csaf_redhat - rhsa-2025:19088

rhsa-2025:19088

Vulnerability from csaf_redhat

Published

2025-10-23 19:26

Modified

2025-10-23 19:29

Summary

Red Hat Security Advisory: A Subscription Management tool for finding and reporting Red Hat product usage

Notes

Topic

A Subscription Management tool for finding and reporting Red Hat product usage

Details

Red Hat Discovery, also known as Discovery, is an inspection and reporting tool that finds, identifies, and reports environment data, or facts, such as the number of physical and virtual systems on a network, their operating systems, and relevant configuration data stored within them. Discovery also identifies and reports more detailed facts for some versions of key Red Hat packages and products that it finds in the network.

This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "A Subscription Management tool for finding and reporting Red Hat product usage",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "Red Hat Discovery, also known as Discovery, is an inspection and reporting tool that finds,\nidentifies, and reports environment data, or facts, such as the number of physical and virtual\nsystems on a network, their operating systems, and relevant configuration data stored within\nthem. Discovery also identifies and reports more detailed facts for some versions of key\nRed Hat packages and products that it finds in the network.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2025:19088",
        "url": "https://access.redhat.com/errata/RHSA-2025:19088"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/CVE-2025-32988",
        "url": "https://access.redhat.com/security/cve/CVE-2025-32988"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/CVE-2025-32989",
        "url": "https://access.redhat.com/security/cve/CVE-2025-32989"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/CVE-2025-32990",
        "url": "https://access.redhat.com/security/cve/CVE-2025-32990"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/CVE-2025-53905",
        "url": "https://access.redhat.com/security/cve/CVE-2025-53905"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/CVE-2025-53906",
        "url": "https://access.redhat.com/security/cve/CVE-2025-53906"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/CVE-2025-6395",
        "url": "https://access.redhat.com/security/cve/CVE-2025-6395"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/",
        "url": "https://access.redhat.com/security/updates/classification/"
      },
      {
        "category": "external",
        "summary": "https://docs.redhat.com/en/documentation/subscription_central/1-latest/#Discovery",
        "url": "https://docs.redhat.com/en/documentation/subscription_central/1-latest/#Discovery"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_19088.json"
      }
    ],
    "title": "Red Hat Security Advisory: A Subscription Management tool for finding and reporting Red Hat product usage",
    "tracking": {
      "current_release_date": "2025-10-23T19:29:34+00:00",
      "generator": {
        "date": "2025-10-23T19:29:34+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.6.9"
        }
      },
      "id": "RHSA-2025:19088",
      "initial_release_date": "2025-10-23T19:26:05+00:00",
      "revision_history": [
        {
          "date": "2025-10-23T19:26:05+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2025-10-23T19:26:14+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2025-10-23T19:29:34+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Discovery 2",
                "product": {
                  "name": "Red Hat Discovery 2",
                  "product_id": "Red Hat Discovery 2",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:discovery:2::el9"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Discovery"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "registry.redhat.io/discovery/discovery-server-rhel9@sha256:54d0aab9e86766954949e7a5a11fb29b6b1c463ebb5ba0fb46b2d0f108753208_amd64",
                "product": {
                  "name": "registry.redhat.io/discovery/discovery-server-rhel9@sha256:54d0aab9e86766954949e7a5a11fb29b6b1c463ebb5ba0fb46b2d0f108753208_amd64",
                  "product_id": "registry.redhat.io/discovery/discovery-server-rhel9@sha256:54d0aab9e86766954949e7a5a11fb29b6b1c463ebb5ba0fb46b2d0f108753208_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/discovery-server-rhel9@sha256%3A54d0aab9e86766954949e7a5a11fb29b6b1c463ebb5ba0fb46b2d0f108753208?arch=amd64\u0026repository_url=registry.redhat.io/discovery\u0026tag=2.3.0-1760553895"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "registry.redhat.io/discovery/discovery-ui-rhel9@sha256:4784c2680572f9d091fcfb8c593d5424c0fcd8ea9cd51d25ddaf2f72abc7da65_amd64",
                "product": {
                  "name": "registry.redhat.io/discovery/discovery-ui-rhel9@sha256:4784c2680572f9d091fcfb8c593d5424c0fcd8ea9cd51d25ddaf2f72abc7da65_amd64",
                  "product_id": "registry.redhat.io/discovery/discovery-ui-rhel9@sha256:4784c2680572f9d091fcfb8c593d5424c0fcd8ea9cd51d25ddaf2f72abc7da65_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/discovery-ui-rhel9@sha256%3A4784c2680572f9d091fcfb8c593d5424c0fcd8ea9cd51d25ddaf2f72abc7da65?arch=amd64\u0026repository_url=registry.redhat.io/discovery\u0026tag=2.3.0-1760554384"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "amd64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "registry.redhat.io/discovery/discovery-server-rhel9@sha256:f4f0ef1497a7cde32f6507f6805050a33ecb95b93bb7ad6bd0544edd3ef19af2_arm64",
                "product": {
                  "name": "registry.redhat.io/discovery/discovery-server-rhel9@sha256:f4f0ef1497a7cde32f6507f6805050a33ecb95b93bb7ad6bd0544edd3ef19af2_arm64",
                  "product_id": "registry.redhat.io/discovery/discovery-server-rhel9@sha256:f4f0ef1497a7cde32f6507f6805050a33ecb95b93bb7ad6bd0544edd3ef19af2_arm64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/discovery-server-rhel9@sha256%3Af4f0ef1497a7cde32f6507f6805050a33ecb95b93bb7ad6bd0544edd3ef19af2?arch=arm64\u0026repository_url=registry.redhat.io/discovery\u0026tag=2.3.0-1760553895"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "registry.redhat.io/discovery/discovery-ui-rhel9@sha256:435ba9959b793d46a63a74c343bb8c3ff68350496afec12cc5e894dfc40b7648_arm64",
                "product": {
                  "name": "registry.redhat.io/discovery/discovery-ui-rhel9@sha256:435ba9959b793d46a63a74c343bb8c3ff68350496afec12cc5e894dfc40b7648_arm64",
                  "product_id": "registry.redhat.io/discovery/discovery-ui-rhel9@sha256:435ba9959b793d46a63a74c343bb8c3ff68350496afec12cc5e894dfc40b7648_arm64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/discovery-ui-rhel9@sha256%3A435ba9959b793d46a63a74c343bb8c3ff68350496afec12cc5e894dfc40b7648?arch=arm64\u0026repository_url=registry.redhat.io/discovery\u0026tag=2.3.0-1760554384"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "arm64"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "registry.redhat.io/discovery/discovery-server-rhel9@sha256:54d0aab9e86766954949e7a5a11fb29b6b1c463ebb5ba0fb46b2d0f108753208_amd64 as a component of Red Hat Discovery 2",
          "product_id": "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:54d0aab9e86766954949e7a5a11fb29b6b1c463ebb5ba0fb46b2d0f108753208_amd64"
        },
        "product_reference": "registry.redhat.io/discovery/discovery-server-rhel9@sha256:54d0aab9e86766954949e7a5a11fb29b6b1c463ebb5ba0fb46b2d0f108753208_amd64",
        "relates_to_product_reference": "Red Hat Discovery 2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "registry.redhat.io/discovery/discovery-server-rhel9@sha256:f4f0ef1497a7cde32f6507f6805050a33ecb95b93bb7ad6bd0544edd3ef19af2_arm64 as a component of Red Hat Discovery 2",
          "product_id": "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:f4f0ef1497a7cde32f6507f6805050a33ecb95b93bb7ad6bd0544edd3ef19af2_arm64"
        },
        "product_reference": "registry.redhat.io/discovery/discovery-server-rhel9@sha256:f4f0ef1497a7cde32f6507f6805050a33ecb95b93bb7ad6bd0544edd3ef19af2_arm64",
        "relates_to_product_reference": "Red Hat Discovery 2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "registry.redhat.io/discovery/discovery-ui-rhel9@sha256:435ba9959b793d46a63a74c343bb8c3ff68350496afec12cc5e894dfc40b7648_arm64 as a component of Red Hat Discovery 2",
          "product_id": "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:435ba9959b793d46a63a74c343bb8c3ff68350496afec12cc5e894dfc40b7648_arm64"
        },
        "product_reference": "registry.redhat.io/discovery/discovery-ui-rhel9@sha256:435ba9959b793d46a63a74c343bb8c3ff68350496afec12cc5e894dfc40b7648_arm64",
        "relates_to_product_reference": "Red Hat Discovery 2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "registry.redhat.io/discovery/discovery-ui-rhel9@sha256:4784c2680572f9d091fcfb8c593d5424c0fcd8ea9cd51d25ddaf2f72abc7da65_amd64 as a component of Red Hat Discovery 2",
          "product_id": "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:4784c2680572f9d091fcfb8c593d5424c0fcd8ea9cd51d25ddaf2f72abc7da65_amd64"
        },
        "product_reference": "registry.redhat.io/discovery/discovery-ui-rhel9@sha256:4784c2680572f9d091fcfb8c593d5424c0fcd8ea9cd51d25ddaf2f72abc7da65_amd64",
        "relates_to_product_reference": "Red Hat Discovery 2"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2025-6395",
      "cwe": {
        "id": "CWE-476",
        "name": "NULL Pointer Dereference"
      },
      "discovery_date": "2025-07-07T09:30:13.037000+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:54d0aab9e86766954949e7a5a11fb29b6b1c463ebb5ba0fb46b2d0f108753208_amd64",
