csaf_redhat - rhsa-2025:22428

RHSA-2025:22428

Vulnerability from csaf_redhat - Published: 2025-12-01 14:29 - Updated: 2025-12-08 22:41

Summary

Red Hat Security Advisory: Cost Management Metrics Operator Update

Notes

Topic

Cost Management Metrics Operator version 4.3.0 release.

Details

The Cost Management Metrics Operator is a component of the Red Hat Cost Managment service for Openshift. The operator runs on the latest supported versions of Openshift. This operator obtains OpenShift usage data by querying Prometheus every hour to create metric reports that it uploads to Cost Management at console.redhat.com.

This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Cost Management Metrics Operator version 4.3.0 release.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "The Cost Management Metrics Operator is a component of the Red Hat Cost Managment service for Openshift.\nThe operator runs on the latest supported versions of Openshift.\nThis operator obtains OpenShift usage data by querying Prometheus every hour to create metric reports\nthat it uploads to Cost Management at console.redhat.com.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2025:22428",
        "url": "https://access.redhat.com/errata/RHSA-2025:22428"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/CVE-2025-9230",
        "url": "https://access.redhat.com/security/cve/CVE-2025-9230"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification",
        "url": "https://access.redhat.com/security/updates/classification"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/",
        "url": "https://access.redhat.com/security/updates/classification/"
      },
      {
        "category": "external",
        "summary": "https://docs.redhat.com/en/documentation/cost_management_service/1-latest/html/getting_started_with_cost_management/steps-to-cost-management",
        "url": "https://docs.redhat.com/en/documentation/cost_management_service/1-latest/html/getting_started_with_cost_management/steps-to-cost-management"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_22428.json"
      }
    ],
    "title": "Red Hat Security Advisory: Cost Management Metrics Operator Update",
    "tracking": {
      "current_release_date": "2025-12-08T22:41:27+00:00",
      "generator": {
        "date": "2025-12-08T22:41:27+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.6.13"
        }
      },
      "id": "RHSA-2025:22428",
      "initial_release_date": "2025-12-01T14:29:00+00:00",
      "revision_history": [
        {
          "date": "2025-12-01T14:29:00+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2025-12-01T14:29:05+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2025-12-08T22:41:27+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Cost Management Metrics Operator 4",
                "product": {
                  "name": "Cost Management Metrics Operator 4",
                  "product_id": "Cost Management Metrics Operator 4",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:cost_management:4::el9"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Cost Management Metrics Operator"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "registry.redhat.io/costmanagement/costmanagement-metrics-rhel9-operator@sha256:b6659ceb8da0da180c9a6931accc4f94c217eb1bd80a95b3306d0032751254d3_amd64",
                "product": {
                  "name": "registry.redhat.io/costmanagement/costmanagement-metrics-rhel9-operator@sha256:b6659ceb8da0da180c9a6931accc4f94c217eb1bd80a95b3306d0032751254d3_amd64",
                  "product_id": "registry.redhat.io/costmanagement/costmanagement-metrics-rhel9-operator@sha256:b6659ceb8da0da180c9a6931accc4f94c217eb1bd80a95b3306d0032751254d3_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/costmanagement-metrics-rhel9-operator@sha256%3Ab6659ceb8da0da180c9a6931accc4f94c217eb1bd80a95b3306d0032751254d3?arch=amd64\u0026repository_url=registry.redhat.io/costmanagement\u0026tag=4.3.0-1763050722"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "registry.redhat.io/costmanagement/costmanagement-metrics-operator-bundle@sha256:9cf11bd854c76e2b344c0072ae8487acde31f6fb50e2c47937f95186146f40e6_amd64",
                "product": {
                  "name": "registry.redhat.io/costmanagement/costmanagement-metrics-operator-bundle@sha256:9cf11bd854c76e2b344c0072ae8487acde31f6fb50e2c47937f95186146f40e6_amd64",
