Vulnerability-Lookup

URL	Tags
https://github.com/sigstore/fulcio/security/advis…	x_refsource_CONFIRM
https://github.com/sigstore/fulcio/commit/765a0e5…	x_refsource_MISC

Vendor	Product	Version
sigstore	fulcio	Affected: < 1.8.3

CERTFR-2026-AVI-0249

Vulnerability from certfr_avis - Published: 2026-03-06 - Updated: 2026-03-06

De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et un déni de service à distance.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
IBM	QRadar	QRadar Data Synchronization App versions antérieures à 3.3.0
IBM	Db2	DB2 Data Management Console versions antérieures à 3.1.13
IBM	Tivoli	Tivoli Netcool/OMNIbus_GUI sans le dernier correctif de sécurité
IBM	Db2	DB2 Recovery Expert versions antérieures à 5.5.0.1 Interim Fix 8
IBM	Db2	Db2 Warehouse on Cloud Pak for Data versions antérieures à 5.3.1
IBM	Db2	Db2 on Cloud Pak for Data versions antérieures à 5.3.1
IBM	QRadar	QRadar Pre-Validation App versions antérieures à 2.0.2

References

Title

Publication Time

cleanstart-2026-hf07497

Vulnerability from cleanstart

Published

2026-05-18 13:57

Modified

2026-05-02 06:11

Summary

Security fixes for CVE-2023-23991, CVE-2025-15558, CVE-2025-47907, CVE-2025-61728, CVE-2025-61730, CVE-2025-66506, CVE-2025-66564, CVE-2026-1229, CVE-2026-22703, CVE-2026-22772, CVE-2026-23831, CVE-2026-23992, CVE-2026-24051, CVE-2026-24117, CVE-2026-24137, CVE-2026-24686, CVE-2026-25679, CVE-2026-26958, CVE-2026-27139, CVE-2026-27142, CVE-2026-32280, CVE-2026-32281, CVE-2026-32282, CVE-2026-32283, CVE-2026-32289, CVE-2026-32952, CVE-2026-33186, CVE-2026-33810, CVE-2026-34986, CVE-2026-39883, ghsa-2x5j-vhc8-9cwm, ghsa-6m8w-jc87-6cr7, ghsa-fw7p-63qq-7hpr, ghsa-p436-gjf2-799p, ghsa-p77j-4mvh-x3m3, ghsa-pjcq-xvwq-hhpj, ghsa-vvgc-356p-c3xw applied in versions: 1.14.4-r1, 1.14.4-r2, 1.14.5-r3, 1.14.5-r4, 1.14.5-r5, 1.14.5-r6, 1.14.5-r7

Details

Multiple security vulnerabilities affect the kyverno-fips package. These issues are resolved in later releases. See references for individual vulnerability details.

References

URL

Type

	https://github.com/cleanstart-dev/cleanstart-secu…	ADVISORY
	https://osv.dev/vulnerability/CVE-2023-23991	WEB
	https://osv.dev/vulnerability/CVE-2025-15558	WEB
	https://osv.dev/vulnerability/CVE-2025-47907	WEB
	https://osv.dev/vulnerability/CVE-2025-61728	WEB
	https://osv.dev/vulnerability/CVE-2025-61730	WEB
	https://osv.dev/vulnerability/CVE-2025-66506	WEB
	https://osv.dev/vulnerability/CVE-2025-66564	WEB
	https://osv.dev/vulnerability/CVE-2026-1229	WEB
	https://osv.dev/vulnerability/CVE-2026-22703	WEB
	https://osv.dev/vulnerability/CVE-2026-22772	WEB
	https://osv.dev/vulnerability/CVE-2026-23831	WEB
	https://osv.dev/vulnerability/CVE-2026-23992	WEB
	https://osv.dev/vulnerability/CVE-2026-24051	WEB
	https://osv.dev/vulnerability/CVE-2026-24117	WEB
	https://osv.dev/vulnerability/CVE-2026-24137	WEB
	https://osv.dev/vulnerability/CVE-2026-24686	WEB
	https://osv.dev/vulnerability/CVE-2026-25679	WEB
	https://osv.dev/vulnerability/CVE-2026-26958	WEB
	https://osv.dev/vulnerability/CVE-2026-27139	WEB
	https://osv.dev/vulnerability/CVE-2026-27142	WEB
	https://osv.dev/vulnerability/CVE-2026-32280	WEB
	https://osv.dev/vulnerability/CVE-2026-32281	WEB
	https://osv.dev/vulnerability/CVE-2026-32282	WEB
	https://osv.dev/vulnerability/CVE-2026-32283	WEB
	https://osv.dev/vulnerability/CVE-2026-32289	WEB
	https://osv.dev/vulnerability/CVE-2026-32952	WEB
	https://osv.dev/vulnerability/CVE-2026-33186	WEB
	https://osv.dev/vulnerability/CVE-2026-33810	WEB
	https://osv.dev/vulnerability/CVE-2026-34986	WEB
	https://osv.dev/vulnerability/CVE-2026-39883	WEB
	https://osv.dev/vulnerability/ghsa-2x5j-vhc8-9cwm	WEB
	https://osv.dev/vulnerability/ghsa-6m8w-jc87-6cr7	WEB
	https://osv.dev/vulnerability/ghsa-fw7p-63qq-7hpr	WEB
	https://osv.dev/vulnerability/ghsa-p436-gjf2-799p	WEB
	https://osv.dev/vulnerability/ghsa-p77j-4mvh-x3m3	WEB
	https://osv.dev/vulnerability/ghsa-pjcq-xvwq-hhpj	WEB
	https://osv.dev/vulnerability/ghsa-vvgc-356p-c3xw	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2023-23991	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2025-15558	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2025-47907	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2025-61728	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2025-61730	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2025-66506	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2025-66564	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2026-1229	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2026-22703	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2026-22772	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2026-23831	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2026-23992	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2026-24051	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2026-24117	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2026-24137	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2026-24686	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2026-25679	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2026-26958	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2026-27139	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2026-27142	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2026-32280	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2026-32281	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2026-32282	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2026-32283	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2026-32289	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2026-32952	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2026-33186	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2026-33810	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2026-34986	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2026-39883	WEB

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "CleanStart",
        "name": "kyverno-fips"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.14.5-r7"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "credits": [],
  "database_specific": {},
  "details": "Multiple security vulnerabilities affect the kyverno-fips package. These issues are resolved in later releases. See references for individual vulnerability details.",
  "id": "CLEANSTART-2026-HF07497",
  "modified": "2026-05-02T06:11:19Z",
  "published": "2026-05-18T13:57:49.427045Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://github.com/cleanstart-dev/cleanstart-security-advisories/tree/main/advisories/2026/CLEANSTART-2026-HF07497.json"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2023-23991"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2025-15558"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2025-47907"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2025-61728"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2025-61730"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2025-66506"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2025-66564"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2026-1229"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2026-22703"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2026-22772"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2026-23831"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2026-23992"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2026-24051"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2026-24117"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2026-24137"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2026-24686"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2026-25679"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2026-26958"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2026-27139"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2026-27142"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2026-32280"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2026-32281"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2026-32282"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2026-32283"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2026-32289"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2026-32952"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2026-33186"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2026-33810"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2026-34986"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2026-39883"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/ghsa-2x5j-vhc8-9cwm"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/ghsa-6m8w-jc87-6cr7"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/ghsa-fw7p-63qq-7hpr"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/ghsa-p436-gjf2-799p"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/ghsa-p77j-4mvh-x3m3"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/ghsa-pjcq-xvwq-hhpj"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/ghsa-vvgc-356p-c3xw"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-23991"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-15558"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-47907"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61728"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61730"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66506"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66564"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1229"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-22703"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-22772"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-23831"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-23992"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24051"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24117"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24137"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24686"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25679"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-26958"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27139"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27142"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32280"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32281"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32282"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32283"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32289"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32952"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33186"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33810"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34986"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-39883"
    }
  ],
  "related": [],
  "schema_version": "1.7.3",
  "summary": "Security fixes for CVE-2023-23991, CVE-2025-15558, CVE-2025-47907, CVE-2025-61728, CVE-2025-61730, CVE-2025-66506, CVE-2025-66564, CVE-2026-1229, CVE-2026-22703, CVE-2026-22772, CVE-2026-23831, CVE-2026-23992, CVE-2026-24051, CVE-2026-24117, CVE-2026-24137, CVE-2026-24686, CVE-2026-25679, CVE-2026-26958, CVE-2026-27139, CVE-2026-27142, CVE-2026-32280, CVE-2026-32281, CVE-2026-32282, CVE-2026-32283, CVE-2026-32289, CVE-2026-32952, CVE-2026-33186, CVE-2026-33810, CVE-2026-34986, CVE-2026-39883, ghsa-2x5j-vhc8-9cwm, ghsa-6m8w-jc87-6cr7, ghsa-fw7p-63qq-7hpr, ghsa-p436-gjf2-799p, ghsa-p77j-4mvh-x3m3, ghsa-pjcq-xvwq-hhpj, ghsa-vvgc-356p-c3xw applied in versions: 1.14.4-r1, 1.14.4-r2, 1.14.5-r3, 1.14.5-r4, 1.14.5-r5, 1.14.5-r6, 1.14.5-r7",
  "upstream": [
    "CVE-2023-23991",
    "CVE-2025-15558",
    "CVE-2025-47907",
    "CVE-2025-61728",
    "CVE-2025-61730",
    "CVE-2025-66506",
    "CVE-2025-66564",
    "CVE-2026-1229",
    "CVE-2026-22703",
    "CVE-2026-22772",
    "CVE-2026-23831",
    "CVE-2026-23992",
    "CVE-2026-24051",
    "CVE-2026-24117",
    "CVE-2026-24137",
    "CVE-2026-24686",
    "CVE-2026-25679",
    "CVE-2026-26958",
    "CVE-2026-27139",
    "CVE-2026-27142",
    "CVE-2026-32280",
    "CVE-2026-32281",
    "CVE-2026-32282",
    "CVE-2026-32283",
    "CVE-2026-32289",
    "CVE-2026-32952",
    "CVE-2026-33186",
    "CVE-2026-33810",
    "CVE-2026-34986",
    "CVE-2026-39883",
    "ghsa-2x5j-vhc8-9cwm",
    "ghsa-6m8w-jc87-6cr7",
    "ghsa-fw7p-63qq-7hpr",
    "ghsa-p436-gjf2-799p",
    "ghsa-p77j-4mvh-x3m3",
    "ghsa-pjcq-xvwq-hhpj",
    "ghsa-vvgc-356p-c3xw"
  ]
}

FKIE_CVE-2025-66506

Vulnerability from fkie_nvd - Published: 2025-12-04 22:15 - Updated: 2026-03-10 19:30

Severity

7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Summary

Fulcio is a free-to-use certificate authority for issuing code signing certificates for an OpenID Connect (OIDC) identity. Prior to 1.8.3, function identity.extractIssuerURL splits (via a call to strings.Split) its argument (which is untrusted data) on periods. As a result, in the face of a malicious request with an (invalid) OIDC identity token in the payload containing many period characters, a call to extractIssuerURL incurs allocations to the tune of O(n) bytes (where n stands for the length of the function's argument), with a constant factor of about 16. This vulnerability is fixed in 1.8.3.

References

	URL	Tags
	security-advisories@github.com	https://github.com/sigstore/fulcio/commit/765a0e57608b9ef390e1eeeea8595b9054c63a5a	Patch
	security-advisories@github.com	https://github.com/sigstore/fulcio/security/advisories/GHSA-f83f-xpx7-ffpw	Vendor Advisory

Impacted products

	Vendor	Product	Version
	linuxfoundation	fulcio	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:linuxfoundation:fulcio:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C4901884-0820-47DE-B4A7-E79A053D360D",
              "versionEndExcluding": "1.8.3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Fulcio is a free-to-use certificate authority for issuing code signing certificates for an OpenID Connect (OIDC) identity. Prior to 1.8.3, function identity.extractIssuerURL splits (via a call to strings.Split) its argument (which is untrusted data) on periods. As a result, in the face of a malicious request with an (invalid) OIDC identity token in the payload containing many period characters, a call to extractIssuerURL incurs allocations to the tune of O(n) bytes (where n stands for the length of the function\u0027s argument), with a constant factor of about 16. This vulnerability is fixed in 1.8.3."
    }
  ],
  "id": "CVE-2025-66506",
  "lastModified": "2026-03-10T19:30:53.470",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "security-advisories@github.com",
        "type": "Secondary"
      }
    ]
  },
  "published": "2025-12-04T22:15:49.503",
  "references": [
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Patch"
      ],
      "url": "https://github.com/sigstore/fulcio/commit/765a0e57608b9ef390e1eeeea8595b9054c63a5a"
    },
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://github.com/sigstore/fulcio/security/advisories/GHSA-f83f-xpx7-ffpw"
    }
  ],
  "sourceIdentifier": "security-advisories@github.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-405"
        }
      ],
      "source": "security-advisories@github.com",
      "type": "Secondary"
    }
  ]
}

GHSA-F83F-XPX7-FFPW

Vulnerability from github – Published: 2025-12-05 18:18 – Updated: 2025-12-05 18:18

Summary

Fulcio allocates excessive memory during token parsing

Details

Function identity.extractIssuerURL currently splits (via a call to strings.Split) its argument (which is untrusted data) on periods.

As a result, in the face of a malicious request with an (invalid) OIDC identity token in the payload containing many period characters, a call to extractIssuerURL incurs allocations to the tune of O(n) bytes (where n stands for the length of the function's argument), with a constant factor of about 16. Relevant weakness: CWE-405: Asymmetric Resource Consumption (Amplification)

Details See identity.extractIssuerURL

Impact Excessive memory allocation

Severity

7.5 (High)


                  
                    CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 1.8.2"
      },
      "package": {
        "ecosystem": "Go",
        "name": "github.com/sigstore/fulcio"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.8.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2025-66506"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-405"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2025-12-05T18:18:26Z",
    "nvd_published_at": "2025-12-04T22:15:49Z",
    "severity": "HIGH"
  },
  "details": "Function [identity.extractIssuerURL](https://github.com/sigstore/fulcio/blob/main/pkg/identity/issuerpool.go#L44-L45) currently splits (via a call to [strings.Split](https://pkg.go.dev/strings#Split)) its argument (which is untrusted data) on periods.\n\nAs a result, in the face of a malicious request with an (invalid) OIDC identity token in the payload containing many period characters, a call to `extractIssuerURL` incurs allocations to the tune of O(n) bytes (where n stands for the length of the function\u0027s argument), with a constant factor of about 16. Relevant weakness: [CWE-405: Asymmetric Resource Consumption (Amplification)](https://cwe.mitre.org/data/definitions/405.html)\n\nDetails\nSee [identity.extractIssuerURL](https://github.com/sigstore/fulcio/blob/main/pkg/identity/issuerpool.go#L44-L45)\n\nImpact\nExcessive memory allocation",
  "id": "GHSA-f83f-xpx7-ffpw",
  "modified": "2025-12-05T18:18:26Z",
  "published": "2025-12-05T18:18:26Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/sigstore/fulcio/security/advisories/GHSA-f83f-xpx7-ffpw"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66506"
    },
    {
      "type": "WEB",
      "url": "https://github.com/sigstore/fulcio/commit/765a0e57608b9ef390e1eeeea8595b9054c63a5a"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/sigstore/fulcio"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Fulcio allocates excessive memory during token parsing"
}

RHSA-2025:23202

Vulnerability from csaf_redhat - Published: 2025-12-15 15:29 - Updated: 2026-05-29 19:34

Summary

Red Hat Security Advisory: Red Hat AI Inference Server Model Optimization Tools 3.2.5 (CUDA)

Severity

Important

Notes

Topic: Red Hat AI Inference Server Model Optimization Tools 3.2.5 (CUDA) is now available.

