_arm64",
            "9Base-Cryostat-4:cryostat/cryostat-reports-rhel9@sha256:2eef8c97381bc0c8418be415384f2cef5b59bcc2f286fe65fc18873d8719c628_arm64",
            "9Base-Cryostat-4:cryostat/cryostat-reports-rhel9@sha256:577db510c36a906d7583f9daec87f1df593167ecaac881573a9fb9511e7786c0_amd64",
            "9Base-Cryostat-4:cryostat/cryostat-rhel9-operator@sha256:a2b8104352ac48cf5a076e0a4ab48e435535913e1f0301ba69bc7c4ff1ea70c2_amd64",
            "9Base-Cryostat-4:cryostat/cryostat-rhel9-operator@sha256:a4dd6911c3fcd3b1fffcb24b54f798cfd1f1113020556685333d8c8e3857a9ca_arm64",
            "9Base-Cryostat-4:cryostat/cryostat-rhel9@sha256:54fd86c9f83b0a690b5a2effd8bb1c1a91440c284f5c7c64a603bb62bb915e6f_arm64",
            "9Base-Cryostat-4:cryostat/cryostat-rhel9@sha256:813522e91ba44510abfb6802cfbfe0dbdde1df678fb72c0954458d9485ff9469_amd64",
            "9Base-Cryostat-4:cryostat/cryostat-storage-rhel9@sha256:0468feecc78f056ed30ab07ec3d8b53d0be37f4a00d49009ea6e3f9b20c9c509_arm64",
            "9Base-Cryostat-4:cryostat/cryostat-storage-rhel9@sha256:415e55fd5a49c4de08af32f2efa76de4f5bbeeb48e868de5f8cdb79d7c8ce526_amd64",
            "9Base-Cryostat-4:cryostat/jfr-datasource-rhel9@sha256:36f0386024588220c316c6dcc442a709491d5d6adb217ae1dd8dd1aca7c6b94a_amd64",
            "9Base-Cryostat-4:cryostat/jfr-datasource-rhel9@sha256:3c714df80db3d94b1e70cd81fd70b5f012f5e85b9cc974d8a56d0eb59174a823_arm64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "form-data: Unsafe random function in form-data"
    },
    {
      "cve": "CVE-2025-8415",
      "cwe": {
        "id": "CWE-289",
        "name": "Authentication Bypass by Alternate Name"
      },
      "discovery_date": "2025-07-31T13:30:18.157000+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2385773"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A vulnerability was found in the Cryostat HTTP API. Cryostat\u0027s HTTP API binds to all network interfaces, allowing possible external visibility and access to the API port if Network Policies are disabled, allowing an unauthenticated, malicious attacker to jeopardize the environment.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "cryostat: authentication bypass if Network Policies are disabled",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "9Base-Cryostat-4:cryostat/cryostat-agent-init-rhel9@sha256:0e5ffd83db750fb85c1e6e268a6be392bf084558e9b07d29bb6b752b756f98e8_amd64",
          "9Base-Cryostat-4:cryostat/cryostat-agent-init-rhel9@sha256:d6d38a85fabf58e7dabcc9088f0c5271f1f03616e883175ad67081232fd08189_arm64",
          "9Base-Cryostat-4:cryostat/cryostat-db-rhel9@sha256:98289ddd46c3b9e3ed22cb76f4f5372b28d84637f84e0e24fcfd75f1b6cdfc4c_arm64",
          "9Base-Cryostat-4:cryostat/cryostat-db-rhel9@sha256:a598e40bbe2ce6243d1eb583dc57041c4ced8a4a5bcba2d0a4f9d8decc8bfb5e_amd64",
          "9Base-Cryostat-4:cryostat/cryostat-grafana-dashboard-rhel9@sha256:1b2c837ef2ae61f187d4d3b7be3f9fb3a2f8910d99a5b7d02929edb993631cc9_amd64",
          "9Base-Cryostat-4:cryostat/cryostat-grafana-dashboard-rhel9@sha256:7c1d1bee4b41222a89ccff05f96c718c230779cd123c33ce5150c1c6df69abe4_arm64",
          "9Base-Cryostat-4:cryostat/cryostat-openshift-console-plugin-rhel9@sha256:04c736cd3efff1a2d894bd7bfb2d982cc2de938aeb859ce01fe5c237275305a5_amd64",
          "9Base-Cryostat-4:cryostat/cryostat-openshift-console-plugin-rhel9@sha256:72e93e32df5c0af848dfae42aee3633069df0cbdaacfc4bb9c68b54a161c1bd9_arm64",
          "9Base-Cryostat-4:cryostat/cryostat-operator-bundle@sha256:52f04cfb6bbc0a04ef61a1d061e45dc4a44e98fba9413961d69a6a97cf45e084_amd64",
          "9Base-Cryostat-4:cryostat/cryostat-operator-bundle@sha256:808f35402b5b20c395a26436d6a121fb8e81ff56fd6a60e8e84ad8e4f64d37d4_arm64",
          "9Base-Cryostat-4:cryostat/cryostat-ose-oauth-proxy-rhel9@sha256:a049c80f0fdbdd21ee6513c703b057aae78259e2077357b84a3faf01a002db1f_amd64",
          "9Base-Cryostat-4:cryostat/cryostat-ose-oauth-proxy-rhel9@sha256:de2537a6036e88a9eb3821851b1f8e3fcaa069d46f18e9a999848058c2923872_arm64",
          "9Base-Cryostat-4:cryostat/cryostat-reports-rhel9@sha256:2eef8c97381bc0c8418be415384f2cef5b59bcc2f286fe65fc18873d8719c628_arm64",
          "9Base-Cryostat-4:cryostat/cryostat-reports-rhel9@sha256:577db510c36a906d7583f9daec87f1df593167ecaac881573a9fb9511e7786c0_amd64",
          "9Base-Cryostat-4:cryostat/cryostat-rhel9-operator@sha256:a2b8104352ac48cf5a076e0a4ab48e435535913e1f0301ba69bc7c4ff1ea70c2_amd64",
          "9Base-Cryostat-4:cryostat/cryostat-rhel9-operator@sha256:a4dd6911c3fcd3b1fffcb24b54f798cfd1f1113020556685333d8c8e3857a9ca_arm64",
          "9Base-Cryostat-4:cryostat/cryostat-rhel9@sha256:54fd86c9f83b0a690b5a2effd8bb1c1a91440c284f5c7c64a603bb62bb915e6f_arm64",
