Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2025-65637 (GCVE-0-2025-65637)
Vulnerability from cvelistv5 – Published: 2025-12-04 00:00 – Updated: 2025-12-05 21:52
VLAI?
EPSS
Summary
A denial-of-service vulnerability exists in github.com/sirupsen/logrus when using Entry.Writer() to log a single-line payload larger than 64KB without newline characters. Due to limitations in the internal bufio.Scanner, the read fails with "token too long" and the writer pipe is closed, leaving Writer() unusable and causing application unavailability (DoS). This affects versions < 1.8.3, 1.9.0, and 1.9.2. The issue is fixed in 1.8.3, 1.9.1, and 1.9.3+, where the input is chunked and the writer continues to function even if an error is logged.
Severity ?
7.5 (High)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-65637",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-05T21:52:30.561592Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400 Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-05T21:52:59.784Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A denial-of-service vulnerability exists in github.com/sirupsen/logrus when using Entry.Writer() to log a single-line payload larger than 64KB without newline characters. Due to limitations in the internal bufio.Scanner, the read fails with \"token too long\" and the writer pipe is closed, leaving Writer() unusable and causing application unavailability (DoS). This affects versions \u003c 1.8.3, 1.9.0, and 1.9.2. The issue is fixed in 1.8.3, 1.9.1, and 1.9.3+, where the input is chunked and the writer continues to function even if an error is logged."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-04T18:17:04.939Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/mjuanxd/logrus-dos-poc"
},
{
"url": "https://github.com/sirupsen/logrus/issues/1370"
},
{
"url": "https://github.com/sirupsen/logrus/pull/1376"
},
{
"url": "https://github.com/sirupsen/logrus/releases/tag/v1.8.3"
},
{
"url": "https://github.com/sirupsen/logrus/releases/tag/v1.9.1"
},
{
"url": "https://github.com/sirupsen/logrus/releases/tag/v1.9.3"
},
{
"url": "https://security.snyk.io/vuln/SNYK-GOLANG-GITHUBCOMSIRUPSENLOGRUS-5564391"
},
{
"url": "https://github.com/mjuanxd/logrus-dos-poc/blob/main/README.md"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2025-65637",
"datePublished": "2025-12-04T00:00:00.000Z",
"dateReserved": "2025-11-18T00:00:00.000Z",
"dateUpdated": "2025-12-05T21:52:59.784Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2025-65637\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2025-12-04T19:16:05.223\",\"lastModified\":\"2025-12-23T00:26:00.703\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A denial-of-service vulnerability exists in github.com/sirupsen/logrus when using Entry.Writer() to log a single-line payload larger than 64KB without newline characters. Due to limitations in the internal bufio.Scanner, the read fails with \\\"token too long\\\" and the writer pipe is closed, leaving Writer() unusable and causing application unavailability (DoS). This affects versions \u003c 1.8.3, 1.9.0, and 1.9.2. The issue is fixed in 1.8.3, 1.9.1, and 1.9.3+, where the input is chunked and the writer continues to function even if an error is logged.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-400\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:turbopuffer:logrus:*:*:*:*:*:go:*:*\",\"versionEndExcluding\":\"1.8.3\",\"matchCriteriaId\":\"B302F48C-A8EA-4FAB-B151-F8492365896C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:turbopuffer:logrus:1.9.0:*:*:*:*:go:*:*\",\"matchCriteriaId\":\"25373732-88E0-4824-B243-9C1E82608B1C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:turbopuffer:logrus:1.9.2:*:*:*:*:go:*:*\",\"matchCriteriaId\":\"E59CDE4C-3669-4EA6-AA2D-9BE99FDEC497\"}]}]}],\"references\":[{\"url\":\"https://github.com/mjuanxd/logrus-dos-poc\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/mjuanxd/logrus-dos-poc/blob/main/README.md\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/sirupsen/logrus/issues/1370\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Issue Tracking\",\"Patch\"]},{\"url\":\"https://github.com/sirupsen/logrus/pull/1376\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\",\"Patch\"]},{\"url\":\"https://github.com/sirupsen/logrus/releases/tag/v1.8.3\",\"source\":\"cve@mitre.org\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://github.com/sirupsen/logrus/releases/tag/v1.9.1\",\"source\":\"cve@mitre.org\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://github.com/sirupsen/logrus/releases/tag/v1.9.3\",\"source\":\"cve@mitre.org\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://security.snyk.io/vuln/SNYK-GOLANG-GITHUBCOMSIRUPSENLOGRUS-5564391\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.5, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"NONE\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-65637\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-12-05T21:52:30.561592Z\"}}}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-400\", \"description\": \"CWE-400 Uncontrolled Resource Consumption\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-12-05T21:52:53.941Z\"}}], \"cna\": {\"affected\": [{\"vendor\": \"n/a\", \"product\": \"n/a\", \"versions\": [{\"status\": \"affected\", \"version\": \"n/a\"}]}], \"references\": [{\"url\": \"https://github.com/mjuanxd/logrus-dos-poc\"}, {\"url\": \"https://github.com/sirupsen/logrus/issues/1370\"}, {\"url\": \"https://github.com/sirupsen/logrus/pull/1376\"}, {\"url\": \"https://github.com/sirupsen/logrus/releases/tag/v1.8.3\"}, {\"url\": \"https://github.com/sirupsen/logrus/releases/tag/v1.9.1\"}, {\"url\": \"https://github.com/sirupsen/logrus/releases/tag/v1.9.3\"}, {\"url\": \"https://security.snyk.io/vuln/SNYK-GOLANG-GITHUBCOMSIRUPSENLOGRUS-5564391\"}, {\"url\": \"https://github.com/mjuanxd/logrus-dos-poc/blob/main/README.md\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"A denial-of-service vulnerability exists in github.com/sirupsen/logrus when using Entry.Writer() to log a single-line payload larger than 64KB without newline characters. Due to limitations in the internal bufio.Scanner, the read fails with \\\"token too long\\\" and the writer pipe is closed, leaving Writer() unusable and causing application unavailability (DoS). This affects versions \u003c 1.8.3, 1.9.0, and 1.9.2. The issue is fixed in 1.8.3, 1.9.1, and 1.9.3+, where the input is chunked and the writer continues to function even if an error is logged.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"text\", \"description\": \"n/a\"}]}], \"providerMetadata\": {\"orgId\": \"8254265b-2729-46b6-b9e3-3dfca2d5bfca\", \"shortName\": \"mitre\", \"dateUpdated\": \"2025-12-04T18:17:04.939Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2025-65637\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-12-05T21:52:59.784Z\", \"dateReserved\": \"2025-11-18T00:00:00.000Z\", \"assignerOrgId\": \"8254265b-2729-46b6-b9e3-3dfca2d5bfca\", \"datePublished\": \"2025-12-04T00:00:00.000Z\", \"assignerShortName\": \"mitre\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
RHSA-2026:0425
Vulnerability from csaf_redhat - Published: 2026-01-12 03:43 - Updated: 2026-01-14 09:12Summary
Red Hat Security Advisory: runc security update
Notes
Topic
An update for runc is now available for Red Hat Enterprise Linux 9.4 Extended Update Support.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
The runC tool is a lightweight, portable implementation of the Open Container Format (OCF) that provides container runtime.
Security Fix(es):
* runc: container escape via 'masked path' abuse due to mount race conditions (CVE-2025-31133)
* runc: container escape with malicious config due to /dev/console mount and related races (CVE-2025-52565)
* runc: container escape and denial of service due to arbitrary write gadgets and procfs write redirects (CVE-2025-52881)
* github.com/sirupsen/logrus: github.com/sirupsen/logrus: Denial-of-Service due to large single-line payload (CVE-2025-65637)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for runc is now available for Red Hat Enterprise Linux 9.4 Extended Update Support.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The runC tool is a lightweight, portable implementation of the Open Container Format (OCF) that provides container runtime.\n\nSecurity Fix(es):\n\n* runc: container escape via \u0027masked path\u0027 abuse due to mount race conditions (CVE-2025-31133)\n\n* runc: container escape with malicious config due to /dev/console mount and related races (CVE-2025-52565)\n\n* runc: container escape and denial of service due to arbitrary write gadgets and procfs write redirects (CVE-2025-52881)\n\n* github.com/sirupsen/logrus: github.com/sirupsen/logrus: Denial-of-Service due to large single-line payload (CVE-2025-65637)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:0425",
"url": "https://access.redhat.com/errata/RHSA-2026:0425"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2404705",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2404705"
},
{
"category": "external",
"summary": "2404708",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2404708"
},
{
"category": "external",
"summary": "2404715",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2404715"
},
{
"category": "external",
"summary": "2418900",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2418900"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_0425.json"
}
],
"title": "Red Hat Security Advisory: runc security update",
"tracking": {
"current_release_date": "2026-01-14T09:12:41+00:00",
"generator": {
"date": "2026-01-14T09:12:41+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.15"
}
},
"id": "RHSA-2026:0425",
"initial_release_date": "2026-01-12T03:43:04+00:00",
"revision_history": [
{
"date": "2026-01-12T03:43:04+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-01-12T03:43:04+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-01-14T09:12:41+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product": {
"name": "Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_eus:9.4::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "runc-4:1.2.9-1.el9_4.src",
"product": {
"name": "runc-4:1.2.9-1.el9_4.src",
"product_id": "runc-4:1.2.9-1.el9_4.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/runc@1.2.9-1.el9_4?arch=src\u0026epoch=4"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "runc-4:1.2.9-1.el9_4.aarch64",
"product": {
"name": "runc-4:1.2.9-1.el9_4.aarch64",
"product_id": "runc-4:1.2.9-1.el9_4.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/runc@1.2.9-1.el9_4?arch=aarch64\u0026epoch=4"
}
}
},
{
"category": "product_version",
"name": "runc-debugsource-4:1.2.9-1.el9_4.aarch64",
"product": {
"name": "runc-debugsource-4:1.2.9-1.el9_4.aarch64",
"product_id": "runc-debugsource-4:1.2.9-1.el9_4.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/runc-debugsource@1.2.9-1.el9_4?arch=aarch64\u0026epoch=4"
}
}
},
{
"category": "product_version",
"name": "runc-debuginfo-4:1.2.9-1.el9_4.aarch64",
"product": {
"name": "runc-debuginfo-4:1.2.9-1.el9_4.aarch64",
"product_id": "runc-debuginfo-4:1.2.9-1.el9_4.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/runc-debuginfo@1.2.9-1.el9_4?arch=aarch64\u0026epoch=4"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "runc-4:1.2.9-1.el9_4.ppc64le",
"product": {
"name": "runc-4:1.2.9-1.el9_4.ppc64le",
"product_id": "runc-4:1.2.9-1.el9_4.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/runc@1.2.9-1.el9_4?arch=ppc64le\u0026epoch=4"
}
}
},
{
"category": "product_version",
"name": "runc-debugsource-4:1.2.9-1.el9_4.ppc64le",
"product": {
"name": "runc-debugsource-4:1.2.9-1.el9_4.ppc64le",
"product_id": "runc-debugsource-4:1.2.9-1.el9_4.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/runc-debugsource@1.2.9-1.el9_4?arch=ppc64le\u0026epoch=4"
}
}
},
{
"category": "product_version",
"name": "runc-debuginfo-4:1.2.9-1.el9_4.ppc64le",
"product": {
"name": "runc-debuginfo-4:1.2.9-1.el9_4.ppc64le",
"product_id": "runc-debuginfo-4:1.2.9-1.el9_4.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/runc-debuginfo@1.2.9-1.el9_4?arch=ppc64le\u0026epoch=4"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "runc-4:1.2.9-1.el9_4.x86_64",
"product": {
"name": "runc-4:1.2.9-1.el9_4.x86_64",
"product_id": "runc-4:1.2.9-1.el9_4.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/runc@1.2.9-1.el9_4?arch=x86_64\u0026epoch=4"
}
}
},
{
"category": "product_version",
"name": "runc-debugsource-4:1.2.9-1.el9_4.x86_64",
"product": {
"name": "runc-debugsource-4:1.2.9-1.el9_4.x86_64",
"product_id": "runc-debugsource-4:1.2.9-1.el9_4.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/runc-debugsource@1.2.9-1.el9_4?arch=x86_64\u0026epoch=4"
}
}
},
{
"category": "product_version",
"name": "runc-debuginfo-4:1.2.9-1.el9_4.x86_64",
"product": {
"name": "runc-debuginfo-4:1.2.9-1.el9_4.x86_64",
"product_id": "runc-debuginfo-4:1.2.9-1.el9_4.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/runc-debuginfo@1.2.9-1.el9_4?arch=x86_64\u0026epoch=4"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "runc-4:1.2.9-1.el9_4.s390x",
"product": {
"name": "runc-4:1.2.9-1.el9_4.s390x",
"product_id": "runc-4:1.2.9-1.el9_4.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/runc@1.2.9-1.el9_4?arch=s390x\u0026epoch=4"
}
}
},
{
"category": "product_version",
"name": "runc-debugsource-4:1.2.9-1.el9_4.s390x",
"product": {
"name": "runc-debugsource-4:1.2.9-1.el9_4.s390x",
"product_id": "runc-debugsource-4:1.2.9-1.el9_4.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/runc-debugsource@1.2.9-1.el9_4?arch=s390x\u0026epoch=4"
}
}
},
{
"category": "product_version",
"name": "runc-debuginfo-4:1.2.9-1.el9_4.s390x",
"product": {
"name": "runc-debuginfo-4:1.2.9-1.el9_4.s390x",
"product_id": "runc-debuginfo-4:1.2.9-1.el9_4.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/runc-debuginfo@1.2.9-1.el9_4?arch=s390x\u0026epoch=4"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "runc-4:1.2.9-1.el9_4.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:runc-4:1.2.9-1.el9_4.aarch64"
},
"product_reference": "runc-4:1.2.9-1.el9_4.aarch64",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "runc-4:1.2.9-1.el9_4.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:runc-4:1.2.9-1.el9_4.ppc64le"
},
"product_reference": "runc-4:1.2.9-1.el9_4.ppc64le",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "runc-4:1.2.9-1.el9_4.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:runc-4:1.2.9-1.el9_4.s390x"
},
"product_reference": "runc-4:1.2.9-1.el9_4.s390x",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "runc-4:1.2.9-1.el9_4.src as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:runc-4:1.2.9-1.el9_4.src"
},
"product_reference": "runc-4:1.2.9-1.el9_4.src",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "runc-4:1.2.9-1.el9_4.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:runc-4:1.2.9-1.el9_4.x86_64"