Details: Red Hat® AI Inference Server Model Optimization Tools

Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

CVE-2025-9230

A flaw was found in the OpenSSL CMS implementation (RFC 3211 KEK Unwrap). This vulnerability allows memory corruption, an application level denial of service, or potential execution of attacker-supplied code via crafted CMS messages using password-based encryption (PWRI).

5.6 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

CWE-787 - Out-of-bounds Write

Affected products

Fixed 2 products

Product	Identifier	Version	Remediation
Unresolved product id: Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/model-opt-cuda-rhel9@sha256:f083e52ef4198ab8123c49eb044c4374ec996f65633d224bb8152ef0c3f30e7d_arm64		—	Vendor Fix fix Workaround
Unresolved product id: Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/model-opt-cuda-rhel9@sha256:fca12d55fef49b9a67c8aa7c2c004adb8916b9784134b4e571067a615a7a4a2e_amd64		—	Vendor Fix fix Workaround

Threats

Impact Moderate

CVE-2025-9714

A flaw was found in libxstl/libxml2. The 'exsltDynMapFunction' function in libexslt/dynamic.c does not contain a recursion depth check, which may cause an infinite loop via a specially crafted XSLT document while handling 'dyn:map()', leading to stack exhaustion and a local denial of service.

6.2 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-606 - Unchecked Input for Loop Condition

Affected products

Fixed 2 products

Product	Identifier	Version	Remediation
Unresolved product id: Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/model-opt-cuda-rhel9@sha256:f083e52ef4198ab8123c49eb044c4374ec996f65633d224bb8152ef0c3f30e7d_arm64		—	Vendor Fix fix Workaround
Unresolved product id: Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/model-opt-cuda-rhel9@sha256:fca12d55fef49b9a67c8aa7c2c004adb8916b9784134b4e571067a615a7a4a2e_amd64		—	Vendor Fix fix Workaround

Threats

Impact Moderate

CVE-2025-22868

A flaw was found in the `golang.org/x/oauth2/jws` package in the token parsing component. This vulnerability is made possible because of the use of `strings.Split(token, ".")` to split JWT tokens, which can lead to excessive memory consumption when processing maliciously crafted tokens with a large number of `.` characters. An attacker could exploit this functionality by sending numerous malformed tokens and can trigger memory exhaustion and a Denial of Service.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-1286 - Improper Validation of Syntactic Correctness of Input

Affected products

Fixed 2 products

Product	Identifier	Version	Remediation
Unresolved product id: Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/model-opt-cuda-rhel9@sha256:f083e52ef4198ab8123c49eb044c4374ec996f65633d224bb8152ef0c3f30e7d_arm64		—	Vendor Fix fix Workaround
Unresolved product id: Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/model-opt-cuda-rhel9@sha256:fca12d55fef49b9a67c8aa7c2c004adb8916b9784134b4e571067a615a7a4a2e_amd64		—	Vendor Fix fix Workaround

Threats

Impact Important

CVE-2025-22869

A flaw was found in the golang.org/x/crypto/ssh package. SSH clients and servers are vulnerable to increased resource consumption, possibly leading to memory exhaustion and a DoS. This can occur during key exchange when the other party is slow to respond during key exchange.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-770 - Allocation of Resources Without Limits or Throttling

Affected products

Fixed 2 products

Product	Identifier	Version	Remediation
Unresolved product id: Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/model-opt-cuda-rhel9@sha256:f083e52ef4198ab8123c49eb044c4374ec996f65633d224bb8152ef0c3f30e7d_arm64		—	Vendor Fix fix Workaround
Unresolved product id: Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/model-opt-cuda-rhel9@sha256:fca12d55fef49b9a67c8aa7c2c004adb8916b9784134b4e571067a615a7a4a2e_amd64		—	Vendor Fix fix Workaround

Threats

Impact Important

CVE-2025-52565

A flaw was found in runc. CVE-2025-52565 is very similar in concept and application toCVE-2025-31133, except that it exploits a flaw in /dev/console bind-mounts. When creating the /dev/console bind-mount (to /dev/pts/$n), if an attacker replaces /dev/pts/$n with a symlink then runc will bind-mount the symlink target over /dev/console.

8.2 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

CWE-59 - Improper Link Resolution Before File Access ('Link Following')

Affected products

Fixed 2 products

Product	Identifier	Version	Remediation
Unresolved product id: Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/model-opt-cuda-rhel9@sha256:f083e52ef4198ab8123c49eb044c4374ec996f65633d224bb8152ef0c3f30e7d_arm64		—	Vendor Fix fix Workaround
Unresolved product id: Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/model-opt-cuda-rhel9@sha256:fca12d55fef49b9a67c8aa7c2c004adb8916b9784134b4e571067a615a7a4a2e_amd64		—	Vendor Fix fix Workaround

Threats

Impact Important

CVE-2025-59375

A memory amplification vulnerability in libexpat allows attackers to trigger excessive dynamic memory allocations by submitting specially crafted XML input. A small input (~250 KiB) can cause the parser to allocate hundreds of megabytes, leading to denial-of-service (DoS) through memory exhaustion.

5.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

CWE-770 - Allocation of Resources Without Limits or Throttling

Affected products

Fixed 2 products

Product	Identifier	Version	Remediation
Unresolved product id: Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/model-opt-cuda-rhel9@sha256:f083e52ef4198ab8123c49eb044c4374ec996f65633d224bb8152ef0c3f30e7d_arm64		—	Vendor Fix fix Workaround
Unresolved product id: Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/model-opt-cuda-rhel9@sha256:fca12d55fef49b9a67c8aa7c2c004adb8916b9784134b4e571067a615a7a4a2e_amd64		—	Vendor Fix fix Workaround

Threats

Impact Important

CVE-2025-66506

A flaw was found in Fulcio, a free-to-use certificate authority. This vulnerability allows a denial of service (DoS) due to excessive memory allocation when processing a malicious OpenID Connect (OIDC) identity token containing numerous period characters.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-405 - Asymmetric Resource Consumption (Amplification)

Affected products

Fixed 2 products

Product	Identifier	Version	Remediation
Unresolved product id: Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/model-opt-cuda-rhel9@sha256:f083e52ef4198ab8123c49eb044c4374ec996f65633d224bb8152ef0c3f30e7d_arm64		—	Vendor Fix fix
Unresolved product id: Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/model-opt-cuda-rhel9@sha256:fca12d55fef49b9a67c8aa7c2c004adb8916b9784134b4e571067a615a7a4a2e_amd64		—	Vendor Fix fix

Threats

Impact Important

References

52 references

URL	Category
https://access.redhat.com/errata/RHSA-2025:23202	self
https://access.redhat.com/security/cve/CVE-2025-22868	external
https://access.redhat.com/security/cve/CVE-2025-22869	external
https://access.redhat.com/security/cve/CVE-2025-52565	external
https://access.redhat.com/security/cve/CVE-2025-59375	external
https://access.redhat.com/security/cve/CVE-2025-66506	external
https://access.redhat.com/security/cve/CVE-2025-9230	external
https://access.redhat.com/security/cve/CVE-2025-9714	external
https://access.redhat.com/security/updates/classi…	external
https://www.redhat.com/en/products/ai/inference-server	external
https://security.access.redhat.com/data/csaf/v2/a…	self
https://access.redhat.com/security/cve/CVE-2025-9230	self
https://bugzilla.redhat.com/show_bug.cgi?id=2396054	external
https://www.cve.org/CVERecord?id=CVE-2025-9230	external
https://nvd.nist.gov/vuln/detail/CVE-2025-9230	external
https://access.redhat.com/security/cve/CVE-2025-9714	self
https://bugzilla.redhat.com/show_bug.cgi?id=2392605	external
https://www.cve.org/CVERecord?id=CVE-2025-9714	external
https://nvd.nist.gov/vuln/detail/CVE-2025-9714	external
https://gitlab.gnome.org/GNOME/libxml2/-/commit/6…	external
https://gitlab.gnome.org/GNOME/libxslt/-/issues/148	external
https://access.redhat.com/security/cve/CVE-2025-22868	self
https://bugzilla.redhat.com/show_bug.cgi?id=2348366	external
https://www.cve.org/CVERecord?id=CVE-2025-22868	external
https://nvd.nist.gov/vuln/detail/CVE-2025-22868	external
https://go.dev/cl/652155	external
https://go.dev/issue/71490	external
https://pkg.go.dev/vuln/GO-2025-3488	external
https://access.redhat.com/security/cve/CVE-2025-22869	self
https://bugzilla.redhat.com/show_bug.cgi?id=2348367	external
https://www.cve.org/CVERecord?id=CVE-2025-22869	external
https://nvd.nist.gov/vuln/detail/CVE-2025-22869	external
https://go.dev/cl/652135	external
https://go.dev/issue/71931	external
https://pkg.go.dev/vuln/GO-2025-3487	external
https://access.redhat.com/security/cve/CVE-2025-52565	self
https://bugzilla.redhat.com/show_bug.cgi?id=2404708	external
https://www.cve.org/CVERecord?id=CVE-2025-52565	external
https://nvd.nist.gov/vuln/detail/CVE-2025-52565	external
https://github.com/opencontainers/runc/security/a…	external
https://access.redhat.com/security/cve/CVE-2025-59375	self
https://bugzilla.redhat.com/show_bug.cgi?id=2395108	external
https://www.cve.org/CVERecord?id=CVE-2025-59375	external
https://nvd.nist.gov/vuln/detail/CVE-2025-59375	external
https://www.mozilla.org/security/advisories/mfsa2…	external
https://www.mozilla.org/security/advisories/mfsa2…	external
https://access.redhat.com/security/cve/CVE-2025-66506	self
https://bugzilla.redhat.com/show_bug.cgi?id=2419056	external
https://www.cve.org/CVERecord?id=CVE-2025-66506	external
https://nvd.nist.gov/vuln/detail/CVE-2025-66506	external
https://github.com/sigstore/fulcio/commit/765a0e5…	external
https://github.com/sigstore/fulcio/security/advis…	external