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:f4f0ef1497a7cde32f6507f6805050a33ecb95b93bb7ad6bd0544edd3ef19af2_arm64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2376755"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A NULL pointer dereference flaw was found in the GnuTLS software in _gnutls_figure_common_ciphersuite().",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "gnutls: NULL pointer dereference in _gnutls_figure_common_ciphersuite()",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Within regulated environments, a combination of the following controls acts as a significant barrier to successfully exploiting a CWE-476: NULL Pointer Dereference vulnerability and therefore downgrades the severity of this particular CVE from Moderate to Low.\n\nThe platform incorporates secure engineering principles and controls to enforce secure coding practices, including proper memory handling and error checking, reducing the likelihood of null pointer dereference vulnerabilities. Coding standards, tools, and processes support early detection and prevention of memory-related flaws. Static code analysis identifies null dereference and related issues during development, while system monitoring detects memory errors and anomalous behavior in the event of exploitation. Additionally, the platform leverages memory protection mechanisms such as Data Execution Prevention (DEP) and Address Space Layout Randomization (ASLR) to strengthen resilience against memory-related vulnerabilities.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:435ba9959b793d46a63a74c343bb8c3ff68350496afec12cc5e894dfc40b7648_arm64",
          "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:4784c2680572f9d091fcfb8c593d5424c0fcd8ea9cd51d25ddaf2f72abc7da65_amd64"
        ],
        "known_not_affected": [
          "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:54d0aab9e86766954949e7a5a11fb29b6b1c463ebb5ba0fb46b2d0f108753208_amd64",
          "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:f4f0ef1497a7cde32f6507f6805050a33ecb95b93bb7ad6bd0544edd3ef19af2_arm64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2025-6395"
        },
        {
          "category": "external",
          "summary": "RHBZ#2376755",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2376755"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2025-6395",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-6395"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-6395",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-6395"
        }
      ],
      "release_date": "2025-07-10T07:56:53.029000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2025-10-23T19:26:05+00:00",
          "details": "The containers required to run Discovery can be installed through discovery-installer\nRPM. See the official documentation for more details.",
          "product_ids": [
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:435ba9959b793d46a63a74c343bb8c3ff68350496afec12cc5e894dfc40b7648_arm64",
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:4784c2680572f9d091fcfb8c593d5424c0fcd8ea9cd51d25ddaf2f72abc7da65_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2025:19088"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
          "product_ids": [
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:54d0aab9e86766954949e7a5a11fb29b6b1c463ebb5ba0fb46b2d0f108753208_amd64",
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:f4f0ef1497a7cde32f6507f6805050a33ecb95b93bb7ad6bd0544edd3ef19af2_arm64",
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:435ba9959b793d46a63a74c343bb8c3ff68350496afec12cc5e894dfc40b7648_arm64",
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:4784c2680572f9d091fcfb8c593d5424c0fcd8ea9cd51d25ddaf2f72abc7da65_amd64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H",
            "version": "3.1"
          },
          "products": [
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:54d0aab9e86766954949e7a5a11fb29b6b1c463ebb5ba0fb46b2d0f108753208_amd64",
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:f4f0ef1497a7cde32f6507f6805050a33ecb95b93bb7ad6bd0544edd3ef19af2_arm64",
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:435ba9959b793d46a63a74c343bb8c3ff68350496afec12cc5e894dfc40b7648_arm64",
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:4784c2680572f9d091fcfb8c593d5424c0fcd8ea9cd51d25ddaf2f72abc7da65_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "gnutls: NULL pointer dereference in _gnutls_figure_common_ciphersuite()"
    },
    {
      "cve": "CVE-2025-32988",
      "cwe": {
        "id": "CWE-415",
        "name": "Double Free"
      },
      "discovery_date": "2025-04-15T01:21:36.833000+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:54d0aab9e86766954949e7a5a11fb29b6b1c463ebb5ba0fb46b2d0f108753208_amd64",
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:f4f0ef1497a7cde32f6507f6805050a33ecb95b93bb7ad6bd0544edd3ef19af2_arm64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2359622"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in GnuTLS. A double-free vulnerability exists in GnuTLS due to incorrect ownership handling in the export logic of Subject Alternative Name (SAN) entries containing an otherName. If the type-id OID is invalid or malformed, GnuTLS will call asn1_delete_structure() on an ASN.1 node it does not own, leading to a double-free condition when the parent function or caller later attempts to free the same structure.\n\nThis vulnerability can be triggered using only public GnuTLS APIs and may result in denial of service or memory corruption, depending on allocator behavior.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "gnutls: Vulnerability in GnuTLS otherName SAN export",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Within regulated environments, a combination of the following controls acts as a significant barrier to successfully exploiting a CWE-415: Double Free vulnerability and therefore downgrades the severity of this particular CVE from Moderate to Low.\n\nThe platform enforces hardening guidelines to apply the most restrictive settings necessary for operational requirements. Baseline configurations and system controls ensure secure software configurations, while least functionality reduces the attack surface by enforcing safe memory allocation and deallocation practices, lowering the risk of double-free vulnerabilities. The environment employs IPS/IDS and antimalware solutions to detect and prevent malicious code while providing real-time visibility into memory usage, reducing the risk of arbitrary code execution. Static code analysis and peer reviews enforce strong input validation and error handling, minimizing the risk of denial-of-service (DoS) attacks. In the event of successful exploitation, process isolation prevents compromised workloads from accessing other processes\u2019 memory, containing the potential impact. Finally, memory protection mechanisms such as Data Execution Prevention (DEP) and Address Space Layout Randomization (ASLR) enhance resilience against memory-related vulnerabilities.\n\nAs such, successfully triggering this vulnerability would require a sophisticated attack vector that is capable of accounting for the many native and deployed security mechanisms designed to detect and contain a double-free condition.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:435ba9959b793d46a63a74c343bb8c3ff68350496afec12cc5e894dfc40b7648_arm64",
          "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:4784c2680572f9d091fcfb8c593d5424c0fcd8ea9cd51d25ddaf2f72abc7da65_amd64"
        ],
        "known_not_affected": [
          "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:54d0aab9e86766954949e7a5a11fb29b6b1c463ebb5ba0fb46b2d0f108753208_amd64",
          "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:f4f0ef1497a7cde32f6507f6805050a33ecb95b93bb7ad6bd0544edd3ef19af2_arm64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2025-32988"
        },
        {
          "category": "external",
          "summary": "RHBZ#2359622",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2359622"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2025-32988",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-32988"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-32988",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-32988"
        }
      ],
      "release_date": "2025-07-10T07:55:14.310000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2025-10-23T19:26:05+00:00",
          "details": "The containers required to run Discovery can be installed through discovery-installer\nRPM. See the official documentation for more details.",
          "product_ids": [
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:435ba9959b793d46a63a74c343bb8c3ff68350496afec12cc5e894dfc40b7648_arm64",
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:4784c2680572f9d091fcfb8c593d5424c0fcd8ea9cd51d25ddaf2f72abc7da65_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2025:19088"
        },
        {
          "category": "workaround",
          "details": "Currently, no mitigation is available for this vulnerability.",
          "product_ids": [
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:54d0aab9e86766954949e7a5a11fb29b6b1c463ebb5ba0fb46b2d0f108753208_amd64",
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:f4f0ef1497a7cde32f6507f6805050a33ecb95b93bb7ad6bd0544edd3ef19af2_arm64",
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:435ba9959b793d46a63a74c343bb8c3ff68350496afec12cc5e894dfc40b7648_arm64",
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:4784c2680572f9d091fcfb8c593d5424c0fcd8ea9cd51d25ddaf2f72abc7da65_amd64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H",
            "version": "3.1"
          },
          "products": [
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:54d0aab9e86766954949e7a5a11fb29b6b1c463ebb5ba0fb46b2d0f108753208_amd64",
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:f4f0ef1497a7cde32f6507f6805050a33ecb95b93bb7ad6bd0544edd3ef19af2_arm64",
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:435ba9959b793d46a63a74c343bb8c3ff68350496afec12cc5e894dfc40b7648_arm64",
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:4784c2680572f9d091fcfb8c593d5424c0fcd8ea9cd51d25ddaf2f72abc7da65_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "gnutls: Vulnerability in GnuTLS otherName SAN export"
    },
    {
      "cve": "CVE-2025-32989",
      "cwe": {
        "id": "CWE-295",
        "name": "Improper Certificate Validation"
      },
      "discovery_date": "2025-04-15T01:21:36.512000+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:54d0aab9e86766954949e7a5a11fb29b6b1c463ebb5ba0fb46b2d0f108753208_amd64",