          "9Base-Cryostat-4:cryostat/cryostat-rhel9@sha256:813522e91ba44510abfb6802cfbfe0dbdde1df678fb72c0954458d9485ff9469_amd64",
          "9Base-Cryostat-4:cryostat/cryostat-storage-rhel9@sha256:0468feecc78f056ed30ab07ec3d8b53d0be37f4a00d49009ea6e3f9b20c9c509_arm64",
          "9Base-Cryostat-4:cryostat/cryostat-storage-rhel9@sha256:415e55fd5a49c4de08af32f2efa76de4f5bbeeb48e868de5f8cdb79d7c8ce526_amd64",
          "9Base-Cryostat-4:cryostat/jfr-datasource-rhel9@sha256:36f0386024588220c316c6dcc442a709491d5d6adb217ae1dd8dd1aca7c6b94a_amd64",
          "9Base-Cryostat-4:cryostat/jfr-datasource-rhel9@sha256:3c714df80db3d94b1e70cd81fd70b5f012f5e85b9cc974d8a56d0eb59174a823_arm64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2025-8415"
        },
        {
          "category": "external",
          "summary": "RHBZ#2385773",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2385773"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2025-8415",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-8415"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-8415",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-8415"
        }
      ],
      "release_date": "2025-08-20T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2025-09-03T02:15:18+00:00",
          "details": "You can download the Cryostat 4 on RHEL 9 container images that this update provides from the Red Hat Container Registry at registry.access.redhat.com. Installation instructions for your platform are available in the Red Hat Container Catalog (see the References section).\n\nDockerfiles and scripts should be amended to refer to this new image specifically or to the latest image generally.",
          "product_ids": [
            "9Base-Cryostat-4:cryostat/cryostat-agent-init-rhel9@sha256:0e5ffd83db750fb85c1e6e268a6be392bf084558e9b07d29bb6b752b756f98e8_amd64",
            "9Base-Cryostat-4:cryostat/cryostat-agent-init-rhel9@sha256:d6d38a85fabf58e7dabcc9088f0c5271f1f03616e883175ad67081232fd08189_arm64",
            "9Base-Cryostat-4:cryostat/cryostat-db-rhel9@sha256:98289ddd46c3b9e3ed22cb76f4f5372b28d84637f84e0e24fcfd75f1b6cdfc4c_arm64",
            "9Base-Cryostat-4:cryostat/cryostat-db-rhel9@sha256:a598e40bbe2ce6243d1eb583dc57041c4ced8a4a5bcba2d0a4f9d8decc8bfb5e_amd64",
            "9Base-Cryostat-4:cryostat/cryostat-grafana-dashboard-rhel9@sha256:1b2c837ef2ae61f187d4d3b7be3f9fb3a2f8910d99a5b7d02929edb993631cc9_amd64",
            "9Base-Cryostat-4:cryostat/cryostat-grafana-dashboard-rhel9@sha256:7c1d1bee4b41222a89ccff05f96c718c230779cd123c33ce5150c1c6df69abe4_arm64",
            "9Base-Cryostat-4:cryostat/cryostat-openshift-console-plugin-rhel9@sha256:04c736cd3efff1a2d894bd7bfb2d982cc2de938aeb859ce01fe5c237275305a5_amd64",
            "9Base-Cryostat-4:cryostat/cryostat-openshift-console-plugin-rhel9@sha256:72e93e32df5c0af848dfae42aee3633069df0cbdaacfc4bb9c68b54a161c1bd9_arm64",
            "9Base-Cryostat-4:cryostat/cryostat-operator-bundle@sha256:52f04cfb6bbc0a04ef61a1d061e45dc4a44e98fba9413961d69a6a97cf45e084_amd64",
            "9Base-Cryostat-4:cryostat/cryostat-operator-bundle@sha256:808f35402b5b20c395a26436d6a121fb8e81ff56fd6a60e8e84ad8e4f64d37d4_arm64",
            "9Base-Cryostat-4:cryostat/cryostat-ose-oauth-proxy-rhel9@sha256:a049c80f0fdbdd21ee6513c703b057aae78259e2077357b84a3faf01a002db1f_amd64",
            "9Base-Cryostat-4:cryostat/cryostat-ose-oauth-proxy-rhel9@sha256:de2537a6036e88a9eb3821851b1f8e3fcaa069d46f18e9a999848058c2923872_arm64",
            "9Base-Cryostat-4:cryostat/cryostat-reports-rhel9@sha256:2eef8c97381bc0c8418be415384f2cef5b59bcc2f286fe65fc18873d8719c628_arm64",
            "9Base-Cryostat-4:cryostat/cryostat-reports-rhel9@sha256:577db510c36a906d7583f9daec87f1df593167ecaac881573a9fb9511e7786c0_amd64",
            "9Base-Cryostat-4:cryostat/cryostat-rhel9-operator@sha256:a2b8104352ac48cf5a076e0a4ab48e435535913e1f0301ba69bc7c4ff1ea70c2_amd64",
            "9Base-Cryostat-4:cryostat/cryostat-rhel9-operator@sha256:a4dd6911c3fcd3b1fffcb24b54f798cfd1f1113020556685333d8c8e3857a9ca_arm64",
            "9Base-Cryostat-4:cryostat/cryostat-rhel9@sha256:54fd86c9f83b0a690b5a2effd8bb1c1a91440c284f5c7c64a603bb62bb915e6f_arm64",
            "9Base-Cryostat-4:cryostat/cryostat-rhel9@sha256:813522e91ba44510abfb6802cfbfe0dbdde1df678fb72c0954458d9485ff9469_amd64",
            "9Base-Cryostat-4:cryostat/cryostat-storage-rhel9@sha256:0468feecc78f056ed30ab07ec3d8b53d0be37f4a00d49009ea6e3f9b20c9c509_arm64",
            "9Base-Cryostat-4:cryostat/cryostat-storage-rhel9@sha256:415e55fd5a49c4de08af32f2efa76de4f5bbeeb48e868de5f8cdb79d7c8ce526_amd64",
            "9Base-Cryostat-4:cryostat/jfr-datasource-rhel9@sha256:36f0386024588220c316c6dcc442a709491d5d6adb217ae1dd8dd1aca7c6b94a_amd64",