Acknowledgments

jub0bs

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Red Hat AI Inference Server Model Optimization Tools 3.2.5 (CUDA) is now available.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "Red Hat\u00ae AI Inference Server Model Optimization Tools",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2025:23202",
        "url": "https://access.redhat.com/errata/RHSA-2025:23202"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/CVE-2025-22868",
        "url": "https://access.redhat.com/security/cve/CVE-2025-22868"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/CVE-2025-22869",
        "url": "https://access.redhat.com/security/cve/CVE-2025-22869"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/CVE-2025-52565",
        "url": "https://access.redhat.com/security/cve/CVE-2025-52565"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/CVE-2025-59375",
        "url": "https://access.redhat.com/security/cve/CVE-2025-59375"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/CVE-2025-66506",
        "url": "https://access.redhat.com/security/cve/CVE-2025-66506"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/CVE-2025-9230",
        "url": "https://access.redhat.com/security/cve/CVE-2025-9230"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/CVE-2025-9714",
        "url": "https://access.redhat.com/security/cve/CVE-2025-9714"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/",
        "url": "https://access.redhat.com/security/updates/classification/"
      },
      {
        "category": "external",
        "summary": "https://www.redhat.com/en/products/ai/inference-server",
        "url": "https://www.redhat.com/en/products/ai/inference-server"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_23202.json"
      }
    ],
    "title": "Red Hat Security Advisory: Red Hat AI Inference Server Model Optimization Tools 3.2.5 (CUDA)",
    "tracking": {
      "current_release_date": "2026-05-29T19:34:20+00:00",
      "generator": {
        "date": "2026-05-29T19:34:20+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.8.1"
        }
      },
      "id": "RHSA-2025:23202",
      "initial_release_date": "2025-12-15T15:29:01+00:00",
      "revision_history": [
        {
          "date": "2025-12-15T15:29:01+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2025-12-15T15:29:08+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2026-05-29T19:34:20+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat AI Inference Server 3.2",
                "product": {
                  "name": "Red Hat AI Inference Server 3.2",
                  "product_id": "Red Hat AI Inference Server 3.2",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:ai_inference_server:3.2::el9"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat AI Inference Server"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "registry.redhat.io/rhaiis/model-opt-cuda-rhel9@sha256:fca12d55fef49b9a67c8aa7c2c004adb8916b9784134b4e571067a615a7a4a2e_amd64",
                "product": {
                  "name": "registry.redhat.io/rhaiis/model-opt-cuda-rhel9@sha256:fca12d55fef49b9a67c8aa7c2c004adb8916b9784134b4e571067a615a7a4a2e_amd64",
                  "product_id": "registry.redhat.io/rhaiis/model-opt-cuda-rhel9@sha256:fca12d55fef49b9a67c8aa7c2c004adb8916b9784134b4e571067a615a7a4a2e_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/model-opt-cuda-rhel9@sha256%3Afca12d55fef49b9a67c8aa7c2c004adb8916b9784134b4e571067a615a7a4a2e?arch=amd64\u0026repository_url=registry.redhat.io/rhaiis\u0026tag=3.2.5-1765361184"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "amd64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "registry.redhat.io/rhaiis/model-opt-cuda-rhel9@sha256:f083e52ef4198ab8123c49eb044c4374ec996f65633d224bb8152ef0c3f30e7d_arm64",
                "product": {
                  "name": "registry.redhat.io/rhaiis/model-opt-cuda-rhel9@sha256:f083e52ef4198ab8123c49eb044c4374ec996f65633d224bb8152ef0c3f30e7d_arm64",
                  "product_id": "registry.redhat.io/rhaiis/model-opt-cuda-rhel9@sha256:f083e52ef4198ab8123c49eb044c4374ec996f65633d224bb8152ef0c3f30e7d_arm64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/model-opt-cuda-rhel9@sha256%3Af083e52ef4198ab8123c49eb044c4374ec996f65633d224bb8152ef0c3f30e7d?arch=arm64\u0026repository_url=registry.redhat.io/rhaiis\u0026tag=3.2.5-1765361184"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "arm64"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "registry.redhat.io/rhaiis/model-opt-cuda-rhel9@sha256:f083e52ef4198ab8123c49eb044c4374ec996f65633d224bb8152ef0c3f30e7d_arm64 as a component of Red Hat AI Inference Server 3.2",
          "product_id": "Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/model-opt-cuda-rhel9@sha256:f083e52ef4198ab8123c49eb044c4374ec996f65633d224bb8152ef0c3f30e7d_arm64"
        },
        "product_reference": "registry.redhat.io/rhaiis/model-opt-cuda-rhel9@sha256:f083e52ef4198ab8123c49eb044c4374ec996f65633d224bb8152ef0c3f30e7d_arm64",
        "relates_to_product_reference": "Red Hat AI Inference Server 3.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "registry.redhat.io/rhaiis/model-opt-cuda-rhel9@sha256:fca12d55fef49b9a67c8aa7c2c004adb8916b9784134b4e571067a615a7a4a2e_amd64 as a component of Red Hat AI Inference Server 3.2",
          "product_id": "Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/model-opt-cuda-rhel9@sha256:fca12d55fef49b9a67c8aa7c2c004adb8916b9784134b4e571067a615a7a4a2e_amd64"
        },
        "product_reference": "registry.redhat.io/rhaiis/model-opt-cuda-rhel9@sha256:fca12d55fef49b9a67c8aa7c2c004adb8916b9784134b4e571067a615a7a4a2e_amd64",
        "relates_to_product_reference": "Red Hat AI Inference Server 3.2"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2025-9230",
      "cwe": {
        "id": "CWE-787",
        "name": "Out-of-bounds Write"
      },
      "discovery_date": "2025-09-17T12:15:34.387000+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2396054"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the OpenSSL CMS implementation (RFC 3211 KEK Unwrap). This vulnerability allows memory corruption, an application level denial of service, or potential execution of attacker-supplied code via crafted CMS messages using password-based encryption (PWRI).",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "openssl: Out-of-bounds read \u0026 write in RFC 3211 KEK Unwrap",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "The vulnerability was rated as Moderate because, while the potential impact includes an application level denial of service and possible arbitrary code execution, successful exploitation is considered unlikely due to the high attack complexity and the fact that password-based CMS encryption (PWRI) is rarely used in real-world deployments.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/model-opt-cuda-rhel9@sha256:f083e52ef4198ab8123c49eb044c4374ec996f65633d224bb8152ef0c3f30e7d_arm64",
          "Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/model-opt-cuda-rhel9@sha256:fca12d55fef49b9a67c8aa7c2c004adb8916b9784134b4e571067a615a7a4a2e_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2025-9230"
        },
        {
          "category": "external",
          "summary": "RHBZ#2396054",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2396054"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2025-9230",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-9230"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-9230",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-9230"
        }
      ],
      "release_date": "2025-09-30T23:59:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2025-12-15T15:29:01+00:00",
          "details": "For more information visit https://access.redhat.com/errata/RHSA-2025:23202",
          "product_ids": [
            "Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/model-opt-cuda-rhel9@sha256:f083e52ef4198ab8123c49eb044c4374ec996f65633d224bb8152ef0c3f30e7d_arm64",
            "Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/model-opt-cuda-rhel9@sha256:fca12d55fef49b9a67c8aa7c2c004adb8916b9784134b4e571067a615a7a4a2e_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2025:23202"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
          "product_ids": [
            "Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/model-opt-cuda-rhel9@sha256:f083e52ef4198ab8123c49eb044c4374ec996f65633d224bb8152ef0c3f30e7d_arm64",
            "Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/model-opt-cuda-rhel9@sha256:fca12d55fef49b9a67c8aa7c2c004adb8916b9784134b4e571067a615a7a4a2e_amd64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5.6,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.1"
          },
          "products": [
            "Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/model-opt-cuda-rhel9@sha256:f083e52ef4198ab8123c49eb044c4374ec996f65633d224bb8152ef0c3f30e7d_arm64",
            "Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/model-opt-cuda-rhel9@sha256:fca12d55fef49b9a67c8aa7c2c004adb8916b9784134b4e571067a615a7a4a2e_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "openssl: Out-of-bounds read \u0026 write in RFC 3211 KEK Unwrap"
    },
    {
      "cve": "CVE-2025-9714",
      "cwe": {
        "id": "CWE-606",
        "name": "Unchecked Input for Loop Condition"
      },
      "discovery_date": "2025-09-02T13:03:56.452000+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2392605"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in libxstl/libxml2. The \u0027exsltDynMapFunction\u0027 function in libexslt/dynamic.c does not contain a recursion depth check, which may cause an infinite loop via a specially crafted XSLT document while handling \u0027dyn:map()\u0027, leading to stack exhaustion and a local denial of service.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "libxslt: libxml2: Inifinite recursion at exsltDynMapFunction function in libexslt/dynamic.c",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "No evidence was found for arbitrary memory corruption through this flaw, limiting its impact to Availability only, and reducing its severity to Moderate.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/model-opt-cuda-rhel9@sha256:f083e52ef4198ab8123c49eb044c4374ec996f65633d224bb8152ef0c3f30e7d_arm64",
          "Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/model-opt-cuda-rhel9@sha256:fca12d55fef49b9a67c8aa7c2c004adb8916b9784134b4e571067a615a7a4a2e_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2025-9714"
        },
        {
          "category": "external",
          "summary": "RHBZ#2392605",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2392605"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2025-9714",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-9714"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-9714",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-9714"
        },
        {
          "category": "external",
          "summary": "https://gitlab.gnome.org/GNOME/libxml2/-/commit/677a42645ef22b5a50741bad5facf9d8a8bc6d21",
          "url": "https://gitlab.gnome.org/GNOME/libxml2/-/commit/677a42645ef22b5a50741bad5facf9d8a8bc6d21"
        },
        {
          "category": "external",
          "summary": "https://gitlab.gnome.org/GNOME/libxslt/-/issues/148",
          "url": "https://gitlab.gnome.org/GNOME/libxslt/-/issues/148"
        }
      ],
      "release_date": "2025-09-02T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2025-12-15T15:29:01+00:00",
          "details": "For more information visit https://access.redhat.com/errata/RHSA-2025:23202",
          "product_ids": [
            "Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/model-opt-cuda-rhel9@sha256:f083e52ef4198ab8123c49eb044c4374ec996f65633d224bb8152ef0c3f30e7d_arm64",
            "Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/model-opt-cuda-rhel9@sha256:fca12d55fef49b9a67c8aa7c2c004adb8916b9784134b4e571067a615a7a4a2e_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2025:23202"
        },
        {
          "category": "workaround",
          "details": "The impact of this flaw may be reduced by setting strict resource limits to the stack size of processes at the operational system level. This can be achieved either through the \u0027ulimit\u0027 shell built-in or the \u0027limits.conf\u0027 file.",
          "product_ids": [
            "Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/model-opt-cuda-rhel9@sha256:f083e52ef4198ab8123c49eb044c4374ec996f65633d224bb8152ef0c3f30e7d_arm64",
            "Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/model-opt-cuda-rhel9@sha256:fca12d55fef49b9a67c8aa7c2c004adb8916b9784134b4e571067a615a7a4a2e_amd64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 6.2,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/model-opt-cuda-rhel9@sha256:f083e52ef4198ab8123c49eb044c4374ec996f65633d224bb8152ef0c3f30e7d_arm64",
            "Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/model-opt-cuda-rhel9@sha256:fca12d55fef49b9a67c8aa7c2c004adb8916b9784134b4e571067a615a7a4a2e_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "libxslt: libxml2: Inifinite recursion at exsltDynMapFunction function in libexslt/dynamic.c"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "jub0bs"
          ]
        }
      ],
      "cve": "CVE-2025-22868",
      "cwe": {
        "id": "CWE-1286",
        "name": "Improper Validation of Syntactic Correctness of Input"
      },
      "discovery_date": "2025-02-26T04:00:44.350024+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2348366"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the `golang.org/x/oauth2/jws` package in the token parsing component. This vulnerability is made possible because of the use of `strings.Split(token, \".\")` to split JWT tokens, which can lead to excessive memory consumption when processing maliciously crafted tokens with a large number of `.` characters. An attacker could exploit this functionality by sending numerous malformed tokens and can trigger memory exhaustion and a Denial of Service.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "golang.org/x/oauth2/jws: Unexpected memory consumption during token parsing in golang.org/x/oauth2/jws",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/model-opt-cuda-rhel9@sha256:f083e52ef4198ab8123c49eb044c4374ec996f65633d224bb8152ef0c3f30e7d_arm64",
          "Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/model-opt-cuda-rhel9@sha256:fca12d55fef49b9a67c8aa7c2c004adb8916b9784134b4e571067a615a7a4a2e_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2025-22868"
        },
        {
          "category": "external",
          "summary": "RHBZ#2348366",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2348366"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2025-22868",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-22868"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-22868",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-22868"
        },
        {
          "category": "external",
          "summary": "https://go.dev/cl/652155",
          "url": "https://go.dev/cl/652155"
        },
        {
          "category": "external",
          "summary": "https://go.dev/issue/71490",
          "url": "https://go.dev/issue/71490"
        },
        {
          "category": "external",
          "summary": "https://pkg.go.dev/vuln/GO-2025-3488",
          "url": "https://pkg.go.dev/vuln/GO-2025-3488"
        }
      ],
      "release_date": "2025-02-26T03:07:49.012000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2025-12-15T15:29:01+00:00",
          "details": "For more information visit https://access.redhat.com/errata/RHSA-2025:23202",
          "product_ids": [
            "Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/model-opt-cuda-rhel9@sha256:f083e52ef4198ab8123c49eb044c4374ec996f65633d224bb8152ef0c3f30e7d_arm64",
            "Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/model-opt-cuda-rhel9@sha256:fca12d55fef49b9a67c8aa7c2c004adb8916b9784134b4e571067a615a7a4a2e_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2025:23202"
        },
        {
          "category": "workaround",
          "details": "To mitigate this vulnerability, it is recommended to pre-validate any payloads passed to `go-jose` to check that they do not contain an excessive amount of `.` characters.",
          "product_ids": [
            "Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/model-opt-cuda-rhel9@sha256:f083e52ef4198ab8123c49eb044c4374ec996f65633d224bb8152ef0c3f30e7d_arm64",
            "Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/model-opt-cuda-rhel9@sha256:fca12d55fef49b9a67c8aa7c2c004adb8916b9784134b4e571067a615a7a4a2e_amd64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/model-opt-cuda-rhel9@sha256:f083e52ef4198ab8123c49eb044c4374ec996f65633d224bb8152ef0c3f30e7d_arm64",
            "Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/model-opt-cuda-rhel9@sha256:fca12d55fef49b9a67c8aa7c2c004adb8916b9784134b4e571067a615a7a4a2e_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "golang.org/x/oauth2/jws: Unexpected memory consumption during token parsing in golang.org/x/oauth2/jws"
    },
    {
      "cve": "CVE-2025-22869",
      "cwe": {
        "id": "CWE-770",
        "name": "Allocation of Resources Without Limits or Throttling"
      },
      "discovery_date": "2025-02-26T04:00:47.683125+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2348367"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the golang.org/x/crypto/ssh package. SSH clients and servers are vulnerable to increased resource consumption, possibly leading to memory exhaustion and a DoS. This can occur during key exchange when the other party is slow to respond during key exchange.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "golang.org/x/crypto/ssh: Denial of Service in the Key Exchange of golang.org/x/crypto/ssh",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "While this flaw affects both SSH clients and servers implemented with golang.org/x/crypto/ssh, realistically the flaw will only lead to a DoS when transferring large files, greatly reducing the likelihood of exploitation.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/model-opt-cuda-rhel9@sha256:f083e52ef4198ab8123c49eb044c4374ec996f65633d224bb8152ef0c3f30e7d_arm64",
          "Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/model-opt-cuda-rhel9@sha256:fca12d55fef49b9a67c8aa7c2c004adb8916b9784134b4e571067a615a7a4a2e_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2025-22869"
        },
        {
          "category": "external",
          "summary": "RHBZ#2348367",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2348367"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2025-22869",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-22869"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-22869",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-22869"
        },
        {
          "category": "external",
          "summary": "https://go.dev/cl/652135",
          "url": "https://go.dev/cl/652135"
        },
        {
          "category": "external",
          "summary": "https://go.dev/issue/71931",
          "url": "https://go.dev/issue/71931"
        },
        {
          "category": "external",
          "summary": "https://pkg.go.dev/vuln/GO-2025-3487",
          "url": "https://pkg.go.dev/vuln/GO-2025-3487"
        }
      ],
      "release_date": "2025-02-26T03:07:48.855000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2025-12-15T15:29:01+00:00",
          "details": "For more information visit https://access.redhat.com/errata/RHSA-2025:23202",
          "product_ids": [
            "Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/model-opt-cuda-rhel9@sha256:f083e52ef4198ab8123c49eb044c4374ec996f65633d224bb8152ef0c3f30e7d_arm64",
            "Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/model-opt-cuda-rhel9@sha256:fca12d55fef49b9a67c8aa7c2c004adb8916b9784134b4e571067a615a7a4a2e_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2025:23202"
        },
        {
          "category": "workaround",
          "details": "This flaw can be mitigated when using the client only connecting to trusted servers.",
          "product_ids": [
            "Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/model-opt-cuda-rhel9@sha256:f083e52ef4198ab8123c49eb044c4374ec996f65633d224bb8152ef0c3f30e7d_arm64",
            "Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/model-opt-cuda-rhel9@sha256:fca12d55fef49b9a67c8aa7c2c004adb8916b9784134b4e571067a615a7a4a2e_amd64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/model-opt-cuda-rhel9@sha256:f083e52ef4198ab8123c49eb044c4374ec996f65633d224bb8152ef0c3f30e7d_arm64",
            "Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/model-opt-cuda-rhel9@sha256:fca12d55fef49b9a67c8aa7c2c004adb8916b9784134b4e571067a615a7a4a2e_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "golang.org/x/crypto/ssh: Denial of Service in the Key Exchange of golang.org/x/crypto/ssh"
    },
    {
      "cve": "CVE-2025-52565",
      "cwe": {
        "id": "CWE-59",
        "name": "Improper Link Resolution Before File Access (\u0027Link Following\u0027)"
      },
      "discovery_date": "2025-10-17T14:19:18.653000+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2404708"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in runc. CVE-2025-52565 is very similar in concept and application toCVE-2025-31133, except that it exploits a flaw in /dev/console\nbind-mounts. When creating the /dev/console bind-mount (to /dev/pts/$n), if an attacker replaces /dev/pts/$n with a symlink then runc will bind-mount the symlink target over /dev/console.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "runc: container escape with malicious config due to /dev/console mount and related races",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Red Hat considers this as an Important flaw since the impact is limited to local attack with minimal privileges in order to jeopardize the environment.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/model-opt-cuda-rhel9@sha256:f083e52ef4198ab8123c49eb044c4374ec996f65633d224bb8152ef0c3f30e7d_arm64",
          "Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/model-opt-cuda-rhel9@sha256:fca12d55fef49b9a67c8aa7c2c004adb8916b9784134b4e571067a615a7a4a2e_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2025-52565"
        },
        {
          "category": "external",
          "summary": "RHBZ#2404708",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2404708"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2025-52565",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-52565"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-52565",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-52565"
        },
        {
          "category": "external",
          "summary": "https://github.com/opencontainers/runc/security/advisories/GHSA-qw9x-cqr3-wc7r",
          "url": "https://github.com/opencontainers/runc/security/advisories/GHSA-qw9x-cqr3-wc7r"
        }
      ],
      "release_date": "2025-11-05T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2025-12-15T15:29:01+00:00",
          "details": "For more information visit https://access.redhat.com/errata/RHSA-2025:23202",
          "product_ids": [
            "Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/model-opt-cuda-rhel9@sha256:f083e52ef4198ab8123c49eb044c4374ec996f65633d224bb8152ef0c3f30e7d_arm64",
            "Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/model-opt-cuda-rhel9@sha256:fca12d55fef49b9a67c8aa7c2c004adb8916b9784134b4e571067a615a7a4a2e_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2025:23202"
        },
        {
          "category": "workaround",
          "details": "Potential mitigations for this issue include:\n\n* Using user namespaces, with the host root user not mapped into the container\u0027s namespace. procfs file permissions are managed using Unix DAC and thus user namespaces stop a container process from being able to write to them.\n* Not running as a root user in the container (this includes disabling setuid binaries with noNewPrivileges). As above, procfs file permissions are managed using Unix DAC and thus non-root users cannot write to them.\n* The default SELinux policy should mitigate this issue, as the /dev/console bind-mount does not re-label the mount and so the container process should not be able to write to unsafe procfs files. However, CVE-2025-52881 allows an attacker to bypass LSM labels, and so this mitigation is not helpful when considered in combination with CVE-2025-52881.\n* The default AppArmor profile used by most runtimes will NOT help mitigate this issue, as /dev/console access is permitted. You could create a custom profile that blocks access to /dev/console, but such a profile might break regular containers. In addition, CVE-2025-52881 allows an attacker to bypass LSM labels, and so that mitigation is not helpful when considered in combination with CVE-2025-52881.",
          "product_ids": [
            "Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/model-opt-cuda-rhel9@sha256:f083e52ef4198ab8123c49eb044c4374ec996f65633d224bb8152ef0c3f30e7d_arm64",
            "Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/model-opt-cuda-rhel9@sha256:fca12d55fef49b9a67c8aa7c2c004adb8916b9784134b4e571067a615a7a4a2e_amd64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 8.2,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/model-opt-cuda-rhel9@sha256:f083e52ef4198ab8123c49eb044c4374ec996f65633d224bb8152ef0c3f30e7d_arm64",
            "Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/model-opt-cuda-rhel9@sha256:fca12d55fef49b9a67c8aa7c2c004adb8916b9784134b4e571067a615a7a4a2e_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "runc: container escape with malicious config due to /dev/console mount and related races"
    },
    {
      "cve": "CVE-2025-59375",
      "cwe": {
        "id": "CWE-770",
        "name": "Allocation of Resources Without Limits or Throttling"
      },
      "discovery_date": "2025-09-15T03:00:59.775098+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2395108"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A memory amplification vulnerability in libexpat allows attackers to trigger excessive dynamic memory allocations by submitting specially crafted XML input. A small input (~250 KiB) can cause the parser to allocate hundreds of megabytes, leading to denial-of-service (DoS) through memory exhaustion.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "firefox: thunderbird: expat: libexpat in Expat allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This issue is Important rather than Critical because, while it allows for significant resource exhaustion leading to denial-of-service (DoS), it does not enable arbitrary code execution, data leakage, or privilege escalation. The vulnerability stems from an uncontrolled memory amplification behavior in libexpat\u2019s parser, where a relatively small XML payload can cause disproportionately large heap allocations. However, the flaw is limited in scope to service disruption and requires the attacker to submit a crafted XML document\u2014something that can be mitigated with proper input validation and memory usage limits. Therefore, while the exploitability is high, the impact is confined to availability, not confidentiality or integrity, making it a high-severity but not critical flaw.\n\nIn Firefox and Thunderbird, where libexpat is a transitive userspace dependency, exploitation usually just crashes the application (app-level DoS), so it is classified as Moderate instead of Important.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/model-opt-cuda-rhel9@sha256:f083e52ef4198ab8123c49eb044c4374ec996f65633d224bb8152ef0c3f30e7d_arm64",
          "Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/model-opt-cuda-rhel9@sha256:fca12d55fef49b9a67c8aa7c2c004adb8916b9784134b4e571067a615a7a4a2e_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2025-59375"
        },
        {
          "category": "external",
          "summary": "RHBZ#2395108",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2395108"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2025-59375",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-59375"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-59375",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-59375"
        },
        {
          "category": "external",
          "summary": "https://www.mozilla.org/security/advisories/mfsa2026-22/#CVE-2025-59375",
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-22/#CVE-2025-59375"
        },
        {
          "category": "external",
          "summary": "https://www.mozilla.org/security/advisories/mfsa2026-24/#CVE-2025-59375",
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-24/#CVE-2025-59375"
        }
      ],
      "release_date": "2025-09-15T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2025-12-15T15:29:01+00:00",
          "details": "For more information visit https://access.redhat.com/errata/RHSA-2025:23202",
          "product_ids": [
            "Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/model-opt-cuda-rhel9@sha256:f083e52ef4198ab8123c49eb044c4374ec996f65633d224bb8152ef0c3f30e7d_arm64",
            "Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/model-opt-cuda-rhel9@sha256:fca12d55fef49b9a67c8aa7c2c004adb8916b9784134b4e571067a615a7a4a2e_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2025:23202"
        },
        {
          "category": "workaround",
          "details": "To mitigate the issue, limit XML input size and complexity before parsing, and avoid accepting compressed or deeply nested XML. Use OS-level resource controls (like ulimit or setrlimit()) to cap memory usage, or run the parser in a sandboxed or isolated process with strict memory and CPU limits. This helps prevent denial-of-service by containing excessive resource consumption.",
          "product_ids": [
            "Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/model-opt-cuda-rhel9@sha256:f083e52ef4198ab8123c49eb044c4374ec996f65633d224bb8152ef0c3f30e7d_arm64",
            "Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/model-opt-cuda-rhel9@sha256:fca12d55fef49b9a67c8aa7c2c004adb8916b9784134b4e571067a615a7a4a2e_amd64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          },
          "products": [
            "Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/model-opt-cuda-rhel9@sha256:f083e52ef4198ab8123c49eb044c4374ec996f65633d224bb8152ef0c3f30e7d_arm64",
            "Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/model-opt-cuda-rhel9@sha256:fca12d55fef49b9a67c8aa7c2c004adb8916b9784134b4e571067a615a7a4a2e_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "firefox: thunderbird: expat: libexpat in Expat allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing"
    },
    {
      "cve": "CVE-2025-66506",
      "cwe": {
        "id": "CWE-405",
        "name": "Asymmetric Resource Consumption (Amplification)"
      },
      "discovery_date": "2025-12-04T23:01:20.507333+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2419056"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Fulcio, a free-to-use certificate authority. This vulnerability allows a denial of service (DoS) due to excessive memory allocation when processing a malicious OpenID Connect (OIDC) identity token containing numerous period characters.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "github.com/sigstore/fulcio: Fulcio: Denial of Service via crafted OpenID Connect (OIDC) token",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This vulnerability is rated Important for Red Hat as Fulcio, a certificate authority used for issuing code signing certificates, is susceptible to a denial of service when processing a specially crafted OpenID Connect (OIDC) token. This could lead to resource exhaustion and service unavailability in affected Red Hat products that utilize Fulcio.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/model-opt-cuda-rhel9@sha256:f083e52ef4198ab8123c49eb044c4374ec996f65633d224bb8152ef0c3f30e7d_arm64",
          "Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/model-opt-cuda-rhel9@sha256:fca12d55fef49b9a67c8aa7c2c004adb8916b9784134b4e571067a615a7a4a2e_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2025-66506"
        },
        {
          "category": "external",
          "summary": "RHBZ#2419056",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2419056"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2025-66506",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-66506"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-66506",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66506"
        },
        {
          "category": "external",
          "summary": "https://github.com/sigstore/fulcio/commit/765a0e57608b9ef390e1eeeea8595b9054c63a5a",
          "url": "https://github.com/sigstore/fulcio/commit/765a0e57608b9ef390e1eeeea8595b9054c63a5a"
        },
        {
          "category": "external",
          "summary": "https://github.com/sigstore/fulcio/security/advisories/GHSA-f83f-xpx7-ffpw",
          "url": "https://github.com/sigstore/fulcio/security/advisories/GHSA-f83f-xpx7-ffpw"
        }
      ],
      "release_date": "2025-12-04T22:04:41.637000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2025-12-15T15:29:01+00:00",
          "details": "For more information visit https://access.redhat.com/errata/RHSA-2025:23202",
          "product_ids": [
            "Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/model-opt-cuda-rhel9@sha256:f083e52ef4198ab8123c49eb044c4374ec996f65633d224bb8152ef0c3f30e7d_arm64",
            "Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/model-opt-cuda-rhel9@sha256:fca12d55fef49b9a67c8aa7c2c004adb8916b9784134b4e571067a615a7a4a2e_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2025:23202"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/model-opt-cuda-rhel9@sha256:f083e52ef4198ab8123c49eb044c4374ec996f65633d224bb8152ef0c3f30e7d_arm64",
            "Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/model-opt-cuda-rhel9@sha256:fca12d55fef49b9a67c8aa7c2c004adb8916b9784134b4e571067a615a7a4a2e_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "github.com/sigstore/fulcio: Fulcio: Denial of Service via crafted OpenID Connect (OIDC) token"
    }
  ]
}