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:f4f0ef1497a7cde32f6507f6805050a33ecb95b93bb7ad6bd0544edd3ef19af2_arm64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2359621"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A heap-buffer-overread vulnerability was found in GnuTLS in how it handles the Certificate Transparency (CT) Signed Certificate Timestamp (SCT) extension during X.509 certificate parsing. This flaw allows a malicious user to create a certificate containing a malformed SCT extension (OID 1.3.6.1.4.1.11129.2.4.2) that contains sensitive data. This issue leads to the exposure of confidential information when GnuTLS verifies certificates from certain websites when the certificate (SCT) is not checked correctly.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "gnutls: Vulnerability in GnuTLS SCT extension parsing",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:435ba9959b793d46a63a74c343bb8c3ff68350496afec12cc5e894dfc40b7648_arm64",
          "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:4784c2680572f9d091fcfb8c593d5424c0fcd8ea9cd51d25ddaf2f72abc7da65_amd64"
        ],
        "known_not_affected": [
          "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:54d0aab9e86766954949e7a5a11fb29b6b1c463ebb5ba0fb46b2d0f108753208_amd64",
          "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:f4f0ef1497a7cde32f6507f6805050a33ecb95b93bb7ad6bd0544edd3ef19af2_arm64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2025-32989"
        },
        {
          "category": "external",
          "summary": "RHBZ#2359621",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2359621"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2025-32989",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-32989"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-32989",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-32989"
        }
      ],
      "release_date": "2025-07-10T07:54:13.541000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2025-10-23T19:26:05+00:00",
          "details": "The containers required to run Discovery can be installed through discovery-installer\nRPM. See the official documentation for more details.",
          "product_ids": [
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:435ba9959b793d46a63a74c343bb8c3ff68350496afec12cc5e894dfc40b7648_arm64",
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:4784c2680572f9d091fcfb8c593d5424c0fcd8ea9cd51d25ddaf2f72abc7da65_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2025:19088"
        },
        {
          "category": "workaround",
          "details": "Currently, no mitigation is available for this vulnerability.",
          "product_ids": [
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:54d0aab9e86766954949e7a5a11fb29b6b1c463ebb5ba0fb46b2d0f108753208_amd64",
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:f4f0ef1497a7cde32f6507f6805050a33ecb95b93bb7ad6bd0544edd3ef19af2_arm64",
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:435ba9959b793d46a63a74c343bb8c3ff68350496afec12cc5e894dfc40b7648_arm64",
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:4784c2680572f9d091fcfb8c593d5424c0fcd8ea9cd51d25ddaf2f72abc7da65_amd64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:54d0aab9e86766954949e7a5a11fb29b6b1c463ebb5ba0fb46b2d0f108753208_amd64",
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:f4f0ef1497a7cde32f6507f6805050a33ecb95b93bb7ad6bd0544edd3ef19af2_arm64",
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:435ba9959b793d46a63a74c343bb8c3ff68350496afec12cc5e894dfc40b7648_arm64",
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:4784c2680572f9d091fcfb8c593d5424c0fcd8ea9cd51d25ddaf2f72abc7da65_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "gnutls: Vulnerability in GnuTLS SCT extension parsing"
    },
    {
      "cve": "CVE-2025-32990",
      "cwe": {
        "id": "CWE-122",
        "name": "Heap-based Buffer Overflow"
      },
      "discovery_date": "2025-04-15T01:21:36.656000+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:54d0aab9e86766954949e7a5a11fb29b6b1c463ebb5ba0fb46b2d0f108753208_amd64",
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:f4f0ef1497a7cde32f6507f6805050a33ecb95b93bb7ad6bd0544edd3ef19af2_arm64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2359620"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A heap-buffer-overflow (off-by-one) flaw was found in the GnuTLS software in the template parsing logic within the certtool utility. When it reads certain settings from a template file, it allows an attacker to cause an out-of-bounds (OOB) NULL pointer write, resulting in memory corruption and a denial-of-service (DoS) that could potentially crash the system.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "gnutls: Vulnerability in GnuTLS certtool template parsing",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This vulnerability is rated as a moderate severity because a heap-buffer-overflow (off-by-one) flaw was found exclusively in the certtool utility\u0027s template parsing logic (part of the gnutls-utils package), and does not affect the core gnutls library itself. This issue is triggered when the tool processes specially crafted settings from a template file, leading to an out-of-bounds NULL pointer write. The resulting memory corruption causes a denial-of-service by crashing the application.\n\nWithin regulated environments, a combination of the following controls acts as a significant barrier to the successful exploitation of a CWE-122: Heap-based Buffer Overflow vulnerability and therefore downgrades the severity of this particular CVE from Moderate to Low.\n\nAccess to the platform is granted only after successful hard token, multi-factor authentication (MFA), which is coupled with least privilege principles to ensure that only authorized roles and users can execute or manipulate code. Red Hat enforces the principle of least functionality, ensuring that only essential features, services, and ports are enabled. This minimizes the number of components that could be affected by heap-based buffer overflow exploitations. The environment leverages malicious code protections such as IPS/IDS and antimalware solutions that detect and respond to indicators in real time, preventing or limiting the impact of exploitation attempts. Static code analysis and peer code review techniques ensure all user inputs are thoroughly validated, preventing improperly validated inputs from causing system instability, exposing sensitive data, or escalating risks. Finally, memory protection mechanisms such as Data Execution Prevention (DEP) and Address Space Layout Randomization (ASLR) enhance resilience against memory buffer overflows and denial-of-service attacks.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:435ba9959b793d46a63a74c343bb8c3ff68350496afec12cc5e894dfc40b7648_arm64",
          "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:4784c2680572f9d091fcfb8c593d5424c0fcd8ea9cd51d25ddaf2f72abc7da65_amd64"
        ],
        "known_not_affected": [
          "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:54d0aab9e86766954949e7a5a11fb29b6b1c463ebb5ba0fb46b2d0f108753208_amd64",
          "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:f4f0ef1497a7cde32f6507f6805050a33ecb95b93bb7ad6bd0544edd3ef19af2_arm64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2025-32990"
        },
        {
          "category": "external",
          "summary": "RHBZ#2359620",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2359620"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2025-32990",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-32990"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-32990",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-32990"
        }
      ],
      "release_date": "2025-07-09T07:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2025-10-23T19:26:05+00:00",
          "details": "The containers required to run Discovery can be installed through discovery-installer\nRPM. See the official documentation for more details.",
          "product_ids": [
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:435ba9959b793d46a63a74c343bb8c3ff68350496afec12cc5e894dfc40b7648_arm64",
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:4784c2680572f9d091fcfb8c593d5424c0fcd8ea9cd51d25ddaf2f72abc7da65_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2025:19088"
        },
        {
          "category": "workaround",
          "details": "Currently, no mitigation is available for this vulnerability.",
          "product_ids": [
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:54d0aab9e86766954949e7a5a11fb29b6b1c463ebb5ba0fb46b2d0f108753208_amd64",
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:f4f0ef1497a7cde32f6507f6805050a33ecb95b93bb7ad6bd0544edd3ef19af2_arm64",
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:435ba9959b793d46a63a74c343bb8c3ff68350496afec12cc5e894dfc40b7648_arm64",
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:4784c2680572f9d091fcfb8c593d5424c0fcd8ea9cd51d25ddaf2f72abc7da65_amd64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
            "version": "3.1"
          },
          "products": [
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:54d0aab9e86766954949e7a5a11fb29b6b1c463ebb5ba0fb46b2d0f108753208_amd64",
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:f4f0ef1497a7cde32f6507f6805050a33ecb95b93bb7ad6bd0544edd3ef19af2_arm64",
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:435ba9959b793d46a63a74c343bb8c3ff68350496afec12cc5e894dfc40b7648_arm64",
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:4784c2680572f9d091fcfb8c593d5424c0fcd8ea9cd51d25ddaf2f72abc7da65_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "gnutls: Vulnerability in GnuTLS certtool template parsing"
    },
    {
      "cve": "CVE-2025-53905",
      "cwe": {
        "id": "CWE-22",
        "name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
      },
      "discovery_date": "2025-07-15T21:01:19.770241+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:54d0aab9e86766954949e7a5a11fb29b6b1c463ebb5ba0fb46b2d0f108753208_amd64",