                  "product_id": "registry.redhat.io/costmanagement/costmanagement-metrics-operator-bundle@sha256:9cf11bd854c76e2b344c0072ae8487acde31f6fb50e2c47937f95186146f40e6_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/costmanagement-metrics-operator-bundle@sha256%3A9cf11bd854c76e2b344c0072ae8487acde31f6fb50e2c47937f95186146f40e6?arch=amd64\u0026repository_url=registry.redhat.io/costmanagement\u0026tag=4.3.0-1763051857"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "amd64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "registry.redhat.io/costmanagement/costmanagement-metrics-rhel9-operator@sha256:e11b885070b38930eec5513b36ee7611560c59beef840dd8b6a3b2b553f77044_arm64",
                "product": {
                  "name": "registry.redhat.io/costmanagement/costmanagement-metrics-rhel9-operator@sha256:e11b885070b38930eec5513b36ee7611560c59beef840dd8b6a3b2b553f77044_arm64",
                  "product_id": "registry.redhat.io/costmanagement/costmanagement-metrics-rhel9-operator@sha256:e11b885070b38930eec5513b36ee7611560c59beef840dd8b6a3b2b553f77044_arm64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/costmanagement-metrics-rhel9-operator@sha256%3Ae11b885070b38930eec5513b36ee7611560c59beef840dd8b6a3b2b553f77044?arch=arm64\u0026repository_url=registry.redhat.io/costmanagement\u0026tag=4.3.0-1763050722"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "arm64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "registry.redhat.io/costmanagement/costmanagement-metrics-rhel9-operator@sha256:d8d365fc13179f87482fbca90e7e01a444278f34ba81c88f6e28a0fbd19cbd98_ppc64le",
                "product": {
                  "name": "registry.redhat.io/costmanagement/costmanagement-metrics-rhel9-operator@sha256:d8d365fc13179f87482fbca90e7e01a444278f34ba81c88f6e28a0fbd19cbd98_ppc64le",
                  "product_id": "registry.redhat.io/costmanagement/costmanagement-metrics-rhel9-operator@sha256:d8d365fc13179f87482fbca90e7e01a444278f34ba81c88f6e28a0fbd19cbd98_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/costmanagement-metrics-rhel9-operator@sha256%3Ad8d365fc13179f87482fbca90e7e01a444278f34ba81c88f6e28a0fbd19cbd98?arch=ppc64le\u0026repository_url=registry.redhat.io/costmanagement\u0026tag=4.3.0-1763050722"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "registry.redhat.io/costmanagement/costmanagement-metrics-rhel9-operator@sha256:b68a956a3f792ab780d3732e86bb3a081560464d1e4b2bebd245f19baacb3da0_s390x",
                "product": {
                  "name": "registry.redhat.io/costmanagement/costmanagement-metrics-rhel9-operator@sha256:b68a956a3f792ab780d3732e86bb3a081560464d1e4b2bebd245f19baacb3da0_s390x",
                  "product_id": "registry.redhat.io/costmanagement/costmanagement-metrics-rhel9-operator@sha256:b68a956a3f792ab780d3732e86bb3a081560464d1e4b2bebd245f19baacb3da0_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/costmanagement-metrics-rhel9-operator@sha256%3Ab68a956a3f792ab780d3732e86bb3a081560464d1e4b2bebd245f19baacb3da0?arch=s390x\u0026repository_url=registry.redhat.io/costmanagement\u0026tag=4.3.0-1763050722"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "registry.redhat.io/costmanagement/costmanagement-metrics-operator-bundle@sha256:9cf11bd854c76e2b344c0072ae8487acde31f6fb50e2c47937f95186146f40e6_amd64 as a component of Cost Management Metrics Operator 4",
          "product_id": "Cost Management Metrics Operator 4:registry.redhat.io/costmanagement/costmanagement-metrics-operator-bundle@sha256:9cf11bd854c76e2b344c0072ae8487acde31f6fb50e2c47937f95186146f40e6_amd64"
        },
        "product_reference": "registry.redhat.io/costmanagement/costmanagement-metrics-operator-bundle@sha256:9cf11bd854c76e2b344c0072ae8487acde31f6fb50e2c47937f95186146f40e6_amd64",
        "relates_to_product_reference": "Cost Management Metrics Operator 4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "registry.redhat.io/costmanagement/costmanagement-metrics-rhel9-operator@sha256:b6659ceb8da0da180c9a6931accc4f94c217eb1bd80a95b3306d0032751254d3_amd64 as a component of Cost Management Metrics Operator 4",
          "product_id": "Cost Management Metrics Operator 4:registry.redhat.io/costmanagement/costmanagement-metrics-rhel9-operator@sha256:b6659ceb8da0da180c9a6931accc4f94c217eb1bd80a95b3306d0032751254d3_amd64"
        },
        "product_reference": "registry.redhat.io/costmanagement/costmanagement-metrics-rhel9-operator@sha256:b6659ceb8da0da180c9a6931accc4f94c217eb1bd80a95b3306d0032751254d3_amd64",
        "relates_to_product_reference": "Cost Management Metrics Operator 4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "registry.redhat.io/costmanagement/costmanagement-metrics-rhel9-operator@sha256:b68a956a3f792ab780d3732e86bb3a081560464d1e4b2bebd245f19baacb3da0_s390x as a component of Cost Management Metrics Operator 4",
