rhsa-2025:14886
Vulnerability from csaf_redhat
Published
2025-08-28 15:21
Modified
2025-11-08 07:17
Summary
Red Hat Security Advisory: Kiali 2.4.8 for Red Hat OpenShift Service Mesh 3.0
Notes
Topic
Kiali 2.4.8 for Red Hat OpenShift Service Mesh 3.0
This update has a security impact of important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section
Details
Kiali 2.4.8, for Red Hat OpenShift Service Mesh 3.0, provides observability for the service mesh by offering a visual representation of the mesh topology and metrics, helping users monitor, trace, and manage efficiently
Security Fix(es):
* openshift-service-mesh/kiali-ossmc-rhel9: Unsafe random function in form-data (CVE-2025-7783)
* openshift-service-mesh/kiali-rhel9: Unsafe random function in form-data (CVE-2025-7783)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Kiali 2.4.8 for Red Hat OpenShift Service Mesh 3.0\nThis update has a security impact of important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section",
"title": "Topic"
},
{
"category": "general",
"text": "Kiali 2.4.8, for Red Hat OpenShift Service Mesh 3.0, provides observability for the service mesh by offering a visual representation of the mesh topology and metrics, helping users monitor, trace, and manage efficiently\nSecurity Fix(es):\n* openshift-service-mesh/kiali-ossmc-rhel9: Unsafe random function in form-data (CVE-2025-7783)\n* openshift-service-mesh/kiali-rhel9: Unsafe random function in form-data (CVE-2025-7783)\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:14886",
"url": "https://access.redhat.com/errata/RHSA-2025:14886"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-7783",
"url": "https://access.redhat.com/security/cve/CVE-2025-7783"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification",
"url": "https://access.redhat.com/security/updates/classification"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_14886.json"
}
],
"title": "Red Hat Security Advisory: Kiali 2.4.8 for Red Hat OpenShift Service Mesh 3.0",
"tracking": {
"current_release_date": "2025-11-08T07:17:50+00:00",
"generator": {
"date": "2025-11-08T07:17:50+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.12"
}
},
"id": "RHSA-2025:14886",
"initial_release_date": "2025-08-28T15:21:16+00:00",
"revision_history": [
{
"date": "2025-08-28T15:21:16+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-08-28T15:21:25+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-11-08T07:17:50+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat OpenShift Service Mesh 3.0",
"product": {
"name": "Red Hat OpenShift Service Mesh 3.0",
"product_id": "Red Hat OpenShift Service Mesh 3.0",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:service_mesh:3.0::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenShift Service Mesh"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:01b914135cc54eb935dd9329bc813a273abbb93215c97e3cc189bf1972a22bb5_amd64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:01b914135cc54eb935dd9329bc813a273abbb93215c97e3cc189bf1972a22bb5_amd64",
"product_id": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:01b914135cc54eb935dd9329bc813a273abbb93215c97e3cc189bf1972a22bb5_amd64",
"product_identification_helper": {
"purl": "pkg:oci/kiali-rhel9@sha256%3A01b914135cc54eb935dd9329bc813a273abbb93215c97e3cc189bf1972a22bb5?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=2.4.8-1756131770"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:4afa3f730b28beaaa4c9c84752c1f4f2596f3ee59c495c5adbde1b87c373a4ef_amd64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:4afa3f730b28beaaa4c9c84752c1f4f2596f3ee59c495c5adbde1b87c373a4ef_amd64",
"product_id": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:4afa3f730b28beaaa4c9c84752c1f4f2596f3ee59c495c5adbde1b87c373a4ef_amd64",
"product_identification_helper": {
"purl": "pkg:oci/kiali-ossmc-rhel9@sha256%3A4afa3f730b28beaaa4c9c84752c1f4f2596f3ee59c495c5adbde1b87c373a4ef?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=2.4.8-1756131683"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:731e415aff818b9437db790b7f4808230127ef44fff6a63c2fc5fd12abd98ac2_arm64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:731e415aff818b9437db790b7f4808230127ef44fff6a63c2fc5fd12abd98ac2_arm64",
"product_id": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:731e415aff818b9437db790b7f4808230127ef44fff6a63c2fc5fd12abd98ac2_arm64",
"product_identification_helper": {