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:f4f0ef1497a7cde32f6507f6805050a33ecb95b93bb7ad6bd0544edd3ef19af2_arm64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2380362"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A path traversal flaw was found in Vim. Successful exploitation can lead to overwriting sensitive files or placing executable code in privileged locations, depending on the permissions of the process editing the archive.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "vim: Vim path traversial",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Within regulated environments, a combination of the following controls acts as a significant barrier to the successful exploitation of a CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027) vulnerability and therefore downgrades the severity of this particular CVE from Moderate to Low.\n\nInput validation enforces strict path constraints, rejecting directory traversal attempts or unauthorized file access. Runtime environments restrict code execution to predefined privilege levels, preventing escalation from traversal exploits. Configuration settings limit accessible directories and enforce execution boundaries to reduce the influence of user input on file system behavior. Application components are developed and validated against secure coding standards that explicitly prevent path manipulation, further minimizing exploitation risk.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:435ba9959b793d46a63a74c343bb8c3ff68350496afec12cc5e894dfc40b7648_arm64",
          "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:4784c2680572f9d091fcfb8c593d5424c0fcd8ea9cd51d25ddaf2f72abc7da65_amd64"
        ],
        "known_not_affected": [
          "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:54d0aab9e86766954949e7a5a11fb29b6b1c463ebb5ba0fb46b2d0f108753208_amd64",
          "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:f4f0ef1497a7cde32f6507f6805050a33ecb95b93bb7ad6bd0544edd3ef19af2_arm64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2025-53905"
        },
        {
          "category": "external",
          "summary": "RHBZ#2380362",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2380362"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2025-53905",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-53905"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-53905",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-53905"
        },
        {
          "category": "external",
          "summary": "https://github.com/vim/vim/commit/87757c6b0a4b2c1f71c72ea8e1438b8fb116b239",
          "url": "https://github.com/vim/vim/commit/87757c6b0a4b2c1f71c72ea8e1438b8fb116b239"
        },
        {
          "category": "external",
          "summary": "https://github.com/vim/vim/security/advisories/GHSA-74v4-f3x9-ppvr",
          "url": "https://github.com/vim/vim/security/advisories/GHSA-74v4-f3x9-ppvr"
        }
      ],
      "release_date": "2025-07-15T20:48:34.764000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2025-10-23T19:26:05+00:00",
          "details": "The containers required to run Discovery can be installed through discovery-installer\nRPM. See the official documentation for more details.",
          "product_ids": [
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:435ba9959b793d46a63a74c343bb8c3ff68350496afec12cc5e894dfc40b7648_arm64",
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:4784c2680572f9d091fcfb8c593d5424c0fcd8ea9cd51d25ddaf2f72abc7da65_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2025:19088"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
          "product_ids": [
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:54d0aab9e86766954949e7a5a11fb29b6b1c463ebb5ba0fb46b2d0f108753208_amd64",
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:f4f0ef1497a7cde32f6507f6805050a33ecb95b93bb7ad6bd0544edd3ef19af2_arm64",
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:435ba9959b793d46a63a74c343bb8c3ff68350496afec12cc5e894dfc40b7648_arm64",
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:4784c2680572f9d091fcfb8c593d5424c0fcd8ea9cd51d25ddaf2f72abc7da65_amd64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "LOW",
            "baseScore": 4.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:L",
            "version": "3.1"
          },
          "products": [
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:54d0aab9e86766954949e7a5a11fb29b6b1c463ebb5ba0fb46b2d0f108753208_amd64",
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:f4f0ef1497a7cde32f6507f6805050a33ecb95b93bb7ad6bd0544edd3ef19af2_arm64",
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:435ba9959b793d46a63a74c343bb8c3ff68350496afec12cc5e894dfc40b7648_arm64",
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:4784c2680572f9d091fcfb8c593d5424c0fcd8ea9cd51d25ddaf2f72abc7da65_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "vim: Vim path traversial"
    },
    {
      "cve": "CVE-2025-53906",
      "cwe": {
        "id": "CWE-22",
        "name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
      },
      "discovery_date": "2025-07-15T21:01:15.057182+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:54d0aab9e86766954949e7a5a11fb29b6b1c463ebb5ba0fb46b2d0f108753208_amd64",
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:f4f0ef1497a7cde32f6507f6805050a33ecb95b93bb7ad6bd0544edd3ef19af2_arm64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2380360"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A path traversal flaw was found in Vim. Successful exploitation can lead to overwriting sensitive files or placing executable code in privileged locations, depending on the permissions of the process editing the archive.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "vim: Vim path traversal",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Within regulated environments, a combination of the following controls acts as a significant barrier to the successful exploitation of a CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027) vulnerability and therefore downgrades the severity of this particular CVE from Moderate to Low.\n\nInput validation enforces strict path constraints, rejecting directory traversal attempts or unauthorized file access. Runtime environments restrict code execution to predefined privilege levels, preventing escalation from traversal exploits. Configuration settings limit accessible directories and enforce execution boundaries to reduce the influence of user input on file system behavior. Application components are developed and validated against secure coding standards that explicitly prevent path manipulation, further minimizing exploitation risk.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:435ba9959b793d46a63a74c343bb8c3ff68350496afec12cc5e894dfc40b7648_arm64",
          "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:4784c2680572f9d091fcfb8c593d5424c0fcd8ea9cd51d25ddaf2f72abc7da65_amd64"
        ],
        "known_not_affected": [
          "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:54d0aab9e86766954949e7a5a11fb29b6b1c463ebb5ba0fb46b2d0f108753208_amd64",
          "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:f4f0ef1497a7cde32f6507f6805050a33ecb95b93bb7ad6bd0544edd3ef19af2_arm64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2025-53906"
        },
        {
          "category": "external",
          "summary": "RHBZ#2380360",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2380360"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2025-53906",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-53906"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-53906",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-53906"
        },
        {
          "category": "external",
          "summary": "https://github.com/vim/vim/commit/586294a04179d855c3d1d4ee5ea83931963680b8",
          "url": "https://github.com/vim/vim/commit/586294a04179d855c3d1d4ee5ea83931963680b8"
        },
        {
          "category": "external",
          "summary": "https://github.com/vim/vim/security/advisories/GHSA-r2fw-9cw4-mj86",
          "url": "https://github.com/vim/vim/security/advisories/GHSA-r2fw-9cw4-mj86"
        }
      ],
      "release_date": "2025-07-15T20:52:40.137000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2025-10-23T19:26:05+00:00",
          "details": "The containers required to run Discovery can be installed through discovery-installer\nRPM. See the official documentation for more details.",
          "product_ids": [
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:435ba9959b793d46a63a74c343bb8c3ff68350496afec12cc5e894dfc40b7648_arm64",
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:4784c2680572f9d091fcfb8c593d5424c0fcd8ea9cd51d25ddaf2f72abc7da65_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2025:19088"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
          "product_ids": [
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:54d0aab9e86766954949e7a5a11fb29b6b1c463ebb5ba0fb46b2d0f108753208_amd64",
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:f4f0ef1497a7cde32f6507f6805050a33ecb95b93bb7ad6bd0544edd3ef19af2_arm64",
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:435ba9959b793d46a63a74c343bb8c3ff68350496afec12cc5e894dfc40b7648_arm64",
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:4784c2680572f9d091fcfb8c593d5424c0fcd8ea9cd51d25ddaf2f72abc7da65_amd64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "LOW",
            "baseScore": 4.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:L",
            "version": "3.1"
          },
          "products": [
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:54d0aab9e86766954949e7a5a11fb29b6b1c463ebb5ba0fb46b2d0f108753208_amd64",
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:f4f0ef1497a7cde32f6507f6805050a33ecb95b93bb7ad6bd0544edd3ef19af2_arm64",
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:435ba9959b793d46a63a74c343bb8c3ff68350496afec12cc5e894dfc40b7648_arm64",
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:4784c2680572f9d091fcfb8c593d5424c0fcd8ea9cd51d25ddaf2f72abc7da65_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "vim: Vim path traversal"
    }
  ]
}