          "product_id": "Cost Management Metrics Operator 4:registry.redhat.io/costmanagement/costmanagement-metrics-rhel9-operator@sha256:b68a956a3f792ab780d3732e86bb3a081560464d1e4b2bebd245f19baacb3da0_s390x"
        },
        "product_reference": "registry.redhat.io/costmanagement/costmanagement-metrics-rhel9-operator@sha256:b68a956a3f792ab780d3732e86bb3a081560464d1e4b2bebd245f19baacb3da0_s390x",
        "relates_to_product_reference": "Cost Management Metrics Operator 4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "registry.redhat.io/costmanagement/costmanagement-metrics-rhel9-operator@sha256:d8d365fc13179f87482fbca90e7e01a444278f34ba81c88f6e28a0fbd19cbd98_ppc64le as a component of Cost Management Metrics Operator 4",
          "product_id": "Cost Management Metrics Operator 4:registry.redhat.io/costmanagement/costmanagement-metrics-rhel9-operator@sha256:d8d365fc13179f87482fbca90e7e01a444278f34ba81c88f6e28a0fbd19cbd98_ppc64le"
        },
        "product_reference": "registry.redhat.io/costmanagement/costmanagement-metrics-rhel9-operator@sha256:d8d365fc13179f87482fbca90e7e01a444278f34ba81c88f6e28a0fbd19cbd98_ppc64le",
        "relates_to_product_reference": "Cost Management Metrics Operator 4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "registry.redhat.io/costmanagement/costmanagement-metrics-rhel9-operator@sha256:e11b885070b38930eec5513b36ee7611560c59beef840dd8b6a3b2b553f77044_arm64 as a component of Cost Management Metrics Operator 4",
          "product_id": "Cost Management Metrics Operator 4:registry.redhat.io/costmanagement/costmanagement-metrics-rhel9-operator@sha256:e11b885070b38930eec5513b36ee7611560c59beef840dd8b6a3b2b553f77044_arm64"
        },
        "product_reference": "registry.redhat.io/costmanagement/costmanagement-metrics-rhel9-operator@sha256:e11b885070b38930eec5513b36ee7611560c59beef840dd8b6a3b2b553f77044_arm64",
        "relates_to_product_reference": "Cost Management Metrics Operator 4"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2025-9230",
      "cwe": {
        "id": "CWE-125",
        "name": "Out-of-bounds Read"
      },
      "discovery_date": "2025-09-17T12:15:34.387000+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "Cost Management Metrics Operator 4:registry.redhat.io/costmanagement/costmanagement-metrics-operator-bundle@sha256:9cf11bd854c76e2b344c0072ae8487acde31f6fb50e2c47937f95186146f40e6_amd64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2396054"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "openssl: Out-of-bounds read \u0026 write in RFC 3211 KEK Unwrap",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "The vulnerability was rated as Moderate because, while the potential impact includes an application level denial of service and possible arbitrary code execution, successful exploitation is considered unlikely due to the high attack complexity and the fact that password-based CMS encryption (PWRI) is rarely used in real-world deployments.\n\nWithin regulated environments, a combination of the following controls acts as a significant barrier to successful exploitation of a CWE-787: Out-of-bounds Write or a CWE-125: Out-of-bounds Read vulnerability, and therefore downgrades the severity of this particular CVE from Moderate to Low.\n\nThe platform enforces hardening guidelines and baseline configurations to ensure secure system and software settings, while least functionality reduces the attack surface by disabling unnecessary services and ports. Rigorous development practices, including static analysis, input validation, and error handling, detect and mitigate memory vulnerabilities before deployment. Process isolation and memory protection mechanisms such as Data Execution Prevention (DEP) and Address Space Layout Randomization (ASLR) preserve memory integrity by confining faults to individual workloads and preventing unauthorized access. Malicious code protections and continuous system monitoring detect anomalous memory activity and exploitation attempts, reducing the likelihood and impact of out-of-bounds read and write vulnerabilities.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Cost Management Metrics Operator 4:registry.redhat.io/costmanagement/costmanagement-metrics-rhel9-operator@sha256:b6659ceb8da0da180c9a6931accc4f94c217eb1bd80a95b3306d0032751254d3_amd64",
          "Cost Management Metrics Operator 4:registry.redhat.io/costmanagement/costmanagement-metrics-rhel9-operator@sha256:b68a956a3f792ab780d3732e86bb3a081560464d1e4b2bebd245f19baacb3da0_s390x",