"purl": "pkg:oci/kiali-rhel9@sha256%3A731e415aff818b9437db790b7f4808230127ef44fff6a63c2fc5fd12abd98ac2?arch=arm64\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=2.4.8-1756131770"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:13fcd38bda6176f85e1d9347d5c6258ffa6cf64c20ffb49c6f8a15fc3c40c92b_arm64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:13fcd38bda6176f85e1d9347d5c6258ffa6cf64c20ffb49c6f8a15fc3c40c92b_arm64",
"product_id": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:13fcd38bda6176f85e1d9347d5c6258ffa6cf64c20ffb49c6f8a15fc3c40c92b_arm64",
"product_identification_helper": {
"purl": "pkg:oci/kiali-ossmc-rhel9@sha256%3A13fcd38bda6176f85e1d9347d5c6258ffa6cf64c20ffb49c6f8a15fc3c40c92b?arch=arm64\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=2.4.8-1756131683"
}
}
}
],
"category": "architecture",
"name": "arm64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:f22f0adbf0daee6c3f8cab787f09a902d1db1fa14db732930290859d337e90c3_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:f22f0adbf0daee6c3f8cab787f09a902d1db1fa14db732930290859d337e90c3_ppc64le",
"product_id": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:f22f0adbf0daee6c3f8cab787f09a902d1db1fa14db732930290859d337e90c3_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/kiali-rhel9@sha256%3Af22f0adbf0daee6c3f8cab787f09a902d1db1fa14db732930290859d337e90c3?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=2.4.8-1756131770"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:093203f2be42842350588579d8fa40c3b4ada5947fddbcdac0c018f60914c9fb_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:093203f2be42842350588579d8fa40c3b4ada5947fddbcdac0c018f60914c9fb_ppc64le",
"product_id": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:093203f2be42842350588579d8fa40c3b4ada5947fddbcdac0c018f60914c9fb_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/kiali-ossmc-rhel9@sha256%3A093203f2be42842350588579d8fa40c3b4ada5947fddbcdac0c018f60914c9fb?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=2.4.8-1756131683"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:7633b215318384e968c107e5428e670159fd4b1c875221558fd4aa7dee98718e_s390x",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:7633b215318384e968c107e5428e670159fd4b1c875221558fd4aa7dee98718e_s390x",
"product_id": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:7633b215318384e968c107e5428e670159fd4b1c875221558fd4aa7dee98718e_s390x",
"product_identification_helper": {
"purl": "pkg:oci/kiali-rhel9@sha256%3A7633b215318384e968c107e5428e670159fd4b1c875221558fd4aa7dee98718e?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=2.4.8-1756131770"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:bdcb0163e2c6d05c221723129b0b88d72307490dabf97ddd1e1898837362d86e_s390x",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:bdcb0163e2c6d05c221723129b0b88d72307490dabf97ddd1e1898837362d86e_s390x",
"product_id": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:bdcb0163e2c6d05c221723129b0b88d72307490dabf97ddd1e1898837362d86e_s390x",
"product_identification_helper": {
"purl": "pkg:oci/kiali-ossmc-rhel9@sha256%3Abdcb0163e2c6d05c221723129b0b88d72307490dabf97ddd1e1898837362d86e?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=2.4.8-1756131683"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:093203f2be42842350588579d8fa40c3b4ada5947fddbcdac0c018f60914c9fb_ppc64le as a component of Red Hat OpenShift Service Mesh 3.0",
"product_id": "Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:093203f2be42842350588579d8fa40c3b4ada5947fddbcdac0c018f60914c9fb_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:093203f2be42842350588579d8fa40c3b4ada5947fddbcdac0c018f60914c9fb_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:13fcd38bda6176f85e1d9347d5c6258ffa6cf64c20ffb49c6f8a15fc3c40c92b_arm64 as a component of Red Hat OpenShift Service Mesh 3.0",
"product_id": "Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:13fcd38bda6176f85e1d9347d5c6258ffa6cf64c20ffb49c6f8a15fc3c40c92b_arm64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:13fcd38bda6176f85e1d9347d5c6258ffa6cf64c20ffb49c6f8a15fc3c40c92b_arm64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:4afa3f730b28beaaa4c9c84752c1f4f2596f3ee59c495c5adbde1b87c373a4ef_amd64 as a component of Red Hat OpenShift Service Mesh 3.0",