},
"product_reference": "runc-4:1.2.9-1.el9_4.x86_64",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "runc-debuginfo-4:1.2.9-1.el9_4.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:runc-debuginfo-4:1.2.9-1.el9_4.aarch64"
},
"product_reference": "runc-debuginfo-4:1.2.9-1.el9_4.aarch64",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "runc-debuginfo-4:1.2.9-1.el9_4.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:runc-debuginfo-4:1.2.9-1.el9_4.ppc64le"
},
"product_reference": "runc-debuginfo-4:1.2.9-1.el9_4.ppc64le",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "runc-debuginfo-4:1.2.9-1.el9_4.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:runc-debuginfo-4:1.2.9-1.el9_4.s390x"
},
"product_reference": "runc-debuginfo-4:1.2.9-1.el9_4.s390x",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "runc-debuginfo-4:1.2.9-1.el9_4.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:runc-debuginfo-4:1.2.9-1.el9_4.x86_64"
},
"product_reference": "runc-debuginfo-4:1.2.9-1.el9_4.x86_64",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "runc-debugsource-4:1.2.9-1.el9_4.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:runc-debugsource-4:1.2.9-1.el9_4.aarch64"
},
"product_reference": "runc-debugsource-4:1.2.9-1.el9_4.aarch64",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "runc-debugsource-4:1.2.9-1.el9_4.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:runc-debugsource-4:1.2.9-1.el9_4.ppc64le"
},
"product_reference": "runc-debugsource-4:1.2.9-1.el9_4.ppc64le",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "runc-debugsource-4:1.2.9-1.el9_4.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:runc-debugsource-4:1.2.9-1.el9_4.s390x"
},
"product_reference": "runc-debugsource-4:1.2.9-1.el9_4.s390x",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "runc-debugsource-4:1.2.9-1.el9_4.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:runc-debugsource-4:1.2.9-1.el9_4.x86_64"
},
"product_reference": "runc-debugsource-4:1.2.9-1.el9_4.x86_64",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-31133",
"cwe": {
"id": "CWE-59",
"name": "Improper Link Resolution Before File Access (\u0027Link Following\u0027)"
},
"discovery_date": "2025-10-17T14:17:18.235000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2404705"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in runc. This flaw exploits an issue with how masked paths are implementedin runc. When masking files, runc will bind-mount the container\u0027s /dev/null inode on top of the file. However, if an attacker can replace /dev/null with a symlink to some other procfs file, runc will instead bind-mount the symlink target read-write.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "runc: container escape via \u0027masked path\u0027 abuse due to mount race conditions",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat considers this as an Important flaw since the impact is limited to local attack with minimal privileges in order to jeopardize the environment.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.4.0.Z.EUS:runc-4:1.2.9-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:runc-4:1.2.9-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:runc-4:1.2.9-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:runc-4:1.2.9-1.el9_4.src",
"AppStream-9.4.0.Z.EUS:runc-4:1.2.9-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:runc-debuginfo-4:1.2.9-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:runc-debuginfo-4:1.2.9-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:runc-debuginfo-4:1.2.9-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:runc-debuginfo-4:1.2.9-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:runc-debugsource-4:1.2.9-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:runc-debugsource-4:1.2.9-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:runc-debugsource-4:1.2.9-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:runc-debugsource-4:1.2.9-1.el9_4.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-31133"
},
{
"category": "external",
"summary": "RHBZ#2404705",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2404705"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-31133",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31133"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-31133",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-31133"
}
],
"release_date": "2025-11-05T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-12T03:43:04+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.4.0.Z.EUS:runc-4:1.2.9-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:runc-4:1.2.9-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:runc-4:1.2.9-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:runc-4:1.2.9-1.el9_4.src",
"AppStream-9.4.0.Z.EUS:runc-4:1.2.9-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:runc-debuginfo-4:1.2.9-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:runc-debuginfo-4:1.2.9-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:runc-debuginfo-4:1.2.9-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:runc-debuginfo-4:1.2.9-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:runc-debugsource-4:1.2.9-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:runc-debugsource-4:1.2.9-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:runc-debugsource-4:1.2.9-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:runc-debugsource-4:1.2.9-1.el9_4.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:0425"
},
{
"category": "workaround",
"details": "Potential mitigations for this issue include:\n\n* Using user namespaces, with the host root user not mapped into the container\u0027s namespace. procfs file permissions are managed using Unix\nDAC and thus user namespaces stop a container process from being able to write to them.\n\n* Not running as a root user in the container (this includes disabling setuid binaries with noNewPrivileges). As above, procfs file permissions are managed using Unix DAC and thus non-root users cannot write to them.\n\n* Depending on the maskedPath configuration (the default configuratio nonly masks paths in /proc and /sys), using an AppArmor that blocks unexpectedwrites to any maskedPaths (as is the case with the defaultprofile used by Docker and Podman) will block attempts to exploit this issue. However, CVE-2025-52881 allows an attacker to bypass LSMlabels, and so this mitigation is not helpful when considered incombination with CVE-2025-52881.",
"product_ids": [
"AppStream-9.4.0.Z.EUS:runc-4:1.2.9-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:runc-4:1.2.9-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:runc-4:1.2.9-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:runc-4:1.2.9-1.el9_4.src",
"AppStream-9.4.0.Z.EUS:runc-4:1.2.9-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:runc-debuginfo-4:1.2.9-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:runc-debuginfo-4:1.2.9-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:runc-debuginfo-4:1.2.9-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:runc-debuginfo-4:1.2.9-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:runc-debugsource-4:1.2.9-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:runc-debugsource-4:1.2.9-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:runc-debugsource-4:1.2.9-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:runc-debugsource-4:1.2.9-1.el9_4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.4.0.Z.EUS:runc-4:1.2.9-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:runc-4:1.2.9-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:runc-4:1.2.9-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:runc-4:1.2.9-1.el9_4.src",
"AppStream-9.4.0.Z.EUS:runc-4:1.2.9-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:runc-debuginfo-4:1.2.9-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:runc-debuginfo-4:1.2.9-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:runc-debuginfo-4:1.2.9-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:runc-debuginfo-4:1.2.9-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:runc-debugsource-4:1.2.9-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:runc-debugsource-4:1.2.9-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:runc-debugsource-4:1.2.9-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:runc-debugsource-4:1.2.9-1.el9_4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "runc: container escape via \u0027masked path\u0027 abuse due to mount race conditions"
},
{
"cve": "CVE-2025-52565",
"cwe": {
"id": "CWE-59",
"name": "Improper Link Resolution Before File Access (\u0027Link Following\u0027)"
},
"discovery_date": "2025-10-17T14:19:18.653000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2404708"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in runc. CVE-2025-52565 is very similar in concept and application toCVE-2025-31133, except that it exploits a flaw in /dev/console\nbind-mounts. When creating the /dev/console bind-mount (to /dev/pts/$n), if an attacker replaces /dev/pts/$n with a symlink then runc will bind-mount the symlink target over /dev/console.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "runc: container escape with malicious config due to /dev/console mount and related races",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat considers this as an Important flaw since the impact is limited to local attack with minimal privileges in order to jeopardize the environment.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.4.0.Z.EUS:runc-4:1.2.9-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:runc-4:1.2.9-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:runc-4:1.2.9-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:runc-4:1.2.9-1.el9_4.src",
"AppStream-9.4.0.Z.EUS:runc-4:1.2.9-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:runc-debuginfo-4:1.2.9-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:runc-debuginfo-4:1.2.9-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:runc-debuginfo-4:1.2.9-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:runc-debuginfo-4:1.2.9-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:runc-debugsource-4:1.2.9-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:runc-debugsource-4:1.2.9-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:runc-debugsource-4:1.2.9-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:runc-debugsource-4:1.2.9-1.el9_4.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-52565"
},
{
"category": "external",
"summary": "RHBZ#2404708",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2404708"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-52565",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-52565"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-52565",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-52565"
}
],
"release_date": "2025-11-05T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-12T03:43:04+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.4.0.Z.EUS:runc-4:1.2.9-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:runc-4:1.2.9-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:runc-4:1.2.9-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:runc-4:1.2.9-1.el9_4.src",
"AppStream-9.4.0.Z.EUS:runc-4:1.2.9-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:runc-debuginfo-4:1.2.9-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:runc-debuginfo-4:1.2.9-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:runc-debuginfo-4:1.2.9-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:runc-debuginfo-4:1.2.9-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:runc-debugsource-4:1.2.9-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:runc-debugsource-4:1.2.9-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:runc-debugsource-4:1.2.9-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:runc-debugsource-4:1.2.9-1.el9_4.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:0425"
},
{
"category": "workaround",
"details": "Potential mitigations for this issue include:\n\n* Using user namespaces, with the host root user not mapped into the container\u0027s namespace. procfs file permissions are managed using Unix DAC and thus user namespaces stop a container process from being able to write to them.\n* Not running as a root user in the container (this includes disabling setuid binaries with noNewPrivileges). As above, procfs file permissions are managed using Unix DAC and thus non-root users cannot write to them.\n* The default SELinux policy should mitigate this issue, as the /dev/console bind-mount does not re-label the mount and so the container process should not be able to write to unsafe procfs files. However, CVE-2025-52881 allows an attacker to bypass LSM labels, and so this mitigation is not helpful when considered in combination with CVE-2025-52881.\n* The default AppArmor profile used by most runtimes will NOT help mitigate this issue, as /dev/console access is permitted. You could create a custom profile that blocks access to /dev/console, but such a profile might break regular containers. In addition, CVE-2025-52881 allows an attacker to bypass LSM labels, and so that mitigation is not helpful when considered in combination with CVE-2025-52881.",
"product_ids": [
"AppStream-9.4.0.Z.EUS:runc-4:1.2.9-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:runc-4:1.2.9-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:runc-4:1.2.9-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:runc-4:1.2.9-1.el9_4.src",
"AppStream-9.4.0.Z.EUS:runc-4:1.2.9-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:runc-debuginfo-4:1.2.9-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:runc-debuginfo-4:1.2.9-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:runc-debuginfo-4:1.2.9-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:runc-debuginfo-4:1.2.9-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:runc-debugsource-4:1.2.9-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:runc-debugsource-4:1.2.9-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:runc-debugsource-4:1.2.9-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:runc-debugsource-4:1.2.9-1.el9_4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.4.0.Z.EUS:runc-4:1.2.9-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:runc-4:1.2.9-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:runc-4:1.2.9-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:runc-4:1.2.9-1.el9_4.src",