          "Cost Management Metrics Operator 4:registry.redhat.io/costmanagement/costmanagement-metrics-rhel9-operator@sha256:d8d365fc13179f87482fbca90e7e01a444278f34ba81c88f6e28a0fbd19cbd98_ppc64le",
          "Cost Management Metrics Operator 4:registry.redhat.io/costmanagement/costmanagement-metrics-rhel9-operator@sha256:e11b885070b38930eec5513b36ee7611560c59beef840dd8b6a3b2b553f77044_arm64"
        ],
        "known_not_affected": [
          "Cost Management Metrics Operator 4:registry.redhat.io/costmanagement/costmanagement-metrics-operator-bundle@sha256:9cf11bd854c76e2b344c0072ae8487acde31f6fb50e2c47937f95186146f40e6_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2025-9230"
        },
        {
          "category": "external",
          "summary": "RHBZ#2396054",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2396054"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2025-9230",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-9230"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-9230",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-9230"
        }
      ],
      "release_date": "2025-09-30T23:59:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2025-12-01T14:29:00+00:00",
          "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://docs.openshift.com/container-platform/latest/operators/admin/olm-upgrading-operators.html",
          "product_ids": [
            "Cost Management Metrics Operator 4:registry.redhat.io/costmanagement/costmanagement-metrics-rhel9-operator@sha256:b6659ceb8da0da180c9a6931accc4f94c217eb1bd80a95b3306d0032751254d3_amd64",
            "Cost Management Metrics Operator 4:registry.redhat.io/costmanagement/costmanagement-metrics-rhel9-operator@sha256:b68a956a3f792ab780d3732e86bb3a081560464d1e4b2bebd245f19baacb3da0_s390x",
            "Cost Management Metrics Operator 4:registry.redhat.io/costmanagement/costmanagement-metrics-rhel9-operator@sha256:d8d365fc13179f87482fbca90e7e01a444278f34ba81c88f6e28a0fbd19cbd98_ppc64le",
            "Cost Management Metrics Operator 4:registry.redhat.io/costmanagement/costmanagement-metrics-rhel9-operator@sha256:e11b885070b38930eec5513b36ee7611560c59beef840dd8b6a3b2b553f77044_arm64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2025:22428"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
          "product_ids": [
            "Cost Management Metrics Operator 4:registry.redhat.io/costmanagement/costmanagement-metrics-operator-bundle@sha256:9cf11bd854c76e2b344c0072ae8487acde31f6fb50e2c47937f95186146f40e6_amd64",
            "Cost Management Metrics Operator 4:registry.redhat.io/costmanagement/costmanagement-metrics-rhel9-operator@sha256:b6659ceb8da0da180c9a6931accc4f94c217eb1bd80a95b3306d0032751254d3_amd64",
            "Cost Management Metrics Operator 4:registry.redhat.io/costmanagement/costmanagement-metrics-rhel9-operator@sha256:b68a956a3f792ab780d3732e86bb3a081560464d1e4b2bebd245f19baacb3da0_s390x",
            "Cost Management Metrics Operator 4:registry.redhat.io/costmanagement/costmanagement-metrics-rhel9-operator@sha256:d8d365fc13179f87482fbca90e7e01a444278f34ba81c88f6e28a0fbd19cbd98_ppc64le",
            "Cost Management Metrics Operator 4:registry.redhat.io/costmanagement/costmanagement-metrics-rhel9-operator@sha256:e11b885070b38930eec5513b36ee7611560c59beef840dd8b6a3b2b553f77044_arm64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5.6,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.1"
          },
          "products": [
            "Cost Management Metrics Operator 4:registry.redhat.io/costmanagement/costmanagement-metrics-operator-bundle@sha256:9cf11bd854c76e2b344c0072ae8487acde31f6fb50e2c47937f95186146f40e6_amd64",
            "Cost Management Metrics Operator 4:registry.redhat.io/costmanagement/costmanagement-metrics-rhel9-operator@sha256:b6659ceb8da0da180c9a6931accc4f94c217eb1bd80a95b3306d0032751254d3_amd64",
            "Cost Management Metrics Operator 4:registry.redhat.io/costmanagement/costmanagement-metrics-rhel9-operator@sha256:b68a956a3f792ab780d3732e86bb3a081560464d1e4b2bebd245f19baacb3da0_s390x",
            "Cost Management Metrics Operator 4:registry.redhat.io/costmanagement/costmanagement-metrics-rhel9-operator@sha256:d8d365fc13179f87482fbca90e7e01a444278f34ba81c88f6e28a0fbd19cbd98_ppc64le",
            "Cost Management Metrics Operator 4:registry.redhat.io/costmanagement/costmanagement-metrics-rhel9-operator@sha256:e11b885070b38930eec5513b36ee7611560c59beef840dd8b6a3b2b553f77044_arm64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "openssl: Out-of-bounds read \u0026 write in RFC 3211 KEK Unwrap"
    }
  ]
}