CVE-2025-6395 (GCVE-0-2025-6395)

Vulnerability from cvelistv5

Published

2025-07-10 15:20

Modified

2025-10-23 19:29

Severity ?

6.5 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H

CWE

CWE-476 - NULL Pointer Dereference

Summary

A NULL pointer dereference flaw was found in the GnuTLS software in _gnutls_figure_common_ciphersuite().

References

URL

Tags

	https://access.redhat.com/errata/RHSA-2025:16115	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2025:16116	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2025:17348	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2025:17361	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2025:17415	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2025:19088	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/security/cve/CVE-2025-6395	vdb-entry, x_refsource_REDHAT
	https://bugzilla.redhat.com/show_bug.cgi?id=2376755	issue-tracking, x_refsource_REDHAT

Impacted products

Vendor

Product

Version

Version: 0 ≤

Red Hat	Red Hat Enterprise Linux 10	Unaffected: 0:3.8.9-9.el10_0.14 < * cpe:/o:redhat:enterprise_linux:10.0
Red Hat	Red Hat Enterprise Linux 8	Unaffected: 0:3.6.16-8.el8_10.4 < * cpe:/a:redhat:enterprise_linux:8::appstream cpe:/o:redhat:enterprise_linux:8::baseos
Red Hat	Red Hat Enterprise Linux 8	Unaffected: 0:3.6.16-8.el8_10.4 < * cpe:/a:redhat:enterprise_linux:8::appstream cpe:/o:redhat:enterprise_linux:8::baseos
Red Hat	Red Hat Enterprise Linux 9	Unaffected: 0:3.8.3-6.el9_6.2 < * cpe:/a:redhat:enterprise_linux:9::appstream cpe:/o:redhat:enterprise_linux:9::baseos
Red Hat	Red Hat Enterprise Linux 9	Unaffected: 0:3.8.3-6.el9_6.2 < * cpe:/a:redhat:enterprise_linux:9::appstream cpe:/o:redhat:enterprise_linux:9::baseos
Red Hat	Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions	Unaffected: 0:3.7.6-21.el9_2.4 < * cpe:/a:redhat:rhel_e4s:9.2::appstream cpe:/o:redhat:rhel_e4s:9.2::baseos
Red Hat	Red Hat Enterprise Linux 9.4 Extended Update Support	Unaffected: 0:3.8.3-4.el9_4.4 < * cpe:/a:redhat:rhel_eus:9.4::appstream cpe:/o:redhat:rhel_eus:9.4::baseos
Red Hat	Red Hat Discovery 2	Unaffected: sha256:4784c2680572f9d091fcfb8c593d5424c0fcd8ea9cd51d25ddaf2f72abc7da65 < * cpe:/a:redhat:discovery:2::el9
Red Hat	Red Hat Enterprise Linux 6	cpe:/o:redhat:enterprise_linux:6
Red Hat	Red Hat Enterprise Linux 7	cpe:/o:redhat:enterprise_linux:7
Red Hat	Red Hat OpenShift Container Platform 4	cpe:/a:redhat:openshift:4

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-6395",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-07-10T15:32:33.292878Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-07-10T16:02:39.265Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://www.gnutls.org/",
          "defaultStatus": "unaffected",
          "packageName": "libgnutls",
          "versions": [
            {
              "lessThan": "3.8.10",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:10.0"
          ],
          "defaultStatus": "affected",
          "packageName": "gnutls",
          "product": "Red Hat Enterprise Linux 10",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:3.8.9-9.el10_0.14",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:enterprise_linux:8::appstream",
            "cpe:/o:redhat:enterprise_linux:8::baseos"
          ],
          "defaultStatus": "affected",
          "packageName": "gnutls",
          "product": "Red Hat Enterprise Linux 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:3.6.16-8.el8_10.4",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:enterprise_linux:8::appstream",
            "cpe:/o:redhat:enterprise_linux:8::baseos"
          ],
          "defaultStatus": "affected",
          "packageName": "gnutls",
          "product": "Red Hat Enterprise Linux 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:3.6.16-8.el8_10.4",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:enterprise_linux:9::appstream",
            "cpe:/o:redhat:enterprise_linux:9::baseos"
          ],
          "defaultStatus": "affected",
          "packageName": "gnutls",
          "product": "Red Hat Enterprise Linux 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:3.8.3-6.el9_6.2",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:enterprise_linux:9::appstream",
            "cpe:/o:redhat:enterprise_linux:9::baseos"
          ],
          "defaultStatus": "affected",
          "packageName": "gnutls",
          "product": "Red Hat Enterprise Linux 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:3.8.3-6.el9_6.2",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:rhel_e4s:9.2::appstream",
            "cpe:/o:redhat:rhel_e4s:9.2::baseos"
          ],
          "defaultStatus": "affected",
          "packageName": "gnutls",
          "product": "Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:3.7.6-21.el9_2.4",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:rhel_eus:9.4::appstream",
            "cpe:/o:redhat:rhel_eus:9.4::baseos"
          ],
          "defaultStatus": "affected",
          "packageName": "gnutls",
          "product": "Red Hat Enterprise Linux 9.4 Extended Update Support",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:3.8.3-4.el9_4.4",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:discovery:2::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "discovery/discovery-ui-rhel9",
          "product": "Red Hat Discovery 2",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "sha256:4784c2680572f9d091fcfb8c593d5424c0fcd8ea9cd51d25ddaf2f72abc7da65",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:6"
          ],
          "defaultStatus": "unknown",
          "packageName": "gnutls",
          "product": "Red Hat Enterprise Linux 6",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:7"
          ],
          "defaultStatus": "unknown",
          "packageName": "gnutls",
          "product": "Red Hat Enterprise Linux 7",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:openshift:4"
          ],
          "defaultStatus": "affected",
          "packageName": "rhcos",
          "product": "Red Hat OpenShift Container Platform 4",
          "vendor": "Red Hat"
        }
      ],
      "datePublic": "2025-07-10T07:56:53.029Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A NULL pointer dereference flaw was found in the GnuTLS software in _gnutls_figure_common_ciphersuite()."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "namespace": "https://access.redhat.com/security/updates/classification/",
              "value": "Moderate"
            },
            "type": "Red Hat severity rating"
          }
        },
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-476",
              "description": "NULL Pointer Dereference",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-10-23T19:29:04.149Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "RHSA-2025:16115",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:16115"
        },
        {
          "name": "RHSA-2025:16116",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:16116"
        },
        {
          "name": "RHSA-2025:17348",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:17348"
        },
        {
          "name": "RHSA-2025:17361",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:17361"
        },
        {
          "name": "RHSA-2025:17415",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:17415"
        },
        {
          "name": "RHSA-2025:19088",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:19088"
        },
        {
          "tags": [
            "vdb-entry",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/security/cve/CVE-2025-6395"
        },
        {
          "name": "RHBZ#2376755",
          "tags": [
            "issue-tracking",
            "x_refsource_REDHAT"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2376755"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2025-07-07T09:30:13.037000+00:00",
          "value": "Reported to Red Hat."
        },
        {
          "lang": "en",
          "time": "2025-07-10T07:56:53.029000+00:00",
          "value": "Made public."
        }
      ],
      "title": "Gnutls: null pointer dereference in _gnutls_figure_common_ciphersuite()",
      "workarounds": [
        {
          "lang": "en",
          "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
        }
      ],
      "x_redhatCweChain": "CWE-476: NULL Pointer Dereference"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2025-6395",
    "datePublished": "2025-07-10T15:20:46.031Z",
    "dateReserved": "2025-06-20T06:26:20.649Z",
    "dateUpdated": "2025-10-23T19:29:04.149Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-53905 (GCVE-0-2025-53905)

Vulnerability from cvelistv5

Published

2025-07-15 20:48

Modified

2025-07-18 14:42

Severity ?

4.1 (Medium) - CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:L

CWE

CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Summary

Vim is an open source, command line text editor. Prior to version 9.1.1552, a path traversal issue in Vim’s tar.vim plugin can allow overwriting of arbitrary files when opening specially crafted tar archives. Impact is low because this exploit requires direct user interaction. However, successfully exploitation can lead to overwriting sensitive files or placing executable code in privileged locations, depending on the permissions of the process editing the archive. The victim must edit such a file using Vim which will reveal the filename and the file content, a careful user may suspect some strange things going on. Successful exploitation could results in the ability to execute arbitrary commands on the underlying operating system. Version 9.1.1552 contains a patch for the vulnerability.

References

URL

Tags

	https://github.com/vim/vim/security/advisories/GHSA-74v4-f3x9-ppvr	x_refsource_CONFIRM
	https://github.com/vim/vim/commit/87757c6b0a4b2c1f71c72ea8e1438b8fb116b239	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	vim	vim	Version: < 9.1.1552

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-53905",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-07-18T14:42:54.590938Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-07-18T14:42:58.540Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "exploit"
            ],
            "url": "https://github.com/vim/vim/security/advisories/GHSA-74v4-f3x9-ppvr"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "vim",
          "vendor": "vim",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 9.1.1552"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Vim is an open source, command line text editor. Prior to version 9.1.1552, a path traversal issue in Vim\u2019s tar.vim plugin can allow overwriting of arbitrary files when opening specially crafted tar archives. Impact is low because this exploit requires direct user interaction. However, successfully exploitation can lead to overwriting sensitive files or placing executable code in privileged locations, depending on the permissions of the process editing the archive. The victim must edit such a file using Vim which will reveal the filename and the file content, a careful user may suspect some strange things going on. Successful exploitation could results in the ability to execute arbitrary commands on the underlying operating system. Version 9.1.1552 contains a patch for the vulnerability."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "LOW",
            "baseScore": 4.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:L",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-22",
              "description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-07-15T20:48:34.764Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/vim/vim/security/advisories/GHSA-74v4-f3x9-ppvr",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/vim/vim/security/advisories/GHSA-74v4-f3x9-ppvr"
        },
        {
          "name": "https://github.com/vim/vim/commit/87757c6b0a4b2c1f71c72ea8e1438b8fb116b239",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/vim/vim/commit/87757c6b0a4b2c1f71c72ea8e1438b8fb116b239"
        }
      ],
      "source": {
        "advisory": "GHSA-74v4-f3x9-ppvr",
        "discovery": "UNKNOWN"
      },
      "title": "Vim has path traversial issue with tar.vim and special crafted tar files"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2025-53905",
    "datePublished": "2025-07-15T20:48:34.764Z",
    "dateReserved": "2025-07-11T19:05:23.827Z",
    "dateUpdated": "2025-07-18T14:42:58.540Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-32988 (GCVE-0-2025-32988)

Vulnerability from cvelistv5

Published

2025-07-10 08:04

Modified

2025-10-23 19:29

Severity ?