"AppStream-9.4.0.Z.EUS:runc-4:1.2.9-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:runc-debuginfo-4:1.2.9-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:runc-debuginfo-4:1.2.9-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:runc-debuginfo-4:1.2.9-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:runc-debuginfo-4:1.2.9-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:runc-debugsource-4:1.2.9-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:runc-debugsource-4:1.2.9-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:runc-debugsource-4:1.2.9-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:runc-debugsource-4:1.2.9-1.el9_4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "runc: container escape with malicious config due to /dev/console mount and related races"
},
{
"cve": "CVE-2025-52881",
"cwe": {
"id": "CWE-59",
"name": "Improper Link Resolution Before File Access (\u0027Link Following\u0027)"
},
"discovery_date": "2025-10-17T14:19:18.652000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2404715"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in runc. This attack is a more sophisticated variant of CVE-2019-16884, which was a flaw that allowed an attacker to trick runc into writing the LSM process labels for a container process into a dummy tmpfs file and thus not apply the correct LSM labels to the container process. The mitigation applied for CVE-2019-16884 was fairly limited and effectively only caused runc to verify that when we write LSM labels that those labels are actual procfs files.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "runc: opencontainers/selinux: container escape and denial of service due to arbitrary write gadgets and procfs write redirects",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat considers this as an Important flaw since the impact is limited to local attack with minimal privileges in order to jeopardize the environment.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.4.0.Z.EUS:runc-4:1.2.9-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:runc-4:1.2.9-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:runc-4:1.2.9-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:runc-4:1.2.9-1.el9_4.src",
"AppStream-9.4.0.Z.EUS:runc-4:1.2.9-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:runc-debuginfo-4:1.2.9-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:runc-debuginfo-4:1.2.9-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:runc-debuginfo-4:1.2.9-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:runc-debuginfo-4:1.2.9-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:runc-debugsource-4:1.2.9-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:runc-debugsource-4:1.2.9-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:runc-debugsource-4:1.2.9-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:runc-debugsource-4:1.2.9-1.el9_4.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-52881"
},
{
"category": "external",
"summary": "RHBZ#2404715",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2404715"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-52881",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-52881"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-52881",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-52881"
},
{
"category": "external",
"summary": "https://github.com/opencontainers/selinux/pull/237",
"url": "https://github.com/opencontainers/selinux/pull/237"
}
],
"release_date": "2025-11-05T09:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-12T03:43:04+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.4.0.Z.EUS:runc-4:1.2.9-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:runc-4:1.2.9-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:runc-4:1.2.9-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:runc-4:1.2.9-1.el9_4.src",
"AppStream-9.4.0.Z.EUS:runc-4:1.2.9-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:runc-debuginfo-4:1.2.9-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:runc-debuginfo-4:1.2.9-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:runc-debuginfo-4:1.2.9-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:runc-debuginfo-4:1.2.9-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:runc-debugsource-4:1.2.9-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:runc-debugsource-4:1.2.9-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:runc-debugsource-4:1.2.9-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:runc-debugsource-4:1.2.9-1.el9_4.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:0425"
},
{
"category": "workaround",
"details": "Potential mitigations for this issue include:\n\n* Using rootless containers, as doing so will block most of the inadvertent writes (runc would run with reduced privileges, making attempts to write to procfs files ineffective).\n* Based on our analysis, neither AppArmor or SELinux can protect against the full version of the redirected write attack. The container runtime is generally privileged enough to write to arbitrary procfs files, which is more than sufficient to cause a container breakout.",
"product_ids": [
"AppStream-9.4.0.Z.EUS:runc-4:1.2.9-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:runc-4:1.2.9-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:runc-4:1.2.9-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:runc-4:1.2.9-1.el9_4.src",
"AppStream-9.4.0.Z.EUS:runc-4:1.2.9-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:runc-debuginfo-4:1.2.9-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:runc-debuginfo-4:1.2.9-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:runc-debuginfo-4:1.2.9-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:runc-debuginfo-4:1.2.9-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:runc-debugsource-4:1.2.9-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:runc-debugsource-4:1.2.9-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:runc-debugsource-4:1.2.9-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:runc-debugsource-4:1.2.9-1.el9_4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.4.0.Z.EUS:runc-4:1.2.9-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:runc-4:1.2.9-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:runc-4:1.2.9-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:runc-4:1.2.9-1.el9_4.src",
"AppStream-9.4.0.Z.EUS:runc-4:1.2.9-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:runc-debuginfo-4:1.2.9-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:runc-debuginfo-4:1.2.9-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:runc-debuginfo-4:1.2.9-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:runc-debuginfo-4:1.2.9-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:runc-debugsource-4:1.2.9-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:runc-debugsource-4:1.2.9-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:runc-debugsource-4:1.2.9-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:runc-debugsource-4:1.2.9-1.el9_4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "runc: opencontainers/selinux: container escape and denial of service due to arbitrary write gadgets and procfs write redirects"
},
{
"cve": "CVE-2025-65637",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2025-12-04T19:00:54.313916+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2418900"
}
],
"notes": [
{
"category": "description",
"text": "A denial-of-service vulnerability in github.com/sirupsen/logrus occurs when Entry.Writer() processes a single-line payload larger than 64KB with no newline characters. Due to a limitation in Go\u2019s internal bufio.Scanner, the read operation fails with a \u201ctoken too long\u201d error, causing the underlying writer pipe to close. In affected versions, this leaves the Writer interface unusable and can disrupt logging functionality, potentially degrading application availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "github.com/sirupsen/logrus: github.com/sirupsen/logrus: Denial-of-Service due to large single-line payload",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is categorized as Moderate because its impact is limited to the logging subsystem and requires a specific, non-default usage pattern to trigger\u2014namely, sending a single unbounded line exceeding 64KB through Entry.Writer(). Most Logrus deployments do not expose this interface directly to attacker-controlled input, which raises the attack complexity and reduces realistic exploitability. Additionally, the flaw does not affect confidentiality or integrity, nor does it allow code execution or privilege escalation. The failure results in a controlled degradation of availability (logging becoming non-functional), rather than a broader application outage or systemic compromise. These constrained conditions and limited real-world impact justify treating the issue as moderate rather than important.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.4.0.Z.EUS:runc-4:1.2.9-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:runc-4:1.2.9-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:runc-4:1.2.9-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:runc-4:1.2.9-1.el9_4.src",
"AppStream-9.4.0.Z.EUS:runc-4:1.2.9-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:runc-debuginfo-4:1.2.9-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:runc-debuginfo-4:1.2.9-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:runc-debuginfo-4:1.2.9-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:runc-debuginfo-4:1.2.9-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:runc-debugsource-4:1.2.9-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:runc-debugsource-4:1.2.9-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:runc-debugsource-4:1.2.9-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:runc-debugsource-4:1.2.9-1.el9_4.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-65637"
},
{
"category": "external",
"summary": "RHBZ#2418900",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2418900"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-65637",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-65637"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-65637",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-65637"
},
{
"category": "external",
"summary": "https://github.com/mjuanxd/logrus-dos-poc",
"url": "https://github.com/mjuanxd/logrus-dos-poc"
},
{
"category": "external",
"summary": "https://github.com/mjuanxd/logrus-dos-poc/blob/main/README.md",
"url": "https://github.com/mjuanxd/logrus-dos-poc/blob/main/README.md"
},
{
"category": "external",
"summary": "https://github.com/sirupsen/logrus/issues/1370",
"url": "https://github.com/sirupsen/logrus/issues/1370"
},
{
"category": "external",
"summary": "https://github.com/sirupsen/logrus/pull/1376",
"url": "https://github.com/sirupsen/logrus/pull/1376"
},
{
"category": "external",
"summary": "https://github.com/sirupsen/logrus/releases/tag/v1.8.3",
"url": "https://github.com/sirupsen/logrus/releases/tag/v1.8.3"
},
{
"category": "external",
"summary": "https://github.com/sirupsen/logrus/releases/tag/v1.9.1",
"url": "https://github.com/sirupsen/logrus/releases/tag/v1.9.1"
},
{
"category": "external",
"summary": "https://github.com/sirupsen/logrus/releases/tag/v1.9.3",
"url": "https://github.com/sirupsen/logrus/releases/tag/v1.9.3"
},
{
"category": "external",
"summary": "https://security.snyk.io/vuln/SNYK-GOLANG-GITHUBCOMSIRUPSENLOGRUS-5564391",
"url": "https://security.snyk.io/vuln/SNYK-GOLANG-GITHUBCOMSIRUPSENLOGRUS-5564391"
}
],
"release_date": "2025-12-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-12T03:43:04+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.4.0.Z.EUS:runc-4:1.2.9-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:runc-4:1.2.9-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:runc-4:1.2.9-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:runc-4:1.2.9-1.el9_4.src",
"AppStream-9.4.0.Z.EUS:runc-4:1.2.9-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:runc-debuginfo-4:1.2.9-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:runc-debuginfo-4:1.2.9-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:runc-debuginfo-4:1.2.9-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:runc-debuginfo-4:1.2.9-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:runc-debugsource-4:1.2.9-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:runc-debugsource-4:1.2.9-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:runc-debugsource-4:1.2.9-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:runc-debugsource-4:1.2.9-1.el9_4.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:0425"
},
{
"category": "workaround",
"details": "Mitigation is either unavailable or does not meet Red Hat Product Security standards for usability, deployment, applicability, or stability.",
"product_ids": [
"AppStream-9.4.0.Z.EUS:runc-4:1.2.9-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:runc-4:1.2.9-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:runc-4:1.2.9-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:runc-4:1.2.9-1.el9_4.src",
"AppStream-9.4.0.Z.EUS:runc-4:1.2.9-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:runc-debuginfo-4:1.2.9-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:runc-debuginfo-4:1.2.9-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:runc-debuginfo-4:1.2.9-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:runc-debuginfo-4:1.2.9-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:runc-debugsource-4:1.2.9-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:runc-debugsource-4:1.2.9-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:runc-debugsource-4:1.2.9-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:runc-debugsource-4:1.2.9-1.el9_4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.4.0.Z.EUS:runc-4:1.2.9-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:runc-4:1.2.9-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:runc-4:1.2.9-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:runc-4:1.2.9-1.el9_4.src",
"AppStream-9.4.0.Z.EUS:runc-4:1.2.9-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:runc-debuginfo-4:1.2.9-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:runc-debuginfo-4:1.2.9-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:runc-debuginfo-4:1.2.9-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:runc-debuginfo-4:1.2.9-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:runc-debugsource-4:1.2.9-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:runc-debugsource-4:1.2.9-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:runc-debugsource-4:1.2.9-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:runc-debugsource-4:1.2.9-1.el9_4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "github.com/sirupsen/logrus: github.com/sirupsen/logrus: Denial-of-Service due to large single-line payload"
}
]
}
MSRC_CVE-2025-65637
Vulnerability from csaf_microsoft - Published: 2025-12-02 00:00 - Updated: 2026-01-03 01:40Summary
A denial-of-service vulnerability exists in github.com/sirupsen/logrus when using Entry.Writer() to log a single-line payload larger than 64KB without newline characters.