CVE-2025-9230 (GCVE-0-2025-9230)

Vulnerability from cvelistv5 – Published: 2025-09-30 13:17 – Updated: 2025-11-04 21:15

Summary

Issue summary: An application trying to decrypt CMS messages encrypted using password based encryption can trigger an out-of-bounds read and write. Impact summary: This out-of-bounds read may trigger a crash which leads to Denial of Service for an application. The out-of-bounds write can cause a memory corruption which can have various consequences including a Denial of Service or Execution of attacker-supplied code. Although the consequences of a successful exploit of this vulnerability could be severe, the probability that the attacker would be able to perform it is low. Besides, password based (PWRI) encryption support in CMS messages is very rarely used. For that reason the issue was assessed as Moderate severity according to our Security Policy. The FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this issue, as the CMS implementation is outside the OpenSSL FIPS module boundary.

Severity ?

No CVSS data available.

CWE

CWE-125 - Out-of-bounds Read
CWE-787 - Out-of-bounds Write

Assigner

openssl

References

URL

Tags

	https://openssl-library.org/news/secadv/20250930.txt	vendor-advisory
	https://github.com/openssl/openssl/commit/bae259a…	patch
	https://github.com/openssl/openssl/commit/9e91358…	patch
	https://github.com/openssl/openssl/commit/5965ea5…	patch
	https://github.com/openssl/openssl/commit/b5282d6…	patch
	https://github.com/openssl/openssl/commit/a79c4ce…	patch
	https://github.openssl.org/openssl/extended-relea…	patch
	https://github.openssl.org/openssl/extended-relea…	patch

Impacted products

	Vendor	Product	Version
	OpenSSL	OpenSSL	Affected: 3.5.0 , < 3.5.4 (semver) Affected: 3.4.0 , < 3.4.3 (semver) Affected: 3.3.0 , < 3.3.5 (semver) Affected: 3.2.0 , < 3.2.6 (semver) Affected: 3.0.0 , < 3.0.18 (semver) Affected: 1.1.1 , < 1.1.1zd (custom) Affected: 1.0.2 , < 1.0.2zm (custom)

