Vulnerability-Lookup

SUSE-SU-2026:1753-1

Vulnerability from csaf_suse - Published: 2026-05-07 13:54 - Updated: 2026-05-07 13:54

Summary

Security update for 389-ds

Severity

Important

Notes

Title of the patch: Security update for 389-ds

Description of the patch: This update for 389-ds fixes the following issues: Update to version 2.0.20~git89.937b1f291. Security issues fixed: - CVE-2025-14905: heap buffer overflow due to improper size calculation in `schema_attr_enum_callback` callback (bsc#1258727). Other updates and bugfixes: - Issue 7224 - CI Test - Simplify `test_reserve_descriptor_validation` (#7225). - Issue 7189 - DSBLE0007 generates incorrect remediation commands for scan limits. - Issue 7172 - (2nd) Index ordering mismatch after upgrade (#7180). - Issue 7172 - Index ordering mismatch after upgrade (#7173). - Issue 7096 - During replication online total init the function idl_id_is_in_idlist is not scaling with large database (#7145). - Issue 7091 - Duplicate local password policy entries listed (#7092). - Issue 7124 - BDB cursor race condition with transaction isolation (#7125). - Issue 7121 - LeakSanitizer: various leaks during replication (#7122). - Issue 7115 - LeakSanitizer: leak in `slapd_bind_local_user()` (#7116). - Issue 7109 - AddressSanitizer: SEGV `ldap/servers/slapd/csnset.c:302` in `csnset_dup` (#7114). - Issue 7056 - DSBLE0007 doesn't generate remediation steps for missing indexes. - Issue 6846 - Attribute uniqueness is not enforced with modrdn (#7026). - Issue 7055 - Online initialization of consumers fails with error `-23` (#7075). - Issue 7065 - A search filter containing a non normalized DN assertion does not return matching entries (#7068). - Issue 7032 - The new ipahealthcheck test ipahealthcheck.ds.backends.BackendsCheck raises CRITICAL issue (#7036). - Issue 6966 - On large DB, unlimited IDL scan limit reduce the SRCH performance (#6967). - Issue 6848 - AddressSanitizer: leak in `do_search`. - Issue 6928 - The `parentId` attribute is indexed with improper matching rule. - Issue 6933 - When deferred `memberof` update is enabled after the server crashed it should not launch memberof fixup task by default (#6935). - Issue 6929 - Compilation failure with `rust-1.89` on Fedora ELN. - Issue 6859 - `str2filter` is not fully applying matching rules. - Issue 6857 - `uiduniq`: allow specifying match rules in the filter. - Issue 6893 - Log user that is updated during password modify extended operation. - Issue 6680 - instance read-only mode is broken (#6681).

Patchnames: SUSE-2026-1753,SUSE-SLE-Product-HPC-15-SP4-ESPOS-2026-1753,SUSE-SLE-Product-HPC-15-SP4-LTSS-2026-1753,SUSE-SLE-Product-SLES-15-SP4-LTSS-2026-1753,SUSE-SLE-Product-SLES_SAP-15-SP4-2026-1753

CVE-2025-14905

7.2 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Vendor Fix To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".