Notes
Additional Resources
To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle
Disclaimer
The information provided in the Microsoft Knowledge Base is provided \"as is\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.
{
"document": {
"category": "csaf_vex",
"csaf_version": "2.0",
"distribution": {
"text": "Public",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en-US",
"notes": [
{
"category": "general",
"text": "To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle",
"title": "Additional Resources"
},
{
"category": "legal_disclaimer",
"text": "The information provided in the Microsoft Knowledge Base is provided \\\"as is\\\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.",
"title": "Disclaimer"
}
],
"publisher": {
"category": "vendor",
"contact_details": "secure@microsoft.com",
"name": "Microsoft Security Response Center",
"namespace": "https://msrc.microsoft.com"
},
"references": [
{
"category": "self",
"summary": "CVE-2025-65637 A denial-of-service vulnerability exists in github.com/sirupsen/logrus when using Entry.Writer() to log a single-line payload larger than 64KB without newline characters. - VEX",
"url": "https://msrc.microsoft.com/csaf/vex/2025/msrc_cve-2025-65637.json"
},
{
"category": "external",
"summary": "Microsoft Support Lifecycle",
"url": "https://support.microsoft.com/lifecycle"
},
{
"category": "external",
"summary": "Common Vulnerability Scoring System",
"url": "https://www.first.org/cvss"
}
],
"title": "A denial-of-service vulnerability exists in github.com/sirupsen/logrus when using Entry.Writer() to log a single-line payload larger than 64KB without newline characters.",
"tracking": {
"current_release_date": "2026-01-03T01:40:04.000Z",
"generator": {
"date": "2026-01-03T09:26:14.037Z",
"engine": {
"name": "MSRC Generator",
"version": "1.0"
}
},
"id": "msrc_CVE-2025-65637",
"initial_release_date": "2025-12-02T00:00:00.000Z",
"revision_history": [
{
"date": "2025-12-07T01:03:21.000Z",
"legacy_version": "1",
"number": "1",
"summary": "Information published."
},
{
"date": "2025-12-08T14:37:29.000Z",
"legacy_version": "2",
"number": "2",
"summary": "Information published."
},
{
"date": "2025-12-09T01:39:50.000Z",
"legacy_version": "3",
"number": "3",
"summary": "Information published."
},
{
"date": "2025-12-17T14:36:48.000Z",
"legacy_version": "4",
"number": "4",
"summary": "Information published."
},
{
"date": "2025-12-20T14:35:32.000Z",
"legacy_version": "5",
"number": "5",
"summary": "Information published."
},
{
"date": "2025-12-23T01:37:58.000Z",
"legacy_version": "6",
"number": "6",
"summary": "Information published."
},
{
"date": "2025-12-30T01:36:12.000Z",
"legacy_version": "7",
"number": "7",
"summary": "Information published."
},
{
"date": "2025-12-30T14:35:57.000Z",
"legacy_version": "8",
"number": "8",
"summary": "Information published."
},
{
"date": "2026-01-03T01:40:04.000Z",
"legacy_version": "9",
"number": "9",
"summary": "Information published."
}
],
"status": "final",
"version": "9"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "2.0",
"product": {
"name": "CBL Mariner 2.0",
"product_id": "17086"
}
},
{
"category": "product_version",
"name": "3.0",
"product": {
"name": "Azure Linux 3.0",
"product_id": "17084"
}
}
],
"category": "product_name",
"name": "Azure Linux"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003ccbl2 influxdb 2.6.1-27",
"product": {
"name": "\u003ccbl2 influxdb 2.6.1-27",
"product_id": "1"
}
},
{
"category": "product_version",
"name": "cbl2 influxdb 2.6.1-27",
"product": {
"name": "cbl2 influxdb 2.6.1-27",
"product_id": "20770"
}
},
{
"category": "product_version_range",
"name": "\u003cazl3 influxdb 2.7.5-8",
"product": {
"name": "\u003cazl3 influxdb 2.7.5-8",
"product_id": "27"
}
},
{
"category": "product_version",
"name": "azl3 influxdb 2.7.5-8",
"product": {
"name": "azl3 influxdb 2.7.5-8",
"product_id": "20079"
}
},
{
"category": "product_version_range",
"name": "\u003ccbl2 influxdb 2.6.1-24",
"product": {
"name": "\u003ccbl2 influxdb 2.6.1-24",
"product_id": "20"
}
},
{
"category": "product_version",
"name": "cbl2 influxdb 2.6.1-24",
"product": {
"name": "cbl2 influxdb 2.6.1-24",
"product_id": "20520"
}
}
],
"category": "product_name",
"name": "influxdb"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003ccbl2 kubernetes 1.28.4-21",
"product": {
"name": "\u003ccbl2 kubernetes 1.28.4-21",
"product_id": "2"
}
},
{
"category": "product_version",
"name": "cbl2 kubernetes 1.28.4-21",
"product": {
"name": "cbl2 kubernetes 1.28.4-21",
"product_id": "20769"
}
},
{
"category": "product_version_range",
"name": "\u003cazl3 kubernetes 1.30.10-16",
"product": {
"name": "\u003cazl3 kubernetes 1.30.10-16",
"product_id": "11"
}
},
{
"category": "product_version",
"name": "azl3 kubernetes 1.30.10-16",
"product": {
"name": "azl3 kubernetes 1.30.10-16",
"product_id": "20713"
}
},
{
"category": "product_version_range",
"name": "\u003ccbl2 kubernetes 1.28.4-19",
"product": {
"name": "\u003ccbl2 kubernetes 1.28.4-19",
"product_id": "26"
}
},
{
"category": "product_version",
"name": "cbl2 kubernetes 1.28.4-19",
"product": {
"name": "cbl2 kubernetes 1.28.4-19",
"product_id": "20364"
}
}
],
"category": "product_name",
"name": "kubernetes"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cazl3 cni-plugins 1.4.0-3",
"product": {
"name": "\u003cazl3 cni-plugins 1.4.0-3",
"product_id": "29"
}
},
{
"category": "product_version",
"name": "azl3 cni-plugins 1.4.0-3",
"product": {
"name": "azl3 cni-plugins 1.4.0-3",
"product_id": "19348"
}
},
{
"category": "product_version_range",
"name": "\u003ccbl2 cni-plugins 1.3.0-9",
"product": {
"name": "\u003ccbl2 cni-plugins 1.3.0-9",
"product_id": "9"
}
},
{
"category": "product_version",
"name": "cbl2 cni-plugins 1.3.0-9",
"product": {
"name": "cbl2 cni-plugins 1.3.0-9",
"product_id": "20715"
}
}
],
"category": "product_name",
"name": "cni-plugins"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cazl3 containerized-data-importer 1.57.0-17",
"product": {
"name": "\u003cazl3 containerized-data-importer 1.57.0-17",
"product_id": "15"
}
},
{
"category": "product_version",
"name": "azl3 containerized-data-importer 1.57.0-17",
"product": {
"name": "azl3 containerized-data-importer 1.57.0-17",
"product_id": "20709"
}
},
{
"category": "product_version_range",
"name": "\u003ccbl2 containerized-data-importer 1.55.0-26",
"product": {
"name": "\u003ccbl2 containerized-data-importer 1.55.0-26",
"product_id": "18"
}
},
{
"category": "product_version",
"name": "cbl2 containerized-data-importer 1.55.0-26",
"product": {
"name": "cbl2 containerized-data-importer 1.55.0-26",
"product_id": "20699"
}
}
],
"category": "product_name",
"name": "containerized-data-importer"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cazl3 dcos-cli 1.2.0-19",
"product": {
"name": "\u003cazl3 dcos-cli 1.2.0-19",
"product_id": "14"
}
},
{
"category": "product_version",
"name": "azl3 dcos-cli 1.2.0-19",
"product": {
"name": "azl3 dcos-cli 1.2.0-19",
"product_id": "20710"
}
},
{
"category": "product_version_range",
"name": "\u003ccbl2 dcos-cli 1.2.0-22",
"product": {
"name": "\u003ccbl2 dcos-cli 1.2.0-22",
"product_id": "8"
}
},
{
"category": "product_version",
"name": "cbl2 dcos-cli 1.2.0-22",
"product": {
"name": "cbl2 dcos-cli 1.2.0-22",
"product_id": "20716"
}
}
],
"category": "product_name",
"name": "dcos-cli"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cazl3 flannel 0.24.2-21",
"product": {
"name": "\u003cazl3 flannel 0.24.2-21",
"product_id": "13"
}
},
{
"category": "product_version",
"name": "azl3 flannel 0.24.2-21",
"product": {
"name": "azl3 flannel 0.24.2-21",
"product_id": "20711"
}
},
{
"category": "product_version_range",
"name": "\u003ccbl2 flannel 0.14.0-26",
"product": {
"name": "\u003ccbl2 flannel 0.14.0-26",
"product_id": "7"
}
},
{
"category": "product_version",
"name": "cbl2 flannel 0.14.0-26",
"product": {
"name": "cbl2 flannel 0.14.0-26",
"product_id": "20717"
}
}
],
"category": "product_name",
"name": "flannel"
},
{
"branches": [
{
"category": "product_version_range",
"name": "azl3 kata-containers 3.19.1.kata2-2",
"product": {
"name": "azl3 kata-containers 3.19.1.kata2-2",
"product_id": "12"
}
},
{
"category": "product_version_range",
"name": "cbl2 kata-containers 3.2.0.azl2-7",
"product": {
"name": "cbl2 kata-containers 3.2.0.azl2-7",
"product_id": "23"
}
}
],
"category": "product_name",
"name": "kata-containers"
},
{
"branches": [
{
"category": "product_version_range",
"name": "azl3 kata-containers-cc 3.15.0.aks0-5",
"product": {
"name": "azl3 kata-containers-cc 3.15.0.aks0-5",
"product_id": "21"
}
},
{
"category": "product_version_range",
"name": "cbl2 kata-containers-cc 3.2.0.azl2-8",
"product": {
"name": "cbl2 kata-containers-cc 3.2.0.azl2-8",
"product_id": "22"
}
}
],
"category": "product_name",
"name": "kata-containers-cc"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003ccbl2 cert-manager 1.11.2-24",
"product": {
"name": "\u003ccbl2 cert-manager 1.11.2-24",
"product_id": "24"
}
},
{
"category": "product_version",
"name": "cbl2 cert-manager 1.11.2-24",
"product": {
"name": "cbl2 cert-manager 1.11.2-24",
"product_id": "20381"
}
}
],
"category": "product_name",
"name": "cert-manager"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003ccbl2 cf-cli 8.4.0-25",
"product": {
"name": "\u003ccbl2 cf-cli 8.4.0-25",
"product_id": "10"
}
},
{
"category": "product_version",
"name": "cbl2 cf-cli 8.4.0-25",
"product": {
"name": "cbl2 cf-cli 8.4.0-25",
"product_id": "20714"
}
}
],
"category": "product_name",
"name": "cf-cli"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003ccbl2 cri-o 1.22.3-17",
"product": {
"name": "\u003ccbl2 cri-o 1.22.3-17",
"product_id": "17"
}
},
{
"category": "product_version",
"name": "cbl2 cri-o 1.22.3-17",
"product": {
"name": "cbl2 cri-o 1.22.3-17",
"product_id": "20700"
}
}
],
"category": "product_name",
"name": "cri-o"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003ccbl2 jx 3.2.236-23",
"product": {
"name": "\u003ccbl2 jx 3.2.236-23",
"product_id": "19"
}
},
{
"category": "product_version",
"name": "cbl2 jx 3.2.236-23",
"product": {
"name": "cbl2 jx 3.2.236-23",
"product_id": "20537"
}
}
],
"category": "product_name",
"name": "jx"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003ccbl2 kube-vip-cloud-provider 0.0.2-23",
"product": {
"name": "\u003ccbl2 kube-vip-cloud-provider 0.0.2-23",
"product_id": "6"
}
},
{
"category": "product_version",
"name": "cbl2 kube-vip-cloud-provider 0.0.2-23",
"product": {
"name": "cbl2 kube-vip-cloud-provider 0.0.2-23",
"product_id": "20718"
}
}
],
"category": "product_name",
"name": "kube-vip-cloud-provider"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003ccbl2 kubevirt 0.59.0-31",
"product": {
"name": "\u003ccbl2 kubevirt 0.59.0-31",
"product_id": "16"
}
},
{
"category": "product_version",
"name": "cbl2 kubevirt 0.59.0-31",
"product": {
"name": "cbl2 kubevirt 0.59.0-31",
"product_id": "20703"
}
}
],
"category": "product_name",
"name": "kubevirt"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003ccbl2 local-path-provisioner 0.0.21-19",
"product": {
"name": "\u003ccbl2 local-path-provisioner 0.0.21-19",