RHSA-2025:23204

Vulnerability from csaf_redhat - Published: 2025-12-15 15:38 - Updated: 2026-05-29 19:34

Summary

Red Hat Security Advisory: Red Hat AI Inference Server 3.2.5 (CUDA)

Severity

Important

Notes

Topic: Red Hat AI Inference Server 3.2.5 (CUDA) is now available.

Details: Red Hat® AI Inference Server

Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

CVE-2025-9230

A flaw was found in the OpenSSL CMS implementation (RFC 3211 KEK Unwrap). This vulnerability allows memory corruption, an application level denial of service, or potential execution of attacker-supplied code via crafted CMS messages using password-based encryption (PWRI).

5.6 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

CWE-787 - Out-of-bounds Write

Affected products

Fixed 2 products

Product	Identifier	Version	Remediation
Unresolved product id: Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:7b04c0154c486aa7dd103ddeaf6bea7b9851859c33a4b979a85261a44a7b77f2_amd64		—	Vendor Fix fix Workaround
Unresolved product id: Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:f0ab1b678e9447eae4b6b2fe5c58531aa8524133db157f196726164e4dc20492_arm64		—	Vendor Fix fix Workaround

Threats

Impact Moderate

CVE-2025-9714

A flaw was found in libxstl/libxml2. The 'exsltDynMapFunction' function in libexslt/dynamic.c does not contain a recursion depth check, which may cause an infinite loop via a specially crafted XSLT document while handling 'dyn:map()', leading to stack exhaustion and a local denial of service.

6.2 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-606 - Unchecked Input for Loop Condition

Affected products

Fixed 2 products

Product	Identifier	Version	Remediation
Unresolved product id: Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:7b04c0154c486aa7dd103ddeaf6bea7b9851859c33a4b979a85261a44a7b77f2_amd64		—	Vendor Fix fix Workaround
Unresolved product id: Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:f0ab1b678e9447eae4b6b2fe5c58531aa8524133db157f196726164e4dc20492_arm64		—	Vendor Fix fix Workaround

Threats

Impact Moderate

CVE-2025-22868

A flaw was found in the `golang.org/x/oauth2/jws` package in the token parsing component. This vulnerability is made possible because of the use of `strings.Split(token, ".")` to split JWT tokens, which can lead to excessive memory consumption when processing maliciously crafted tokens with a large number of `.` characters. An attacker could exploit this functionality by sending numerous malformed tokens and can trigger memory exhaustion and a Denial of Service.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-1286 - Improper Validation of Syntactic Correctness of Input

Affected products

Fixed 2 products

Product	Identifier	Version	Remediation
Unresolved product id: Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:7b04c0154c486aa7dd103ddeaf6bea7b9851859c33a4b979a85261a44a7b77f2_amd64		—	Vendor Fix fix Workaround
Unresolved product id: Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:f0ab1b678e9447eae4b6b2fe5c58531aa8524133db157f196726164e4dc20492_arm64		—	Vendor Fix fix Workaround

Threats

Impact Important

CVE-2025-22869

A flaw was found in the golang.org/x/crypto/ssh package. SSH clients and servers are vulnerable to increased resource consumption, possibly leading to memory exhaustion and a DoS. This can occur during key exchange when the other party is slow to respond during key exchange.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-770 - Allocation of Resources Without Limits or Throttling

Affected products

Fixed 2 products

Product	Identifier	Version	Remediation
Unresolved product id: Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:7b04c0154c486aa7dd103ddeaf6bea7b9851859c33a4b979a85261a44a7b77f2_amd64		—	Vendor Fix fix Workaround
Unresolved product id: Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:f0ab1b678e9447eae4b6b2fe5c58531aa8524133db157f196726164e4dc20492_arm64		—	Vendor Fix fix Workaround

Threats

Impact Important

CVE-2025-52565

A flaw was found in runc. CVE-2025-52565 is very similar in concept and application toCVE-2025-31133, except that it exploits a flaw in /dev/console bind-mounts. When creating the /dev/console bind-mount (to /dev/pts/$n), if an attacker replaces /dev/pts/$n with a symlink then runc will bind-mount the symlink target over /dev/console.

8.2 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

CWE-59 - Improper Link Resolution Before File Access ('Link Following')

Affected products

Fixed 2 products

Product	Identifier	Version	Remediation
Unresolved product id: Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:7b04c0154c486aa7dd103ddeaf6bea7b9851859c33a4b979a85261a44a7b77f2_amd64		—	Vendor Fix fix Workaround
Unresolved product id: Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:f0ab1b678e9447eae4b6b2fe5c58531aa8524133db157f196726164e4dc20492_arm64		—	Vendor Fix fix Workaround

Threats

Impact Important

CVE-2025-59375

A memory amplification vulnerability in libexpat allows attackers to trigger excessive dynamic memory allocations by submitting specially crafted XML input. A small input (~250 KiB) can cause the parser to allocate hundreds of megabytes, leading to denial-of-service (DoS) through memory exhaustion.

5.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

CWE-770 - Allocation of Resources Without Limits or Throttling

Affected products

Fixed 2 products

Product	Identifier	Version	Remediation
Unresolved product id: Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:7b04c0154c486aa7dd103ddeaf6bea7b9851859c33a4b979a85261a44a7b77f2_amd64		—	Vendor Fix fix Workaround
Unresolved product id: Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:f0ab1b678e9447eae4b6b2fe5c58531aa8524133db157f196726164e4dc20492_arm64		—	Vendor Fix fix Workaround

Threats

Impact Important

CVE-2025-62164

A vulnerability in vLLM allows attackers to supply malicious serialized prompt-embedding tensors that are deserialized using torch.load() without validation. Due to PyTorch 2.8.0 disabling sparse-tensor integrity checks by default, a crafted tensor can bypass bounds checks and cause an out-of-bounds write during to_dense(), leading to a crash (DoS) and potentially remote code execution on the vLLM server.

8.8 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-787 - Out-of-bounds Write

Affected products

Fixed 2 products

Product	Identifier	Version	Remediation
Unresolved product id: Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:7b04c0154c486aa7dd103ddeaf6bea7b9851859c33a4b979a85261a44a7b77f2_amd64		—	Vendor Fix fix Workaround
Unresolved product id: Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:f0ab1b678e9447eae4b6b2fe5c58531aa8524133db157f196726164e4dc20492_arm64		—	Vendor Fix fix Workaround

Threats

Impact Important

CVE-2025-62372

A denial-of-service vulnerability in vLLM allows an attacker with API access to crash the engine by submitting multimodal embedding tensors that have the correct number of dimensions but an invalid internal shape. Because vLLM validates only the tensor’s ndim and not the full expected shape, malformed embeddings trigger shape mismatches or validation failures during processing, causing the inference engine to terminate.

6.5 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE-129 - Improper Validation of Array Index

Affected products

Fixed 2 products

Product	Identifier	Version	Remediation
Unresolved product id: Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:7b04c0154c486aa7dd103ddeaf6bea7b9851859c33a4b979a85261a44a7b77f2_amd64		—	Vendor Fix fix Workaround
Unresolved product id: Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:f0ab1b678e9447eae4b6b2fe5c58531aa8524133db157f196726164e4dc20492_arm64		—	Vendor Fix fix Workaround

Threats

Impact Moderate

CVE-2025-62593

A flaw was found in Ray’s HTTP API endpoint handling (e.g. /api/jobs, /api/job_agent/jobs/), which allows a remote attacker to trigger arbitrary code execution when a developer using Ray visits a malicious website in a vulnerable browser (e.g. Firefox or Safari). The root cause is an insufficient defense relying solely on the User-Agent header starting with “Mozilla”, which can be manipulated under the fetch specification — enabling a DNS-rebinding attack to bypass browser-based protections.