References

URL

Category

	https://www.suse.com/support/security/rating/	external
	https://ftp.suse.com/pub/projects/security/csaf/s…	self
	https://www.suse.com/support/update/announcement/…	self
	https://lists.suse.com/pipermail/sle-updates/2026…	self
	https://bugzilla.suse.com/1258727	self
	https://www.suse.com/security/cve/CVE-2025-14905/	self
	https://www.suse.com/security/cve/CVE-2025-14905	external
	https://bugzilla.suse.com/1258727	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Security update for 389-ds",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "This update for 389-ds fixes the following issues:\n\nUpdate to version 2.0.20~git89.937b1f291.\n\nSecurity issues fixed:\n\n- CVE-2025-14905: heap buffer overflow due to improper size calculation in `schema_attr_enum_callback` callback\n  (bsc#1258727).\n\nOther updates and bugfixes:\n\n- Issue 7224 - CI Test - Simplify `test_reserve_descriptor_validation` (#7225).\n- Issue 7189 - DSBLE0007 generates incorrect remediation commands for scan limits.\n- Issue 7172 - (2nd) Index ordering mismatch after upgrade (#7180).\n- Issue 7172 - Index ordering mismatch after upgrade (#7173).\n- Issue 7096 - During replication online total init the function idl_id_is_in_idlist is not scaling with large database\n  (#7145).\n- Issue 7091 - Duplicate local password policy entries listed (#7092).\n- Issue 7124 - BDB cursor race condition with transaction isolation (#7125).\n- Issue 7121 - LeakSanitizer: various leaks during replication (#7122).\n- Issue 7115 - LeakSanitizer: leak in `slapd_bind_local_user()` (#7116).\n- Issue 7109 - AddressSanitizer: SEGV `ldap/servers/slapd/csnset.c:302` in `csnset_dup` (#7114).\n- Issue 7056 - DSBLE0007 doesn\u0027t generate remediation steps for missing indexes.\n- Issue 6846 - Attribute uniqueness is not enforced with modrdn (#7026).\n- Issue 7055 - Online initialization of consumers fails with error `-23` (#7075).\n- Issue 7065 - A search filter containing a non normalized DN assertion does not return matching entries (#7068).\n- Issue 7032 - The new ipahealthcheck test ipahealthcheck.ds.backends.BackendsCheck raises CRITICAL issue (#7036).\n- Issue 6966 - On large DB, unlimited IDL scan limit reduce the SRCH performance (#6967).\n- Issue 6848 - AddressSanitizer: leak in `do_search`.\n- Issue 6928 - The `parentId` attribute is indexed with improper matching rule.\n- Issue 6933 - When deferred `memberof` update is enabled after the server crashed it should not launch memberof fixup\n  task by default (#6935).\n- Issue 6929 - Compilation failure with `rust-1.89` on Fedora ELN.\n- Issue 6859 - `str2filter` is not fully applying matching rules.\n- Issue 6857 - `uiduniq`: allow specifying match rules in the filter.\n- Issue 6893 - Log user that is updated during password modify extended operation.\n- Issue 6680 - instance read-only mode is broken (#6681).\n",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "SUSE-2026-1753,SUSE-SLE-Product-HPC-15-SP4-ESPOS-2026-1753,SUSE-SLE-Product-HPC-15-SP4-LTSS-2026-1753,SUSE-SLE-Product-SLES-15-SP4-LTSS-2026-1753,SUSE-SLE-Product-SLES_SAP-15-SP4-2026-1753",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2026_1753-1.json"
      },
      {
        "category": "self",
        "summary": "URL for SUSE-SU-2026:1753-1",
        "url": "https://www.suse.com/support/update/announcement/2026/suse-su-20261753-1/"
      },
      {
        "category": "self",
        "summary": "E-Mail link for SUSE-SU-2026:1753-1",
        "url": "https://lists.suse.com/pipermail/sle-updates/2026-May/046310.html"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1258727",
        "url": "https://bugzilla.suse.com/1258727"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-14905 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-14905/"
      }
    ],
    "title": "Security update for 389-ds",
    "tracking": {
      "current_release_date": "2026-05-07T13:54:14Z",
      "generator": {
        "date": "2026-05-07T13:54:14Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "SUSE-SU-2026:1753-1",
      "initial_release_date": "2026-05-07T13:54:14Z",
      "revision_history": [
        {
          "date": "2026-05-07T13:54:14Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "389-ds-2.0.20~git89.937b1f291-150400.3.48.1.aarch64",
                "product": {
                  "name": "389-ds-2.0.20~git89.937b1f291-150400.3.48.1.aarch64",
                  "product_id": "389-ds-2.0.20~git89.937b1f291-150400.3.48.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "389-ds-devel-2.0.20~git89.937b1f291-150400.3.48.1.aarch64",
                "product": {
                  "name": "389-ds-devel-2.0.20~git89.937b1f291-150400.3.48.1.aarch64",
                  "product_id": "389-ds-devel-2.0.20~git89.937b1f291-150400.3.48.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "389-ds-snmp-2.0.20~git89.937b1f291-150400.3.48.1.aarch64",
                "product": {
                  "name": "389-ds-snmp-2.0.20~git89.937b1f291-150400.3.48.1.aarch64",
                  "product_id": "389-ds-snmp-2.0.20~git89.937b1f291-150400.3.48.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "lib389-2.0.20~git89.937b1f291-150400.3.48.1.aarch64",
                "product": {
                  "name": "lib389-2.0.20~git89.937b1f291-150400.3.48.1.aarch64",
                  "product_id": "lib389-2.0.20~git89.937b1f291-150400.3.48.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "libsvrcore0-2.0.20~git89.937b1f291-150400.3.48.1.aarch64",
                "product": {
                  "name": "libsvrcore0-2.0.20~git89.937b1f291-150400.3.48.1.aarch64",
                  "product_id": "libsvrcore0-2.0.20~git89.937b1f291-150400.3.48.1.aarch64"
                }
              }
            ],
            "category": "architecture",
            "name": "aarch64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "389-ds-2.0.20~git89.937b1f291-150400.3.48.1.ppc64le",
                "product": {
                  "name": "389-ds-2.0.20~git89.937b1f291-150400.3.48.1.ppc64le",
                  "product_id": "389-ds-2.0.20~git89.937b1f291-150400.3.48.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "389-ds-devel-2.0.20~git89.937b1f291-150400.3.48.1.ppc64le",
                "product": {
                  "name": "389-ds-devel-2.0.20~git89.937b1f291-150400.3.48.1.ppc64le",
                  "product_id": "389-ds-devel-2.0.20~git89.937b1f291-150400.3.48.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "389-ds-snmp-2.0.20~git89.937b1f291-150400.3.48.1.ppc64le",
                "product": {
                  "name": "389-ds-snmp-2.0.20~git89.937b1f291-150400.3.48.1.ppc64le",
                  "product_id": "389-ds-snmp-2.0.20~git89.937b1f291-150400.3.48.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "lib389-2.0.20~git89.937b1f291-150400.3.48.1.ppc64le",
                "product": {
                  "name": "lib389-2.0.20~git89.937b1f291-150400.3.48.1.ppc64le",
                  "product_id": "lib389-2.0.20~git89.937b1f291-150400.3.48.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "libsvrcore0-2.0.20~git89.937b1f291-150400.3.48.1.ppc64le",
                "product": {
                  "name": "libsvrcore0-2.0.20~git89.937b1f291-150400.3.48.1.ppc64le",
                  "product_id": "libsvrcore0-2.0.20~git89.937b1f291-150400.3.48.1.ppc64le"
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "389-ds-2.0.20~git89.937b1f291-150400.3.48.1.s390x",
                "product": {
                  "name": "389-ds-2.0.20~git89.937b1f291-150400.3.48.1.s390x",
                  "product_id": "389-ds-2.0.20~git89.937b1f291-150400.3.48.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "389-ds-devel-2.0.20~git89.937b1f291-150400.3.48.1.s390x",
                "product": {
                  "name": "389-ds-devel-2.0.20~git89.937b1f291-150400.3.48.1.s390x",
                  "product_id": "389-ds-devel-2.0.20~git89.937b1f291-150400.3.48.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "389-ds-snmp-2.0.20~git89.937b1f291-150400.3.48.1.s390x",
                "product": {
                  "name": "389-ds-snmp-2.0.20~git89.937b1f291-150400.3.48.1.s390x",
                  "product_id": "389-ds-snmp-2.0.20~git89.937b1f291-150400.3.48.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "lib389-2.0.20~git89.937b1f291-150400.3.48.1.s390x",
                "product": {
                  "name": "lib389-2.0.20~git89.937b1f291-150400.3.48.1.s390x",
                  "product_id": "lib389-2.0.20~git89.937b1f291-150400.3.48.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "libsvrcore0-2.0.20~git89.937b1f291-150400.3.48.1.s390x",
                "product": {
                  "name": "libsvrcore0-2.0.20~git89.937b1f291-150400.3.48.1.s390x",
                  "product_id": "libsvrcore0-2.0.20~git89.937b1f291-150400.3.48.1.s390x"
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "389-ds-2.0.20~git89.937b1f291-150400.3.48.1.x86_64",
                "product": {
                  "name": "389-ds-2.0.20~git89.937b1f291-150400.3.48.1.x86_64",
                  "product_id": "389-ds-2.0.20~git89.937b1f291-150400.3.48.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "389-ds-devel-2.0.20~git89.937b1f291-150400.3.48.1.x86_64",
                "product": {
                  "name": "389-ds-devel-2.0.20~git89.937b1f291-150400.3.48.1.x86_64",
                  "product_id": "389-ds-devel-2.0.20~git89.937b1f291-150400.3.48.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "389-ds-snmp-2.0.20~git89.937b1f291-150400.3.48.1.x86_64",
                "product": {
                  "name": "389-ds-snmp-2.0.20~git89.937b1f291-150400.3.48.1.x86_64",
                  "product_id": "389-ds-snmp-2.0.20~git89.937b1f291-150400.3.48.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "lib389-2.0.20~git89.937b1f291-150400.3.48.1.x86_64",
                "product": {
                  "name": "lib389-2.0.20~git89.937b1f291-150400.3.48.1.x86_64",
                  "product_id": "lib389-2.0.20~git89.937b1f291-150400.3.48.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "libsvrcore0-2.0.20~git89.937b1f291-150400.3.48.1.x86_64",