"product_id": "5"
}
},
{
"category": "product_version",
"name": "cbl2 local-path-provisioner 0.0.21-19",
"product": {
"name": "cbl2 local-path-provisioner 0.0.21-19",
"product_id": "20719"
}
}
],
"category": "product_name",
"name": "local-path-provisioner"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003ccbl2 moby-buildx 0.7.1-26",
"product": {
"name": "\u003ccbl2 moby-buildx 0.7.1-26",
"product_id": "4"
}
},
{
"category": "product_version",
"name": "cbl2 moby-buildx 0.7.1-26",
"product": {
"name": "cbl2 moby-buildx 0.7.1-26",
"product_id": "20720"
}
}
],
"category": "product_name",
"name": "moby-buildx"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003ccbl2 moby-compose 2.17.3-12",
"product": {
"name": "\u003ccbl2 moby-compose 2.17.3-12",
"product_id": "3"
}
},
{
"category": "product_version",
"name": "cbl2 moby-compose 2.17.3-12",
"product": {
"name": "cbl2 moby-compose 2.17.3-12",
"product_id": "20721"
}
}
],
"category": "product_name",
"name": "moby-compose"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003ccbl2 prometheus 2.37.9-5",
"product": {
"name": "\u003ccbl2 prometheus 2.37.9-5",
"product_id": "25"
}
},
{
"category": "product_version",
"name": "cbl2 prometheus 2.37.9-5",
"product": {
"name": "cbl2 prometheus 2.37.9-5",
"product_id": "20372"
}
}
],
"category": "product_name",
"name": "prometheus"
},
{
"category": "product_name",
"name": "azl3 libcontainers-common 20240213-3",
"product": {
"name": "azl3 libcontainers-common 20240213-3",
"product_id": "30"
}
},
{
"category": "product_name",
"name": "cbl2 libcontainers-common 20210626-7",
"product": {
"name": "cbl2 libcontainers-common 20210626-7",
"product_id": "28"
}
}
],
"category": "vendor",
"name": "Microsoft"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003ccbl2 influxdb 2.6.1-27 as a component of CBL Mariner 2.0",
"product_id": "17086-1"
},
"product_reference": "1",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cbl2 influxdb 2.6.1-27 as a component of CBL Mariner 2.0",
"product_id": "20770-17086"
},
"product_reference": "20770",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003ccbl2 kubernetes 1.28.4-21 as a component of CBL Mariner 2.0",
"product_id": "17086-2"
},
"product_reference": "2",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cbl2 kubernetes 1.28.4-21 as a component of CBL Mariner 2.0",
"product_id": "20769-17086"
},
"product_reference": "20769",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003cazl3 cni-plugins 1.4.0-3 as a component of Azure Linux 3.0",
"product_id": "17084-29"
},
"product_reference": "29",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "azl3 cni-plugins 1.4.0-3 as a component of Azure Linux 3.0",
"product_id": "19348-17084"
},
"product_reference": "19348",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003cazl3 containerized-data-importer 1.57.0-17 as a component of Azure Linux 3.0",
"product_id": "17084-15"
},
"product_reference": "15",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "azl3 containerized-data-importer 1.57.0-17 as a component of Azure Linux 3.0",
"product_id": "20709-17084"
},
"product_reference": "20709",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003cazl3 dcos-cli 1.2.0-19 as a component of Azure Linux 3.0",
"product_id": "17084-14"
},
"product_reference": "14",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "azl3 dcos-cli 1.2.0-19 as a component of Azure Linux 3.0",
"product_id": "20710-17084"
},
"product_reference": "20710",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003cazl3 flannel 0.24.2-21 as a component of Azure Linux 3.0",
"product_id": "17084-13"
},
"product_reference": "13",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "azl3 flannel 0.24.2-21 as a component of Azure Linux 3.0",
"product_id": "20711-17084"
},
"product_reference": "20711",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003cazl3 influxdb 2.7.5-8 as a component of Azure Linux 3.0",
"product_id": "17084-27"
},
"product_reference": "27",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "azl3 influxdb 2.7.5-8 as a component of Azure Linux 3.0",
"product_id": "20079-17084"
},
"product_reference": "20079",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "azl3 kata-containers 3.19.1.kata2-2 as a component of Azure Linux 3.0",
"product_id": "17084-12"
},
"product_reference": "12",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "azl3 kata-containers-cc 3.15.0.aks0-5 as a component of Azure Linux 3.0",
"product_id": "17084-21"
},
"product_reference": "21",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003cazl3 kubernetes 1.30.10-16 as a component of Azure Linux 3.0",
"product_id": "17084-11"
},
"product_reference": "11",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "azl3 kubernetes 1.30.10-16 as a component of Azure Linux 3.0",
"product_id": "20713-17084"
},
"product_reference": "20713",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "azl3 libcontainers-common 20240213-3 as a component of Azure Linux 3.0",
"product_id": "17084-30"
},
"product_reference": "30",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003ccbl2 cert-manager 1.11.2-24 as a component of CBL Mariner 2.0",
"product_id": "17086-24"
},
"product_reference": "24",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cbl2 cert-manager 1.11.2-24 as a component of CBL Mariner 2.0",
"product_id": "20381-17086"
},
"product_reference": "20381",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003ccbl2 cf-cli 8.4.0-25 as a component of CBL Mariner 2.0",
"product_id": "17086-10"
},
"product_reference": "10",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cbl2 cf-cli 8.4.0-25 as a component of CBL Mariner 2.0",
"product_id": "20714-17086"
},
"product_reference": "20714",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003ccbl2 cni-plugins 1.3.0-9 as a component of CBL Mariner 2.0",
"product_id": "17086-9"
},
"product_reference": "9",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cbl2 cni-plugins 1.3.0-9 as a component of CBL Mariner 2.0",
"product_id": "20715-17086"
},
"product_reference": "20715",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003ccbl2 containerized-data-importer 1.55.0-26 as a component of CBL Mariner 2.0",
"product_id": "17086-18"
},
"product_reference": "18",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cbl2 containerized-data-importer 1.55.0-26 as a component of CBL Mariner 2.0",
"product_id": "20699-17086"
},
"product_reference": "20699",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003ccbl2 cri-o 1.22.3-17 as a component of CBL Mariner 2.0",
"product_id": "17086-17"
},
"product_reference": "17",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cbl2 cri-o 1.22.3-17 as a component of CBL Mariner 2.0",
"product_id": "20700-17086"
},
"product_reference": "20700",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003ccbl2 dcos-cli 1.2.0-22 as a component of CBL Mariner 2.0",
"product_id": "17086-8"
},
"product_reference": "8",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cbl2 dcos-cli 1.2.0-22 as a component of CBL Mariner 2.0",
"product_id": "20716-17086"
},
"product_reference": "20716",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003ccbl2 flannel 0.14.0-26 as a component of CBL Mariner 2.0",
"product_id": "17086-7"
},
"product_reference": "7",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cbl2 flannel 0.14.0-26 as a component of CBL Mariner 2.0",
"product_id": "20717-17086"
},
"product_reference": "20717",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003ccbl2 influxdb 2.6.1-24 as a component of CBL Mariner 2.0",
"product_id": "17086-20"
},
"product_reference": "20",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cbl2 influxdb 2.6.1-24 as a component of CBL Mariner 2.0",
"product_id": "20520-17086"
},
"product_reference": "20520",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003ccbl2 jx 3.2.236-23 as a component of CBL Mariner 2.0",
"product_id": "17086-19"
},
"product_reference": "19",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cbl2 jx 3.2.236-23 as a component of CBL Mariner 2.0",
"product_id": "20537-17086"
},
"product_reference": "20537",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cbl2 kata-containers 3.2.0.azl2-7 as a component of CBL Mariner 2.0",
"product_id": "17086-23"
},
"product_reference": "23",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cbl2 kata-containers-cc 3.2.0.azl2-8 as a component of CBL Mariner 2.0",
"product_id": "17086-22"
},
"product_reference": "22",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003ccbl2 kube-vip-cloud-provider 0.0.2-23 as a component of CBL Mariner 2.0",
"product_id": "17086-6"
},
"product_reference": "6",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cbl2 kube-vip-cloud-provider 0.0.2-23 as a component of CBL Mariner 2.0",
"product_id": "20718-17086"
},
"product_reference": "20718",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003ccbl2 kubernetes 1.28.4-19 as a component of CBL Mariner 2.0",
"product_id": "17086-26"
},
"product_reference": "26",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cbl2 kubernetes 1.28.4-19 as a component of CBL Mariner 2.0",
"product_id": "20364-17086"
},
"product_reference": "20364",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003ccbl2 kubevirt 0.59.0-31 as a component of CBL Mariner 2.0",
"product_id": "17086-16"
},
"product_reference": "16",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cbl2 kubevirt 0.59.0-31 as a component of CBL Mariner 2.0",
"product_id": "20703-17086"
},
"product_reference": "20703",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cbl2 libcontainers-common 20210626-7 as a component of CBL Mariner 2.0",
"product_id": "17086-28"
},
"product_reference": "28",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003ccbl2 local-path-provisioner 0.0.21-19 as a component of CBL Mariner 2.0",
"product_id": "17086-5"
},
"product_reference": "5",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cbl2 local-path-provisioner 0.0.21-19 as a component of CBL Mariner 2.0",
"product_id": "20719-17086"
},
"product_reference": "20719",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003ccbl2 moby-buildx 0.7.1-26 as a component of CBL Mariner 2.0",
"product_id": "17086-4"
},
"product_reference": "4",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cbl2 moby-buildx 0.7.1-26 as a component of CBL Mariner 2.0",
"product_id": "20720-17086"
},
"product_reference": "20720",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003ccbl2 moby-compose 2.17.3-12 as a component of CBL Mariner 2.0",
"product_id": "17086-3"
},
"product_reference": "3",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cbl2 moby-compose 2.17.3-12 as a component of CBL Mariner 2.0",
"product_id": "20721-17086"
},
"product_reference": "20721",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003ccbl2 prometheus 2.37.9-5 as a component of CBL Mariner 2.0",
"product_id": "17086-25"
},
"product_reference": "25",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cbl2 prometheus 2.37.9-5 as a component of CBL Mariner 2.0",