            "9Base-Cryostat-4:cryostat/jfr-datasource-rhel9@sha256:3c714df80db3d94b1e70cd81fd70b5f012f5e85b9cc974d8a56d0eb59174a823_arm64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2025:14919"
        },
        {
          "category": "workaround",
          "details": "Cryostat is not vulnerable by default, as Network Policy is enabled and prevents this behavior. Make sure the Network Policies are enabled in Custom Resources and that the underlying cluster network stack supports Network Policies.",
          "product_ids": [
            "9Base-Cryostat-4:cryostat/cryostat-agent-init-rhel9@sha256:0e5ffd83db750fb85c1e6e268a6be392bf084558e9b07d29bb6b752b756f98e8_amd64",
            "9Base-Cryostat-4:cryostat/cryostat-agent-init-rhel9@sha256:d6d38a85fabf58e7dabcc9088f0c5271f1f03616e883175ad67081232fd08189_arm64",
            "9Base-Cryostat-4:cryostat/cryostat-db-rhel9@sha256:98289ddd46c3b9e3ed22cb76f4f5372b28d84637f84e0e24fcfd75f1b6cdfc4c_arm64",
            "9Base-Cryostat-4:cryostat/cryostat-db-rhel9@sha256:a598e40bbe2ce6243d1eb583dc57041c4ced8a4a5bcba2d0a4f9d8decc8bfb5e_amd64",
            "9Base-Cryostat-4:cryostat/cryostat-grafana-dashboard-rhel9@sha256:1b2c837ef2ae61f187d4d3b7be3f9fb3a2f8910d99a5b7d02929edb993631cc9_amd64",
            "9Base-Cryostat-4:cryostat/cryostat-grafana-dashboard-rhel9@sha256:7c1d1bee4b41222a89ccff05f96c718c230779cd123c33ce5150c1c6df69abe4_arm64",
            "9Base-Cryostat-4:cryostat/cryostat-openshift-console-plugin-rhel9@sha256:04c736cd3efff1a2d894bd7bfb2d982cc2de938aeb859ce01fe5c237275305a5_amd64",
            "9Base-Cryostat-4:cryostat/cryostat-openshift-console-plugin-rhel9@sha256:72e93e32df5c0af848dfae42aee3633069df0cbdaacfc4bb9c68b54a161c1bd9_arm64",
            "9Base-Cryostat-4:cryostat/cryostat-operator-bundle@sha256:52f04cfb6bbc0a04ef61a1d061e45dc4a44e98fba9413961d69a6a97cf45e084_amd64",
            "9Base-Cryostat-4:cryostat/cryostat-operator-bundle@sha256:808f35402b5b20c395a26436d6a121fb8e81ff56fd6a60e8e84ad8e4f64d37d4_arm64",
            "9Base-Cryostat-4:cryostat/cryostat-ose-oauth-proxy-rhel9@sha256:a049c80f0fdbdd21ee6513c703b057aae78259e2077357b84a3faf01a002db1f_amd64",
            "9Base-Cryostat-4:cryostat/cryostat-ose-oauth-proxy-rhel9@sha256:de2537a6036e88a9eb3821851b1f8e3fcaa069d46f18e9a999848058c2923872_arm64",
            "9Base-Cryostat-4:cryostat/cryostat-reports-rhel9@sha256:2eef8c97381bc0c8418be415384f2cef5b59bcc2f286fe65fc18873d8719c628_arm64",
            "9Base-Cryostat-4:cryostat/cryostat-reports-rhel9@sha256:577db510c36a906d7583f9daec87f1df593167ecaac881573a9fb9511e7786c0_amd64",
            "9Base-Cryostat-4:cryostat/cryostat-rhel9-operator@sha256:a2b8104352ac48cf5a076e0a4ab48e435535913e1f0301ba69bc7c4ff1ea70c2_amd64",
            "9Base-Cryostat-4:cryostat/cryostat-rhel9-operator@sha256:a4dd6911c3fcd3b1fffcb24b54f798cfd1f1113020556685333d8c8e3857a9ca_arm64",
            "9Base-Cryostat-4:cryostat/cryostat-rhel9@sha256:54fd86c9f83b0a690b5a2effd8bb1c1a91440c284f5c7c64a603bb62bb915e6f_arm64",
            "9Base-Cryostat-4:cryostat/cryostat-rhel9@sha256:813522e91ba44510abfb6802cfbfe0dbdde1df678fb72c0954458d9485ff9469_amd64",
            "9Base-Cryostat-4:cryostat/cryostat-storage-rhel9@sha256:0468feecc78f056ed30ab07ec3d8b53d0be37f4a00d49009ea6e3f9b20c9c509_arm64",
            "9Base-Cryostat-4:cryostat/cryostat-storage-rhel9@sha256:415e55fd5a49c4de08af32f2efa76de4f5bbeeb48e868de5f8cdb79d7c8ce526_amd64",
            "9Base-Cryostat-4:cryostat/jfr-datasource-rhel9@sha256:36f0386024588220c316c6dcc442a709491d5d6adb217ae1dd8dd1aca7c6b94a_amd64",
            "9Base-Cryostat-4:cryostat/jfr-datasource-rhel9@sha256:3c714df80db3d94b1e70cd81fd70b5f012f5e85b9cc974d8a56d0eb59174a823_arm64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "9Base-Cryostat-4:cryostat/cryostat-agent-init-rhel9@sha256:0e5ffd83db750fb85c1e6e268a6be392bf084558e9b07d29bb6b752b756f98e8_amd64",
            "9Base-Cryostat-4:cryostat/cryostat-agent-init-rhel9@sha256:d6d38a85fabf58e7dabcc9088f0c5271f1f03616e883175ad67081232fd08189_arm64",
            "9Base-Cryostat-4:cryostat/cryostat-db-rhel9@sha256:98289ddd46c3b9e3ed22cb76f4f5372b28d84637f84e0e24fcfd75f1b6cdfc4c_arm64",
            "9Base-Cryostat-4:cryostat/cryostat-db-rhel9@sha256:a598e40bbe2ce6243d1eb583dc57041c4ced8a4a5bcba2d0a4f9d8decc8bfb5e_amd64",
            "9Base-Cryostat-4:cryostat/cryostat-grafana-dashboard-rhel9@sha256:1b2c837ef2ae61f187d4d3b7be3f9fb3a2f8910d99a5b7d02929edb993631cc9_amd64",
            "9Base-Cryostat-4:cryostat/cryostat-grafana-dashboard-rhel9@sha256:7c1d1bee4b41222a89ccff05f96c718c230779cd123c33ce5150c1c6df69abe4_arm64",