                "product": {
                  "name": "libsvrcore0-2.0.20~git89.937b1f291-150400.3.48.1.x86_64",
                  "product_id": "libsvrcore0-2.0.20~git89.937b1f291-150400.3.48.1.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
                "product": {
                  "name": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
                  "product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sle_hpc-espos:15:sp4"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
                "product": {
                  "name": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
                  "product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sle_hpc-ltss:15:sp4"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Server 15 SP4-LTSS",
                "product": {
                  "name": "SUSE Linux Enterprise Server 15 SP4-LTSS",
                  "product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sles-ltss:15:sp4"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Server for SAP Applications 15 SP4",
                "product": {
                  "name": "SUSE Linux Enterprise Server for SAP Applications 15 SP4",
                  "product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sles_sap:15:sp4"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "389-ds-2.0.20~git89.937b1f291-150400.3.48.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
          "product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:389-ds-2.0.20~git89.937b1f291-150400.3.48.1.aarch64"
        },
        "product_reference": "389-ds-2.0.20~git89.937b1f291-150400.3.48.1.aarch64",
        "relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "389-ds-2.0.20~git89.937b1f291-150400.3.48.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
          "product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:389-ds-2.0.20~git89.937b1f291-150400.3.48.1.x86_64"
        },
        "product_reference": "389-ds-2.0.20~git89.937b1f291-150400.3.48.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "389-ds-devel-2.0.20~git89.937b1f291-150400.3.48.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
          "product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:389-ds-devel-2.0.20~git89.937b1f291-150400.3.48.1.aarch64"
        },
        "product_reference": "389-ds-devel-2.0.20~git89.937b1f291-150400.3.48.1.aarch64",
        "relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "389-ds-devel-2.0.20~git89.937b1f291-150400.3.48.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
          "product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:389-ds-devel-2.0.20~git89.937b1f291-150400.3.48.1.x86_64"
        },
        "product_reference": "389-ds-devel-2.0.20~git89.937b1f291-150400.3.48.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "lib389-2.0.20~git89.937b1f291-150400.3.48.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
          "product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:lib389-2.0.20~git89.937b1f291-150400.3.48.1.aarch64"
        },
        "product_reference": "lib389-2.0.20~git89.937b1f291-150400.3.48.1.aarch64",
        "relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "lib389-2.0.20~git89.937b1f291-150400.3.48.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
          "product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:lib389-2.0.20~git89.937b1f291-150400.3.48.1.x86_64"
        },
        "product_reference": "lib389-2.0.20~git89.937b1f291-150400.3.48.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libsvrcore0-2.0.20~git89.937b1f291-150400.3.48.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
          "product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libsvrcore0-2.0.20~git89.937b1f291-150400.3.48.1.aarch64"
        },
        "product_reference": "libsvrcore0-2.0.20~git89.937b1f291-150400.3.48.1.aarch64",
        "relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libsvrcore0-2.0.20~git89.937b1f291-150400.3.48.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
          "product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libsvrcore0-2.0.20~git89.937b1f291-150400.3.48.1.x86_64"
        },
        "product_reference": "libsvrcore0-2.0.20~git89.937b1f291-150400.3.48.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "389-ds-2.0.20~git89.937b1f291-150400.3.48.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
          "product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:389-ds-2.0.20~git89.937b1f291-150400.3.48.1.aarch64"
        },
        "product_reference": "389-ds-2.0.20~git89.937b1f291-150400.3.48.1.aarch64",
        "relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "389-ds-2.0.20~git89.937b1f291-150400.3.48.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
          "product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:389-ds-2.0.20~git89.937b1f291-150400.3.48.1.x86_64"
        },
        "product_reference": "389-ds-2.0.20~git89.937b1f291-150400.3.48.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "389-ds-devel-2.0.20~git89.937b1f291-150400.3.48.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
          "product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:389-ds-devel-2.0.20~git89.937b1f291-150400.3.48.1.aarch64"
        },
        "product_reference": "389-ds-devel-2.0.20~git89.937b1f291-150400.3.48.1.aarch64",
        "relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "389-ds-devel-2.0.20~git89.937b1f291-150400.3.48.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
          "product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:389-ds-devel-2.0.20~git89.937b1f291-150400.3.48.1.x86_64"
        },
        "product_reference": "389-ds-devel-2.0.20~git89.937b1f291-150400.3.48.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "lib389-2.0.20~git89.937b1f291-150400.3.48.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
          "product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:lib389-2.0.20~git89.937b1f291-150400.3.48.1.aarch64"
        },
        "product_reference": "lib389-2.0.20~git89.937b1f291-150400.3.48.1.aarch64",
        "relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "lib389-2.0.20~git89.937b1f291-150400.3.48.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
          "product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:lib389-2.0.20~git89.937b1f291-150400.3.48.1.x86_64"
        },
        "product_reference": "lib389-2.0.20~git89.937b1f291-150400.3.48.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libsvrcore0-2.0.20~git89.937b1f291-150400.3.48.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
          "product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libsvrcore0-2.0.20~git89.937b1f291-150400.3.48.1.aarch64"
        },
        "product_reference": "libsvrcore0-2.0.20~git89.937b1f291-150400.3.48.1.aarch64",
        "relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libsvrcore0-2.0.20~git89.937b1f291-150400.3.48.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
          "product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libsvrcore0-2.0.20~git89.937b1f291-150400.3.48.1.x86_64"
        },
        "product_reference": "libsvrcore0-2.0.20~git89.937b1f291-150400.3.48.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "389-ds-2.0.20~git89.937b1f291-150400.3.48.1.aarch64 as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
          "product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:389-ds-2.0.20~git89.937b1f291-150400.3.48.1.aarch64"
        },
        "product_reference": "389-ds-2.0.20~git89.937b1f291-150400.3.48.1.aarch64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "389-ds-2.0.20~git89.937b1f291-150400.3.48.1.ppc64le as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
          "product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:389-ds-2.0.20~git89.937b1f291-150400.3.48.1.ppc64le"
        },
        "product_reference": "389-ds-2.0.20~git89.937b1f291-150400.3.48.1.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "389-ds-2.0.20~git89.937b1f291-150400.3.48.1.s390x as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
          "product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:389-ds-2.0.20~git89.937b1f291-150400.3.48.1.s390x"
        },
        "product_reference": "389-ds-2.0.20~git89.937b1f291-150400.3.48.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "389-ds-2.0.20~git89.937b1f291-150400.3.48.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
          "product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:389-ds-2.0.20~git89.937b1f291-150400.3.48.1.x86_64"
        },
        "product_reference": "389-ds-2.0.20~git89.937b1f291-150400.3.48.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "389-ds-devel-2.0.20~git89.937b1f291-150400.3.48.1.aarch64 as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
          "product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:389-ds-devel-2.0.20~git89.937b1f291-150400.3.48.1.aarch64"
        },
        "product_reference": "389-ds-devel-2.0.20~git89.937b1f291-150400.3.48.1.aarch64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "389-ds-devel-2.0.20~git89.937b1f291-150400.3.48.1.ppc64le as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
          "product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:389-ds-devel-2.0.20~git89.937b1f291-150400.3.48.1.ppc64le"
        },
        "product_reference": "389-ds-devel-2.0.20~git89.937b1f291-150400.3.48.1.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "389-ds-devel-2.0.20~git89.937b1f291-150400.3.48.1.s390x as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
          "product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:389-ds-devel-2.0.20~git89.937b1f291-150400.3.48.1.s390x"
        },
        "product_reference": "389-ds-devel-2.0.20~git89.937b1f291-150400.3.48.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "389-ds-devel-2.0.20~git89.937b1f291-150400.3.48.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