"product_id": "Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:4afa3f730b28beaaa4c9c84752c1f4f2596f3ee59c495c5adbde1b87c373a4ef_amd64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:4afa3f730b28beaaa4c9c84752c1f4f2596f3ee59c495c5adbde1b87c373a4ef_amd64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:bdcb0163e2c6d05c221723129b0b88d72307490dabf97ddd1e1898837362d86e_s390x as a component of Red Hat OpenShift Service Mesh 3.0",
"product_id": "Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:bdcb0163e2c6d05c221723129b0b88d72307490dabf97ddd1e1898837362d86e_s390x"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:bdcb0163e2c6d05c221723129b0b88d72307490dabf97ddd1e1898837362d86e_s390x",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:01b914135cc54eb935dd9329bc813a273abbb93215c97e3cc189bf1972a22bb5_amd64 as a component of Red Hat OpenShift Service Mesh 3.0",
"product_id": "Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:01b914135cc54eb935dd9329bc813a273abbb93215c97e3cc189bf1972a22bb5_amd64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:01b914135cc54eb935dd9329bc813a273abbb93215c97e3cc189bf1972a22bb5_amd64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:731e415aff818b9437db790b7f4808230127ef44fff6a63c2fc5fd12abd98ac2_arm64 as a component of Red Hat OpenShift Service Mesh 3.0",
"product_id": "Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:731e415aff818b9437db790b7f4808230127ef44fff6a63c2fc5fd12abd98ac2_arm64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:731e415aff818b9437db790b7f4808230127ef44fff6a63c2fc5fd12abd98ac2_arm64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:7633b215318384e968c107e5428e670159fd4b1c875221558fd4aa7dee98718e_s390x as a component of Red Hat OpenShift Service Mesh 3.0",
"product_id": "Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:7633b215318384e968c107e5428e670159fd4b1c875221558fd4aa7dee98718e_s390x"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:7633b215318384e968c107e5428e670159fd4b1c875221558fd4aa7dee98718e_s390x",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:f22f0adbf0daee6c3f8cab787f09a902d1db1fa14db732930290859d337e90c3_ppc64le as a component of Red Hat OpenShift Service Mesh 3.0",
"product_id": "Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:f22f0adbf0daee6c3f8cab787f09a902d1db1fa14db732930290859d337e90c3_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:f22f0adbf0daee6c3f8cab787f09a902d1db1fa14db732930290859d337e90c3_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.0"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-7783",
"cwe": {
"id": "CWE-330",
"name": "Use of Insufficiently Random Values"
},
"discovery_date": "2025-07-18T17:00:43.396637+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2381959"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability related to predictable random number generation has been discovered in the form-data JavaScript library. The library utilizes Math.random() to determine boundary values for multipart form-encoded data.\n\nThis presents a security risk if an attacker can observe other values generated by Math.random() within the target application and simultaneously control at least one field of a request made using form-data. Under these conditions, the attacker could potentially predict or determine the boundary values. This predictability could be leveraged to bypass security controls, manipulate form data, or potentially lead to data integrity issues or other forms of exploitation.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "form-data: Unsafe random function in form-data",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw does not affect host systems. The impact of this vulnerability is limited to specific applications which integrate the `form-data` library. As a result the impact of this CVE is limited on RedHat systems.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:093203f2be42842350588579d8fa40c3b4ada5947fddbcdac0c018f60914c9fb_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:13fcd38bda6176f85e1d9347d5c6258ffa6cf64c20ffb49c6f8a15fc3c40c92b_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:4afa3f730b28beaaa4c9c84752c1f4f2596f3ee59c495c5adbde1b87c373a4ef_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:bdcb0163e2c6d05c221723129b0b88d72307490dabf97ddd1e1898837362d86e_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:01b914135cc54eb935dd9329bc813a273abbb93215c97e3cc189bf1972a22bb5_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:731e415aff818b9437db790b7f4808230127ef44fff6a63c2fc5fd12abd98ac2_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:7633b215318384e968c107e5428e670159fd4b1c875221558fd4aa7dee98718e_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:f22f0adbf0daee6c3f8cab787f09a902d1db1fa14db732930290859d337e90c3_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-7783"