            "9Base-Cryostat-4:cryostat/cryostat-openshift-console-plugin-rhel9@sha256:04c736cd3efff1a2d894bd7bfb2d982cc2de938aeb859ce01fe5c237275305a5_amd64",
            "9Base-Cryostat-4:cryostat/cryostat-openshift-console-plugin-rhel9@sha256:72e93e32df5c0af848dfae42aee3633069df0cbdaacfc4bb9c68b54a161c1bd9_arm64",
            "9Base-Cryostat-4:cryostat/cryostat-operator-bundle@sha256:52f04cfb6bbc0a04ef61a1d061e45dc4a44e98fba9413961d69a6a97cf45e084_amd64",
            "9Base-Cryostat-4:cryostat/cryostat-operator-bundle@sha256:808f35402b5b20c395a26436d6a121fb8e81ff56fd6a60e8e84ad8e4f64d37d4_arm64",
            "9Base-Cryostat-4:cryostat/cryostat-ose-oauth-proxy-rhel9@sha256:a049c80f0fdbdd21ee6513c703b057aae78259e2077357b84a3faf01a002db1f_amd64",
            "9Base-Cryostat-4:cryostat/cryostat-ose-oauth-proxy-rhel9@sha256:de2537a6036e88a9eb3821851b1f8e3fcaa069d46f18e9a999848058c2923872_arm64",
            "9Base-Cryostat-4:cryostat/cryostat-reports-rhel9@sha256:2eef8c97381bc0c8418be415384f2cef5b59bcc2f286fe65fc18873d8719c628_arm64",
            "9Base-Cryostat-4:cryostat/cryostat-reports-rhel9@sha256:577db510c36a906d7583f9daec87f1df593167ecaac881573a9fb9511e7786c0_amd64",
            "9Base-Cryostat-4:cryostat/cryostat-rhel9-operator@sha256:a2b8104352ac48cf5a076e0a4ab48e435535913e1f0301ba69bc7c4ff1ea70c2_amd64",
            "9Base-Cryostat-4:cryostat/cryostat-rhel9-operator@sha256:a4dd6911c3fcd3b1fffcb24b54f798cfd1f1113020556685333d8c8e3857a9ca_arm64",
            "9Base-Cryostat-4:cryostat/cryostat-rhel9@sha256:54fd86c9f83b0a690b5a2effd8bb1c1a91440c284f5c7c64a603bb62bb915e6f_arm64",
            "9Base-Cryostat-4:cryostat/cryostat-rhel9@sha256:813522e91ba44510abfb6802cfbfe0dbdde1df678fb72c0954458d9485ff9469_amd64",
            "9Base-Cryostat-4:cryostat/cryostat-storage-rhel9@sha256:0468feecc78f056ed30ab07ec3d8b53d0be37f4a00d49009ea6e3f9b20c9c509_arm64",
            "9Base-Cryostat-4:cryostat/cryostat-storage-rhel9@sha256:415e55fd5a49c4de08af32f2efa76de4f5bbeeb48e868de5f8cdb79d7c8ce526_amd64",
            "9Base-Cryostat-4:cryostat/jfr-datasource-rhel9@sha256:36f0386024588220c316c6dcc442a709491d5d6adb217ae1dd8dd1aca7c6b94a_amd64",
            "9Base-Cryostat-4:cryostat/jfr-datasource-rhel9@sha256:3c714df80db3d94b1e70cd81fd70b5f012f5e85b9cc974d8a56d0eb59174a823_arm64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "cryostat: authentication bypass if Network Policies are disabled"
    },
    {
      "cve": "CVE-2025-55163",
      "cwe": {
        "id": "CWE-770",
        "name": "Allocation of Resources Without Limits or Throttling"
      },
      "discovery_date": "2025-08-13T15:01:55.372237+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2388252"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Netty where malformed client requests can trigger server-side stream resets without triggering abuse counters. This issue, referred to as the \"MadeYouReset\" attack, allows malicious clients to induce excessive server workload by repeatedly causing server-side stream aborts. While not a protocol bug, this highlights a common implementation weakness that can be exploited to cause a denial of service (DoS).",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "netty: netty-codec-http2: Netty MadeYouReset HTTP/2 DDoS Vulnerability",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This vulnerability is rated with an Important severity. It is simple to exploit because it does not require authentication and could result in a denial of service (DoS). While some DoS flaws are classified as Moderate, \u201cMadeYouReset\u201d is Important because of the limited barriers (no specialized tooling or advanced scripting) to exploitation, which directly impacts service availability. The vulnerability arises from an implementation weakness in HTTP/2 stream reset handling \u2014 malformed client requests can trigger server-side resets without incrementing abuse counters, allowing an attacker to bypass built-in request throttling and overhead limits. Since these resets consume CPU and memory resources and can be generated at scale over a single TCP/TLS connection, a remote attacker could exhaust server capacity quickly, impacting all legitimate clients.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "9Base-Cryostat-4:cryostat/cryostat-agent-init-rhel9@sha256:0e5ffd83db750fb85c1e6e268a6be392bf084558e9b07d29bb6b752b756f98e8_amd64",
          "9Base-Cryostat-4:cryostat/cryostat-agent-init-rhel9@sha256:d6d38a85fabf58e7dabcc9088f0c5271f1f03616e883175ad67081232fd08189_arm64",
          "9Base-Cryostat-4:cryostat/cryostat-db-rhel9@sha256:98289ddd46c3b9e3ed22cb76f4f5372b28d84637f84e0e24fcfd75f1b6cdfc4c_arm64",