          "product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:389-ds-devel-2.0.20~git89.937b1f291-150400.3.48.1.x86_64"
        },
        "product_reference": "389-ds-devel-2.0.20~git89.937b1f291-150400.3.48.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "lib389-2.0.20~git89.937b1f291-150400.3.48.1.aarch64 as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
          "product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:lib389-2.0.20~git89.937b1f291-150400.3.48.1.aarch64"
        },
        "product_reference": "lib389-2.0.20~git89.937b1f291-150400.3.48.1.aarch64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "lib389-2.0.20~git89.937b1f291-150400.3.48.1.ppc64le as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
          "product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:lib389-2.0.20~git89.937b1f291-150400.3.48.1.ppc64le"
        },
        "product_reference": "lib389-2.0.20~git89.937b1f291-150400.3.48.1.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "lib389-2.0.20~git89.937b1f291-150400.3.48.1.s390x as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
          "product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:lib389-2.0.20~git89.937b1f291-150400.3.48.1.s390x"
        },
        "product_reference": "lib389-2.0.20~git89.937b1f291-150400.3.48.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "lib389-2.0.20~git89.937b1f291-150400.3.48.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
          "product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:lib389-2.0.20~git89.937b1f291-150400.3.48.1.x86_64"
        },
        "product_reference": "lib389-2.0.20~git89.937b1f291-150400.3.48.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libsvrcore0-2.0.20~git89.937b1f291-150400.3.48.1.aarch64 as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
          "product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:libsvrcore0-2.0.20~git89.937b1f291-150400.3.48.1.aarch64"
        },
        "product_reference": "libsvrcore0-2.0.20~git89.937b1f291-150400.3.48.1.aarch64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libsvrcore0-2.0.20~git89.937b1f291-150400.3.48.1.ppc64le as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
          "product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:libsvrcore0-2.0.20~git89.937b1f291-150400.3.48.1.ppc64le"
        },
        "product_reference": "libsvrcore0-2.0.20~git89.937b1f291-150400.3.48.1.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libsvrcore0-2.0.20~git89.937b1f291-150400.3.48.1.s390x as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
          "product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:libsvrcore0-2.0.20~git89.937b1f291-150400.3.48.1.s390x"
        },
        "product_reference": "libsvrcore0-2.0.20~git89.937b1f291-150400.3.48.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libsvrcore0-2.0.20~git89.937b1f291-150400.3.48.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
          "product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:libsvrcore0-2.0.20~git89.937b1f291-150400.3.48.1.x86_64"
        },
        "product_reference": "libsvrcore0-2.0.20~git89.937b1f291-150400.3.48.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "389-ds-2.0.20~git89.937b1f291-150400.3.48.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 15 SP4",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4:389-ds-2.0.20~git89.937b1f291-150400.3.48.1.ppc64le"
        },
        "product_reference": "389-ds-2.0.20~git89.937b1f291-150400.3.48.1.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "389-ds-2.0.20~git89.937b1f291-150400.3.48.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP4",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4:389-ds-2.0.20~git89.937b1f291-150400.3.48.1.x86_64"
        },
        "product_reference": "389-ds-2.0.20~git89.937b1f291-150400.3.48.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "389-ds-devel-2.0.20~git89.937b1f291-150400.3.48.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 15 SP4",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4:389-ds-devel-2.0.20~git89.937b1f291-150400.3.48.1.ppc64le"
        },
        "product_reference": "389-ds-devel-2.0.20~git89.937b1f291-150400.3.48.1.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "389-ds-devel-2.0.20~git89.937b1f291-150400.3.48.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP4",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4:389-ds-devel-2.0.20~git89.937b1f291-150400.3.48.1.x86_64"
        },
        "product_reference": "389-ds-devel-2.0.20~git89.937b1f291-150400.3.48.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "lib389-2.0.20~git89.937b1f291-150400.3.48.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 15 SP4",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4:lib389-2.0.20~git89.937b1f291-150400.3.48.1.ppc64le"
        },
        "product_reference": "lib389-2.0.20~git89.937b1f291-150400.3.48.1.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "lib389-2.0.20~git89.937b1f291-150400.3.48.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP4",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4:lib389-2.0.20~git89.937b1f291-150400.3.48.1.x86_64"
        },
        "product_reference": "lib389-2.0.20~git89.937b1f291-150400.3.48.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libsvrcore0-2.0.20~git89.937b1f291-150400.3.48.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 15 SP4",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4:libsvrcore0-2.0.20~git89.937b1f291-150400.3.48.1.ppc64le"
        },
        "product_reference": "libsvrcore0-2.0.20~git89.937b1f291-150400.3.48.1.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libsvrcore0-2.0.20~git89.937b1f291-150400.3.48.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP4",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4:libsvrcore0-2.0.20~git89.937b1f291-150400.3.48.1.x86_64"
        },
        "product_reference": "libsvrcore0-2.0.20~git89.937b1f291-150400.3.48.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP4"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2025-14905",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-14905"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "A flaw was found in the 389-ds-base server. A heap buffer overflow vulnerability exists in the `schema_attr_enum_callback` function within the `schema.c` file. This occurs because the code incorrectly calculates the buffer size by summing alias string lengths without accounting for additional formatting characters. When a large number of aliases are processed, this oversight can lead to a heap overflow, potentially allowing a remote attacker to cause a Denial of Service (DoS) or achieve Remote Code Execution (RCE).",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:389-ds-2.0.20~git89.937b1f291-150400.3.48.1.aarch64",
          "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:389-ds-2.0.20~git89.937b1f291-150400.3.48.1.x86_64",
          "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:389-ds-devel-2.0.20~git89.937b1f291-150400.3.48.1.aarch64",
          "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:389-ds-devel-2.0.20~git89.937b1f291-150400.3.48.1.x86_64",
          "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:lib389-2.0.20~git89.937b1f291-150400.3.48.1.aarch64",
          "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:lib389-2.0.20~git89.937b1f291-150400.3.48.1.x86_64",
          "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libsvrcore0-2.0.20~git89.937b1f291-150400.3.48.1.aarch64",
          "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libsvrcore0-2.0.20~git89.937b1f291-150400.3.48.1.x86_64",
          "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:389-ds-2.0.20~git89.937b1f291-150400.3.48.1.aarch64",
          "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:389-ds-2.0.20~git89.937b1f291-150400.3.48.1.x86_64",
          "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:389-ds-devel-2.0.20~git89.937b1f291-150400.3.48.1.aarch64",
          "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:389-ds-devel-2.0.20~git89.937b1f291-150400.3.48.1.x86_64",
          "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:lib389-2.0.20~git89.937b1f291-150400.3.48.1.aarch64",
          "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:lib389-2.0.20~git89.937b1f291-150400.3.48.1.x86_64",
          "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libsvrcore0-2.0.20~git89.937b1f291-150400.3.48.1.aarch64",
          "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libsvrcore0-2.0.20~git89.937b1f291-150400.3.48.1.x86_64",
          "SUSE Linux Enterprise Server 15 SP4-LTSS:389-ds-2.0.20~git89.937b1f291-150400.3.48.1.aarch64",
          "SUSE Linux Enterprise Server 15 SP4-LTSS:389-ds-2.0.20~git89.937b1f291-150400.3.48.1.ppc64le",
          "SUSE Linux Enterprise Server 15 SP4-LTSS:389-ds-2.0.20~git89.937b1f291-150400.3.48.1.s390x",
          "SUSE Linux Enterprise Server 15 SP4-LTSS:389-ds-2.0.20~git89.937b1f291-150400.3.48.1.x86_64",
          "SUSE Linux Enterprise Server 15 SP4-LTSS:389-ds-devel-2.0.20~git89.937b1f291-150400.3.48.1.aarch64",
          "SUSE Linux Enterprise Server 15 SP4-LTSS:389-ds-devel-2.0.20~git89.937b1f291-150400.3.48.1.ppc64le",
          "SUSE Linux Enterprise Server 15 SP4-LTSS:389-ds-devel-2.0.20~git89.937b1f291-150400.3.48.1.s390x",
          "SUSE Linux Enterprise Server 15 SP4-LTSS:389-ds-devel-2.0.20~git89.937b1f291-150400.3.48.1.x86_64",
          "SUSE Linux Enterprise Server 15 SP4-LTSS:lib389-2.0.20~git89.937b1f291-150400.3.48.1.aarch64",
          "SUSE Linux Enterprise Server 15 SP4-LTSS:lib389-2.0.20~git89.937b1f291-150400.3.48.1.ppc64le",
          "SUSE Linux Enterprise Server 15 SP4-LTSS:lib389-2.0.20~git89.937b1f291-150400.3.48.1.s390x",
          "SUSE Linux Enterprise Server 15 SP4-LTSS:lib389-2.0.20~git89.937b1f291-150400.3.48.1.x86_64",