"product_id": "20372-17086"
},
"product_reference": "20372",
"relates_to_product_reference": "17086"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-65637",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"flags": [
{
"label": "component_not_present",
"product_ids": [
"17084-30",
"17086-28"
]
}
],
"notes": [
{
"category": "general",
"text": "mitre",
"title": "Assigning CNA"
}
],
"product_status": {
"fixed": [
"20770-17086",
"20769-17086",
"19348-17084",
"20709-17084",
"20710-17084",
"20711-17084",
"20079-17084",
"20713-17084",
"20381-17086",
"20714-17086",
"20715-17086",
"20699-17086",
"20700-17086",
"20716-17086",
"20717-17086",
"20520-17086",
"20537-17086",
"20718-17086",
"20364-17086",
"20703-17086",
"20719-17086",
"20720-17086",
"20721-17086",
"20372-17086"
],
"known_affected": [
"17086-1",
"17086-2",
"17084-29",
"17084-15",
"17084-14",
"17084-13",
"17084-27",
"17084-12",
"17084-21",
"17084-11",
"17086-24",
"17086-10",
"17086-9",
"17086-18",
"17086-17",
"17086-8",
"17086-7",
"17086-20",
"17086-19",
"17086-23",
"17086-22",
"17086-6",
"17086-26",
"17086-16",
"17086-5",
"17086-4",
"17086-3",
"17086-25"
],
"known_not_affected": [
"17084-30",
"17086-28"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-65637 A denial-of-service vulnerability exists in github.com/sirupsen/logrus when using Entry.Writer() to log a single-line payload larger than 64KB without newline characters. - VEX",
"url": "https://msrc.microsoft.com/csaf/vex/2025/msrc_cve-2025-65637.json"
}
],
"remediations": [
{
"category": "none_available",
"date": "2025-12-07T01:03:21.000Z",
"details": "There is no fix available for this vulnerability as of now",
"product_ids": [
"17084-12"
]
},
{
"category": "none_available",
"date": "2025-12-07T01:03:21.000Z",
"details": "There is no fix available for this vulnerability as of now",
"product_ids": [
"17084-21"
]
},
{
"category": "none_available",
"date": "2025-12-07T01:03:21.000Z",
"details": "There is no fix available for this vulnerability as of now",
"product_ids": [
"17086-23"
]
},
{
"category": "none_available",
"date": "2025-12-07T01:03:21.000Z",
"details": "There is no fix available for this vulnerability as of now",
"product_ids": [
"17086-22"
]
},
{
"category": "vendor_fix",
"date": "2025-12-07T01:03:21.000Z",
"details": "2.6.1-25:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade",
"product_ids": [
"17086-1",
"17086-20"
],
"url": "https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade"
},
{
"category": "vendor_fix",
"date": "2025-12-07T01:03:21.000Z",
"details": "1.28.4-21:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade",
"product_ids": [
"17086-2",
"17086-26"
],
"url": "https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade"
},
{
"category": "vendor_fix",
"date": "2025-12-07T01:03:21.000Z",
"details": "1.4.0-4:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade",
"product_ids": [
"17084-29"
],
"url": "https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade"
},
{
"category": "vendor_fix",
"date": "2025-12-07T01:03:21.000Z",
"details": "1.57.0-18:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade",
"product_ids": [
"17084-15"
],
"url": "https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade"
},
{
"category": "vendor_fix",
"date": "2025-12-07T01:03:21.000Z",
"details": "1.2.0-20:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade",
"product_ids": [
"17084-14"
],
"url": "https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade"
},
{
"category": "vendor_fix",
"date": "2025-12-07T01:03:21.000Z",
"details": "0.24.2-22:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade",
"product_ids": [
"17084-13"
],
"url": "https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade"
},
{
"category": "vendor_fix",
"date": "2025-12-07T01:03:21.000Z",
"details": "2.7.5-9:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade",
"product_ids": [
"17084-27"
],
"url": "https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade"
},
{
"category": "vendor_fix",
"date": "2025-12-07T01:03:21.000Z",
"details": "1.30.10-17:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade",
"product_ids": [
"17084-11"
],
"url": "https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade"
},
{
"category": "vendor_fix",
"date": "2025-12-07T01:03:21.000Z",
"details": "1.11.2-25:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade",
"product_ids": [
"17086-24"
],
"url": "https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade"
},
{
"category": "vendor_fix",
"date": "2025-12-07T01:03:21.000Z",
"details": "8.4.0-26:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade",
"product_ids": [
"17086-10"
],
"url": "https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade"
},
{
"category": "vendor_fix",
"date": "2025-12-07T01:03:21.000Z",
"details": "1.3.0-10:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade",
"product_ids": [
"17086-9"
],
"url": "https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade"
},
{
"category": "vendor_fix",
"date": "2025-12-07T01:03:21.000Z",
"details": "1.55.0-27:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade",
"product_ids": [
"17086-18"
],
"url": "https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade"
},
{
"category": "vendor_fix",
"date": "2025-12-07T01:03:21.000Z",
"details": "1.22.3-18:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade",
"product_ids": [
"17086-17"
],
"url": "https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade"
},
{
"category": "vendor_fix",
"date": "2025-12-07T01:03:21.000Z",
"details": "1.2.0-23:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade",
"product_ids": [
"17086-8"
],
"url": "https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade"
},
{
"category": "vendor_fix",
"date": "2025-12-07T01:03:21.000Z",
"details": "0.14.0-27:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade",
"product_ids": [
"17086-7"
],
"url": "https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade"
},
{
"category": "vendor_fix",
"date": "2025-12-07T01:03:21.000Z",
"details": "3.2.236-24:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade",
"product_ids": [
"17086-19"
],
"url": "https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade"
},
{
"category": "vendor_fix",
"date": "2025-12-07T01:03:21.000Z",
"details": "0.0.2-24:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade",
"product_ids": [
"17086-6"
],
"url": "https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade"
},
{
"category": "vendor_fix",
"date": "2025-12-07T01:03:21.000Z",
"details": "0.59.0-32:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade",
"product_ids": [
"17086-16"
],
"url": "https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade"
},
{
"category": "vendor_fix",
"date": "2025-12-07T01:03:21.000Z",
"details": "0.0.21-20:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade",
"product_ids": [
"17086-5"
],
"url": "https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade"
},
{
"category": "vendor_fix",
"date": "2025-12-07T01:03:21.000Z",
"details": "0.7.1-27:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade",
"product_ids": [
"17086-4"
],
"url": "https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade"
},
{
"category": "vendor_fix",
"date": "2025-12-07T01:03:21.000Z",
"details": "2.17.3-13:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade",
"product_ids": [
"17086-3"
],
"url": "https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade"
},
{
"category": "vendor_fix",
"date": "2025-12-07T01:03:21.000Z",
"details": "2.37.9-6:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade",
"product_ids": [
"17086-25"
],
"url": "https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"environmentalsScore": 0.0,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.5,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"17086-1",
"17086-2",
"17084-29",
"17084-15",
"17084-14",
"17084-13",
"17084-27",
"17084-12",
"17084-21",
"17084-11",
"17086-24",
"17086-10",
"17086-9",
"17086-18",
"17086-17",
"17086-8",
"17086-7",
"17086-20",
"17086-19",
"17086-23",
"17086-22",
"17086-6",
"17086-26",
"17086-16",
"17086-5",
"17086-4",
"17086-3",
"17086-25"
]
}
],
"title": "A denial-of-service vulnerability exists in github.com/sirupsen/logrus when using Entry.Writer() to log a single-line payload larger than 64KB without newline characters."
}
]
}
FKIE_CVE-2025-65637
Vulnerability from fkie_nvd - Published: 2025-12-04 19:16 - Updated: 2025-12-23 00:26
Severity ?
Summary
A denial-of-service vulnerability exists in github.com/sirupsen/logrus when using Entry.Writer() to log a single-line payload larger than 64KB without newline characters. Due to limitations in the internal bufio.Scanner, the read fails with "token too long" and the writer pipe is closed, leaving Writer() unusable and causing application unavailability (DoS). This affects versions < 1.8.3, 1.9.0, and 1.9.2. The issue is fixed in 1.8.3, 1.9.1, and 1.9.3+, where the input is chunked and the writer continues to function even if an error is logged.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | https://github.com/mjuanxd/logrus-dos-poc | Exploit, Third Party Advisory | |
| cve@mitre.org | https://github.com/mjuanxd/logrus-dos-poc/blob/main/README.md | Exploit, Third Party Advisory | |
| cve@mitre.org | https://github.com/sirupsen/logrus/issues/1370 | Exploit, Issue Tracking, Patch | |
| cve@mitre.org | https://github.com/sirupsen/logrus/pull/1376 | Issue Tracking, Patch | |
| cve@mitre.org | https://github.com/sirupsen/logrus/releases/tag/v1.8.3 | Release Notes | |
| cve@mitre.org | https://github.com/sirupsen/logrus/releases/tag/v1.9.1 | Release Notes | |
| cve@mitre.org | https://github.com/sirupsen/logrus/releases/tag/v1.9.3 | Release Notes | |
| cve@mitre.org | https://security.snyk.io/vuln/SNYK-GOLANG-GITHUBCOMSIRUPSENLOGRUS-5564391 | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| turbopuffer | logrus | * | |
| turbopuffer | logrus | 1.9.0 | |
| turbopuffer | logrus | 1.9.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:turbopuffer:logrus:*:*:*:*:*:go:*:*",
"matchCriteriaId": "B302F48C-A8EA-4FAB-B151-F8492365896C",
"versionEndExcluding": "1.8.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:turbopuffer:logrus:1.9.0:*:*:*:*:go:*:*",
"matchCriteriaId": "25373732-88E0-4824-B243-9C1E82608B1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:turbopuffer:logrus:1.9.2:*:*:*:*:go:*:*",
"matchCriteriaId": "E59CDE4C-3669-4EA6-AA2D-9BE99FDEC497",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A denial-of-service vulnerability exists in github.com/sirupsen/logrus when using Entry.Writer() to log a single-line payload larger than 64KB without newline characters. Due to limitations in the internal bufio.Scanner, the read fails with \"token too long\" and the writer pipe is closed, leaving Writer() unusable and causing application unavailability (DoS). This affects versions \u003c 1.8.3, 1.9.0, and 1.9.2. The issue is fixed in 1.8.3, 1.9.1, and 1.9.3+, where the input is chunked and the writer continues to function even if an error is logged."