          "9Base-Cryostat-4:cryostat/cryostat-db-rhel9@sha256:a598e40bbe2ce6243d1eb583dc57041c4ced8a4a5bcba2d0a4f9d8decc8bfb5e_amd64",
          "9Base-Cryostat-4:cryostat/cryostat-grafana-dashboard-rhel9@sha256:1b2c837ef2ae61f187d4d3b7be3f9fb3a2f8910d99a5b7d02929edb993631cc9_amd64",
          "9Base-Cryostat-4:cryostat/cryostat-grafana-dashboard-rhel9@sha256:7c1d1bee4b41222a89ccff05f96c718c230779cd123c33ce5150c1c6df69abe4_arm64",
          "9Base-Cryostat-4:cryostat/cryostat-openshift-console-plugin-rhel9@sha256:04c736cd3efff1a2d894bd7bfb2d982cc2de938aeb859ce01fe5c237275305a5_amd64",
          "9Base-Cryostat-4:cryostat/cryostat-openshift-console-plugin-rhel9@sha256:72e93e32df5c0af848dfae42aee3633069df0cbdaacfc4bb9c68b54a161c1bd9_arm64",
          "9Base-Cryostat-4:cryostat/cryostat-operator-bundle@sha256:52f04cfb6bbc0a04ef61a1d061e45dc4a44e98fba9413961d69a6a97cf45e084_amd64",
          "9Base-Cryostat-4:cryostat/cryostat-operator-bundle@sha256:808f35402b5b20c395a26436d6a121fb8e81ff56fd6a60e8e84ad8e4f64d37d4_arm64",
          "9Base-Cryostat-4:cryostat/cryostat-ose-oauth-proxy-rhel9@sha256:a049c80f0fdbdd21ee6513c703b057aae78259e2077357b84a3faf01a002db1f_amd64",
          "9Base-Cryostat-4:cryostat/cryostat-ose-oauth-proxy-rhel9@sha256:de2537a6036e88a9eb3821851b1f8e3fcaa069d46f18e9a999848058c2923872_arm64",
          "9Base-Cryostat-4:cryostat/cryostat-reports-rhel9@sha256:2eef8c97381bc0c8418be415384f2cef5b59bcc2f286fe65fc18873d8719c628_arm64",
          "9Base-Cryostat-4:cryostat/cryostat-reports-rhel9@sha256:577db510c36a906d7583f9daec87f1df593167ecaac881573a9fb9511e7786c0_amd64",
          "9Base-Cryostat-4:cryostat/cryostat-rhel9-operator@sha256:a2b8104352ac48cf5a076e0a4ab48e435535913e1f0301ba69bc7c4ff1ea70c2_amd64",
          "9Base-Cryostat-4:cryostat/cryostat-rhel9-operator@sha256:a4dd6911c3fcd3b1fffcb24b54f798cfd1f1113020556685333d8c8e3857a9ca_arm64",
          "9Base-Cryostat-4:cryostat/cryostat-rhel9@sha256:54fd86c9f83b0a690b5a2effd8bb1c1a91440c284f5c7c64a603bb62bb915e6f_arm64",
          "9Base-Cryostat-4:cryostat/cryostat-rhel9@sha256:813522e91ba44510abfb6802cfbfe0dbdde1df678fb72c0954458d9485ff9469_amd64",
          "9Base-Cryostat-4:cryostat/cryostat-storage-rhel9@sha256:0468feecc78f056ed30ab07ec3d8b53d0be37f4a00d49009ea6e3f9b20c9c509_arm64",
          "9Base-Cryostat-4:cryostat/cryostat-storage-rhel9@sha256:415e55fd5a49c4de08af32f2efa76de4f5bbeeb48e868de5f8cdb79d7c8ce526_amd64",
          "9Base-Cryostat-4:cryostat/jfr-datasource-rhel9@sha256:36f0386024588220c316c6dcc442a709491d5d6adb217ae1dd8dd1aca7c6b94a_amd64",
          "9Base-Cryostat-4:cryostat/jfr-datasource-rhel9@sha256:3c714df80db3d94b1e70cd81fd70b5f012f5e85b9cc974d8a56d0eb59174a823_arm64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2025-55163"
        },
        {
          "category": "external",
          "summary": "RHBZ#2388252",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2388252"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2025-55163",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-55163"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-55163",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-55163"
        },
        {
          "category": "external",
          "summary": "https://github.com/netty/netty/security/advisories/GHSA-prj3-ccx8-p6x4",
          "url": "https://github.com/netty/netty/security/advisories/GHSA-prj3-ccx8-p6x4"
        },
        {
          "category": "external",
          "summary": "https://kb.cert.org/vuls/id/767506",
          "url": "https://kb.cert.org/vuls/id/767506"
        }
      ],
      "release_date": "2025-08-13T14:17:36.111000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2025-09-03T02:15:18+00:00",
          "details": "You can download the Cryostat 4 on RHEL 9 container images that this update provides from the Red Hat Container Registry at registry.access.redhat.com. Installation instructions for your platform are available in the Red Hat Container Catalog (see the References section).\n\nDockerfiles and scripts should be amended to refer to this new image specifically or to the latest image generally.",
          "product_ids": [
            "9Base-Cryostat-4:cryostat/cryostat-agent-init-rhel9@sha256:0e5ffd83db750fb85c1e6e268a6be392bf084558e9b07d29bb6b752b756f98e8_amd64",
            "9Base-Cryostat-4:cryostat/cryostat-agent-init-rhel9@sha256:d6d38a85fabf58e7dabcc9088f0c5271f1f03616e883175ad67081232fd08189_arm64",
            "9Base-Cryostat-4:cryostat/cryostat-db-rhel9@sha256:98289ddd46c3b9e3ed22cb76f4f5372b28d84637f84e0e24fcfd75f1b6cdfc4c_arm64",
            "9Base-Cryostat-4:cryostat/cryostat-db-rhel9@sha256:a598e40bbe2ce6243d1eb583dc57041c4ced8a4a5bcba2d0a4f9d8decc8bfb5e_amd64",
