cnvd - cnvd-2025-14216

cnvd-2025-14216

Vulnerability from cnvd

Title

Red Hat Connectivity Link资源管理错误漏洞

Description

Red Hat Connectivity Link是美国红帽（Red Hat）公司的一个Kubernetes网络连接管理平台。 Red Hat Connectivity Link存在资源管理错误漏洞，攻击者可利用该漏洞导致Authorino服务崩溃。

Severity

中

Formal description

目前厂商尚未发布升级程序修复该安全问题，详情见厂商官网： https://access.redhat.com/

Reference

https://nvd.nist.gov/vuln/detail/CVE-2025-25208

Impacted products

Name
Red Hat Red Hat Connectivity Link

Show details on source website

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2025-25208",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2025-25208"
    }
  },
  "description": "Red Hat Connectivity Link\u662f\u7f8e\u56fd\u7ea2\u5e3d\uff08Red Hat\uff09\u516c\u53f8\u7684\u4e00\u4e2aKubernetes\u7f51\u7edc\u8fde\u63a5\u7ba1\u7406\u5e73\u53f0\u3002\n\nRed Hat Connectivity Link\u5b58\u5728\u8d44\u6e90\u7ba1\u7406\u9519\u8bef\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5bfc\u81f4Authorino\u670d\u52a1\u5d29\u6e83\u3002",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5c1a\u672a\u53d1\u5e03\u5347\u7ea7\u7a0b\u5e8f\u4fee\u590d\u8be5\u5b89\u5168\u95ee\u9898\uff0c\u8be6\u60c5\u89c1\u5382\u5546\u5b98\u7f51\uff1a\r\nhttps://access.redhat.com/",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2025-14216",
  "openTime": "2025-06-27",
  "products": {
    "product": "Red Hat Red Hat Connectivity Link"
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2025-25208",
  "serverity": "\u4e2d",
  "submitTime": "2025-06-23",
  "title": "Red Hat Connectivity Link\u8d44\u6e90\u7ba1\u7406\u9519\u8bef\u6f0f\u6d1e"
}

CVE-2025-25208 (GCVE-0-2025-25208)

Vulnerability from cvelistv5

Published

2025-06-09 06:13

Modified

2025-08-30 23:26

Severity ?

5.7 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H

CWE

CWE-400 - Uncontrolled Resource Consumption

Summary

A Developer persona can bring down the Authorino service, preventing the evaluation of all AuthPolicies on the cluster

References

URL

Tags

	https://access.redhat.com/security/cve/CVE-2025-25208	vdb-entry, x_refsource_REDHAT
	https://bugzilla.redhat.com/show_bug.cgi?id=2347436	issue-tracking, x_refsource_REDHAT

Impacted products

Vendor

Product

Version

Version: 1.0.1 ≤

Red Hat Connectivity Link 1

cpe:/a:redhat:connectivity_link:1

Show details on NVD website

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-25208",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-06-09T18:08:24.170293Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-06-09T18:08:33.921Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://www.redhat.com/pt-br/technologies/cloud-computing/connectivity-link",
          "defaultStatus": "unknown",
          "packageName": "rhcl-operator-container",
          "versions": [
            {
              "status": "affected",
              "version": "1.0.1",
              "versionType": "semver"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:connectivity_link:1"
          ],
          "defaultStatus": "affected",
          "packageName": "rhcl-operator-container",
          "product": "Red Hat Connectivity Link 1",
          "vendor": "Red Hat"
        }
      ],
      "datePublic": "2025-02-24T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A Developer persona can bring down the Authorino service, preventing the evaluation of all AuthPolicies on the cluster"
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "namespace": "https://access.redhat.com/security/updates/classification/",
              "value": "Moderate"
            },
            "type": "Red Hat severity rating"
          }
        },
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 5.7,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-400",
              "description": "Uncontrolled Resource Consumption",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-08-30T23:26:57.462Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "vdb-entry",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/security/cve/CVE-2025-25208"
        },
        {
          "name": "RHBZ#2347436",
          "tags": [
            "issue-tracking",
            "x_refsource_REDHAT"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2347436"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2025-02-24T23:33:58.746000+00:00",
          "value": "Reported to Red Hat."
        },
        {
          "lang": "en",
          "time": "2025-02-24T00:00:00+00:00",
          "value": "Made public."
        }
      ],
      "title": "Rhcl: authorino denial of service through authpolicy with sharedsecretref severity",
      "x_redhatCweChain": "CWE-400: Uncontrolled Resource Consumption"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2025-25208",
    "datePublished": "2025-06-09T06:13:03.864Z",
    "dateReserved": "2025-02-03T20:02:01.750Z",
    "dateUpdated": "2025-08-30T23:26:57.462Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Log in or create an account to share your comment.

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.