rhsa-2025:20066
Vulnerability from csaf_redhat
Published
2025-11-10 21:09
Modified
2025-11-24 21:04
Summary
Red Hat Security Advisory: Insights proxy Container Image
Notes
Topic
Initial GA Release of Red Hat Insights proxy
Details
The Insights proxy Container is used by the Insights proxy product RPM
and serves as an intermediary between cystomer systems in disconnected networks,
air-gapped systems or systems with no outside connections and Insights.
The Insights proxy routes all Red Hat Insights traffic through itself, providing
a layer of privary and security for disconnected customer systems.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Initial GA Release of Red Hat Insights proxy",
"title": "Topic"
},
{
"category": "general",
"text": "The Insights proxy Container is used by the Insights proxy product RPM\nand serves as an intermediary between cystomer systems in disconnected networks,\nair-gapped systems or systems with no outside connections and Insights.\n\nThe Insights proxy routes all Red Hat Insights traffic through itself, providing\na layer of privary and security for disconnected customer systems.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:20066",
"url": "https://access.redhat.com/errata/RHSA-2025:20066"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-53905",
"url": "https://access.redhat.com/security/cve/CVE-2025-53905"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-53906",
"url": "https://access.redhat.com/security/cve/CVE-2025-53906"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_20066.json"
}
],
"title": "Red Hat Security Advisory: Insights proxy Container Image",
"tracking": {
"current_release_date": "2025-11-24T21:04:29+00:00",
"generator": {
"date": "2025-11-24T21:04:29+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.12"
}
},
"id": "RHSA-2025:20066",
"initial_release_date": "2025-11-10T21:09:13+00:00",
"revision_history": [
{
"date": "2025-11-10T21:09:13+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-11-10T21:09:21+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-11-24T21:04:29+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Insights proxy 1.5",
"product": {
"name": "Red Hat Insights proxy 1.5",
"product_id": "Red Hat Insights proxy 1.5",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:insights_proxy:1.5::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat Insights proxy"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:940f62545101f5cb8799670b2e8b22c0169717ff976be0b7932d48f540048759_amd64",
"product": {
"name": "registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:940f62545101f5cb8799670b2e8b22c0169717ff976be0b7932d48f540048759_amd64",
"product_id": "registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:940f62545101f5cb8799670b2e8b22c0169717ff976be0b7932d48f540048759_amd64",
"product_identification_helper": {
"purl": "pkg:oci/insights-proxy-container-rhel9@sha256%3A940f62545101f5cb8799670b2e8b22c0169717ff976be0b7932d48f540048759?arch=amd64\u0026repository_url=registry.redhat.io/insights-proxy\u0026tag=1.5.8-1762789260"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:c02e59d4a674b377b9e8c45b92c652c864ecf8c06283d9d228dc3866fa76a622_arm64",
"product": {
"name": "registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:c02e59d4a674b377b9e8c45b92c652c864ecf8c06283d9d228dc3866fa76a622_arm64",
"product_id": "registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:c02e59d4a674b377b9e8c45b92c652c864ecf8c06283d9d228dc3866fa76a622_arm64",
"product_identification_helper": {
"purl": "pkg:oci/insights-proxy-container-rhel9@sha256%3Ac02e59d4a674b377b9e8c45b92c652c864ecf8c06283d9d228dc3866fa76a622?arch=arm64\u0026repository_url=registry.redhat.io/insights-proxy\u0026tag=1.5.8-1762789260"
}
}
}
],
"category": "architecture",
"name": "arm64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:940f62545101f5cb8799670b2e8b22c0169717ff976be0b7932d48f540048759_amd64 as a component of Red Hat Insights proxy 1.5",
"product_id": "Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:940f62545101f5cb8799670b2e8b22c0169717ff976be0b7932d48f540048759_amd64"
},
"product_reference": "registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:940f62545101f5cb8799670b2e8b22c0169717ff976be0b7932d48f540048759_amd64",
"relates_to_product_reference": "Red Hat Insights proxy 1.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:c02e59d4a674b377b9e8c45b92c652c864ecf8c06283d9d228dc3866fa76a622_arm64 as a component of Red Hat Insights proxy 1.5",
"product_id": "Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:c02e59d4a674b377b9e8c45b92c652c864ecf8c06283d9d228dc3866fa76a622_arm64"
},
"product_reference": "registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:c02e59d4a674b377b9e8c45b92c652c864ecf8c06283d9d228dc3866fa76a622_arm64",
"relates_to_product_reference": "Red Hat Insights proxy 1.5"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-53905",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2025-07-15T21:01:19.770241+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2380362"
}
],
"notes": [
{
"category": "description",
"text": "A path traversal flaw was found in Vim. Successful exploitation can lead to overwriting sensitive files or placing executable code in privileged locations, depending on the permissions of the process editing the archive.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "vim: Vim path traversial",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Within regulated environments, a combination of the following controls acts as a significant barrier to the successful exploitation of a CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027) vulnerability and therefore downgrades the severity of this particular CVE from Moderate to Low.\n\nInput validation enforces strict path constraints, rejecting directory traversal attempts or unauthorized file access. Runtime environments restrict code execution to predefined privilege levels, preventing escalation from traversal exploits. Configuration settings limit accessible directories and enforce execution boundaries to reduce the influence of user input on file system behavior. Application components are developed and validated against secure coding standards that explicitly prevent path manipulation, further minimizing exploitation risk.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:940f62545101f5cb8799670b2e8b22c0169717ff976be0b7932d48f540048759_amd64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:c02e59d4a674b377b9e8c45b92c652c864ecf8c06283d9d228dc3866fa76a622_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-53905"