            "9Base-Cryostat-4:cryostat/cryostat-grafana-dashboard-rhel9@sha256:1b2c837ef2ae61f187d4d3b7be3f9fb3a2f8910d99a5b7d02929edb993631cc9_amd64",
            "9Base-Cryostat-4:cryostat/cryostat-grafana-dashboard-rhel9@sha256:7c1d1bee4b41222a89ccff05f96c718c230779cd123c33ce5150c1c6df69abe4_arm64",
            "9Base-Cryostat-4:cryostat/cryostat-openshift-console-plugin-rhel9@sha256:04c736cd3efff1a2d894bd7bfb2d982cc2de938aeb859ce01fe5c237275305a5_amd64",
            "9Base-Cryostat-4:cryostat/cryostat-openshift-console-plugin-rhel9@sha256:72e93e32df5c0af848dfae42aee3633069df0cbdaacfc4bb9c68b54a161c1bd9_arm64",
            "9Base-Cryostat-4:cryostat/cryostat-operator-bundle@sha256:52f04cfb6bbc0a04ef61a1d061e45dc4a44e98fba9413961d69a6a97cf45e084_amd64",
            "9Base-Cryostat-4:cryostat/cryostat-operator-bundle@sha256:808f35402b5b20c395a26436d6a121fb8e81ff56fd6a60e8e84ad8e4f64d37d4_arm64",
            "9Base-Cryostat-4:cryostat/cryostat-ose-oauth-proxy-rhel9@sha256:a049c80f0fdbdd21ee6513c703b057aae78259e2077357b84a3faf01a002db1f_amd64",
            "9Base-Cryostat-4:cryostat/cryostat-ose-oauth-proxy-rhel9@sha256:de2537a6036e88a9eb3821851b1f8e3fcaa069d46f18e9a999848058c2923872_arm64",
            "9Base-Cryostat-4:cryostat/cryostat-reports-rhel9@sha256:2eef8c97381bc0c8418be415384f2cef5b59bcc2f286fe65fc18873d8719c628_arm64",
            "9Base-Cryostat-4:cryostat/cryostat-reports-rhel9@sha256:577db510c36a906d7583f9daec87f1df593167ecaac881573a9fb9511e7786c0_amd64",
            "9Base-Cryostat-4:cryostat/cryostat-rhel9-operator@sha256:a2b8104352ac48cf5a076e0a4ab48e435535913e1f0301ba69bc7c4ff1ea70c2_amd64",
            "9Base-Cryostat-4:cryostat/cryostat-rhel9-operator@sha256:a4dd6911c3fcd3b1fffcb24b54f798cfd1f1113020556685333d8c8e3857a9ca_arm64",
            "9Base-Cryostat-4:cryostat/cryostat-rhel9@sha256:54fd86c9f83b0a690b5a2effd8bb1c1a91440c284f5c7c64a603bb62bb915e6f_arm64",
            "9Base-Cryostat-4:cryostat/cryostat-rhel9@sha256:813522e91ba44510abfb6802cfbfe0dbdde1df678fb72c0954458d9485ff9469_amd64",
            "9Base-Cryostat-4:cryostat/cryostat-storage-rhel9@sha256:0468feecc78f056ed30ab07ec3d8b53d0be37f4a00d49009ea6e3f9b20c9c509_arm64",
            "9Base-Cryostat-4:cryostat/cryostat-storage-rhel9@sha256:415e55fd5a49c4de08af32f2efa76de4f5bbeeb48e868de5f8cdb79d7c8ce526_amd64",
            "9Base-Cryostat-4:cryostat/jfr-datasource-rhel9@sha256:36f0386024588220c316c6dcc442a709491d5d6adb217ae1dd8dd1aca7c6b94a_amd64",
            "9Base-Cryostat-4:cryostat/jfr-datasource-rhel9@sha256:3c714df80db3d94b1e70cd81fd70b5f012f5e85b9cc974d8a56d0eb59174a823_arm64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2025:14919"
        },
        {
          "category": "workaround",
          "details": "No mitigation is currently available that meets Red Hat Product Security\u2019s standards for usability, deployment, applicability, or stability.",
          "product_ids": [
            "9Base-Cryostat-4:cryostat/cryostat-agent-init-rhel9@sha256:0e5ffd83db750fb85c1e6e268a6be392bf084558e9b07d29bb6b752b756f98e8_amd64",
            "9Base-Cryostat-4:cryostat/cryostat-agent-init-rhel9@sha256:d6d38a85fabf58e7dabcc9088f0c5271f1f03616e883175ad67081232fd08189_arm64",
            "9Base-Cryostat-4:cryostat/cryostat-db-rhel9@sha256:98289ddd46c3b9e3ed22cb76f4f5372b28d84637f84e0e24fcfd75f1b6cdfc4c_arm64",
            "9Base-Cryostat-4:cryostat/cryostat-db-rhel9@sha256:a598e40bbe2ce6243d1eb583dc57041c4ced8a4a5bcba2d0a4f9d8decc8bfb5e_amd64",
            "9Base-Cryostat-4:cryostat/cryostat-grafana-dashboard-rhel9@sha256:1b2c837ef2ae61f187d4d3b7be3f9fb3a2f8910d99a5b7d02929edb993631cc9_amd64",
            "9Base-Cryostat-4:cryostat/cryostat-grafana-dashboard-rhel9@sha256:7c1d1bee4b41222a89ccff05f96c718c230779cd123c33ce5150c1c6df69abe4_arm64",
            "9Base-Cryostat-4:cryostat/cryostat-openshift-console-plugin-rhel9@sha256:04c736cd3efff1a2d894bd7bfb2d982cc2de938aeb859ce01fe5c237275305a5_amd64",
            "9Base-Cryostat-4:cryostat/cryostat-openshift-console-plugin-rhel9@sha256:72e93e32df5c0af848dfae42aee3633069df0cbdaacfc4bb9c68b54a161c1bd9_arm64",
            "9Base-Cryostat-4:cryostat/cryostat-operator-bundle@sha256:52f04cfb6bbc0a04ef61a1d061e45dc4a44e98fba9413961d69a6a97cf45e084_amd64",
            "9Base-Cryostat-4:cryostat/cryostat-operator-bundle@sha256:808f35402b5b20c395a26436d6a121fb8e81ff56fd6a60e8e84ad8e4f64d37d4_arm64",
            "9Base-Cryostat-4:cryostat/cryostat-ose-oauth-proxy-rhel9@sha256:a049c80f0fdbdd21ee6513c703b057aae78259e2077357b84a3faf01a002db1f_amd64",
            "9Base-Cryostat-4:cryostat/cryostat-ose-oauth-proxy-rhel9@sha256:de2537a6036e88a9eb3821851b1f8e3fcaa069d46f18e9a999848058c2923872_arm64",