          "SUSE Linux Enterprise Server 15 SP4-LTSS:libsvrcore0-2.0.20~git89.937b1f291-150400.3.48.1.aarch64",
          "SUSE Linux Enterprise Server 15 SP4-LTSS:libsvrcore0-2.0.20~git89.937b1f291-150400.3.48.1.ppc64le",
          "SUSE Linux Enterprise Server 15 SP4-LTSS:libsvrcore0-2.0.20~git89.937b1f291-150400.3.48.1.s390x",
          "SUSE Linux Enterprise Server 15 SP4-LTSS:libsvrcore0-2.0.20~git89.937b1f291-150400.3.48.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP4:389-ds-2.0.20~git89.937b1f291-150400.3.48.1.ppc64le",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP4:389-ds-2.0.20~git89.937b1f291-150400.3.48.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP4:389-ds-devel-2.0.20~git89.937b1f291-150400.3.48.1.ppc64le",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP4:389-ds-devel-2.0.20~git89.937b1f291-150400.3.48.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP4:lib389-2.0.20~git89.937b1f291-150400.3.48.1.ppc64le",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP4:lib389-2.0.20~git89.937b1f291-150400.3.48.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP4:libsvrcore0-2.0.20~git89.937b1f291-150400.3.48.1.ppc64le",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP4:libsvrcore0-2.0.20~git89.937b1f291-150400.3.48.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-14905",
          "url": "https://www.suse.com/security/cve/CVE-2025-14905"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1258727 for CVE-2025-14905",
          "url": "https://bugzilla.suse.com/1258727"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:389-ds-2.0.20~git89.937b1f291-150400.3.48.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:389-ds-2.0.20~git89.937b1f291-150400.3.48.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:389-ds-devel-2.0.20~git89.937b1f291-150400.3.48.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:389-ds-devel-2.0.20~git89.937b1f291-150400.3.48.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:lib389-2.0.20~git89.937b1f291-150400.3.48.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:lib389-2.0.20~git89.937b1f291-150400.3.48.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libsvrcore0-2.0.20~git89.937b1f291-150400.3.48.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libsvrcore0-2.0.20~git89.937b1f291-150400.3.48.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:389-ds-2.0.20~git89.937b1f291-150400.3.48.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:389-ds-2.0.20~git89.937b1f291-150400.3.48.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:389-ds-devel-2.0.20~git89.937b1f291-150400.3.48.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:389-ds-devel-2.0.20~git89.937b1f291-150400.3.48.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:lib389-2.0.20~git89.937b1f291-150400.3.48.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:lib389-2.0.20~git89.937b1f291-150400.3.48.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libsvrcore0-2.0.20~git89.937b1f291-150400.3.48.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libsvrcore0-2.0.20~git89.937b1f291-150400.3.48.1.x86_64",
            "SUSE Linux Enterprise Server 15 SP4-LTSS:389-ds-2.0.20~git89.937b1f291-150400.3.48.1.aarch64",
            "SUSE Linux Enterprise Server 15 SP4-LTSS:389-ds-2.0.20~git89.937b1f291-150400.3.48.1.ppc64le",
            "SUSE Linux Enterprise Server 15 SP4-LTSS:389-ds-2.0.20~git89.937b1f291-150400.3.48.1.s390x",
            "SUSE Linux Enterprise Server 15 SP4-LTSS:389-ds-2.0.20~git89.937b1f291-150400.3.48.1.x86_64",
            "SUSE Linux Enterprise Server 15 SP4-LTSS:389-ds-devel-2.0.20~git89.937b1f291-150400.3.48.1.aarch64",
            "SUSE Linux Enterprise Server 15 SP4-LTSS:389-ds-devel-2.0.20~git89.937b1f291-150400.3.48.1.ppc64le",
            "SUSE Linux Enterprise Server 15 SP4-LTSS:389-ds-devel-2.0.20~git89.937b1f291-150400.3.48.1.s390x",
            "SUSE Linux Enterprise Server 15 SP4-LTSS:389-ds-devel-2.0.20~git89.937b1f291-150400.3.48.1.x86_64",
            "SUSE Linux Enterprise Server 15 SP4-LTSS:lib389-2.0.20~git89.937b1f291-150400.3.48.1.aarch64",
            "SUSE Linux Enterprise Server 15 SP4-LTSS:lib389-2.0.20~git89.937b1f291-150400.3.48.1.ppc64le",
            "SUSE Linux Enterprise Server 15 SP4-LTSS:lib389-2.0.20~git89.937b1f291-150400.3.48.1.s390x",
            "SUSE Linux Enterprise Server 15 SP4-LTSS:lib389-2.0.20~git89.937b1f291-150400.3.48.1.x86_64",
            "SUSE Linux Enterprise Server 15 SP4-LTSS:libsvrcore0-2.0.20~git89.937b1f291-150400.3.48.1.aarch64",
            "SUSE Linux Enterprise Server 15 SP4-LTSS:libsvrcore0-2.0.20~git89.937b1f291-150400.3.48.1.ppc64le",
            "SUSE Linux Enterprise Server 15 SP4-LTSS:libsvrcore0-2.0.20~git89.937b1f291-150400.3.48.1.s390x",
            "SUSE Linux Enterprise Server 15 SP4-LTSS:libsvrcore0-2.0.20~git89.937b1f291-150400.3.48.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP4:389-ds-2.0.20~git89.937b1f291-150400.3.48.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP4:389-ds-2.0.20~git89.937b1f291-150400.3.48.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP4:389-ds-devel-2.0.20~git89.937b1f291-150400.3.48.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP4:389-ds-devel-2.0.20~git89.937b1f291-150400.3.48.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP4:lib389-2.0.20~git89.937b1f291-150400.3.48.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP4:lib389-2.0.20~git89.937b1f291-150400.3.48.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP4:libsvrcore0-2.0.20~git89.937b1f291-150400.3.48.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP4:libsvrcore0-2.0.20~git89.937b1f291-150400.3.48.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.2,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:389-ds-2.0.20~git89.937b1f291-150400.3.48.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:389-ds-2.0.20~git89.937b1f291-150400.3.48.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:389-ds-devel-2.0.20~git89.937b1f291-150400.3.48.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:389-ds-devel-2.0.20~git89.937b1f291-150400.3.48.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:lib389-2.0.20~git89.937b1f291-150400.3.48.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:lib389-2.0.20~git89.937b1f291-150400.3.48.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libsvrcore0-2.0.20~git89.937b1f291-150400.3.48.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libsvrcore0-2.0.20~git89.937b1f291-150400.3.48.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:389-ds-2.0.20~git89.937b1f291-150400.3.48.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:389-ds-2.0.20~git89.937b1f291-150400.3.48.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:389-ds-devel-2.0.20~git89.937b1f291-150400.3.48.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:389-ds-devel-2.0.20~git89.937b1f291-150400.3.48.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:lib389-2.0.20~git89.937b1f291-150400.3.48.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:lib389-2.0.20~git89.937b1f291-150400.3.48.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libsvrcore0-2.0.20~git89.937b1f291-150400.3.48.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libsvrcore0-2.0.20~git89.937b1f291-150400.3.48.1.x86_64",
            "SUSE Linux Enterprise Server 15 SP4-LTSS:389-ds-2.0.20~git89.937b1f291-150400.3.48.1.aarch64",
            "SUSE Linux Enterprise Server 15 SP4-LTSS:389-ds-2.0.20~git89.937b1f291-150400.3.48.1.ppc64le",
            "SUSE Linux Enterprise Server 15 SP4-LTSS:389-ds-2.0.20~git89.937b1f291-150400.3.48.1.s390x",
            "SUSE Linux Enterprise Server 15 SP4-LTSS:389-ds-2.0.20~git89.937b1f291-150400.3.48.1.x86_64",
            "SUSE Linux Enterprise Server 15 SP4-LTSS:389-ds-devel-2.0.20~git89.937b1f291-150400.3.48.1.aarch64",
            "SUSE Linux Enterprise Server 15 SP4-LTSS:389-ds-devel-2.0.20~git89.937b1f291-150400.3.48.1.ppc64le",
            "SUSE Linux Enterprise Server 15 SP4-LTSS:389-ds-devel-2.0.20~git89.937b1f291-150400.3.48.1.s390x",
            "SUSE Linux Enterprise Server 15 SP4-LTSS:389-ds-devel-2.0.20~git89.937b1f291-150400.3.48.1.x86_64",
            "SUSE Linux Enterprise Server 15 SP4-LTSS:lib389-2.0.20~git89.937b1f291-150400.3.48.1.aarch64",
            "SUSE Linux Enterprise Server 15 SP4-LTSS:lib389-2.0.20~git89.937b1f291-150400.3.48.1.ppc64le",
            "SUSE Linux Enterprise Server 15 SP4-LTSS:lib389-2.0.20~git89.937b1f291-150400.3.48.1.s390x",
            "SUSE Linux Enterprise Server 15 SP4-LTSS:lib389-2.0.20~git89.937b1f291-150400.3.48.1.x86_64",
            "SUSE Linux Enterprise Server 15 SP4-LTSS:libsvrcore0-2.0.20~git89.937b1f291-150400.3.48.1.aarch64",
            "SUSE Linux Enterprise Server 15 SP4-LTSS:libsvrcore0-2.0.20~git89.937b1f291-150400.3.48.1.ppc64le",
            "SUSE Linux Enterprise Server 15 SP4-LTSS:libsvrcore0-2.0.20~git89.937b1f291-150400.3.48.1.s390x",
            "SUSE Linux Enterprise Server 15 SP4-LTSS:libsvrcore0-2.0.20~git89.937b1f291-150400.3.48.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP4:389-ds-2.0.20~git89.937b1f291-150400.3.48.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP4:389-ds-2.0.20~git89.937b1f291-150400.3.48.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP4:389-ds-devel-2.0.20~git89.937b1f291-150400.3.48.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP4:389-ds-devel-2.0.20~git89.937b1f291-150400.3.48.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP4:lib389-2.0.20~git89.937b1f291-150400.3.48.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP4:lib389-2.0.20~git89.937b1f291-150400.3.48.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP4:libsvrcore0-2.0.20~git89.937b1f291-150400.3.48.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP4:libsvrcore0-2.0.20~git89.937b1f291-150400.3.48.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-05-07T13:54:14Z",
          "details": "important"
        }
      ],
      "title": "CVE-2025-14905"
    }
  ]
}