},
{
"category": "external",
"summary": "RHBZ#2380362",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2380362"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-53905",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53905"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-53905",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-53905"
},
{
"category": "external",
"summary": "https://github.com/vim/vim/commit/87757c6b0a4b2c1f71c72ea8e1438b8fb116b239",
"url": "https://github.com/vim/vim/commit/87757c6b0a4b2c1f71c72ea8e1438b8fb116b239"
},
{
"category": "external",
"summary": "https://github.com/vim/vim/security/advisories/GHSA-74v4-f3x9-ppvr",
"url": "https://github.com/vim/vim/security/advisories/GHSA-74v4-f3x9-ppvr"
}
],
"release_date": "2025-07-15T20:48:34.764000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-11-10T21:09:13+00:00",
"details": "The Insights proxy container image provided here is downloaded by the Red Hat\nInsights proxy product RPM.\n\nBefore applying this update, make sure all previously released errata relevant to\nyour system have been applied.",
"product_ids": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:940f62545101f5cb8799670b2e8b22c0169717ff976be0b7932d48f540048759_amd64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:c02e59d4a674b377b9e8c45b92c652c864ecf8c06283d9d228dc3866fa76a622_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:20066"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:940f62545101f5cb8799670b2e8b22c0169717ff976be0b7932d48f540048759_amd64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:c02e59d4a674b377b9e8c45b92c652c864ecf8c06283d9d228dc3866fa76a622_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 4.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:L",
"version": "3.1"
},
"products": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:940f62545101f5cb8799670b2e8b22c0169717ff976be0b7932d48f540048759_amd64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:c02e59d4a674b377b9e8c45b92c652c864ecf8c06283d9d228dc3866fa76a622_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "vim: Vim path traversial"
},
{
"cve": "CVE-2025-53906",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2025-07-15T21:01:15.057182+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2380360"
}
],
"notes": [
{
"category": "description",
"text": "A path traversal flaw was found in Vim. Successful exploitation can lead to overwriting sensitive files or placing executable code in privileged locations, depending on the permissions of the process editing the archive.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "vim: Vim path traversal",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Within regulated environments, a combination of the following controls acts as a significant barrier to the successful exploitation of a CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027) vulnerability and therefore downgrades the severity of this particular CVE from Moderate to Low.\n\nInput validation enforces strict path constraints, rejecting directory traversal attempts or unauthorized file access. Runtime environments restrict code execution to predefined privilege levels, preventing escalation from traversal exploits. Configuration settings limit accessible directories and enforce execution boundaries to reduce the influence of user input on file system behavior. Application components are developed and validated against secure coding standards that explicitly prevent path manipulation, further minimizing exploitation risk.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:940f62545101f5cb8799670b2e8b22c0169717ff976be0b7932d48f540048759_amd64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:c02e59d4a674b377b9e8c45b92c652c864ecf8c06283d9d228dc3866fa76a622_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-53906"
},
{
"category": "external",
"summary": "RHBZ#2380360",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2380360"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-53906",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53906"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-53906",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-53906"
},
{
"category": "external",
"summary": "https://github.com/vim/vim/commit/586294a04179d855c3d1d4ee5ea83931963680b8",
"url": "https://github.com/vim/vim/commit/586294a04179d855c3d1d4ee5ea83931963680b8"
},
{
"category": "external",
"summary": "https://github.com/vim/vim/security/advisories/GHSA-r2fw-9cw4-mj86",
"url": "https://github.com/vim/vim/security/advisories/GHSA-r2fw-9cw4-mj86"
}
],
"release_date": "2025-07-15T20:52:40.137000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-11-10T21:09:13+00:00",
"details": "The Insights proxy container image provided here is downloaded by the Red Hat\nInsights proxy product RPM.\n\nBefore applying this update, make sure all previously released errata relevant to\nyour system have been applied.",
"product_ids": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:940f62545101f5cb8799670b2e8b22c0169717ff976be0b7932d48f540048759_amd64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:c02e59d4a674b377b9e8c45b92c652c864ecf8c06283d9d228dc3866fa76a622_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:20066"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:940f62545101f5cb8799670b2e8b22c0169717ff976be0b7932d48f540048759_amd64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:c02e59d4a674b377b9e8c45b92c652c864ecf8c06283d9d228dc3866fa76a622_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 4.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:L",
"version": "3.1"
},
"products": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:940f62545101f5cb8799670b2e8b22c0169717ff976be0b7932d48f540048759_amd64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:c02e59d4a674b377b9e8c45b92c652c864ecf8c06283d9d228dc3866fa76a622_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "vim: Vim path traversal"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…