            "9Base-Cryostat-4:cryostat/cryostat-reports-rhel9@sha256:2eef8c97381bc0c8418be415384f2cef5b59bcc2f286fe65fc18873d8719c628_arm64",
            "9Base-Cryostat-4:cryostat/cryostat-reports-rhel9@sha256:577db510c36a906d7583f9daec87f1df593167ecaac881573a9fb9511e7786c0_amd64",
            "9Base-Cryostat-4:cryostat/cryostat-rhel9-operator@sha256:a2b8104352ac48cf5a076e0a4ab48e435535913e1f0301ba69bc7c4ff1ea70c2_amd64",
            "9Base-Cryostat-4:cryostat/cryostat-rhel9-operator@sha256:a4dd6911c3fcd3b1fffcb24b54f798cfd1f1113020556685333d8c8e3857a9ca_arm64",
            "9Base-Cryostat-4:cryostat/cryostat-rhel9@sha256:54fd86c9f83b0a690b5a2effd8bb1c1a91440c284f5c7c64a603bb62bb915e6f_arm64",
            "9Base-Cryostat-4:cryostat/cryostat-rhel9@sha256:813522e91ba44510abfb6802cfbfe0dbdde1df678fb72c0954458d9485ff9469_amd64",
            "9Base-Cryostat-4:cryostat/cryostat-storage-rhel9@sha256:0468feecc78f056ed30ab07ec3d8b53d0be37f4a00d49009ea6e3f9b20c9c509_arm64",
            "9Base-Cryostat-4:cryostat/cryostat-storage-rhel9@sha256:415e55fd5a49c4de08af32f2efa76de4f5bbeeb48e868de5f8cdb79d7c8ce526_amd64",
            "9Base-Cryostat-4:cryostat/jfr-datasource-rhel9@sha256:36f0386024588220c316c6dcc442a709491d5d6adb217ae1dd8dd1aca7c6b94a_amd64",
            "9Base-Cryostat-4:cryostat/jfr-datasource-rhel9@sha256:3c714df80db3d94b1e70cd81fd70b5f012f5e85b9cc974d8a56d0eb59174a823_arm64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "9Base-Cryostat-4:cryostat/cryostat-agent-init-rhel9@sha256:0e5ffd83db750fb85c1e6e268a6be392bf084558e9b07d29bb6b752b756f98e8_amd64",
            "9Base-Cryostat-4:cryostat/cryostat-agent-init-rhel9@sha256:d6d38a85fabf58e7dabcc9088f0c5271f1f03616e883175ad67081232fd08189_arm64",
            "9Base-Cryostat-4:cryostat/cryostat-db-rhel9@sha256:98289ddd46c3b9e3ed22cb76f4f5372b28d84637f84e0e24fcfd75f1b6cdfc4c_arm64",
            "9Base-Cryostat-4:cryostat/cryostat-db-rhel9@sha256:a598e40bbe2ce6243d1eb583dc57041c4ced8a4a5bcba2d0a4f9d8decc8bfb5e_amd64",
            "9Base-Cryostat-4:cryostat/cryostat-grafana-dashboard-rhel9@sha256:1b2c837ef2ae61f187d4d3b7be3f9fb3a2f8910d99a5b7d02929edb993631cc9_amd64",
            "9Base-Cryostat-4:cryostat/cryostat-grafana-dashboard-rhel9@sha256:7c1d1bee4b41222a89ccff05f96c718c230779cd123c33ce5150c1c6df69abe4_arm64",
            "9Base-Cryostat-4:cryostat/cryostat-openshift-console-plugin-rhel9@sha256:04c736cd3efff1a2d894bd7bfb2d982cc2de938aeb859ce01fe5c237275305a5_amd64",
            "9Base-Cryostat-4:cryostat/cryostat-openshift-console-plugin-rhel9@sha256:72e93e32df5c0af848dfae42aee3633069df0cbdaacfc4bb9c68b54a161c1bd9_arm64",
            "9Base-Cryostat-4:cryostat/cryostat-operator-bundle@sha256:52f04cfb6bbc0a04ef61a1d061e45dc4a44e98fba9413961d69a6a97cf45e084_amd64",
            "9Base-Cryostat-4:cryostat/cryostat-operator-bundle@sha256:808f35402b5b20c395a26436d6a121fb8e81ff56fd6a60e8e84ad8e4f64d37d4_arm64",
            "9Base-Cryostat-4:cryostat/cryostat-ose-oauth-proxy-rhel9@sha256:a049c80f0fdbdd21ee6513c703b057aae78259e2077357b84a3faf01a002db1f_amd64",
            "9Base-Cryostat-4:cryostat/cryostat-ose-oauth-proxy-rhel9@sha256:de2537a6036e88a9eb3821851b1f8e3fcaa069d46f18e9a999848058c2923872_arm64",
            "9Base-Cryostat-4:cryostat/cryostat-reports-rhel9@sha256:2eef8c97381bc0c8418be415384f2cef5b59bcc2f286fe65fc18873d8719c628_arm64",
            "9Base-Cryostat-4:cryostat/cryostat-reports-rhel9@sha256:577db510c36a906d7583f9daec87f1df593167ecaac881573a9fb9511e7786c0_amd64",
            "9Base-Cryostat-4:cryostat/cryostat-rhel9-operator@sha256:a2b8104352ac48cf5a076e0a4ab48e435535913e1f0301ba69bc7c4ff1ea70c2_amd64",
            "9Base-Cryostat-4:cryostat/cryostat-rhel9-operator@sha256:a4dd6911c3fcd3b1fffcb24b54f798cfd1f1113020556685333d8c8e3857a9ca_arm64",
            "9Base-Cryostat-4:cryostat/cryostat-rhel9@sha256:54fd86c9f83b0a690b5a2effd8bb1c1a91440c284f5c7c64a603bb62bb915e6f_arm64",
            "9Base-Cryostat-4:cryostat/cryostat-rhel9@sha256:813522e91ba44510abfb6802cfbfe0dbdde1df678fb72c0954458d9485ff9469_amd64",
            "9Base-Cryostat-4:cryostat/cryostat-storage-rhel9@sha256:0468feecc78f056ed30ab07ec3d8b53d0be37f4a00d49009ea6e3f9b20c9c509_arm64",
            "9Base-Cryostat-4:cryostat/cryostat-storage-rhel9@sha256:415e55fd5a49c4de08af32f2efa76de4f5bbeeb48e868de5f8cdb79d7c8ce526_amd64",
            "9Base-Cryostat-4:cryostat/jfr-datasource-rhel9@sha256:36f0386024588220c316c6dcc442a709491d5d6adb217ae1dd8dd1aca7c6b94a_amd64",
            "9Base-Cryostat-4:cryostat/jfr-datasource-rhel9@sha256:3c714df80db3d94b1e70cd81fd70b5f012f5e85b9cc974d8a56d0eb59174a823_arm64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "netty: netty-codec-http2: Netty MadeYouReset HTTP/2 DDoS Vulnerability"
    }
  ]
}