8.8 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE-94 - Improper Control of Generation of Code ('Code Injection')

Affected products

Fixed 2 products

Product	Identifier	Version	Remediation
Unresolved product id: Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:7b04c0154c486aa7dd103ddeaf6bea7b9851859c33a4b979a85261a44a7b77f2_amd64		—	Vendor Fix fix Workaround
Unresolved product id: Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:f0ab1b678e9447eae4b6b2fe5c58531aa8524133db157f196726164e4dc20492_arm64		—	Vendor Fix fix Workaround

Threats

Impact Important

CVE-2025-66448

A remote code execution vulnerability has been identified in vLLM. An attacker can exploit a weakness in the model loading process to silently fetch and run unauthorized, malicious Python code on the host system. This happens because the engine mistakenly executes code from a remote repository referenced in a model's configuration, even when explicit security measures are set to prevent it.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-94 - Improper Control of Generation of Code ('Code Injection')

Affected products

Fixed 2 products

Product	Identifier	Version	Remediation
Unresolved product id: Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:7b04c0154c486aa7dd103ddeaf6bea7b9851859c33a4b979a85261a44a7b77f2_amd64		—	Vendor Fix fix Workaround
Unresolved product id: Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:f0ab1b678e9447eae4b6b2fe5c58531aa8524133db157f196726164e4dc20492_arm64		—	Vendor Fix fix Workaround

Threats

Impact Important

CVE-2025-66506

A flaw was found in Fulcio, a free-to-use certificate authority. This vulnerability allows a denial of service (DoS) due to excessive memory allocation when processing a malicious OpenID Connect (OIDC) identity token containing numerous period characters.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-405 - Asymmetric Resource Consumption (Amplification)

Affected products

Fixed 2 products

Product	Identifier	Version	Remediation
Unresolved product id: Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:7b04c0154c486aa7dd103ddeaf6bea7b9851859c33a4b979a85261a44a7b77f2_amd64		—	Vendor Fix fix
Unresolved product id: Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:f0ab1b678e9447eae4b6b2fe5c58531aa8524133db157f196726164e4dc20492_arm64		—	Vendor Fix fix

Threats

Impact Important

References

82 references

URL	Category
https://access.redhat.com/errata/RHSA-2025:23204	self
https://access.redhat.com/security/cve/CVE-2025-22868	external
https://access.redhat.com/security/cve/CVE-2025-22869	external
https://access.redhat.com/security/cve/CVE-2025-52565	external
https://access.redhat.com/security/cve/CVE-2025-59375	external
https://access.redhat.com/security/cve/CVE-2025-62164	external
https://access.redhat.com/security/cve/CVE-2025-62372	external
https://access.redhat.com/security/cve/CVE-2025-62593	external
https://access.redhat.com/security/cve/CVE-2025-66448	external
https://access.redhat.com/security/cve/CVE-2025-66506	external
https://access.redhat.com/security/cve/CVE-2025-9230	external
https://access.redhat.com/security/cve/CVE-2025-9714	external
https://access.redhat.com/security/updates/classi…	external
https://www.redhat.com/en/products/ai/inference-server	external
https://security.access.redhat.com/data/csaf/v2/a…	self
https://access.redhat.com/security/cve/CVE-2025-9230	self
https://bugzilla.redhat.com/show_bug.cgi?id=2396054	external
https://www.cve.org/CVERecord?id=CVE-2025-9230	external
https://nvd.nist.gov/vuln/detail/CVE-2025-9230	external
https://access.redhat.com/security/cve/CVE-2025-9714	self
https://bugzilla.redhat.com/show_bug.cgi?id=2392605	external
https://www.cve.org/CVERecord?id=CVE-2025-9714	external
https://nvd.nist.gov/vuln/detail/CVE-2025-9714	external
https://gitlab.gnome.org/GNOME/libxml2/-/commit/6…	external
https://gitlab.gnome.org/GNOME/libxslt/-/issues/148	external
https://access.redhat.com/security/cve/CVE-2025-22868	self
https://bugzilla.redhat.com/show_bug.cgi?id=2348366	external
https://www.cve.org/CVERecord?id=CVE-2025-22868	external
https://nvd.nist.gov/vuln/detail/CVE-2025-22868	external
https://go.dev/cl/652155	external
https://go.dev/issue/71490	external
https://pkg.go.dev/vuln/GO-2025-3488	external
https://access.redhat.com/security/cve/CVE-2025-22869	self
https://bugzilla.redhat.com/show_bug.cgi?id=2348367	external
https://www.cve.org/CVERecord?id=CVE-2025-22869	external
https://nvd.nist.gov/vuln/detail/CVE-2025-22869	external
https://go.dev/cl/652135	external
https://go.dev/issue/71931	external
https://pkg.go.dev/vuln/GO-2025-3487	external
https://access.redhat.com/security/cve/CVE-2025-52565	self
https://bugzilla.redhat.com/show_bug.cgi?id=2404708	external
https://www.cve.org/CVERecord?id=CVE-2025-52565	external
https://nvd.nist.gov/vuln/detail/CVE-2025-52565	external
https://github.com/opencontainers/runc/security/a…	external
https://access.redhat.com/security/cve/CVE-2025-59375	self
https://bugzilla.redhat.com/show_bug.cgi?id=2395108	external
https://www.cve.org/CVERecord?id=CVE-2025-59375	external
https://nvd.nist.gov/vuln/detail/CVE-2025-59375	external
https://www.mozilla.org/security/advisories/mfsa2…	external
https://www.mozilla.org/security/advisories/mfsa2…	external
https://access.redhat.com/security/cve/CVE-2025-62164	self
https://bugzilla.redhat.com/show_bug.cgi?id=2416282	external
https://www.cve.org/CVERecord?id=CVE-2025-62164	external
https://nvd.nist.gov/vuln/detail/CVE-2025-62164	external
https://github.com/vllm-project/vllm/commit/58fab…	external
https://github.com/vllm-project/vllm/pull/27204	external
https://github.com/vllm-project/vllm/security/adv…	external
https://access.redhat.com/security/cve/CVE-2025-62372	self
https://bugzilla.redhat.com/show_bug.cgi?id=2416280	external
https://www.cve.org/CVERecord?id=CVE-2025-62372	external
https://nvd.nist.gov/vuln/detail/CVE-2025-62372	external
https://github.com/vllm-project/vllm/pull/6613	external
https://github.com/vllm-project/vllm/security/adv…	external
https://access.redhat.com/security/cve/CVE-2025-62593	self
https://bugzilla.redhat.com/show_bug.cgi?id=2417394	external
https://www.cve.org/CVERecord?id=CVE-2025-62593	external
https://nvd.nist.gov/vuln/detail/CVE-2025-62593	external
https://github.com/ray-project/ray/commit/70e7c72…	external
https://github.com/ray-project/ray/security/advis…	external
https://access.redhat.com/security/cve/CVE-2025-66448	self
https://bugzilla.redhat.com/show_bug.cgi?id=2418152	external
https://www.cve.org/CVERecord?id=CVE-2025-66448	external
https://nvd.nist.gov/vuln/detail/CVE-2025-66448	external
https://github.com/vllm-project/vllm/commit/ffb08…	external
https://github.com/vllm-project/vllm/pull/28126	external
https://github.com/vllm-project/vllm/security/adv…	external
https://access.redhat.com/security/cve/CVE-2025-66506	self
https://bugzilla.redhat.com/show_bug.cgi?id=2419056	external
https://www.cve.org/CVERecord?id=CVE-2025-66506	external
https://nvd.nist.gov/vuln/detail/CVE-2025-66506	external
https://github.com/sigstore/fulcio/commit/765a0e5…	external
https://github.com/sigstore/fulcio/security/advis…	external