},
{
"category": "external",
"summary": "RHBZ#2381959",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2381959"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-7783",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-7783"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-7783",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-7783"
},
{
"category": "external",
"summary": "https://github.com/form-data/form-data/commit/3d1723080e6577a66f17f163ecd345a21d8d0fd0",
"url": "https://github.com/form-data/form-data/commit/3d1723080e6577a66f17f163ecd345a21d8d0fd0"
},
{
"category": "external",
"summary": "https://github.com/form-data/form-data/security/advisories/GHSA-fjxv-7rqg-78g4",
"url": "https://github.com/form-data/form-data/security/advisories/GHSA-fjxv-7rqg-78g4"
}
],
"release_date": "2025-07-18T16:34:44.889000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-08-28T15:21:16+00:00",
"details": "See Kiali 2.4.8 documentation at https://docs.redhat.com/en/documentation/red_hat_openshift_service_mesh/3.0/html/observability/kiali-operator-provided-by-red-hat",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:093203f2be42842350588579d8fa40c3b4ada5947fddbcdac0c018f60914c9fb_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:13fcd38bda6176f85e1d9347d5c6258ffa6cf64c20ffb49c6f8a15fc3c40c92b_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:4afa3f730b28beaaa4c9c84752c1f4f2596f3ee59c495c5adbde1b87c373a4ef_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:bdcb0163e2c6d05c221723129b0b88d72307490dabf97ddd1e1898837362d86e_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:01b914135cc54eb935dd9329bc813a273abbb93215c97e3cc189bf1972a22bb5_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:731e415aff818b9437db790b7f4808230127ef44fff6a63c2fc5fd12abd98ac2_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:7633b215318384e968c107e5428e670159fd4b1c875221558fd4aa7dee98718e_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:f22f0adbf0daee6c3f8cab787f09a902d1db1fa14db732930290859d337e90c3_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:14886"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:093203f2be42842350588579d8fa40c3b4ada5947fddbcdac0c018f60914c9fb_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:13fcd38bda6176f85e1d9347d5c6258ffa6cf64c20ffb49c6f8a15fc3c40c92b_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:4afa3f730b28beaaa4c9c84752c1f4f2596f3ee59c495c5adbde1b87c373a4ef_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:bdcb0163e2c6d05c221723129b0b88d72307490dabf97ddd1e1898837362d86e_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:01b914135cc54eb935dd9329bc813a273abbb93215c97e3cc189bf1972a22bb5_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:731e415aff818b9437db790b7f4808230127ef44fff6a63c2fc5fd12abd98ac2_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:7633b215318384e968c107e5428e670159fd4b1c875221558fd4aa7dee98718e_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:f22f0adbf0daee6c3f8cab787f09a902d1db1fa14db732930290859d337e90c3_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:093203f2be42842350588579d8fa40c3b4ada5947fddbcdac0c018f60914c9fb_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:13fcd38bda6176f85e1d9347d5c6258ffa6cf64c20ffb49c6f8a15fc3c40c92b_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:4afa3f730b28beaaa4c9c84752c1f4f2596f3ee59c495c5adbde1b87c373a4ef_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:bdcb0163e2c6d05c221723129b0b88d72307490dabf97ddd1e1898837362d86e_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:01b914135cc54eb935dd9329bc813a273abbb93215c97e3cc189bf1972a22bb5_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:731e415aff818b9437db790b7f4808230127ef44fff6a63c2fc5fd12abd98ac2_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:7633b215318384e968c107e5428e670159fd4b1c875221558fd4aa7dee98718e_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:f22f0adbf0daee6c3f8cab787f09a902d1db1fa14db732930290859d337e90c3_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "form-data: Unsafe random function in form-data"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…