6.5 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H

CWE

CWE-415 - Double Free

Summary

A flaw was found in GnuTLS. A double-free vulnerability exists in GnuTLS due to incorrect ownership handling in the export logic of Subject Alternative Name (SAN) entries containing an otherName. If the type-id OID is invalid or malformed, GnuTLS will call asn1_delete_structure() on an ASN.1 node it does not own, leading to a double-free condition when the parent function or caller later attempts to free the same structure. This vulnerability can be triggered using only public GnuTLS APIs and may result in denial of service or memory corruption, depending on allocator behavior.

References

URL

Tags

	https://access.redhat.com/errata/RHSA-2025:16115	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2025:16116	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2025:17348	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2025:17361	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2025:17415	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2025:19088	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/security/cve/CVE-2025-32988	vdb-entry, x_refsource_REDHAT
	https://bugzilla.redhat.com/show_bug.cgi?id=2359622	issue-tracking, x_refsource_REDHAT

Impacted products

Vendor

Product

Version

Version: 0 ≤

Red Hat	Red Hat Enterprise Linux 10	Unaffected: 0:3.8.9-9.el10_0.14 < * cpe:/o:redhat:enterprise_linux:10.0
Red Hat	Red Hat Enterprise Linux 8	Unaffected: 0:3.6.16-8.el8_10.4 < * cpe:/o:redhat:enterprise_linux:8::baseos cpe:/a:redhat:enterprise_linux:8::appstream
Red Hat	Red Hat Enterprise Linux 8	Unaffected: 0:3.6.16-8.el8_10.4 < * cpe:/o:redhat:enterprise_linux:8::baseos cpe:/a:redhat:enterprise_linux:8::appstream
Red Hat	Red Hat Enterprise Linux 9	Unaffected: 0:3.8.3-6.el9_6.2 < * cpe:/a:redhat:enterprise_linux:9::appstream cpe:/o:redhat:enterprise_linux:9::baseos
Red Hat	Red Hat Enterprise Linux 9	Unaffected: 0:3.8.3-6.el9_6.2 < * cpe:/a:redhat:enterprise_linux:9::appstream cpe:/o:redhat:enterprise_linux:9::baseos
Red Hat	Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions	Unaffected: 0:3.7.6-21.el9_2.4 < * cpe:/a:redhat:rhel_e4s:9.2::appstream cpe:/o:redhat:rhel_e4s:9.2::baseos
Red Hat	Red Hat Enterprise Linux 9.4 Extended Update Support	Unaffected: 0:3.8.3-4.el9_4.4 < * cpe:/a:redhat:rhel_eus:9.4::appstream cpe:/o:redhat:rhel_eus:9.4::baseos
Red Hat	Red Hat Discovery 2	Unaffected: sha256:4784c2680572f9d091fcfb8c593d5424c0fcd8ea9cd51d25ddaf2f72abc7da65 < * cpe:/a:redhat:discovery:2::el9
Red Hat	Red Hat Enterprise Linux 6	cpe:/o:redhat:enterprise_linux:6
Red Hat	Red Hat Enterprise Linux 7	cpe:/o:redhat:enterprise_linux:7
Red Hat	Red Hat OpenShift Container Platform 4	cpe:/a:redhat:openshift:4

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-32988",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-07-10T20:04:19.060060Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-07-10T20:04:30.284Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://www.gnutls.org/",
          "defaultStatus": "unaffected",
          "packageName": "libgnutls",
          "versions": [
            {
              "lessThan": "3.8.10",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:10.0"
          ],
          "defaultStatus": "affected",
          "packageName": "gnutls",
          "product": "Red Hat Enterprise Linux 10",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:3.8.9-9.el10_0.14",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:8::baseos",
            "cpe:/a:redhat:enterprise_linux:8::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "gnutls",
          "product": "Red Hat Enterprise Linux 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:3.6.16-8.el8_10.4",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:8::baseos",
            "cpe:/a:redhat:enterprise_linux:8::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "gnutls",
          "product": "Red Hat Enterprise Linux 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:3.6.16-8.el8_10.4",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:enterprise_linux:9::appstream",
            "cpe:/o:redhat:enterprise_linux:9::baseos"
          ],
          "defaultStatus": "affected",
          "packageName": "gnutls",
          "product": "Red Hat Enterprise Linux 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:3.8.3-6.el9_6.2",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:enterprise_linux:9::appstream",
            "cpe:/o:redhat:enterprise_linux:9::baseos"
          ],
          "defaultStatus": "affected",
          "packageName": "gnutls",
          "product": "Red Hat Enterprise Linux 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:3.8.3-6.el9_6.2",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:rhel_e4s:9.2::appstream",
            "cpe:/o:redhat:rhel_e4s:9.2::baseos"
          ],
          "defaultStatus": "affected",
          "packageName": "gnutls",
          "product": "Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:3.7.6-21.el9_2.4",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:rhel_eus:9.4::appstream",
            "cpe:/o:redhat:rhel_eus:9.4::baseos"
          ],
          "defaultStatus": "affected",
          "packageName": "gnutls",
          "product": "Red Hat Enterprise Linux 9.4 Extended Update Support",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:3.8.3-4.el9_4.4",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:discovery:2::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "discovery/discovery-ui-rhel9",
          "product": "Red Hat Discovery 2",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "sha256:4784c2680572f9d091fcfb8c593d5424c0fcd8ea9cd51d25ddaf2f72abc7da65",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:6"
          ],
          "defaultStatus": "unknown",
          "packageName": "gnutls",
          "product": "Red Hat Enterprise Linux 6",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:7"
          ],
          "defaultStatus": "unknown",
          "packageName": "gnutls",
          "product": "Red Hat Enterprise Linux 7",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:openshift:4"
          ],
          "defaultStatus": "affected",
          "packageName": "rhcos",
          "product": "Red Hat OpenShift Container Platform 4",
          "vendor": "Red Hat"
        }
      ],
      "datePublic": "2025-07-10T07:55:14.310Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A flaw was found in GnuTLS. A double-free vulnerability exists in GnuTLS due to incorrect ownership handling in the export logic of Subject Alternative Name (SAN) entries containing an otherName. If the type-id OID is invalid or malformed, GnuTLS will call asn1_delete_structure() on an ASN.1 node it does not own, leading to a double-free condition when the parent function or caller later attempts to free the same structure.\n\nThis vulnerability can be triggered using only public GnuTLS APIs and may result in denial of service or memory corruption, depending on allocator behavior."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "namespace": "https://access.redhat.com/security/updates/classification/",
              "value": "Moderate"
            },
            "type": "Red Hat severity rating"
          }
        },
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-415",
              "description": "Double Free",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-10-23T19:29:16.602Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "RHSA-2025:16115",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:16115"
        },
        {
          "name": "RHSA-2025:16116",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:16116"
        },
        {
          "name": "RHSA-2025:17348",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:17348"
        },
        {
          "name": "RHSA-2025:17361",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:17361"
        },
        {
          "name": "RHSA-2025:17415",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:17415"
        },
        {
          "name": "RHSA-2025:19088",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:19088"
        },
        {
          "tags": [
            "vdb-entry",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/security/cve/CVE-2025-32988"
        },
        {
          "name": "RHBZ#2359622",
          "tags": [
            "issue-tracking",
            "x_refsource_REDHAT"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2359622"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2025-04-15T01:21:36.833000+00:00",
          "value": "Reported to Red Hat."
        },
        {
          "lang": "en",
          "time": "2025-07-10T07:55:14.310000+00:00",
          "value": "Made public."
        }
      ],
      "title": "Gnutls: vulnerability in gnutls othername san export",
      "workarounds": [
        {
          "lang": "en",
          "value": "Currently, no mitigation is available for this vulnerability."
        }
      ],
      "x_redhatCweChain": "CWE-415: Double Free"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2025-32988",
    "datePublished": "2025-07-10T08:04:57.991Z",
    "dateReserved": "2025-04-15T01:31:12.104Z",
    "dateUpdated": "2025-10-23T19:29:16.602Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-53906 (GCVE-0-2025-53906)

Vulnerability from cvelistv5

Published

2025-07-15 20:52

Modified

2025-07-18 14:44

Severity ?

4.1 (Medium) - CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:L

CWE

CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Summary

Vim is an open source, command line text editor. Prior to version 9.1.1551, a path traversal issue in Vim’s zip.vim plugin can allow overwriting of arbitrary files when opening specially crafted zip archives. Impact is low because this exploit requires direct user interaction. However, successfully exploitation can lead to overwriting sensitive files or placing executable code in privileged locations, depending on the permissions of the process editing the archive. The victim must edit such a file using Vim which will reveal the filename and the file content, a careful user may suspect some strange things going on. Successful exploitation could results in the ability to execute arbitrary commands on the underlying operating system. Version 9.1.1551 contains a patch for the vulnerability.