}
],
"id": "CVE-2025-65637",
"lastModified": "2025-12-23T00:26:00.703",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2025-12-04T19:16:05.223",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/mjuanxd/logrus-dos-poc"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/mjuanxd/logrus-dos-poc/blob/main/README.md"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Patch"
],
"url": "https://github.com/sirupsen/logrus/issues/1370"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Patch"
],
"url": "https://github.com/sirupsen/logrus/pull/1376"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes"
],
"url": "https://github.com/sirupsen/logrus/releases/tag/v1.8.3"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes"
],
"url": "https://github.com/sirupsen/logrus/releases/tag/v1.9.1"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes"
],
"url": "https://github.com/sirupsen/logrus/releases/tag/v1.9.3"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://security.snyk.io/vuln/SNYK-GOLANG-GITHUBCOMSIRUPSENLOGRUS-5564391"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-400"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
GHSA-4F99-4Q7P-P3GH
Vulnerability from github – Published: 2025-12-04 21:31 – Updated: 2025-12-05 02:27
VLAI?
Summary
Logrus is vulnerable to DoS when using Entry.Writer()
Details
A denial-of-service vulnerability exists in github.com/sirupsen/logrus when using Entry.Writer() to log a single-line payload larger than 64KB without newline characters. Due to limitations in the internal bufio.Scanner, the read fails with "token too long" and the writer pipe is closed, leaving Writer() unusable and causing application unavailability (DoS). This affects versions < 1.8.3, 1.9.0, and 1.9.2. The issue is fixed in 1.8.3, 1.9.1, and 1.9.3+, where the input is chunked and the writer continues to function even if an error is logged.
Severity ?
{
"affected": [
{
"package": {
"ecosystem": "Go",
"name": "github.com/sirupsen/logrus"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.8.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Go",
"name": "github.com/sirupsen/logrus"
},
"ranges": [
{
"events": [
{
"introduced": "1.9.0"
},
{
"fixed": "1.9.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.9.0"
]
},
{
"package": {
"ecosystem": "Go",
"name": "github.com/sirupsen/logrus"
},
"ranges": [
{
"events": [
{
"introduced": "1.9.2"
},
{
"fixed": "1.9.3"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.9.2"
]
}
],
"aliases": [
"CVE-2025-65637"
],
"database_specific": {
"cwe_ids": [
"CWE-400"
],
"github_reviewed": true,
"github_reviewed_at": "2025-12-05T02:27:47Z",
"nvd_published_at": "2025-12-04T19:16:05Z",
"severity": "HIGH"
},
"details": "A denial-of-service vulnerability exists in github.com/sirupsen/logrus when using Entry.Writer() to log a single-line payload larger than 64KB without newline characters. Due to limitations in the internal bufio.Scanner, the read fails with \"token too long\" and the writer pipe is closed, leaving Writer() unusable and causing application unavailability (DoS). This affects versions \u003c 1.8.3, 1.9.0, and 1.9.2. The issue is fixed in 1.8.3, 1.9.1, and 1.9.3+, where the input is chunked and the writer continues to function even if an error is logged.",
"id": "GHSA-4f99-4q7p-p3gh",
"modified": "2025-12-05T02:27:47Z",
"published": "2025-12-04T21:31:04Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-65637"
},
{
"type": "WEB",
"url": "https://github.com/sirupsen/logrus/issues/1370"
},
{
"type": "WEB",
"url": "https://github.com/sirupsen/logrus/pull/1376"
},
{
"type": "WEB",
"url": "https://github.com/sirupsen/logrus/commit/6acd903758687c4a3db3c11701e6c414fcf1c1f7"
},
{
"type": "WEB",
"url": "https://github.com/mjuanxd/logrus-dos-poc"
},
{
"type": "WEB",
"url": "https://github.com/mjuanxd/logrus-dos-poc/blob/main/README.md"
},
{
"type": "PACKAGE",
"url": "https://github.com/sirupsen/logrus"
},
{
"type": "WEB",
"url": "https://github.com/sirupsen/logrus/releases/tag/v1.8.3"
},
{
"type": "WEB",
"url": "https://github.com/sirupsen/logrus/releases/tag/v1.9.1"
},
{
"type": "WEB",
"url": "https://github.com/sirupsen/logrus/releases/tag/v1.9.3"
},
{
"type": "WEB",
"url": "https://security.snyk.io/vuln/SNYK-GOLANG-GITHUBCOMSIRUPSENLOGRUS-5564391"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "Logrus is vulnerable to DoS when using Entry.Writer()"
}
CERTFR-2025-AVI-1082
Vulnerability from certfr_avis - Published: 2025-12-09 - Updated: 2025-12-09
De multiples vulnérabilités ont été découvertes dans les produits Microsoft. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Microsoft | N/A | cbl2 cni-plugins 1.3.0-9 | ||
| Microsoft | N/A | cbl2 cf-cli 8.4.0-25 | ||
| Microsoft | N/A | cbl2 kube-vip-cloud-provider 0.0.2-23 | ||
| Microsoft | N/A | azl3 httpd 2.4.65-1 | ||
| Microsoft | N/A | azl3 cni-plugins 1.4.0-3 | ||
| Microsoft | N/A | azl3 kata-containers-cc 3.15.0.aks0-5 | ||
| Microsoft | N/A | cbl2 dcos-cli 1.2.0-22 | ||
| Microsoft | N/A | cbl2 jx 3.2.236-23 | ||
| Microsoft | N/A | cbl2 cert-manager 1.11.2-24 | ||
| Microsoft | N/A | azl3 dcos-cli 1.2.0-19 | ||
| Microsoft | N/A | azl3 kubernetes 1.30.10-16 | ||
| Microsoft | N/A | azl3 flannel 0.24.2-21 | ||
| Microsoft | N/A | azl3 kernel 6.6.112.1-2 | ||
| Microsoft | N/A | cbl2 influxdb 2.6.1-24 | ||
| Microsoft | N/A | cbl2 containerized-data-importer 1.55.0-26 | ||
| Microsoft | N/A | azl3 kernel 6.6.117.1-1 | ||
| Microsoft | N/A | cbl2 flannel 0.14.0-26 | ||
| Microsoft | N/A | cbl2 libcontainers-common 20210626-7 | ||
| Microsoft | N/A | cbl2 kata-containers-cc 3.2.0.azl2-8 | ||
| Microsoft | N/A | azl3 containerized-data-importer 1.57.0-17 | ||
| Microsoft | N/A | cbl2 kubevirt 0.59.0-31 | ||
| Microsoft | N/A | cbl2 moby-compose 2.17.3-12 | ||
| Microsoft | N/A | cbl2 cri-o 1.22.3-17 | ||
| Microsoft | N/A | cbl2 httpd 2.4.65-1 | ||
| Microsoft | N/A | azl3 kata-containers 3.19.1.kata2-2 | ||
| Microsoft | N/A | cbl2 kubernetes 1.28.4-19 | ||
| Microsoft | N/A | cbl2 moby-buildx 0.7.1-26 | ||
| Microsoft | N/A | cbl2 local-path-provisioner 0.0.21-19 | ||
| Microsoft | N/A | cbl2 prometheus 2.37.9-5 | ||
| Microsoft | N/A | azl3 influxdb 2.7.5-8 | ||
| Microsoft | N/A | cbl2 kata-containers 3.2.0.azl2-7 | ||
| Microsoft | N/A | azl3 libcontainers-common 20240213-3 |
References
| Title | Publication Time | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "cbl2 cni-plugins 1.3.0-9",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "cbl2 cf-cli 8.4.0-25",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "cbl2 kube-vip-cloud-provider 0.0.2-23",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "azl3 httpd 2.4.65-1",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "azl3 cni-plugins 1.4.0-3",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "azl3 kata-containers-cc 3.15.0.aks0-5",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "cbl2 dcos-cli 1.2.0-22",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "cbl2 jx 3.2.236-23",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "cbl2 cert-manager 1.11.2-24",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "azl3 dcos-cli 1.2.0-19",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "azl3 kubernetes 1.30.10-16",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "azl3 flannel 0.24.2-21",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "azl3 kernel 6.6.112.1-2",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "cbl2 influxdb 2.6.1-24",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "cbl2 containerized-data-importer 1.55.0-26",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "azl3 kernel 6.6.117.1-1",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "cbl2 flannel 0.14.0-26",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "cbl2 libcontainers-common 20210626-7",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "cbl2 kata-containers-cc 3.2.0.azl2-8",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "azl3 containerized-data-importer 1.57.0-17",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "cbl2 kubevirt 0.59.0-31",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "cbl2 moby-compose 2.17.3-12",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "cbl2 cri-o 1.22.3-17",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "cbl2 httpd 2.4.65-1",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "azl3 kata-containers 3.19.1.kata2-2",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "cbl2 kubernetes 1.28.4-19",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "cbl2 moby-buildx 0.7.1-26",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "cbl2 local-path-provisioner 0.0.21-19",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "cbl2 prometheus 2.37.9-5",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "azl3 influxdb 2.7.5-8",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "cbl2 kata-containers 3.2.0.azl2-7",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "azl3 libcontainers-common 20240213-3",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-40273",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40273"
},
{
"name": "CVE-2025-59775",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59775"
},
{
"name": "CVE-2025-40287",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40287"
},
{
"name": "CVE-2025-40294",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40294"
},
{
"name": "CVE-2025-40308",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40308"
},
{
"name": "CVE-2025-40311",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40311"
},
{
"name": "CVE-2025-40322",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40322"
},
{
"name": "CVE-2025-66200",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66200"
},
{
"name": "CVE-2025-65637",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-65637"
},
{
"name": "CVE-2025-40277",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40277"
},
{
"name": "CVE-2025-40272",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40272"
},
{
"name": "CVE-2025-40269",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40269"
},
{
"name": "CVE-2025-40289",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40289"
},
{
"name": "CVE-2025-40292",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40292"
},
{
"name": "CVE-2025-65082",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-65082"
},
{
"name": "CVE-2025-40279",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40279"
},
{
"name": "CVE-2023-53749",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-53749"
},
{
"name": "CVE-2025-40283",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40283"
},
{
"name": "CVE-2025-40324",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40324"
},
{
"name": "CVE-2025-40321",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40321"
},
{
"name": "CVE-2025-40282",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40282"
},
{
"name": "CVE-2025-40301",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40301"
},
{
"name": "CVE-2025-40310",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40310"
},
{
"name": "CVE-2025-40280",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40280"
},
{
"name": "CVE-2025-40284",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40284"
},
{
"name": "CVE-2025-40305",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40305"
},
{
"name": "CVE-2025-40297",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40297"
},
{
"name": "CVE-2025-40288",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40288"
},
{
"name": "CVE-2025-40281",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40281"
},
{
"name": "CVE-2025-40304",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40304"
},
{
"name": "CVE-2025-40268",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40268"
},
{
"name": "CVE-2025-40303",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40303"
},
{
"name": "CVE-2025-40323",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40323"
},
{
"name": "CVE-2025-40275",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40275"
},
{
"name": "CVE-2025-40319",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40319"
}
],
"initial_release_date": "2025-12-09T00:00:00",
"last_revision_date": "2025-12-09T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-1082",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-12-09T00:00:00.000000"
}
],
"risks": [
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Microsoft. Elles permettent \u00e0 un attaquant de provoquer un probl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Microsoft",
"vendor_advisories": [
{
"published_at": "2025-12-08",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-40275",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40275"
},
{
"published_at": "2025-12-09",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-40319",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40319"
},
{
"published_at": "2025-12-08",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-40280",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40280"
},
{
"published_at": "2025-12-09",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-40304",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40304"
},
{
"published_at": "2025-12-09",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-40301",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40301"
},
{
"published_at": "2025-12-08",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-40272",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40272"
},
{
"published_at": "2025-12-08",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-40269",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40269"
},
{
"published_at": "2025-12-08",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-40277",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40277"
},
{
"published_at": "2025-12-07",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-65082",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-65082"
},
{
"published_at": "2025-12-08",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-40284",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40284"
},
{
"published_at": "2025-12-09",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-40292",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40292"
},
{
"published_at": "2025-12-07",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-65637",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-65637"
},
{
"published_at": "2025-12-09",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-40294",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40294"
},
{
"published_at": "2025-12-09",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-40297",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40297"
},
{
"published_at": "2025-12-09",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-40311",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40311"
},
{
"published_at": "2025-12-09",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-40303",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40303"
},
{
"published_at": "2025-12-09",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-53749",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-53749"
},
{
"published_at": "2025-12-07",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-59775",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59775"
},
{
"published_at": "2025-12-09",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-40310",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40310"
},
{
"published_at": "2025-12-08",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-40281",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40281"
},
{
"published_at": "2025-12-09",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-40308",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40308"
},
{