Acknowledgments

jub0bs

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Red Hat AI Inference Server 3.2.5 (CUDA) is now available.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "Red Hat\u00ae AI Inference Server",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2025:23204",
        "url": "https://access.redhat.com/errata/RHSA-2025:23204"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/CVE-2025-22868",
        "url": "https://access.redhat.com/security/cve/CVE-2025-22868"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/CVE-2025-22869",
        "url": "https://access.redhat.com/security/cve/CVE-2025-22869"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/CVE-2025-52565",
        "url": "https://access.redhat.com/security/cve/CVE-2025-52565"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/CVE-2025-59375",
        "url": "https://access.redhat.com/security/cve/CVE-2025-59375"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/CVE-2025-62164",
        "url": "https://access.redhat.com/security/cve/CVE-2025-62164"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/CVE-2025-62372",
        "url": "https://access.redhat.com/security/cve/CVE-2025-62372"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/CVE-2025-62593",
        "url": "https://access.redhat.com/security/cve/CVE-2025-62593"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/CVE-2025-66448",
        "url": "https://access.redhat.com/security/cve/CVE-2025-66448"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/CVE-2025-66506",
        "url": "https://access.redhat.com/security/cve/CVE-2025-66506"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/CVE-2025-9230",
        "url": "https://access.redhat.com/security/cve/CVE-2025-9230"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/CVE-2025-9714",
        "url": "https://access.redhat.com/security/cve/CVE-2025-9714"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/",
        "url": "https://access.redhat.com/security/updates/classification/"
      },
      {
        "category": "external",
        "summary": "https://www.redhat.com/en/products/ai/inference-server",
        "url": "https://www.redhat.com/en/products/ai/inference-server"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_23204.json"
      }
    ],
    "title": "Red Hat Security Advisory: Red Hat AI Inference Server 3.2.5 (CUDA)",
    "tracking": {
      "current_release_date": "2026-05-29T19:34:22+00:00",
      "generator": {
        "date": "2026-05-29T19:34:22+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.8.1"
        }
      },
      "id": "RHSA-2025:23204",
      "initial_release_date": "2025-12-15T15:38:04+00:00",
      "revision_history": [
        {
          "date": "2025-12-15T15:38:04+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2025-12-15T15:38:10+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2026-05-29T19:34:22+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat AI Inference Server 3.2",
                "product": {
                  "name": "Red Hat AI Inference Server 3.2",
                  "product_id": "Red Hat AI Inference Server 3.2",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:ai_inference_server:3.2::el9"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat AI Inference Server"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:7b04c0154c486aa7dd103ddeaf6bea7b9851859c33a4b979a85261a44a7b77f2_amd64",
                "product": {
                  "name": "registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:7b04c0154c486aa7dd103ddeaf6bea7b9851859c33a4b979a85261a44a7b77f2_amd64",
                  "product_id": "registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:7b04c0154c486aa7dd103ddeaf6bea7b9851859c33a4b979a85261a44a7b77f2_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/vllm-cuda-rhel9@sha256%3A7b04c0154c486aa7dd103ddeaf6bea7b9851859c33a4b979a85261a44a7b77f2?arch=amd64\u0026repository_url=registry.redhat.io/rhaiis\u0026tag=3.2.5-1765552580"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "amd64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:f0ab1b678e9447eae4b6b2fe5c58531aa8524133db157f196726164e4dc20492_arm64",
                "product": {
                  "name": "registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:f0ab1b678e9447eae4b6b2fe5c58531aa8524133db157f196726164e4dc20492_arm64",
                  "product_id": "registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:f0ab1b678e9447eae4b6b2fe5c58531aa8524133db157f196726164e4dc20492_arm64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/vllm-cuda-rhel9@sha256%3Af0ab1b678e9447eae4b6b2fe5c58531aa8524133db157f196726164e4dc20492?arch=arm64\u0026repository_url=registry.redhat.io/rhaiis\u0026tag=3.2.5-1765552580"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "arm64"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:7b04c0154c486aa7dd103ddeaf6bea7b9851859c33a4b979a85261a44a7b77f2_amd64 as a component of Red Hat AI Inference Server 3.2",
          "product_id": "Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:7b04c0154c486aa7dd103ddeaf6bea7b9851859c33a4b979a85261a44a7b77f2_amd64"
        },
        "product_reference": "registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:7b04c0154c486aa7dd103ddeaf6bea7b9851859c33a4b979a85261a44a7b77f2_amd64",
        "relates_to_product_reference": "Red Hat AI Inference Server 3.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:f0ab1b678e9447eae4b6b2fe5c58531aa8524133db157f196726164e4dc20492_arm64 as a component of Red Hat AI Inference Server 3.2",
          "product_id": "Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:f0ab1b678e9447eae4b6b2fe5c58531aa8524133db157f196726164e4dc20492_arm64"
        },
        "product_reference": "registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:f0ab1b678e9447eae4b6b2fe5c58531aa8524133db157f196726164e4dc20492_arm64",
        "relates_to_product_reference": "Red Hat AI Inference Server 3.2"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2025-9230",
      "cwe": {
        "id": "CWE-787",
        "name": "Out-of-bounds Write"
      },
      "discovery_date": "2025-09-17T12:15:34.387000+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2396054"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the OpenSSL CMS implementation (RFC 3211 KEK Unwrap). This vulnerability allows memory corruption, an application level denial of service, or potential execution of attacker-supplied code via crafted CMS messages using password-based encryption (PWRI).",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "openssl: Out-of-bounds read \u0026 write in RFC 3211 KEK Unwrap",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "The vulnerability was rated as Moderate because, while the potential impact includes an application level denial of service and possible arbitrary code execution, successful exploitation is considered unlikely due to the high attack complexity and the fact that password-based CMS encryption (PWRI) is rarely used in real-world deployments.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:7b04c0154c486aa7dd103ddeaf6bea7b9851859c33a4b979a85261a44a7b77f2_amd64",
          "Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:f0ab1b678e9447eae4b6b2fe5c58531aa8524133db157f196726164e4dc20492_arm64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2025-9230"
        },
        {
          "category": "external",
          "summary": "RHBZ#2396054",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2396054"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2025-9230",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-9230"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-9230",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-9230"
        }
      ],
      "release_date": "2025-09-30T23:59:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2025-12-15T15:38:04+00:00",
          "details": "For more information visit https://access.redhat.com/errata/RHSA-2025:23204",
          "product_ids": [
            "Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:7b04c0154c486aa7dd103ddeaf6bea7b9851859c33a4b979a85261a44a7b77f2_amd64",
            "Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:f0ab1b678e9447eae4b6b2fe5c58531aa8524133db157f196726164e4dc20492_arm64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2025:23204"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
          "product_ids": [
            "Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:7b04c0154c486aa7dd103ddeaf6bea7b9851859c33a4b979a85261a44a7b77f2_amd64",
            "Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:f0ab1b678e9447eae4b6b2fe5c58531aa8524133db157f196726164e4dc20492_arm64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5.6,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.1"
          },
          "products": [
            "Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:7b04c0154c486aa7dd103ddeaf6bea7b9851859c33a4b979a85261a44a7b77f2_amd64",
            "Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:f0ab1b678e9447eae4b6b2fe5c58531aa8524133db157f196726164e4dc20492_arm64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "openssl: Out-of-bounds read \u0026 write in RFC 3211 KEK Unwrap"
    },
    {
      "cve": "CVE-2025-9714",
      "cwe": {
        "id": "CWE-606",
        "name": "Unchecked Input for Loop Condition"
      },
      "discovery_date": "2025-09-02T13:03:56.452000+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2392605"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in libxstl/libxml2. The \u0027exsltDynMapFunction\u0027 function in libexslt/dynamic.c does not contain a recursion depth check, which may cause an infinite loop via a specially crafted XSLT document while handling \u0027dyn:map()\u0027, leading to stack exhaustion and a local denial of service.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "libxslt: libxml2: Inifinite recursion at exsltDynMapFunction function in libexslt/dynamic.c",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "No evidence was found for arbitrary memory corruption through this flaw, limiting its impact to Availability only, and reducing its severity to Moderate.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:7b04c0154c486aa7dd103ddeaf6bea7b9851859c33a4b979a85261a44a7b77f2_amd64",
          "Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:f0ab1b678e9447eae4b6b2fe5c58531aa8524133db157f196726164e4dc20492_arm64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2025-9714"
        },
        {
          "category": "external",
          "summary": "RHBZ#2392605",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2392605"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2025-9714",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-9714"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-9714",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-9714"
        },
        {
          "category": "external",
          "summary": "https://gitlab.gnome.org/GNOME/libxml2/-/commit/677a42645ef22b5a50741bad5facf9d8a8bc6d21",
          "url": "https://gitlab.gnome.org/GNOME/libxml2/-/commit/677a42645ef22b5a50741bad5facf9d8a8bc6d21"
        },
        {
          "category": "external",
          "summary": "https://gitlab.gnome.org/GNOME/libxslt/-/issues/148",
          "url": "https://gitlab.gnome.org/GNOME/libxslt/-/issues/148"
        }
      ],
      "release_date": "2025-09-02T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2025-12-15T15:38:04+00:00",
          "details": "For more information visit https://access.redhat.com/errata/RHSA-2025:23204",
          "product_ids": [
            "Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:7b04c0154c486aa7dd103ddeaf6bea7b9851859c33a4b979a85261a44a7b77f2_amd64",
            "Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:f0ab1b678e9447eae4b6b2fe5c58531aa8524133db157f196726164e4dc20492_arm64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2025:23204"
        },
        {
          "category": "workaround",
          "details": "The impact of this flaw may be reduced by setting strict resource limits to the stack size of processes at the operational system level. This can be achieved either through the \u0027ulimit\u0027 shell built-in or the \u0027limits.conf\u0027 file.",
          "product_ids": [
            "Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:7b04c0154c486aa7dd103ddeaf6bea7b9851859c33a4b979a85261a44a7b77f2_amd64",
            "Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:f0ab1b678e9447eae4b6b2fe5c58531aa8524133db157f196726164e4dc20492_arm64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 6.2,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:7b04c0154c486aa7dd103ddeaf6bea7b9851859c33a4b979a85261a44a7b77f2_amd64",
            "Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:f0ab1b678e9447eae4b6b2fe5c58531aa8524133db157f196726164e4dc20492_arm64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "libxslt: libxml2: Inifinite recursion at exsltDynMapFunction function in libexslt/dynamic.c"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "jub0bs"
          ]
        }
      ],
      "cve": "CVE-2025-22868",
      "cwe": {
        "id": "CWE-1286",
        "name": "Improper Validation of Syntactic Correctness of Input"
      },
      "discovery_date": "2025-02-26T04:00:44.350024+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2348366"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the `golang.org/x/oauth2/jws` package in the token parsing component. This vulnerability is made possible because of the use of `strings.Split(token, \".\")` to split JWT tokens, which can lead to excessive memory consumption when processing maliciously crafted tokens with a large number of `.` characters. An attacker could exploit this functionality by sending numerous malformed tokens and can trigger memory exhaustion and a Denial of Service.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "golang.org/x/oauth2/jws: Unexpected memory consumption during token parsing in golang.org/x/oauth2/jws",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:7b04c0154c486aa7dd103ddeaf6bea7b9851859c33a4b979a85261a44a7b77f2_amd64",
          "Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:f0ab1b678e9447eae4b6b2fe5c58531aa8524133db157f196726164e4dc20492_arm64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2025-22868"
        },
        {
          "category": "external",
          "summary": "RHBZ#2348366",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2348366"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2025-22868",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-22868"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-22868",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-22868"
        },
        {
          "category": "external",
          "summary": "https://go.dev/cl/652155",
          "url": "https://go.dev/cl/652155"
        },
        {
          "category": "external",
          "summary": "https://go.dev/issue/71490",
          "url": "https://go.dev/issue/71490"
        },
        {
          "category": "external",
          "summary": "https://pkg.go.dev/vuln/GO-2025-3488",
          "url": "https://pkg.go.dev/vuln/GO-2025-3488"
        }
      ],
      "release_date": "2025-02-26T03:07:49.012000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2025-12-15T15:38:04+00:00",
          "details": "For more information visit https://access.redhat.com/errata/RHSA-2025:23204",
          "product_ids": [
            "Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:7b04c0154c486aa7dd103ddeaf6bea7b9851859c33a4b979a85261a44a7b77f2_amd64",
            "Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:f0ab1b678e9447eae4b6b2fe5c58531aa8524133db157f196726164e4dc20492_arm64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2025:23204"
        },
        {
          "category": "workaround",
          "details": "To mitigate this vulnerability, it is recommended to pre-validate any payloads passed to `go-jose` to check that they do not contain an excessive amount of `.` characters.",
          "product_ids": [
            "Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:7b04c0154c486aa7dd103ddeaf6bea7b9851859c33a4b979a85261a44a7b77f2_amd64",
            "Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:f0ab1b678e9447eae4b6b2fe5c58531aa8524133db157f196726164e4dc20492_arm64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:7b04c0154c486aa7dd103ddeaf6bea7b9851859c33a4b979a85261a44a7b77f2_amd64",
            "Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:f0ab1b678e9447eae4b6b2fe5c58531aa8524133db157f196726164e4dc20492_arm64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "golang.org/x/oauth2/jws: Unexpected memory consumption during token parsing in golang.org/x/oauth2/jws"
    },
    {
      "cve": "CVE-2025-22869",
      "cwe": {
        "id": "CWE-770",
        "name": "Allocation of Resources Without Limits or Throttling"
      },
      "discovery_date": "2025-02-26T04:00:47.683125+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2348367"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the golang.org/x/crypto/ssh package. SSH clients and servers are vulnerable to increased resource consumption, possibly leading to memory exhaustion and a DoS. This can occur during key exchange when the other party is slow to respond during key exchange.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "golang.org/x/crypto/ssh: Denial of Service in the Key Exchange of golang.org/x/crypto/ssh",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "While this flaw affects both SSH clients and servers implemented with golang.org/x/crypto/ssh, realistically the flaw will only lead to a DoS when transferring large files, greatly reducing the likelihood of exploitation.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:7b04c0154c486aa7dd103ddeaf6bea7b9851859c33a4b979a85261a44a7b77f2_amd64",
          "Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:f0ab1b678e9447eae4b6b2fe5c58531aa8524133db157f196726164e4dc20492_arm64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2025-22869"
        },
        {
          "category": "external",
          "summary": "RHBZ#2348367",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2348367"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2025-22869",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-22869"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-22869",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-22869"
        },
        {
          "category": "external",
          "summary": "https://go.dev/cl/652135",
          "url": "https://go.dev/cl/652135"
        },
        {
          "category": "external",
          "summary": "https://go.dev/issue/71931",
          "url": "https://go.dev/issue/71931"
        },
        {
          "category": "external",
          "summary": "https://pkg.go.dev/vuln/GO-2025-3487",
          "url": "https://pkg.go.dev/vuln/GO-2025-3487"
        }
      ],
      "release_date": "2025-02-26T03:07:48.855000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2025-12-15T15:38:04+00:00",
          "details": "For more information visit https://access.redhat.com/errata/RHSA-2025:23204",
          "product_ids": [
            "Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:7b04c0154c486aa7dd103ddeaf6bea7b9851859c33a4b979a85261a44a7b77f2_amd64",
            "Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:f0ab1b678e9447eae4b6b2fe5c58531aa8524133db157f196726164e4dc20492_arm64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2025:23204"
        },
        {
          "category": "workaround",
          "details": "This flaw can be mitigated when using the client only connecting to trusted servers.",
          "product_ids": [
            "Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:7b04c0154c486aa7dd103ddeaf6bea7b9851859c33a4b979a85261a44a7b77f2_amd64",
            "Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:f0ab1b678e9447eae4b6b2fe5c58531aa8524133db157f196726164e4dc20492_arm64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:7b04c0154c486aa7dd103ddeaf6bea7b9851859c33a4b979a85261a44a7b77f2_amd64",
            "Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:f0ab1b678e9447eae4b6b2fe5c58531aa8524133db157f196726164e4dc20492_arm64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "golang.org/x/crypto/ssh: Denial of Service in the Key Exchange of golang.org/x/crypto/ssh"
    },
    {
      "cve": "CVE-2025-52565",
      "cwe": {
        "id": "CWE-59",
        "name": "Improper Link Resolution Before File Access (\u0027Link Following\u0027)"
      },
      "discovery_date": "2025-10-17T14:19:18.653000+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2404708"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in runc. CVE-2025-52565 is very similar in concept and application toCVE-2025-31133, except that it exploits a flaw in /dev/console\nbind-mounts. When creating the /dev/console bind-mount (to /dev/pts/$n), if an attacker replaces /dev/pts/$n with a symlink then runc will bind-mount the symlink target over /dev/console.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "runc: container escape with malicious config due to /dev/console mount and related races",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Red Hat considers this as an Important flaw since the impact is limited to local attack with minimal privileges in order to jeopardize the environment.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:7b04c0154c486aa7dd103ddeaf6bea7b9851859c33a4b979a85261a44a7b77f2_amd64",
          "Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:f0ab1b678e9447eae4b6b2fe5c58531aa8524133db157f196726164e4dc20492_arm64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2025-52565"
        },
        {
          "category": "external",
          "summary": "RHBZ#2404708",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2404708"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2025-52565",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-52565"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-52565",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-52565"
        },
        {
          "category": "external",
          "summary": "https://github.com/opencontainers/runc/security/advisories/GHSA-qw9x-cqr3-wc7r",
          "url": "https://github.com/opencontainers/runc/security/advisories/GHSA-qw9x-cqr3-wc7r"
        }
      ],
      "release_date": "2025-11-05T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2025-12-15T15:38:04+00:00",
          "details": "For more information visit https://access.redhat.com/errata/RHSA-2025:23204",
          "product_ids": [
            "Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:7b04c0154c486aa7dd103ddeaf6bea7b9851859c33a4b979a85261a44a7b77f2_amd64",
            "Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:f0ab1b678e9447eae4b6b2fe5c58531aa8524133db157f196726164e4dc20492_arm64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2025:23204"
        },
        {
          "category": "workaround",
          "details": "Potential mitigations for this issue include:\n\n* Using user namespaces, with the host root user not mapped into the container\u0027s namespace. procfs file permissions are managed using Unix DAC and thus user namespaces stop a container process from being able to write to them.\n* Not running as a root user in the container (this includes disabling setuid binaries with noNewPrivileges). As above, procfs file permissions are managed using Unix DAC and thus non-root users cannot write to them.\n* The default SELinux policy should mitigate this issue, as the /dev/console bind-mount does not re-label the mount and so the container process should not be able to write to unsafe procfs files. However, CVE-2025-52881 allows an attacker to bypass LSM labels, and so this mitigation is not helpful when considered in combination with CVE-2025-52881.\n* The default AppArmor profile used by most runtimes will NOT help mitigate this issue, as /dev/console access is permitted. You could create a custom profile that blocks access to /dev/console, but such a profile might break regular containers. In addition, CVE-2025-52881 allows an attacker to bypass LSM labels, and so that mitigation is not helpful when considered in combination with CVE-2025-52881.",
          "product_ids": [
            "Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:7b04c0154c486aa7dd103ddeaf6bea7b9851859c33a4b979a85261a44a7b77f2_amd64",
            "Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:f0ab1b678e9447eae4b6b2fe5c58531aa8524133db157f196726164e4dc20492_arm64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 8.2,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:7b04c0154c486aa7dd103ddeaf6bea7b9851859c33a4b979a85261a44a7b77f2_amd64",
            "Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:f0ab1b678e9447eae4b6b2fe5c58531aa8524133db157f196726164e4dc20492_arm64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "runc: container escape with malicious config due to /dev/console mount and related races"
    },
    {
      "cve": "CVE-2025-59375",
      "cwe": {
        "id": "CWE-770",
        "name": "Allocation of Resources Without Limits or Throttling"
      },