References

URL

Tags

	https://github.com/vim/vim/security/advisories/GHSA-r2fw-9cw4-mj86	x_refsource_CONFIRM
	https://github.com/vim/vim/commit/586294a04179d855c3d1d4ee5ea83931963680b8	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	vim	vim	Version: < 9.1.1551

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-53906",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-07-18T14:44:21.730414Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-07-18T14:44:25.662Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "exploit"
            ],
            "url": "https://github.com/vim/vim/security/advisories/GHSA-r2fw-9cw4-mj86"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "vim",
          "vendor": "vim",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 9.1.1551"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Vim is an open source, command line text editor. Prior to version 9.1.1551, a path traversal issue in Vim\u2019s zip.vim plugin can allow overwriting of arbitrary files when opening specially crafted zip archives. Impact is low because this exploit requires direct user interaction. However, successfully exploitation can lead to overwriting sensitive files or placing executable code in privileged locations, depending on the permissions of the process editing the archive. The victim must edit such a file using Vim which will reveal the filename and the file content, a careful user may suspect some strange things going on. Successful exploitation could results in the ability to execute arbitrary commands on the underlying operating system. Version 9.1.1551 contains a patch for the vulnerability."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "LOW",
            "baseScore": 4.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:L",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-22",
              "description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-07-15T20:52:40.137Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/vim/vim/security/advisories/GHSA-r2fw-9cw4-mj86",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/vim/vim/security/advisories/GHSA-r2fw-9cw4-mj86"
        },
        {
          "name": "https://github.com/vim/vim/commit/586294a04179d855c3d1d4ee5ea83931963680b8",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/vim/vim/commit/586294a04179d855c3d1d4ee5ea83931963680b8"
        }
      ],
      "source": {
        "advisory": "GHSA-r2fw-9cw4-mj86",
        "discovery": "UNKNOWN"
      },
      "title": "Vim has path traversal issue with zip.vim and special crafted zip archives"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2025-53906",
    "datePublished": "2025-07-15T20:52:40.137Z",
    "dateReserved": "2025-07-11T19:05:23.827Z",
    "dateUpdated": "2025-07-18T14:44:25.662Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-32990 (GCVE-0-2025-32990)

Vulnerability from cvelistv5

Published

2025-07-10 09:41

Modified

2025-10-23 19:29

Severity ?

6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

CWE

CWE-122 - Heap-based Buffer Overflow

Summary

A heap-buffer-overflow (off-by-one) flaw was found in the GnuTLS software in the template parsing logic within the certtool utility. When it reads certain settings from a template file, it allows an attacker to cause an out-of-bounds (OOB) NULL pointer write, resulting in memory corruption and a denial-of-service (DoS) that could potentially crash the system.

References

URL

Tags

	https://access.redhat.com/errata/RHSA-2025:16115	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2025:16116	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2025:17348	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2025:17361	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2025:17415	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2025:19088	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/security/cve/CVE-2025-32990	vdb-entry, x_refsource_REDHAT
	https://bugzilla.redhat.com/show_bug.cgi?id=2359620	issue-tracking, x_refsource_REDHAT

Impacted products

Vendor

Product

Version

Version: 0 ≤

Red Hat	Red Hat Enterprise Linux 10	Unaffected: 0:3.8.9-9.el10_0.14 < * cpe:/o:redhat:enterprise_linux:10.0
Red Hat	Red Hat Enterprise Linux 8	Unaffected: 0:3.6.16-8.el8_10.4 < * cpe:/a:redhat:enterprise_linux:8::appstream cpe:/o:redhat:enterprise_linux:8::baseos
Red Hat	Red Hat Enterprise Linux 8	Unaffected: 0:3.6.16-8.el8_10.4 < * cpe:/a:redhat:enterprise_linux:8::appstream cpe:/o:redhat:enterprise_linux:8::baseos
Red Hat	Red Hat Enterprise Linux 9	Unaffected: 0:3.8.3-6.el9_6.2 < * cpe:/a:redhat:enterprise_linux:9::appstream cpe:/o:redhat:enterprise_linux:9::baseos
Red Hat	Red Hat Enterprise Linux 9	Unaffected: 0:3.8.3-6.el9_6.2 < * cpe:/a:redhat:enterprise_linux:9::appstream cpe:/o:redhat:enterprise_linux:9::baseos
Red Hat	Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions	Unaffected: 0:3.7.6-21.el9_2.4 < * cpe:/a:redhat:rhel_e4s:9.2::appstream cpe:/o:redhat:rhel_e4s:9.2::baseos
Red Hat	Red Hat Enterprise Linux 9.4 Extended Update Support	Unaffected: 0:3.8.3-4.el9_4.4 < * cpe:/a:redhat:rhel_eus:9.4::appstream cpe:/o:redhat:rhel_eus:9.4::baseos
Red Hat	Red Hat Discovery 2	Unaffected: sha256:4784c2680572f9d091fcfb8c593d5424c0fcd8ea9cd51d25ddaf2f72abc7da65 < * cpe:/a:redhat:discovery:2::el9
Red Hat	Red Hat Enterprise Linux 6	cpe:/o:redhat:enterprise_linux:6
Red Hat	Red Hat Enterprise Linux 7	cpe:/o:redhat:enterprise_linux:7
Red Hat	Red Hat OpenShift Container Platform 4	cpe:/a:redhat:openshift:4

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-32990",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-07-10T14:06:53.044401Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-07-10T14:08:18.960Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://www.gnutls.org/",
          "defaultStatus": "unaffected",
          "packageName": "libgnutls",
          "versions": [
            {
              "lessThan": "3.8.10",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:10.0"
          ],
          "defaultStatus": "affected",
          "packageName": "gnutls",
          "product": "Red Hat Enterprise Linux 10",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:3.8.9-9.el10_0.14",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:enterprise_linux:8::appstream",
            "cpe:/o:redhat:enterprise_linux:8::baseos"
          ],
          "defaultStatus": "affected",
          "packageName": "gnutls",
          "product": "Red Hat Enterprise Linux 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:3.6.16-8.el8_10.4",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:enterprise_linux:8::appstream",
            "cpe:/o:redhat:enterprise_linux:8::baseos"
          ],
          "defaultStatus": "affected",
          "packageName": "gnutls",
          "product": "Red Hat Enterprise Linux 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:3.6.16-8.el8_10.4",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:enterprise_linux:9::appstream",
            "cpe:/o:redhat:enterprise_linux:9::baseos"
          ],
          "defaultStatus": "affected",
          "packageName": "gnutls",
          "product": "Red Hat Enterprise Linux 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:3.8.3-6.el9_6.2",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:enterprise_linux:9::appstream",
            "cpe:/o:redhat:enterprise_linux:9::baseos"
          ],
          "defaultStatus": "affected",
          "packageName": "gnutls",
          "product": "Red Hat Enterprise Linux 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:3.8.3-6.el9_6.2",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:rhel_e4s:9.2::appstream",
            "cpe:/o:redhat:rhel_e4s:9.2::baseos"
          ],
          "defaultStatus": "affected",
          "packageName": "gnutls",
          "product": "Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:3.7.6-21.el9_2.4",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:rhel_eus:9.4::appstream",
            "cpe:/o:redhat:rhel_eus:9.4::baseos"
          ],
          "defaultStatus": "affected",
          "packageName": "gnutls",
          "product": "Red Hat Enterprise Linux 9.4 Extended Update Support",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:3.8.3-4.el9_4.4",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:discovery:2::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "discovery/discovery-ui-rhel9",
          "product": "Red Hat Discovery 2",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "sha256:4784c2680572f9d091fcfb8c593d5424c0fcd8ea9cd51d25ddaf2f72abc7da65",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:6"
          ],
          "defaultStatus": "unknown",
          "packageName": "gnutls",
          "product": "Red Hat Enterprise Linux 6",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:7"
          ],
          "defaultStatus": "unknown",
          "packageName": "gnutls",
          "product": "Red Hat Enterprise Linux 7",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:openshift:4"
          ],
          "defaultStatus": "affected",
          "packageName": "rhcos",
          "product": "Red Hat OpenShift Container Platform 4",
          "vendor": "Red Hat"
        }
      ],
      "datePublic": "2025-07-09T07:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A heap-buffer-overflow (off-by-one) flaw was found in the GnuTLS software in the template parsing logic within the certtool utility. When it reads certain settings from a template file, it allows an attacker to cause an out-of-bounds (OOB) NULL pointer write, resulting in memory corruption and a denial-of-service (DoS) that could potentially crash the system."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "namespace": "https://access.redhat.com/security/updates/classification/",
              "value": "Moderate"
            },
            "type": "Red Hat severity rating"
          }
        },
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-122",
              "description": "Heap-based Buffer Overflow",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-10-23T19:29:17.805Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "RHSA-2025:16115",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:16115"
        },
        {
          "name": "RHSA-2025:16116",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:16116"
        },
        {
          "name": "RHSA-2025:17348",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:17348"
        },
        {
          "name": "RHSA-2025:17361",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:17361"
        },
        {
          "name": "RHSA-2025:17415",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:17415"
        },
        {
          "name": "RHSA-2025:19088",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:19088"
        },
        {
          "tags": [
            "vdb-entry",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/security/cve/CVE-2025-32990"
        },
        {
          "name": "RHBZ#2359620",
          "tags": [
            "issue-tracking",
            "x_refsource_REDHAT"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2359620"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2025-04-15T01:21:36.656000+00:00",
          "value": "Reported to Red Hat."
        },
        {
          "lang": "en",
          "time": "2025-07-09T07:00:00+00:00",
          "value": "Made public."
        }
      ],
      "title": "Gnutls: vulnerability in gnutls certtool template parsing",
      "workarounds": [
        {
          "lang": "en",
          "value": "Currently, no mitigation is available for this vulnerability."
        }
      ],
      "x_redhatCweChain": "CWE-122: Heap-based Buffer Overflow"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2025-32990",
    "datePublished": "2025-07-10T09:41:46.211Z",
    "dateReserved": "2025-04-15T01:31:12.104Z",
    "dateUpdated": "2025-10-23T19:29:17.805Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-32989 (GCVE-0-2025-32989)

Vulnerability from cvelistv5

Published

2025-07-10 08:05

Modified

2025-10-23 19:29

Severity ?