"published_at": "2025-12-08",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-40283",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40283"
},
{
"published_at": "2025-12-09",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-40323",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40323"
},
{
"published_at": "2025-12-08",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-40279",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40279"
},
{
"published_at": "2025-12-09",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-40305",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40305"
},
{
"published_at": "2025-12-08",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-40288",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40288"
},
{
"published_at": "2025-12-08",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-40273",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40273"
},
{
"published_at": "2025-12-08",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-40268",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40268"
},
{
"published_at": "2025-12-09",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-40324",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40324"
},
{
"published_at": "2025-12-08",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-40289",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40289"
},
{
"published_at": "2025-12-09",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-40322",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40322"
},
{
"published_at": "2025-12-08",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-40282",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40282"
},
{
"published_at": "2025-12-09",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-40321",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40321"
},
{
"published_at": "2025-12-07",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-66200",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-66200"
},
{
"published_at": "2025-12-08",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-40287",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40287"
}
]
}
CERTFR-2025-AVI-1082
Vulnerability from certfr_avis - Published: 2025-12-09 - Updated: 2025-12-09
De multiples vulnérabilités ont été découvertes dans les produits Microsoft. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Microsoft | N/A | cbl2 cni-plugins 1.3.0-9 | ||
| Microsoft | N/A | cbl2 cf-cli 8.4.0-25 | ||
| Microsoft | N/A | cbl2 kube-vip-cloud-provider 0.0.2-23 | ||
| Microsoft | N/A | azl3 httpd 2.4.65-1 | ||
| Microsoft | N/A | azl3 cni-plugins 1.4.0-3 | ||
| Microsoft | N/A | azl3 kata-containers-cc 3.15.0.aks0-5 | ||
| Microsoft | N/A | cbl2 dcos-cli 1.2.0-22 | ||
| Microsoft | N/A | cbl2 jx 3.2.236-23 | ||
| Microsoft | N/A | cbl2 cert-manager 1.11.2-24 | ||
| Microsoft | N/A | azl3 dcos-cli 1.2.0-19 | ||
| Microsoft | N/A | azl3 kubernetes 1.30.10-16 | ||
| Microsoft | N/A | azl3 flannel 0.24.2-21 | ||
| Microsoft | N/A | azl3 kernel 6.6.112.1-2 | ||
| Microsoft | N/A | cbl2 influxdb 2.6.1-24 | ||
| Microsoft | N/A | cbl2 containerized-data-importer 1.55.0-26 | ||
| Microsoft | N/A | azl3 kernel 6.6.117.1-1 | ||
| Microsoft | N/A | cbl2 flannel 0.14.0-26 | ||
| Microsoft | N/A | cbl2 libcontainers-common 20210626-7 | ||
| Microsoft | N/A | cbl2 kata-containers-cc 3.2.0.azl2-8 | ||
| Microsoft | N/A | azl3 containerized-data-importer 1.57.0-17 | ||
| Microsoft | N/A | cbl2 kubevirt 0.59.0-31 | ||
| Microsoft | N/A | cbl2 moby-compose 2.17.3-12 | ||
| Microsoft | N/A | cbl2 cri-o 1.22.3-17 | ||
| Microsoft | N/A | cbl2 httpd 2.4.65-1 | ||
| Microsoft | N/A | azl3 kata-containers 3.19.1.kata2-2 | ||
| Microsoft | N/A | cbl2 kubernetes 1.28.4-19 | ||
| Microsoft | N/A | cbl2 moby-buildx 0.7.1-26 | ||
| Microsoft | N/A | cbl2 local-path-provisioner 0.0.21-19 | ||
| Microsoft | N/A | cbl2 prometheus 2.37.9-5 | ||
| Microsoft | N/A | azl3 influxdb 2.7.5-8 | ||
| Microsoft | N/A | cbl2 kata-containers 3.2.0.azl2-7 | ||
| Microsoft | N/A | azl3 libcontainers-common 20240213-3 |
References
| Title | Publication Time | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "cbl2 cni-plugins 1.3.0-9",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "cbl2 cf-cli 8.4.0-25",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "cbl2 kube-vip-cloud-provider 0.0.2-23",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "azl3 httpd 2.4.65-1",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "azl3 cni-plugins 1.4.0-3",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "azl3 kata-containers-cc 3.15.0.aks0-5",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "cbl2 dcos-cli 1.2.0-22",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "cbl2 jx 3.2.236-23",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "cbl2 cert-manager 1.11.2-24",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "azl3 dcos-cli 1.2.0-19",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "azl3 kubernetes 1.30.10-16",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "azl3 flannel 0.24.2-21",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "azl3 kernel 6.6.112.1-2",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "cbl2 influxdb 2.6.1-24",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "cbl2 containerized-data-importer 1.55.0-26",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "azl3 kernel 6.6.117.1-1",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "cbl2 flannel 0.14.0-26",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "cbl2 libcontainers-common 20210626-7",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "cbl2 kata-containers-cc 3.2.0.azl2-8",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "azl3 containerized-data-importer 1.57.0-17",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "cbl2 kubevirt 0.59.0-31",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "cbl2 moby-compose 2.17.3-12",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "cbl2 cri-o 1.22.3-17",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "cbl2 httpd 2.4.65-1",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "azl3 kata-containers 3.19.1.kata2-2",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "cbl2 kubernetes 1.28.4-19",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "cbl2 moby-buildx 0.7.1-26",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "cbl2 local-path-provisioner 0.0.21-19",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "cbl2 prometheus 2.37.9-5",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "azl3 influxdb 2.7.5-8",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "cbl2 kata-containers 3.2.0.azl2-7",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "azl3 libcontainers-common 20240213-3",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-40273",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40273"
},
{
"name": "CVE-2025-59775",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59775"
},
{
"name": "CVE-2025-40287",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40287"
},
{
"name": "CVE-2025-40294",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40294"
},
{
"name": "CVE-2025-40308",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40308"
},
{
"name": "CVE-2025-40311",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40311"
},
{
"name": "CVE-2025-40322",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40322"
},
{
"name": "CVE-2025-66200",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66200"
},
{
"name": "CVE-2025-65637",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-65637"
},
{
"name": "CVE-2025-40277",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40277"
},
{
"name": "CVE-2025-40272",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40272"
},
{
"name": "CVE-2025-40269",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40269"
},
{
"name": "CVE-2025-40289",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40289"
},
{
"name": "CVE-2025-40292",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40292"
},
{
"name": "CVE-2025-65082",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-65082"
},
{
"name": "CVE-2025-40279",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40279"
},
{
"name": "CVE-2023-53749",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-53749"
},
{
"name": "CVE-2025-40283",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40283"
},
{
"name": "CVE-2025-40324",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40324"
},
{
"name": "CVE-2025-40321",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40321"
},
{
"name": "CVE-2025-40282",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40282"
},
{
"name": "CVE-2025-40301",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40301"
},
{
"name": "CVE-2025-40310",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40310"
},
{
"name": "CVE-2025-40280",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40280"
},
{
"name": "CVE-2025-40284",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40284"
},
{
"name": "CVE-2025-40305",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40305"
},
{
"name": "CVE-2025-40297",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40297"
},
{
"name": "CVE-2025-40288",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40288"
},
{
"name": "CVE-2025-40281",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40281"
},
{
"name": "CVE-2025-40304",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40304"
},
{
"name": "CVE-2025-40268",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40268"
},
{
"name": "CVE-2025-40303",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40303"
},
{
"name": "CVE-2025-40323",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40323"
},
{
"name": "CVE-2025-40275",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40275"
},
{
"name": "CVE-2025-40319",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40319"
}
],
"initial_release_date": "2025-12-09T00:00:00",
"last_revision_date": "2025-12-09T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-1082",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-12-09T00:00:00.000000"
}
],
"risks": [
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Microsoft. Elles permettent \u00e0 un attaquant de provoquer un probl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Microsoft",
"vendor_advisories": [
{
"published_at": "2025-12-08",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-40275",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40275"
},
{
"published_at": "2025-12-09",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-40319",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40319"
},
{
"published_at": "2025-12-08",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-40280",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40280"
},
{
"published_at": "2025-12-09",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-40304",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40304"
},
{
"published_at": "2025-12-09",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-40301",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40301"
},
{
"published_at": "2025-12-08",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-40272",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40272"
},
{
"published_at": "2025-12-08",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-40269",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40269"
},
{
"published_at": "2025-12-08",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-40277",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40277"
},
{
"published_at": "2025-12-07",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-65082",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-65082"
},
{
"published_at": "2025-12-08",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-40284",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40284"
},
{
"published_at": "2025-12-09",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-40292",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40292"
},
{
"published_at": "2025-12-07",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-65637",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-65637"
},
{
"published_at": "2025-12-09",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-40294",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40294"
},
{
"published_at": "2025-12-09",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-40297",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40297"
},
{
"published_at": "2025-12-09",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-40311",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40311"
},
{
"published_at": "2025-12-09",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-40303",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40303"
},
{
"published_at": "2025-12-09",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-53749",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-53749"
},
{
"published_at": "2025-12-07",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-59775",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59775"
},
{
"published_at": "2025-12-09",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-40310",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40310"
},
{
"published_at": "2025-12-08",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-40281",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40281"
},
{
"published_at": "2025-12-09",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-40308",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40308"
},
{
"published_at": "2025-12-08",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-40283",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40283"
},
{
"published_at": "2025-12-09",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-40323",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40323"
},
{
"published_at": "2025-12-08",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-40279",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40279"
},
{
"published_at": "2025-12-09",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-40305",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40305"
},
{
"published_at": "2025-12-08",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-40288",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40288"
},
{
"published_at": "2025-12-08",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-40273",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40273"
},
{
"published_at": "2025-12-08",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-40268",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40268"
},
{
"published_at": "2025-12-09",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-40324",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40324"
},
{
"published_at": "2025-12-08",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-40289",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40289"
},
{
"published_at": "2025-12-09",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-40322",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40322"
},
{
"published_at": "2025-12-08",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-40282",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40282"
},
{
"published_at": "2025-12-09",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-40321",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40321"
},
{
"published_at": "2025-12-07",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-66200",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-66200"
},
{
"published_at": "2025-12-08",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-40287",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40287"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…