      "discovery_date": "2025-09-15T03:00:59.775098+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2395108"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A memory amplification vulnerability in libexpat allows attackers to trigger excessive dynamic memory allocations by submitting specially crafted XML input. A small input (~250 KiB) can cause the parser to allocate hundreds of megabytes, leading to denial-of-service (DoS) through memory exhaustion.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "firefox: thunderbird: expat: libexpat in Expat allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This issue is Important rather than Critical because, while it allows for significant resource exhaustion leading to denial-of-service (DoS), it does not enable arbitrary code execution, data leakage, or privilege escalation. The vulnerability stems from an uncontrolled memory amplification behavior in libexpat\u2019s parser, where a relatively small XML payload can cause disproportionately large heap allocations. However, the flaw is limited in scope to service disruption and requires the attacker to submit a crafted XML document\u2014something that can be mitigated with proper input validation and memory usage limits. Therefore, while the exploitability is high, the impact is confined to availability, not confidentiality or integrity, making it a high-severity but not critical flaw.\n\nIn Firefox and Thunderbird, where libexpat is a transitive userspace dependency, exploitation usually just crashes the application (app-level DoS), so it is classified as Moderate instead of Important.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:7b04c0154c486aa7dd103ddeaf6bea7b9851859c33a4b979a85261a44a7b77f2_amd64",
          "Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:f0ab1b678e9447eae4b6b2fe5c58531aa8524133db157f196726164e4dc20492_arm64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2025-59375"
        },
        {
          "category": "external",
          "summary": "RHBZ#2395108",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2395108"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2025-59375",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-59375"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-59375",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-59375"
        },
        {
          "category": "external",
          "summary": "https://www.mozilla.org/security/advisories/mfsa2026-22/#CVE-2025-59375",
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-22/#CVE-2025-59375"
        },
        {
          "category": "external",
          "summary": "https://www.mozilla.org/security/advisories/mfsa2026-24/#CVE-2025-59375",
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-24/#CVE-2025-59375"
        }
      ],
      "release_date": "2025-09-15T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2025-12-15T15:38:04+00:00",
          "details": "For more information visit https://access.redhat.com/errata/RHSA-2025:23204",
          "product_ids": [
            "Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:7b04c0154c486aa7dd103ddeaf6bea7b9851859c33a4b979a85261a44a7b77f2_amd64",
            "Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:f0ab1b678e9447eae4b6b2fe5c58531aa8524133db157f196726164e4dc20492_arm64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2025:23204"
        },
        {
          "category": "workaround",
          "details": "To mitigate the issue, limit XML input size and complexity before parsing, and avoid accepting compressed or deeply nested XML. Use OS-level resource controls (like ulimit or setrlimit()) to cap memory usage, or run the parser in a sandboxed or isolated process with strict memory and CPU limits. This helps prevent denial-of-service by containing excessive resource consumption.",
          "product_ids": [
            "Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:7b04c0154c486aa7dd103ddeaf6bea7b9851859c33a4b979a85261a44a7b77f2_amd64",
            "Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:f0ab1b678e9447eae4b6b2fe5c58531aa8524133db157f196726164e4dc20492_arm64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          },
          "products": [
            "Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:7b04c0154c486aa7dd103ddeaf6bea7b9851859c33a4b979a85261a44a7b77f2_amd64",
            "Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:f0ab1b678e9447eae4b6b2fe5c58531aa8524133db157f196726164e4dc20492_arm64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "firefox: thunderbird: expat: libexpat in Expat allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing"
    },
    {
      "cve": "CVE-2025-62164",
      "cwe": {
        "id": "CWE-787",
        "name": "Out-of-bounds Write"
      },
      "discovery_date": "2025-11-21T02:01:11.280042+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2416282"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A vulnerability in vLLM allows attackers to supply malicious serialized prompt-embedding tensors that are deserialized using torch.load() without validation. Due to PyTorch 2.8.0 disabling sparse-tensor integrity checks by default, a crafted tensor can bypass bounds checks and cause an out-of-bounds write during to_dense(), leading to a crash (DoS) and potentially remote code execution on the vLLM server.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "vllm: VLLM deserialization vulnerability leading to DoS and potential RCE",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This vulnerability is considered important rather than moderate because it involves unsafe deserialization leading to memory corruption in a network-reachable, unauthenticated API path. Unlike typical moderate flaws that may only allow limited DoS or require specific conditions, this issue allows an attacker to supply a crafted sparse tensor that triggers an out-of-bounds memory write during PyTorch\u2019s to_dense() conversion. Memory corruption in a server process handling untrusted input significantly elevates security risk because it can lead not only to a reliable crash but also to potential remote code execution, enabling full compromise of the vLLM service. Additionally, the affected code path is part of the standard Completions API workflow, making the attack surface broadly exposed in real deployments. The combination of remote exploitability, unauthenticated access, memory corruption, and potential RCE clearly positions this issue above a moderate classification and into an important severity level.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:7b04c0154c486aa7dd103ddeaf6bea7b9851859c33a4b979a85261a44a7b77f2_amd64",
          "Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:f0ab1b678e9447eae4b6b2fe5c58531aa8524133db157f196726164e4dc20492_arm64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2025-62164"
        },
        {
          "category": "external",
          "summary": "RHBZ#2416282",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2416282"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2025-62164",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-62164"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-62164",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-62164"
        },
        {
          "category": "external",
          "summary": "https://github.com/vllm-project/vllm/commit/58fab50d82838d5014f4a14d991fdb9352c9c84b",
          "url": "https://github.com/vllm-project/vllm/commit/58fab50d82838d5014f4a14d991fdb9352c9c84b"
        },
        {
          "category": "external",
          "summary": "https://github.com/vllm-project/vllm/pull/27204",
          "url": "https://github.com/vllm-project/vllm/pull/27204"
        },
        {
          "category": "external",
          "summary": "https://github.com/vllm-project/vllm/security/advisories/GHSA-mrw7-hf4f-83pf",
          "url": "https://github.com/vllm-project/vllm/security/advisories/GHSA-mrw7-hf4f-83pf"
        }
      ],
      "release_date": "2025-11-21T01:18:38.803000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2025-12-15T15:38:04+00:00",
          "details": "For more information visit https://access.redhat.com/errata/RHSA-2025:23204",
          "product_ids": [
            "Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:7b04c0154c486aa7dd103ddeaf6bea7b9851859c33a4b979a85261a44a7b77f2_amd64",
            "Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:f0ab1b678e9447eae4b6b2fe5c58531aa8524133db157f196726164e4dc20492_arm64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2025:23204"
        },
        {
          "category": "workaround",
          "details": "No mitigation is currently available that meets Red Hat Product Security\u2019s standards for usability, deployment, applicability, or stability.",
          "product_ids": [
            "Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:7b04c0154c486aa7dd103ddeaf6bea7b9851859c33a4b979a85261a44a7b77f2_amd64",
            "Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:f0ab1b678e9447eae4b6b2fe5c58531aa8524133db157f196726164e4dc20492_arm64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:7b04c0154c486aa7dd103ddeaf6bea7b9851859c33a4b979a85261a44a7b77f2_amd64",
            "Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:f0ab1b678e9447eae4b6b2fe5c58531aa8524133db157f196726164e4dc20492_arm64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "vllm: VLLM deserialization vulnerability leading to DoS and potential RCE"
    },
    {
      "cve": "CVE-2025-62372",
      "cwe": {
        "id": "CWE-129",
        "name": "Improper Validation of Array Index"
      },
      "discovery_date": "2025-11-21T02:00:57.180567+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2416280"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A denial-of-service vulnerability in vLLM allows an attacker with API access to crash the engine by submitting multimodal embedding tensors that have the correct number of dimensions but an invalid internal shape. Because vLLM validates only the tensor\u2019s ndim and not the full expected shape, malformed embeddings trigger shape mismatches or validation failures during processing, causing the inference engine to terminate.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "vllm: vLLM vulnerable to DoS with incorrect shape of multimodal embedding inputs",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This flaw is rated Moderate rather than Important because its impact is strictly limited to availability and requires low but existing privileges to exploit. The issue arises from incomplete shape validation of multimodal embedding tensors, which can cause deterministic crashes in the inference engine, but it does not enable memory corruption, data leakage, integrity compromise, or execution of arbitrary code. Exploitation requires an authenticated or API-key-holding user to submit malformed multimodal inputs, meaning it cannot be triggered by an unauthenticated attacker on an exposed endpoint. Additionally, the failure mode is a clean crash rather than undefined behavior, so the blast radius is constrained to service interruption rather than broader systemic compromise. These factors\u2014PR:L requirement, no confidentiality/integrity impact, deterministic failure mode, and scoped DoS only\u2014technically align the issue with Moderate severity instead of an Important flaw.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:7b04c0154c486aa7dd103ddeaf6bea7b9851859c33a4b979a85261a44a7b77f2_amd64",
          "Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:f0ab1b678e9447eae4b6b2fe5c58531aa8524133db157f196726164e4dc20492_arm64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2025-62372"
        },
        {
          "category": "external",
          "summary": "RHBZ#2416280",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2416280"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2025-62372",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-62372"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-62372",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-62372"
        },
        {
          "category": "external",
          "summary": "https://github.com/vllm-project/vllm/commit/58fab50d82838d5014f4a14d991fdb9352c9c84b",
          "url": "https://github.com/vllm-project/vllm/commit/58fab50d82838d5014f4a14d991fdb9352c9c84b"
        },
        {
          "category": "external",
          "summary": "https://github.com/vllm-project/vllm/pull/27204",
          "url": "https://github.com/vllm-project/vllm/pull/27204"
        },
        {
          "category": "external",
          "summary": "https://github.com/vllm-project/vllm/pull/6613",
          "url": "https://github.com/vllm-project/vllm/pull/6613"
        },
        {
          "category": "external",
          "summary": "https://github.com/vllm-project/vllm/security/advisories/GHSA-pmqf-x6x8-p7qw",
          "url": "https://github.com/vllm-project/vllm/security/advisories/GHSA-pmqf-x6x8-p7qw"
        }
      ],
      "release_date": "2025-11-21T01:22:37.121000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2025-12-15T15:38:04+00:00",
          "details": "For more information visit https://access.redhat.com/errata/RHSA-2025:23204",
          "product_ids": [
            "Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:7b04c0154c486aa7dd103ddeaf6bea7b9851859c33a4b979a85261a44a7b77f2_amd64",
            "Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:f0ab1b678e9447eae4b6b2fe5c58531aa8524133db157f196726164e4dc20492_arm64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2025:23204"
        },
        {
          "category": "workaround",
          "details": "No mitigation is currently available that meets Red Hat Product Security\u2019s standards for usability, deployment, applicability, or stability.",
          "product_ids": [
            "Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:7b04c0154c486aa7dd103ddeaf6bea7b9851859c33a4b979a85261a44a7b77f2_amd64",
            "Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:f0ab1b678e9447eae4b6b2fe5c58531aa8524133db157f196726164e4dc20492_arm64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:7b04c0154c486aa7dd103ddeaf6bea7b9851859c33a4b979a85261a44a7b77f2_amd64",
            "Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:f0ab1b678e9447eae4b6b2fe5c58531aa8524133db157f196726164e4dc20492_arm64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "vllm: vLLM vulnerable to DoS with incorrect shape of multimodal embedding inputs"
    },
    {
      "cve": "CVE-2025-62593",
      "cwe": {
        "id": "CWE-94",
        "name": "Improper Control of Generation of Code (\u0027Code Injection\u0027)"
      },
      "discovery_date": "2025-11-26T23:01:25.307125+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2417394"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Ray\u2019s HTTP API endpoint handling (e.g. /api/jobs, /api/job_agent/jobs/), which allows a remote attacker to trigger arbitrary code execution when a developer using Ray visits a malicious website in a vulnerable browser (e.g. Firefox or Safari). The root cause is an insufficient defense relying solely on the User-Agent header starting with \u201cMozilla\u201d, which can be manipulated under the fetch specification \u2014 enabling a DNS-rebinding attack to bypass browser-based protections.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "ray: Ray is vulnerable to RCE via Safari \u0026 Firefox Browsers through DNS Rebinding Attack",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Red Hat has chosen to keep this as Important instead of Critical severity because the successful exploitation of this vulnerability requires user interaction in conjunction with a DNS rebinding attack.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:7b04c0154c486aa7dd103ddeaf6bea7b9851859c33a4b979a85261a44a7b77f2_amd64",
          "Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:f0ab1b678e9447eae4b6b2fe5c58531aa8524133db157f196726164e4dc20492_arm64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2025-62593"
        },
        {
          "category": "external",
          "summary": "RHBZ#2417394",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2417394"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2025-62593",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-62593"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-62593",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-62593"
        },
        {
          "category": "external",
          "summary": "https://github.com/ray-project/ray/commit/70e7c72780bdec075dba6cad1afe0832772bfe09",
          "url": "https://github.com/ray-project/ray/commit/70e7c72780bdec075dba6cad1afe0832772bfe09"
        },
        {
          "category": "external",
          "summary": "https://github.com/ray-project/ray/security/advisories/GHSA-q279-jhrf-cc6v",
          "url": "https://github.com/ray-project/ray/security/advisories/GHSA-q279-jhrf-cc6v"
        }
      ],
      "release_date": "2025-11-26T22:28:28.577000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2025-12-15T15:38:04+00:00",
          "details": "For more information visit https://access.redhat.com/errata/RHSA-2025:23204",
          "product_ids": [
            "Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:7b04c0154c486aa7dd103ddeaf6bea7b9851859c33a4b979a85261a44a7b77f2_amd64",
            "Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:f0ab1b678e9447eae4b6b2fe5c58531aa8524133db157f196726164e4dc20492_arm64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2025:23204"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
          "product_ids": [
            "Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:7b04c0154c486aa7dd103ddeaf6bea7b9851859c33a4b979a85261a44a7b77f2_amd64",
            "Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:f0ab1b678e9447eae4b6b2fe5c58531aa8524133db157f196726164e4dc20492_arm64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:7b04c0154c486aa7dd103ddeaf6bea7b9851859c33a4b979a85261a44a7b77f2_amd64",
            "Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:f0ab1b678e9447eae4b6b2fe5c58531aa8524133db157f196726164e4dc20492_arm64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "ray: Ray is vulnerable to RCE via Safari \u0026 Firefox Browsers through DNS Rebinding Attack"
    },
    {
      "cve": "CVE-2025-66448",
      "cwe": {
        "id": "CWE-94",
        "name": "Improper Control of Generation of Code (\u0027Code Injection\u0027)"
      },
      "discovery_date": "2025-12-01T23:01:07.198041+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2418152"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A remote code execution vulnerability has been identified in vLLM. An attacker can exploit a weakness in the model loading process to silently fetch and run unauthorized, malicious Python code on the host system. This happens because the engine mistakenly executes code from a remote repository referenced in a model\u0027s configuration, even when explicit security measures are set to prevent it.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "vllm: vLLM: Remote Code Execution via malicious model configuration",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This vulnerability is rated Important for Red Hat because vLLM, when deployed in a Red Hat environment, is susceptible to remote code execution. An attacker can craft a malicious model configuration that, when loaded, fetches and executes arbitrary Python code from a remote repository, even if `trust_remote_code` is explicitly set to `False`.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:7b04c0154c486aa7dd103ddeaf6bea7b9851859c33a4b979a85261a44a7b77f2_amd64",
          "Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:f0ab1b678e9447eae4b6b2fe5c58531aa8524133db157f196726164e4dc20492_arm64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2025-66448"
        },
        {
          "category": "external",
          "summary": "RHBZ#2418152",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2418152"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2025-66448",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-66448"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-66448",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66448"
        },
        {
          "category": "external",
          "summary": "https://github.com/vllm-project/vllm/commit/ffb08379d8870a1a81ba82b72797f196838d0c86",
          "url": "https://github.com/vllm-project/vllm/commit/ffb08379d8870a1a81ba82b72797f196838d0c86"
        },
        {
          "category": "external",
          "summary": "https://github.com/vllm-project/vllm/pull/28126",
          "url": "https://github.com/vllm-project/vllm/pull/28126"
        },
        {
          "category": "external",
          "summary": "https://github.com/vllm-project/vllm/security/advisories/GHSA-8fr4-5q9j-m8gm",
          "url": "https://github.com/vllm-project/vllm/security/advisories/GHSA-8fr4-5q9j-m8gm"
        }
      ],
      "release_date": "2025-12-01T22:45:42.566000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2025-12-15T15:38:04+00:00",
          "details": "For more information visit https://access.redhat.com/errata/RHSA-2025:23204",
          "product_ids": [
            "Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:7b04c0154c486aa7dd103ddeaf6bea7b9851859c33a4b979a85261a44a7b77f2_amd64",
            "Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:f0ab1b678e9447eae4b6b2fe5c58531aa8524133db157f196726164e4dc20492_arm64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2025:23204"
        },
        {
          "category": "workaround",
          "details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.",
          "product_ids": [
            "Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:7b04c0154c486aa7dd103ddeaf6bea7b9851859c33a4b979a85261a44a7b77f2_amd64",
            "Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:f0ab1b678e9447eae4b6b2fe5c58531aa8524133db157f196726164e4dc20492_arm64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:7b04c0154c486aa7dd103ddeaf6bea7b9851859c33a4b979a85261a44a7b77f2_amd64",
            "Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:f0ab1b678e9447eae4b6b2fe5c58531aa8524133db157f196726164e4dc20492_arm64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "vllm: vLLM: Remote Code Execution via malicious model configuration"
    },
    {
      "cve": "CVE-2025-66506",
      "cwe": {
        "id": "CWE-405",
        "name": "Asymmetric Resource Consumption (Amplification)"
      },
      "discovery_date": "2025-12-04T23:01:20.507333+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2419056"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Fulcio, a free-to-use certificate authority. This vulnerability allows a denial of service (DoS) due to excessive memory allocation when processing a malicious OpenID Connect (OIDC) identity token containing numerous period characters.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "github.com/sigstore/fulcio: Fulcio: Denial of Service via crafted OpenID Connect (OIDC) token",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This vulnerability is rated Important for Red Hat as Fulcio, a certificate authority used for issuing code signing certificates, is susceptible to a denial of service when processing a specially crafted OpenID Connect (OIDC) token. This could lead to resource exhaustion and service unavailability in affected Red Hat products that utilize Fulcio.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:7b04c0154c486aa7dd103ddeaf6bea7b9851859c33a4b979a85261a44a7b77f2_amd64",
          "Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:f0ab1b678e9447eae4b6b2fe5c58531aa8524133db157f196726164e4dc20492_arm64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2025-66506"
        },
        {
          "category": "external",
          "summary": "RHBZ#2419056",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2419056"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2025-66506",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-66506"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-66506",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66506"
        },
        {
          "category": "external",
          "summary": "https://github.com/sigstore/fulcio/commit/765a0e57608b9ef390e1eeeea8595b9054c63a5a",
          "url": "https://github.com/sigstore/fulcio/commit/765a0e57608b9ef390e1eeeea8595b9054c63a5a"
        },
        {
          "category": "external",
          "summary": "https://github.com/sigstore/fulcio/security/advisories/GHSA-f83f-xpx7-ffpw",
          "url": "https://github.com/sigstore/fulcio/security/advisories/GHSA-f83f-xpx7-ffpw"
        }
      ],
      "release_date": "2025-12-04T22:04:41.637000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2025-12-15T15:38:04+00:00",
          "details": "For more information visit https://access.redhat.com/errata/RHSA-2025:23204",
          "product_ids": [
            "Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:7b04c0154c486aa7dd103ddeaf6bea7b9851859c33a4b979a85261a44a7b77f2_amd64",
            "Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:f0ab1b678e9447eae4b6b2fe5c58531aa8524133db157f196726164e4dc20492_arm64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2025:23204"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:7b04c0154c486aa7dd103ddeaf6bea7b9851859c33a4b979a85261a44a7b77f2_amd64",
            "Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:f0ab1b678e9447eae4b6b2fe5c58531aa8524133db157f196726164e4dc20492_arm64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "github.com/sigstore/fulcio: Fulcio: Denial of Service via crafted OpenID Connect (OIDC) token"
    }
  ]
}