GHSA-H2P8-37QR-QFR9

Vulnerability from github – Published: 2025-08-20 18:30 – Updated: 2025-08-20 18:30

Details

Severity ?

5.9 (Medium)


                  
                    CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2025-8415"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-289"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-08-20T17:15:37Z",
    "severity": "MODERATE"
  },
  "details": "A vulnerability was found in the Cryostat HTTP API. Cryostat\u0027s HTTP API binds to all network interfaces, allowing possible external visibility and access to the API port if Network Policies are disabled, allowing an unauthenticated, malicious attacker to jeopardize the environment.",
  "id": "GHSA-h2p8-37qr-qfr9",
  "modified": "2025-08-20T18:30:22Z",
  "published": "2025-08-20T18:30:22Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-8415"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/security/cve/CVE-2025-8415"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2385773"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N",
      "type": "CVSS_V3"
    }
  ]
}

FKIE_CVE-2025-8415

Vulnerability from fkie_nvd - Published: 2025-08-20 17:15 - Updated: 2025-09-03 04:16

Severity ?

5.9 (Medium) - CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N

Summary

References

	URL	Tags
	secalert@redhat.com	https://access.redhat.com/errata/RHSA-2025:14919
	secalert@redhat.com	https://access.redhat.com/security/cve/CVE-2025-8415
	secalert@redhat.com	https://bugzilla.redhat.com/show_bug.cgi?id=2385773

Impacted products

	Vendor	Product	Version

JSON

To clipboard

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A vulnerability was found in the Cryostat HTTP API. Cryostat\u0027s HTTP API binds to all network interfaces, allowing possible external visibility and access to the API port if Network Policies are disabled, allowing an unauthenticated, malicious attacker to jeopardize the environment."
    },
    {
      "lang": "es",
      "value": "Se detect\u00f3 una vulnerabilidad en Cryostat HTTP API. Cryostat HTTP API se vincula a todas las interfaces de red, lo que permite visibilidad externa y acceso al puerto de la API si las pol\u00edticas de red est\u00e1n deshabilitadas, lo que permite que un atacante malicioso no autenticado ponga en peligro el entorno."
    }
  ],
  "id": "CVE-2025-8415",
  "lastModified": "2025-09-03T04:16:06.033",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.9,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 0.7,
        "impactScore": 5.2,
        "source": "secalert@redhat.com",
        "type": "Secondary"
      }
    ]
  },
  "published": "2025-08-20T17:15:37.953",
  "references": [
    {
      "source": "secalert@redhat.com",
      "url": "https://access.redhat.com/errata/RHSA-2025:14919"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://access.redhat.com/security/cve/CVE-2025-8415"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2385773"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Awaiting Analysis",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-289"
        }
      ],
      "source": "secalert@redhat.com",
      "type": "Secondary"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2025-8415 (GCVE-0-2025-8415)

RHSA-2025:14919

GHSA-H2P8-37QR-QFR9

FKIE_CVE-2025-8415

Tags

Sightings

Nomenclature