5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CWE

CWE-295 - Improper Certificate Validation

Summary

A heap-buffer-overread vulnerability was found in GnuTLS in how it handles the Certificate Transparency (CT) Signed Certificate Timestamp (SCT) extension during X.509 certificate parsing. This flaw allows a malicious user to create a certificate containing a malformed SCT extension (OID 1.3.6.1.4.1.11129.2.4.2) that contains sensitive data. This issue leads to the exposure of confidential information when GnuTLS verifies certificates from certain websites when the certificate (SCT) is not checked correctly.

References

URL

Tags

	https://access.redhat.com/errata/RHSA-2025:16115	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2025:16116	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2025:17348	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2025:17361	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2025:19088	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/security/cve/CVE-2025-32989	vdb-entry, x_refsource_REDHAT
	https://bugzilla.redhat.com/show_bug.cgi?id=2359621	issue-tracking, x_refsource_REDHAT

Impacted products

Vendor

Product

Version

Version: 0 ≤

Red Hat	Red Hat Enterprise Linux 10	Unaffected: 0:3.8.9-9.el10_0.14 < * cpe:/o:redhat:enterprise_linux:10.0
Red Hat	Red Hat Enterprise Linux 9	Unaffected: 0:3.8.3-6.el9_6.2 < * cpe:/a:redhat:enterprise_linux:9::appstream cpe:/o:redhat:enterprise_linux:9::baseos
Red Hat	Red Hat Enterprise Linux 9	Unaffected: 0:3.8.3-6.el9_6.2 < * cpe:/a:redhat:enterprise_linux:9::appstream cpe:/o:redhat:enterprise_linux:9::baseos
Red Hat	Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions	Unaffected: 0:3.7.6-21.el9_2.4 < * cpe:/a:redhat:rhel_e4s:9.2::appstream cpe:/o:redhat:rhel_e4s:9.2::baseos
Red Hat	Red Hat Enterprise Linux 9.4 Extended Update Support	Unaffected: 0:3.8.3-4.el9_4.4 < * cpe:/a:redhat:rhel_eus:9.4::appstream cpe:/o:redhat:rhel_eus:9.4::baseos
Red Hat	Red Hat Discovery 2	Unaffected: sha256:4784c2680572f9d091fcfb8c593d5424c0fcd8ea9cd51d25ddaf2f72abc7da65 < * cpe:/a:redhat:discovery:2::el9
Red Hat	Red Hat Enterprise Linux 6	cpe:/o:redhat:enterprise_linux:6
Red Hat	Red Hat Enterprise Linux 7	cpe:/o:redhat:enterprise_linux:7
Red Hat	Red Hat Enterprise Linux 8	cpe:/o:redhat:enterprise_linux:8
Red Hat	Red Hat OpenShift Container Platform 4	cpe:/a:redhat:openshift:4

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-32989",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-07-10T20:04:51.314429Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-07-10T20:06:49.983Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://www.gnutls.org/",
          "defaultStatus": "unaffected",
          "packageName": "libgnutls",
          "versions": [
            {
              "lessThan": "3.8.10",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:10.0"
          ],
          "defaultStatus": "affected",
          "packageName": "gnutls",
          "product": "Red Hat Enterprise Linux 10",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:3.8.9-9.el10_0.14",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:enterprise_linux:9::appstream",
            "cpe:/o:redhat:enterprise_linux:9::baseos"
          ],
          "defaultStatus": "affected",
          "packageName": "gnutls",
          "product": "Red Hat Enterprise Linux 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:3.8.3-6.el9_6.2",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:enterprise_linux:9::appstream",
            "cpe:/o:redhat:enterprise_linux:9::baseos"
          ],
          "defaultStatus": "affected",
          "packageName": "gnutls",
          "product": "Red Hat Enterprise Linux 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:3.8.3-6.el9_6.2",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:rhel_e4s:9.2::appstream",
            "cpe:/o:redhat:rhel_e4s:9.2::baseos"
          ],
          "defaultStatus": "affected",
          "packageName": "gnutls",
          "product": "Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:3.7.6-21.el9_2.4",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:rhel_eus:9.4::appstream",
            "cpe:/o:redhat:rhel_eus:9.4::baseos"
          ],
          "defaultStatus": "affected",
          "packageName": "gnutls",
          "product": "Red Hat Enterprise Linux 9.4 Extended Update Support",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:3.8.3-4.el9_4.4",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:discovery:2::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "discovery/discovery-ui-rhel9",
          "product": "Red Hat Discovery 2",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "sha256:4784c2680572f9d091fcfb8c593d5424c0fcd8ea9cd51d25ddaf2f72abc7da65",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:6"
          ],
          "defaultStatus": "unknown",
          "packageName": "gnutls",
          "product": "Red Hat Enterprise Linux 6",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:7"
          ],
          "defaultStatus": "unknown",
          "packageName": "gnutls",
          "product": "Red Hat Enterprise Linux 7",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:8"
          ],
          "defaultStatus": "unaffected",
          "packageName": "gnutls",
          "product": "Red Hat Enterprise Linux 8",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:openshift:4"
          ],
          "defaultStatus": "affected",
          "packageName": "rhcos",
          "product": "Red Hat OpenShift Container Platform 4",
          "vendor": "Red Hat"
        }
      ],
      "datePublic": "2025-07-10T07:54:13.541Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A heap-buffer-overread vulnerability was found in GnuTLS in how it handles the Certificate Transparency (CT) Signed Certificate Timestamp (SCT) extension during X.509 certificate parsing. This flaw allows a malicious user to create a certificate containing a malformed SCT extension (OID 1.3.6.1.4.1.11129.2.4.2) that contains sensitive data. This issue leads to the exposure of confidential information when GnuTLS verifies certificates from certain websites when the certificate (SCT) is not checked correctly."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "namespace": "https://access.redhat.com/security/updates/classification/",
              "value": "Moderate"
            },
            "type": "Red Hat severity rating"
          }
        },
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-295",
              "description": "Improper Certificate Validation",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-10-23T19:29:14.230Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "RHSA-2025:16115",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:16115"
        },
        {
          "name": "RHSA-2025:16116",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:16116"
        },
        {
          "name": "RHSA-2025:17348",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:17348"
        },
        {
          "name": "RHSA-2025:17361",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:17361"
        },
        {
          "name": "RHSA-2025:19088",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:19088"
        },
        {
          "tags": [
            "vdb-entry",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/security/cve/CVE-2025-32989"
        },
        {
          "name": "RHBZ#2359621",
          "tags": [
            "issue-tracking",
            "x_refsource_REDHAT"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2359621"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2025-04-15T01:21:36.512000+00:00",
          "value": "Reported to Red Hat."
        },
        {
          "lang": "en",
          "time": "2025-07-10T07:54:13.541000+00:00",
          "value": "Made public."
        }
      ],
      "title": "Gnutls: vulnerability in gnutls sct extension parsing",
      "workarounds": [
        {
          "lang": "en",
          "value": "Currently, no mitigation is available for this vulnerability."
        }
      ],
      "x_redhatCweChain": "CWE-295: Improper Certificate Validation"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2025-32989",
    "datePublished": "2025-07-10T08:05:26.307Z",
    "dateReserved": "2025-04-15T01:31:12.104Z",
    "dateUpdated": "2025-10-23T19:29:14.230Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

rhsa-2025:19088

Vulnerability from csaf_redhat

CVE-2025-6395 (GCVE-0-2025-6395)

Vulnerability from cvelistv5

CVE-2025-53905 (GCVE-0-2025-53905)

Vulnerability from cvelistv5

CVE-2025-32988 (GCVE-0-2025-32988)

Vulnerability from cvelistv5

CVE-2025-53906 (GCVE-0-2025-53906)

Vulnerability from cvelistv5

CVE-2025-32990 (GCVE-0-2025-32990)

Vulnerability from cvelistv5

CVE-2025-32989 (GCVE-0-2025-32989)

Vulnerability from cvelistv5

Tags

Sightings

Nomenclature