CVE-2025-14905 (GCVE-0-2025-14905)

Vulnerability from cvelistv5 – Published: 2026-02-23 15:41 – Updated: 2026-03-31 15:40

Title

389-ds-base: 389-ds-base: remote code execution and denial of service via heap buffer overflow

Summary

A flaw was found in the 389-ds-base server. A heap buffer overflow vulnerability exists in the `schema_attr_enum_callback` function within the `schema.c` file. This occurs because the code incorrectly calculates the buffer size by summing alias string lengths without accounting for additional formatting characters. When a large number of aliases are processed, this oversight can lead to a heap overflow, potentially allowing a remote attacker to cause a Denial of Service (DoS) or achieve Remote Code Execution (RCE).

Severity ?

7.2 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-122 - Heap-based Buffer Overflow

Assigner

redhat

References

URL

Tags

	https://access.redhat.com/errata/RHSA-2026:3189	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2026:3208	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2026:3379	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2026:3504	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2026:4207	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2026:4661	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2026:4720	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2026:5196	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2026:5511	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2026:5512	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2026:5513	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2026:5514	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2026:5568	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2026:5569	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2026:5576	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2026:5597	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2026:5598	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2026:6220	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2026:6268	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/security/cve/CVE-2025-14905	vdb-entryx_refsource_REDHAT
	https://bugzilla.redhat.com/show_bug.cgi?id=2423624	issue-trackingx_refsource_REDHAT

Impacted products

Vendor

Product

Version

Red Hat

Red Hat Directory Server 11.5 E4S for RHEL 8

Unaffected: 8060020260303152239.0ca98e7e , < * (rpm)
cpe:/a:redhat:directory_server_e4s:11.5::el8