Credits

Stanislav Fort (Aisle Research) Stanislav Fort (Aisle Research) Viktor Dukhovni

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 7.5,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2025-9230",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-09-30T19:30:08.302408Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-09-30T19:30:29.803Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-04T21:15:17.295Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00001.html"
          },
          {
            "url": "http://www.openwall.com/lists/oss-security/2025/09/30/5"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "OpenSSL",
          "vendor": "OpenSSL",
          "versions": [
            {
              "lessThan": "3.5.4",
              "status": "affected",
              "version": "3.5.0",
              "versionType": "semver"
            },
            {
              "lessThan": "3.4.3",
              "status": "affected",
              "version": "3.4.0",
              "versionType": "semver"
            },
            {
              "lessThan": "3.3.5",
              "status": "affected",
              "version": "3.3.0",
              "versionType": "semver"
            },
            {
              "lessThan": "3.2.6",
              "status": "affected",
              "version": "3.2.0",
              "versionType": "semver"
            },
            {
              "lessThan": "3.0.18",
              "status": "affected",
              "version": "3.0.0",
              "versionType": "semver"
            },
            {
              "lessThan": "1.1.1zd",
              "status": "affected",
              "version": "1.1.1",
              "versionType": "custom"
            },
            {
              "lessThan": "1.0.2zm",
              "status": "affected",
              "version": "1.0.2",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "Stanislav Fort (Aisle Research)"
        },
        {
          "lang": "en",
          "type": "remediation developer",
          "value": "Stanislav Fort (Aisle Research)"
        },
        {
          "lang": "en",
          "type": "remediation developer",
          "value": "Viktor Dukhovni"
        }
      ],
      "datePublic": "2025-09-30T14:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Issue summary: An application trying to decrypt CMS messages encrypted using\u003cbr\u003epassword based encryption can trigger an out-of-bounds read and write.\u003cbr\u003e\u003cbr\u003eImpact summary: This out-of-bounds read may trigger a crash which leads to\u003cbr\u003eDenial of Service for an application. The out-of-bounds write can cause\u003cbr\u003ea memory corruption which can have various consequences including\u003cbr\u003ea Denial of Service or Execution of attacker-supplied code.\u003cbr\u003e\u003cbr\u003eAlthough the consequences of a successful exploit of this vulnerability\u003cbr\u003ecould be severe, the probability that the attacker would be able to\u003cbr\u003eperform it is low. Besides, password based (PWRI) encryption support in CMS\u003cbr\u003emessages is very rarely used. For that reason the issue was assessed as\u003cbr\u003eModerate severity according to our Security Policy.\u003cbr\u003e\u003cbr\u003eThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\u003cbr\u003eissue, as the CMS implementation is outside the OpenSSL FIPS module\u003cbr\u003eboundary."
            }
          ],
          "value": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary."
        }
      ],
      "metrics": [
        {
          "format": "other",
          "other": {
            "content": {
              "text": "Moderate"
            },
            "type": "https://openssl-library.org/policies/general/security-policy/"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-125",
              "description": "CWE-125 Out-of-bounds Read",
              "lang": "en",
              "type": "CWE"
            },
            {
              "cweId": "CWE-787",
              "description": "CWE-787 Out-of-bounds Write",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-09-30T13:17:00.808Z",
        "orgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
        "shortName": "openssl"
      },
      "references": [
        {
          "name": "OpenSSL Advisory",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://openssl-library.org/news/secadv/20250930.txt"
        },
        {
          "name": "3.5.4 git commit",
          "tags": [
            "patch"
          ],
          "url": "https://github.com/openssl/openssl/commit/bae259a211ada6315dc50900686daaaaaa55f482"
        },
        {
          "name": "3.4.3 git commit",
          "tags": [
            "patch"
          ],
          "url": "https://github.com/openssl/openssl/commit/9e91358f365dee6c446dcdcdb01c04d2743fd280"
        },
        {
          "name": "3.3.5 git commit",
          "tags": [
            "patch"
          ],
          "url": "https://github.com/openssl/openssl/commit/5965ea5dd6960f36d8b7f74f8eac67a8eb8f2b45"
        },
        {
          "name": "3.2.6 git commit",
          "tags": [
            "patch"
          ],
          "url": "https://github.com/openssl/openssl/commit/b5282d677551afda7d20e9c00e09561b547b2dfd"
        },
        {
          "name": "3.0.18 git commit",
          "tags": [
            "patch"
          ],
          "url": "https://github.com/openssl/openssl/commit/a79c4ce559c6a3a8fd4109e9f33c1185d5bf2def"
        },
        {
          "name": "1.1.1zd git commit",
          "tags": [
            "patch"
          ],
          "url": "https://github.openssl.org/openssl/extended-releases/commit/dfbaf161d8dafc1132dd88cd48ad990ed9b4c8ba"
        },
        {
          "name": "1.0.2zm git commit",
          "tags": [
            "patch"
          ],
          "url": "https://github.openssl.org/openssl/extended-releases/commit/c2b96348bfa662f25f4fabf81958ae822063dae3"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Out-of-bounds read \u0026 write in RFC 3211 KEK Unwrap",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
    "assignerShortName": "openssl",
    "cveId": "CVE-2025-9230",
    "datePublished": "2025-09-30T13:17:00.808Z",
    "dateReserved": "2025-08-20T08:38:07.678Z",
    "dateUpdated": "2025-11-04T21:15:17.295Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

RHSA-2025:22428

CVE-2025-9230 (GCVE-0-2025-9230)

Tags

Sightings

Nomenclature