Red Hat	Red Hat Directory Server 11.7 E4S for RHEL 8	Unaffected: 8080020260227193008.f969626e , < * (rpm) cpe:/a:redhat:directory_server_e4s:11.7::el8
Red Hat	Red Hat Directory Server 11.9 for RHEL 8	Unaffected: 8100020260312105752.37ed7c03 , < * (rpm) cpe:/a:redhat:directory_server:11.9::el8
Red Hat	Red Hat Directory Server 12.2 E4S for RHEL 9	Unaffected: 9020020260304180546.1674d574 , < * (rpm) cpe:/a:redhat:directory_server_e4s:12.2::el9
Red Hat	Red Hat Directory Server 12.4 EUS for RHEL 9	Unaffected: 9040020260225135630.1674d574 , < * (rpm) cpe:/a:redhat:directory_server_eus:12.4::el9
Red Hat	Red Hat Enterprise Linux 10	Unaffected: 0:3.1.3-7.el10_1 , < * (rpm) cpe:/o:redhat:enterprise_linux:10.1
Red Hat	Red Hat Enterprise Linux 10.0 Extended Update Support	Unaffected: 0:3.0.6-17.el10_0 , < * (rpm) cpe:/o:redhat:enterprise_linux_eus:10.0
Red Hat	Red Hat Enterprise Linux 7 Extended Lifecycle Support	Unaffected: 0:1.3.11.1-11.el7_9 , < * (rpm) cpe:/o:redhat:rhel_els:7
Red Hat	Red Hat Enterprise Linux 8	Unaffected: 8100020260312103235.25e700aa , < * (rpm) cpe:/a:redhat:enterprise_linux:8::appstream
Red Hat	Red Hat Enterprise Linux 8.2 Advanced Update Support	Unaffected: 8020020260303204738.dbc46ba7 , < * (rpm) cpe:/a:redhat:rhel_aus:8.2::appstream
Red Hat	Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support	Unaffected: 8040020260303172348.96015a92 , < * (rpm) cpe:/a:redhat:rhel_eus_long_life:8.4::appstream cpe:/a:redhat:rhel_aus:8.4::appstream
Red Hat	Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On	Unaffected: 8040020260303172348.96015a92 , < * (rpm) cpe:/a:redhat:rhel_eus_long_life:8.4::appstream cpe:/a:redhat:rhel_aus:8.4::appstream
Red Hat	Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support	Unaffected: 8060020260303144613.824efc52 , < * (rpm) cpe:/a:redhat:rhel_tus:8.6::appstream cpe:/a:redhat:rhel_aus:8.6::appstream cpe:/a:redhat:rhel_e4s:8.6::appstream
Red Hat	Red Hat Enterprise Linux 8.6 Telecommunications Update Service	Unaffected: 8060020260303144613.824efc52 , < * (rpm) cpe:/a:redhat:rhel_tus:8.6::appstream cpe:/a:redhat:rhel_aus:8.6::appstream cpe:/a:redhat:rhel_e4s:8.6::appstream
Red Hat	Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions	Unaffected: 8060020260303144613.824efc52 , < * (rpm) cpe:/a:redhat:rhel_tus:8.6::appstream cpe:/a:redhat:rhel_aus:8.6::appstream cpe:/a:redhat:rhel_e4s:8.6::appstream
Red Hat	Red Hat Enterprise Linux 8.8 Telecommunications Update Service	Unaffected: 8080020260227183930.6dbb3803 , < * (rpm) cpe:/a:redhat:rhel_e4s:8.8::appstream cpe:/a:redhat:rhel_tus:8.8::appstream
Red Hat	Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions	Unaffected: 8080020260227183930.6dbb3803 , < * (rpm) cpe:/a:redhat:rhel_e4s:8.8::appstream cpe:/a:redhat:rhel_tus:8.8::appstream
Red Hat	Red Hat Enterprise Linux 9	Unaffected: 0:2.7.0-10.el9_7 , < * (rpm) cpe:/a:redhat:enterprise_linux:9::appstream cpe:/a:redhat:enterprise_linux:9::crb
Red Hat	Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions	Unaffected: 0:2.0.14-5.el9_0 , < * (rpm) cpe:/a:redhat:rhel_e4s:9.0::appstream
Red Hat	Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions	Unaffected: 0:2.2.4-17.el9_2 , < * (rpm) cpe:/a:redhat:rhel_e4s:9.2::appstream
Red Hat	Red Hat Enterprise Linux 9.4 Extended Update Support	Unaffected: 0:2.4.5-24.el9_4 , < * (rpm) cpe:/a:redhat:rhel_eus:9.4::appstream cpe:/a:redhat:rhel_eus:9.4::crb
Red Hat	Red Hat Enterprise Linux 9.6 Extended Update Support	Unaffected: 0:2.6.1-20.el9_6 , < * (rpm) cpe:/a:redhat:rhel_eus:9.6::crb cpe:/a:redhat:rhel_eus:9.6::appstream
Red Hat	Red Hat Directory Server 13.1	Unaffected: sha256:5e49efa2b8764403fad13b81c968b76c7b6400fabd83bf95e2f7667b90e93ab5 , < * (rpm) cpe:/a:redhat:directory_server:13.1::el10
Red Hat	Red Hat Directory Server 12	cpe:/a:redhat:directory_server:12
Red Hat	Red Hat Directory Server 13	cpe:/a:redhat:directory_server:13
Red Hat	Red Hat Enterprise Linux 6	cpe:/o:redhat:enterprise_linux:6

Date Public ?

2026-02-23 00:00

Credits

This issue was discovered by Red Hat Security Research Team (Red Hat Inc.).

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-14905",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-02-23T18:49:43.028074Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-02-23T18:54:27.128Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:directory_server_e4s:11.5::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "redhat-ds:11",
          "product": "Red Hat Directory Server 11.5 E4S for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "8060020260303152239.0ca98e7e",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:directory_server_e4s:11.7::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "redhat-ds:11",
          "product": "Red Hat Directory Server 11.7 E4S for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "8080020260227193008.f969626e",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:directory_server:11.9::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "redhat-ds:11",
          "product": "Red Hat Directory Server 11.9 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "8100020260312105752.37ed7c03",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:directory_server_e4s:12.2::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "redhat-ds:12",
          "product": "Red Hat Directory Server 12.2 E4S for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "9020020260304180546.1674d574",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:directory_server_eus:12.4::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "redhat-ds:12",
          "product": "Red Hat Directory Server 12.4 EUS for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "9040020260225135630.1674d574",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:10.1"
          ],
          "defaultStatus": "affected",
          "packageName": "389-ds-base",
          "product": "Red Hat Enterprise Linux 10",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:3.1.3-7.el10_1",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux_eus:10.0"
          ],
          "defaultStatus": "affected",
          "packageName": "389-ds-base",
          "product": "Red Hat Enterprise Linux 10.0 Extended Update Support",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:3.0.6-17.el10_0",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:rhel_els:7"
          ],
          "defaultStatus": "affected",
          "packageName": "389-ds-base",
          "product": "Red Hat Enterprise Linux 7 Extended Lifecycle Support",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.3.11.1-11.el7_9",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:enterprise_linux:8::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "389-ds:1.4",
          "product": "Red Hat Enterprise Linux 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "8100020260312103235.25e700aa",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:rhel_aus:8.2::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "389-ds:1.4",
          "product": "Red Hat Enterprise Linux 8.2 Advanced Update Support",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "8020020260303204738.dbc46ba7",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:rhel_eus_long_life:8.4::appstream",
            "cpe:/a:redhat:rhel_aus:8.4::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "389-ds:1.4",
          "product": "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "8040020260303172348.96015a92",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:rhel_eus_long_life:8.4::appstream",
            "cpe:/a:redhat:rhel_aus:8.4::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "389-ds:1.4",
          "product": "Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "8040020260303172348.96015a92",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:rhel_tus:8.6::appstream",
            "cpe:/a:redhat:rhel_aus:8.6::appstream",
            "cpe:/a:redhat:rhel_e4s:8.6::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "389-ds:1.4",
          "product": "Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "8060020260303144613.824efc52",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:rhel_tus:8.6::appstream",
            "cpe:/a:redhat:rhel_aus:8.6::appstream",
            "cpe:/a:redhat:rhel_e4s:8.6::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "389-ds:1.4",
          "product": "Red Hat Enterprise Linux 8.6 Telecommunications Update Service",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "8060020260303144613.824efc52",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:rhel_tus:8.6::appstream",
            "cpe:/a:redhat:rhel_aus:8.6::appstream",
            "cpe:/a:redhat:rhel_e4s:8.6::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "389-ds:1.4",
          "product": "Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "8060020260303144613.824efc52",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:rhel_e4s:8.8::appstream",
            "cpe:/a:redhat:rhel_tus:8.8::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "389-ds:1.4",
          "product": "Red Hat Enterprise Linux 8.8 Telecommunications Update Service",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "8080020260227183930.6dbb3803",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:rhel_e4s:8.8::appstream",
            "cpe:/a:redhat:rhel_tus:8.8::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "389-ds:1.4",
          "product": "Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "8080020260227183930.6dbb3803",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:enterprise_linux:9::appstream",
            "cpe:/a:redhat:enterprise_linux:9::crb"
          ],
          "defaultStatus": "affected",
          "packageName": "389-ds-base",
          "product": "Red Hat Enterprise Linux 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.7.0-10.el9_7",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:rhel_e4s:9.0::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "389-ds-base",
          "product": "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.0.14-5.el9_0",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:rhel_e4s:9.2::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "389-ds-base",
          "product": "Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.2.4-17.el9_2",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:rhel_eus:9.4::appstream",
            "cpe:/a:redhat:rhel_eus:9.4::crb"
          ],
          "defaultStatus": "affected",
          "packageName": "389-ds-base",
          "product": "Red Hat Enterprise Linux 9.4 Extended Update Support",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.4.5-24.el9_4",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:rhel_eus:9.6::crb",
            "cpe:/a:redhat:rhel_eus:9.6::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "389-ds-base",
          "product": "Red Hat Enterprise Linux 9.6 Extended Update Support",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.6.1-20.el9_6",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:directory_server:13.1::el10"
          ],
          "defaultStatus": "affected",
          "packageName": "dirsrv/dirsrv-container-rhel10",
          "product": "Red Hat Directory Server 13.1",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "sha256:5e49efa2b8764403fad13b81c968b76c7b6400fabd83bf95e2f7667b90e93ab5",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:directory_server:12"
          ],
          "defaultStatus": "affected",
          "packageName": "redhat-ds:12/389-ds-base",
          "product": "Red Hat Directory Server 12",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:directory_server:13"
          ],
          "defaultStatus": "affected",
          "packageName": "389-ds-base",
          "product": "Red Hat Directory Server 13",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:6"
          ],
          "defaultStatus": "unknown",
          "packageName": "389-ds-base",
          "product": "Red Hat Enterprise Linux 6",
          "vendor": "Red Hat"
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "This issue was discovered by Red Hat Security Research Team (Red Hat Inc.)."
        }
      ],
      "datePublic": "2026-02-23T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A flaw was found in the 389-ds-base server. A heap buffer overflow vulnerability exists in the `schema_attr_enum_callback` function within the `schema.c` file. This occurs because the code incorrectly calculates the buffer size by summing alias string lengths without accounting for additional formatting characters. When a large number of aliases are processed, this oversight can lead to a heap overflow, potentially allowing a remote attacker to cause a Denial of Service (DoS) or achieve Remote Code Execution (RCE)."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "namespace": "https://access.redhat.com/security/updates/classification/",
              "value": "Moderate"
            },
            "type": "Red Hat severity rating"
          }
        },
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.2,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-122",
              "description": "Heap-based Buffer Overflow",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-03-31T15:40:05.143Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "RHSA-2026:3189",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2026:3189"
        },
        {
          "name": "RHSA-2026:3208",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2026:3208"
        },
        {
          "name": "RHSA-2026:3379",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2026:3379"
        },
        {
          "name": "RHSA-2026:3504",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2026:3504"
        },
        {
          "name": "RHSA-2026:4207",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2026:4207"
        },
        {
          "name": "RHSA-2026:4661",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2026:4661"
        },
        {
          "name": "RHSA-2026:4720",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2026:4720"
        },
        {
          "name": "RHSA-2026:5196",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2026:5196"
        },
        {
          "name": "RHSA-2026:5511",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2026:5511"
        },
        {
          "name": "RHSA-2026:5512",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2026:5512"
        },
        {
          "name": "RHSA-2026:5513",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2026:5513"
        },
        {
          "name": "RHSA-2026:5514",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2026:5514"
        },
        {
          "name": "RHSA-2026:5568",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2026:5568"
        },
        {
          "name": "RHSA-2026:5569",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2026:5569"
        },
        {
          "name": "RHSA-2026:5576",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2026:5576"
        },
        {
          "name": "RHSA-2026:5597",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2026:5597"
        },
        {
          "name": "RHSA-2026:5598",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2026:5598"
        },
        {
          "name": "RHSA-2026:6220",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2026:6220"
        },
        {
          "name": "RHSA-2026:6268",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2026:6268"
        },
        {
          "tags": [
            "vdb-entry",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/security/cve/CVE-2025-14905"
        },
        {
          "name": "RHBZ#2423624",
          "tags": [
            "issue-tracking",
            "x_refsource_REDHAT"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2423624"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2025-12-18T18:04:56.621Z",
          "value": "Reported to Red Hat."
        },
        {
          "lang": "en",
          "time": "2026-02-23T00:00:00.000Z",
          "value": "Made public."
        }
      ],
      "title": "389-ds-base: 389-ds-base: remote code execution and denial of service via heap buffer overflow",
      "workarounds": [
        {
          "lang": "en",
          "value": "Restrict network access to the 389-ds-base server to only trusted hosts and networks using firewall rules. Additionally, ensure that administrative access to the server is strictly limited to authorized personnel with strong authentication, as exploitation requires high privileges. This reduces the attack surface and the likelihood of an attacker gaining the necessary privileges to trigger the heap overflow."
        }
      ],
      "x_generator": {
        "engine": "cvelib 1.8.0"
      },
      "x_redhatCweChain": "CWE-122: Heap-based Buffer Overflow"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2025-14905",
    "datePublished": "2026-02-23T15:41:47.976Z",
    "dateReserved": "2025-12-18T18:06:35.400Z",
    "dateUpdated": "2026-03-31T15:40:05.143Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

SUSE-SU-2026:1753-1

CVE-2025-14905 (GCVE-0-2025-14905)

Tags

Sightings

Nomenclature