RHSA-2025:23205

Vulnerability from csaf_redhat - Published: 2025-12-15 15:38 - Updated: 2026-05-29 19:34

Summary

Red Hat Security Advisory: Red Hat AI Inference Server 3.2.5 (ROCm)

Severity

Important

Notes

Topic: Red Hat AI Inference Server 3.2.5 (ROCm) is now available.

Details: Red Hat® AI Inference Server

Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

CVE-2025-9230

A flaw was found in the OpenSSL CMS implementation (RFC 3211 KEK Unwrap). This vulnerability allows memory corruption, an application level denial of service, or potential execution of attacker-supplied code via crafted CMS messages using password-based encryption (PWRI).

5.6 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

CWE-787 - Out-of-bounds Write

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Unresolved product id: Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:e3b3efcdd86f60b90664a249d45918b2ac5f45bae5eed5399e310d63e878b287_amd64		—	Vendor Fix fix Workaround

Threats

Impact Moderate

CVE-2025-9714

A flaw was found in libxstl/libxml2. The 'exsltDynMapFunction' function in libexslt/dynamic.c does not contain a recursion depth check, which may cause an infinite loop via a specially crafted XSLT document while handling 'dyn:map()', leading to stack exhaustion and a local denial of service.

6.2 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-606 - Unchecked Input for Loop Condition

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Unresolved product id: Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:e3b3efcdd86f60b90664a249d45918b2ac5f45bae5eed5399e310d63e878b287_amd64		—	Vendor Fix fix Workaround

Threats

Impact Moderate

CVE-2025-22868

A flaw was found in the `golang.org/x/oauth2/jws` package in the token parsing component. This vulnerability is made possible because of the use of `strings.Split(token, ".")` to split JWT tokens, which can lead to excessive memory consumption when processing maliciously crafted tokens with a large number of `.` characters. An attacker could exploit this functionality by sending numerous malformed tokens and can trigger memory exhaustion and a Denial of Service.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-1286 - Improper Validation of Syntactic Correctness of Input

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Unresolved product id: Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:e3b3efcdd86f60b90664a249d45918b2ac5f45bae5eed5399e310d63e878b287_amd64		—	Vendor Fix fix Workaround

Threats

Impact Important

CVE-2025-22869

A flaw was found in the golang.org/x/crypto/ssh package. SSH clients and servers are vulnerable to increased resource consumption, possibly leading to memory exhaustion and a DoS. This can occur during key exchange when the other party is slow to respond during key exchange.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-770 - Allocation of Resources Without Limits or Throttling

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Unresolved product id: Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:e3b3efcdd86f60b90664a249d45918b2ac5f45bae5eed5399e310d63e878b287_amd64		—	Vendor Fix fix Workaround

Threats

Impact Important

CVE-2025-47906

A path handling flaw has been discovered in the os/exec go package. If the PATH environment variable contains paths which are executables (rather than just directories), passing certain strings to LookPath ("", ".", and ".."), can result in the binaries listed in the PATH being unexpectedly returned.

6.5 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L

CWE-440 - Expected Behavior Violation

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Unresolved product id: Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:e3b3efcdd86f60b90664a249d45918b2ac5f45bae5eed5399e310d63e878b287_amd64		—	Vendor Fix fix Workaround

Threats

Impact Moderate

CVE-2025-52565

A flaw was found in runc. CVE-2025-52565 is very similar in concept and application toCVE-2025-31133, except that it exploits a flaw in /dev/console bind-mounts. When creating the /dev/console bind-mount (to /dev/pts/$n), if an attacker replaces /dev/pts/$n with a symlink then runc will bind-mount the symlink target over /dev/console.

8.2 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

CWE-59 - Improper Link Resolution Before File Access ('Link Following')

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Unresolved product id: Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:e3b3efcdd86f60b90664a249d45918b2ac5f45bae5eed5399e310d63e878b287_amd64		—	Vendor Fix fix Workaround

Threats

Impact Important

CVE-2025-59375

A memory amplification vulnerability in libexpat allows attackers to trigger excessive dynamic memory allocations by submitting specially crafted XML input. A small input (~250 KiB) can cause the parser to allocate hundreds of megabytes, leading to denial-of-service (DoS) through memory exhaustion.

5.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

CWE-770 - Allocation of Resources Without Limits or Throttling

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Unresolved product id: Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:e3b3efcdd86f60b90664a249d45918b2ac5f45bae5eed5399e310d63e878b287_amd64		—	Vendor Fix fix Workaround

Threats

Impact Important

CVE-2025-62164

A vulnerability in vLLM allows attackers to supply malicious serialized prompt-embedding tensors that are deserialized using torch.load() without validation. Due to PyTorch 2.8.0 disabling sparse-tensor integrity checks by default, a crafted tensor can bypass bounds checks and cause an out-of-bounds write during to_dense(), leading to a crash (DoS) and potentially remote code execution on the vLLM server.

8.8 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-787 - Out-of-bounds Write

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Unresolved product id: Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:e3b3efcdd86f60b90664a249d45918b2ac5f45bae5eed5399e310d63e878b287_amd64		—	Vendor Fix fix Workaround

Threats

Impact Important

CVE-2025-62372

A denial-of-service vulnerability in vLLM allows an attacker with API access to crash the engine by submitting multimodal embedding tensors that have the correct number of dimensions but an invalid internal shape. Because vLLM validates only the tensor’s ndim and not the full expected shape, malformed embeddings trigger shape mismatches or validation failures during processing, causing the inference engine to terminate.

6.5 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE-129 - Improper Validation of Array Index

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Unresolved product id: Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:e3b3efcdd86f60b90664a249d45918b2ac5f45bae5eed5399e310d63e878b287_amd64		—	Vendor Fix fix Workaround

Threats

Impact Moderate

CVE-2025-66448

A remote code execution vulnerability has been identified in vLLM. An attacker can exploit a weakness in the model loading process to silently fetch and run unauthorized, malicious Python code on the host system. This happens because the engine mistakenly executes code from a remote repository referenced in a model's configuration, even when explicit security measures are set to prevent it.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-94 - Improper Control of Generation of Code ('Code Injection')

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Unresolved product id: Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:e3b3efcdd86f60b90664a249d45918b2ac5f45bae5eed5399e310d63e878b287_amd64		—	Vendor Fix fix Workaround

Threats

Impact Important

CVE-2025-66506

A flaw was found in Fulcio, a free-to-use certificate authority. This vulnerability allows a denial of service (DoS) due to excessive memory allocation when processing a malicious OpenID Connect (OIDC) identity token containing numerous period characters.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-405 - Asymmetric Resource Consumption (Amplification)

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Unresolved product id: Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:e3b3efcdd86f60b90664a249d45918b2ac5f45bae5eed5399e310d63e878b287_amd64		—	Vendor Fix fix

Threats

Impact Important

References

84 references

URL	Category
https://access.redhat.com/errata/RHSA-2025:23205	self
https://access.redhat.com/security/cve/CVE-2025-22868	external
https://access.redhat.com/security/cve/CVE-2025-22869	external
https://access.redhat.com/security/cve/CVE-2025-47906	external
https://access.redhat.com/security/cve/CVE-2025-52565	external
https://access.redhat.com/security/cve/CVE-2025-59375	external
https://access.redhat.com/security/cve/CVE-2025-62164	external
https://access.redhat.com/security/cve/CVE-2025-62372	external
https://access.redhat.com/security/cve/CVE-2025-66448	external
https://access.redhat.com/security/cve/CVE-2025-66506	external
https://access.redhat.com/security/cve/CVE-2025-9230	external
https://access.redhat.com/security/cve/CVE-2025-9714	external
https://access.redhat.com/security/updates/classi…	external
https://www.redhat.com/en/products/ai/inference-server	external
https://security.access.redhat.com/data/csaf/v2/a…	self
https://access.redhat.com/security/cve/CVE-2025-9230	self
https://bugzilla.redhat.com/show_bug.cgi?id=2396054	external
https://www.cve.org/CVERecord?id=CVE-2025-9230	external
https://nvd.nist.gov/vuln/detail/CVE-2025-9230	external
https://access.redhat.com/security/cve/CVE-2025-9714	self
https://bugzilla.redhat.com/show_bug.cgi?id=2392605	external
https://www.cve.org/CVERecord?id=CVE-2025-9714	external
https://nvd.nist.gov/vuln/detail/CVE-2025-9714	external
https://gitlab.gnome.org/GNOME/libxml2/-/commit/6…	external
https://gitlab.gnome.org/GNOME/libxslt/-/issues/148	external
https://access.redhat.com/security/cve/CVE-2025-22868	self
https://bugzilla.redhat.com/show_bug.cgi?id=2348366	external
https://www.cve.org/CVERecord?id=CVE-2025-22868	external
https://nvd.nist.gov/vuln/detail/CVE-2025-22868	external
https://go.dev/cl/652155	external
https://go.dev/issue/71490	external
https://pkg.go.dev/vuln/GO-2025-3488	external
https://access.redhat.com/security/cve/CVE-2025-22869	self
https://bugzilla.redhat.com/show_bug.cgi?id=2348367	external
https://www.cve.org/CVERecord?id=CVE-2025-22869	external
https://nvd.nist.gov/vuln/detail/CVE-2025-22869	external
https://go.dev/cl/652135	external
https://go.dev/issue/71931	external
https://pkg.go.dev/vuln/GO-2025-3487	external
https://access.redhat.com/security/cve/CVE-2025-47906	self
https://bugzilla.redhat.com/show_bug.cgi?id=2396546	external
https://www.cve.org/CVERecord?id=CVE-2025-47906	external
https://nvd.nist.gov/vuln/detail/CVE-2025-47906	external
https://go.dev/cl/691775	external
https://go.dev/issue/74466	external
https://groups.google.com/g/golang-announce/c/x5M…	external
https://pkg.go.dev/vuln/GO-2025-3956	external
https://access.redhat.com/security/cve/CVE-2025-52565	self
https://bugzilla.redhat.com/show_bug.cgi?id=2404708	external
https://www.cve.org/CVERecord?id=CVE-2025-52565	external
https://nvd.nist.gov/vuln/detail/CVE-2025-52565	external
https://github.com/opencontainers/runc/security/a…	external
https://access.redhat.com/security/cve/CVE-2025-59375	self
https://bugzilla.redhat.com/show_bug.cgi?id=2395108	external
https://www.cve.org/CVERecord?id=CVE-2025-59375	external
https://nvd.nist.gov/vuln/detail/CVE-2025-59375	external
https://www.mozilla.org/security/advisories/mfsa2…	external
https://www.mozilla.org/security/advisories/mfsa2…	external
https://access.redhat.com/security/cve/CVE-2025-62164	self
https://bugzilla.redhat.com/show_bug.cgi?id=2416282	external
https://www.cve.org/CVERecord?id=CVE-2025-62164	external
https://nvd.nist.gov/vuln/detail/CVE-2025-62164	external
https://github.com/vllm-project/vllm/commit/58fab…	external
https://github.com/vllm-project/vllm/pull/27204	external
https://github.com/vllm-project/vllm/security/adv…	external
https://access.redhat.com/security/cve/CVE-2025-62372	self
https://bugzilla.redhat.com/show_bug.cgi?id=2416280	external
https://www.cve.org/CVERecord?id=CVE-2025-62372	external
https://nvd.nist.gov/vuln/detail/CVE-2025-62372	external
https://github.com/vllm-project/vllm/pull/6613	external
https://github.com/vllm-project/vllm/security/adv…	external
https://access.redhat.com/security/cve/CVE-2025-66448	self
https://bugzilla.redhat.com/show_bug.cgi?id=2418152	external
https://www.cve.org/CVERecord?id=CVE-2025-66448	external
https://nvd.nist.gov/vuln/detail/CVE-2025-66448	external
https://github.com/vllm-project/vllm/commit/ffb08…	external
https://github.com/vllm-project/vllm/pull/28126	external
https://github.com/vllm-project/vllm/security/adv…	external
https://access.redhat.com/security/cve/CVE-2025-66506	self
https://bugzilla.redhat.com/show_bug.cgi?id=2419056	external
https://www.cve.org/CVERecord?id=CVE-2025-66506	external
https://nvd.nist.gov/vuln/detail/CVE-2025-66506	external
https://github.com/sigstore/fulcio/commit/765a0e5…	external
https://github.com/sigstore/fulcio/security/advis…	external

Acknowledgments

jub0bs

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Red Hat AI Inference Server 3.2.5 (ROCm) is now available.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "Red Hat\u00ae AI Inference Server",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2025:23205",
        "url": "https://access.redhat.com/errata/RHSA-2025:23205"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/CVE-2025-22868",
        "url": "https://access.redhat.com/security/cve/CVE-2025-22868"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/CVE-2025-22869",
        "url": "https://access.redhat.com/security/cve/CVE-2025-22869"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/CVE-2025-47906",
        "url": "https://access.redhat.com/security/cve/CVE-2025-47906"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/CVE-2025-52565",
        "url": "https://access.redhat.com/security/cve/CVE-2025-52565"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/CVE-2025-59375",
        "url": "https://access.redhat.com/security/cve/CVE-2025-59375"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/CVE-2025-62164",
        "url": "https://access.redhat.com/security/cve/CVE-2025-62164"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/CVE-2025-62372",
        "url": "https://access.redhat.com/security/cve/CVE-2025-62372"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/CVE-2025-66448",
        "url": "https://access.redhat.com/security/cve/CVE-2025-66448"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/CVE-2025-66506",
        "url": "https://access.redhat.com/security/cve/CVE-2025-66506"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/CVE-2025-9230",
        "url": "https://access.redhat.com/security/cve/CVE-2025-9230"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/CVE-2025-9714",
        "url": "https://access.redhat.com/security/cve/CVE-2025-9714"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/",
        "url": "https://access.redhat.com/security/updates/classification/"
      },
      {
        "category": "external",
        "summary": "https://www.redhat.com/en/products/ai/inference-server",
        "url": "https://www.redhat.com/en/products/ai/inference-server"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_23205.json"
      }
    ],
    "title": "Red Hat Security Advisory: Red Hat AI Inference Server 3.2.5 (ROCm)",
    "tracking": {
      "current_release_date": "2026-05-29T19:34:22+00:00",
      "generator": {
        "date": "2026-05-29T19:34:22+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.8.1"
        }
      },
      "id": "RHSA-2025:23205",
      "initial_release_date": "2025-12-15T15:38:07+00:00",
      "revision_history": [
        {
          "date": "2025-12-15T15:38:07+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2025-12-15T15:38:16+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2026-05-29T19:34:22+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat AI Inference Server 3.2",
                "product": {
                  "name": "Red Hat AI Inference Server 3.2",
                  "product_id": "Red Hat AI Inference Server 3.2",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:ai_inference_server:3.2::el9"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat AI Inference Server"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:e3b3efcdd86f60b90664a249d45918b2ac5f45bae5eed5399e310d63e878b287_amd64",
                "product": {
                  "name": "registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:e3b3efcdd86f60b90664a249d45918b2ac5f45bae5eed5399e310d63e878b287_amd64",
                  "product_id": "registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:e3b3efcdd86f60b90664a249d45918b2ac5f45bae5eed5399e310d63e878b287_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/vllm-rocm-rhel9@sha256%3Ae3b3efcdd86f60b90664a249d45918b2ac5f45bae5eed5399e310d63e878b287?arch=amd64\u0026repository_url=registry.redhat.io/rhaiis\u0026tag=3.2.5-1765361180"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "amd64"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:e3b3efcdd86f60b90664a249d45918b2ac5f45bae5eed5399e310d63e878b287_amd64 as a component of Red Hat AI Inference Server 3.2",
          "product_id": "Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:e3b3efcdd86f60b90664a249d45918b2ac5f45bae5eed5399e310d63e878b287_amd64"
        },
        "product_reference": "registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:e3b3efcdd86f60b90664a249d45918b2ac5f45bae5eed5399e310d63e878b287_amd64",
        "relates_to_product_reference": "Red Hat AI Inference Server 3.2"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2025-9230",
      "cwe": {
        "id": "CWE-787",
        "name": "Out-of-bounds Write"
      },
      "discovery_date": "2025-09-17T12:15:34.387000+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2396054"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the OpenSSL CMS implementation (RFC 3211 KEK Unwrap). This vulnerability allows memory corruption, an application level denial of service, or potential execution of attacker-supplied code via crafted CMS messages using password-based encryption (PWRI).",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "openssl: Out-of-bounds read \u0026 write in RFC 3211 KEK Unwrap",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "The vulnerability was rated as Moderate because, while the potential impact includes an application level denial of service and possible arbitrary code execution, successful exploitation is considered unlikely due to the high attack complexity and the fact that password-based CMS encryption (PWRI) is rarely used in real-world deployments.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:e3b3efcdd86f60b90664a249d45918b2ac5f45bae5eed5399e310d63e878b287_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2025-9230"
        },
        {
          "category": "external",
          "summary": "RHBZ#2396054",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2396054"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2025-9230",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-9230"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-9230",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-9230"
        }
      ],
      "release_date": "2025-09-30T23:59:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2025-12-15T15:38:07+00:00",
          "details": "For more information visit https://access.redhat.com/errata/RHSA-2025:23205",
          "product_ids": [
            "Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:e3b3efcdd86f60b90664a249d45918b2ac5f45bae5eed5399e310d63e878b287_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2025:23205"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
          "product_ids": [
            "Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:e3b3efcdd86f60b90664a249d45918b2ac5f45bae5eed5399e310d63e878b287_amd64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5.6,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.1"
          },
          "products": [
            "Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:e3b3efcdd86f60b90664a249d45918b2ac5f45bae5eed5399e310d63e878b287_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "openssl: Out-of-bounds read \u0026 write in RFC 3211 KEK Unwrap"
    },
    {
      "cve": "CVE-2025-9714",
      "cwe": {
        "id": "CWE-606",
        "name": "Unchecked Input for Loop Condition"
      },
      "discovery_date": "2025-09-02T13:03:56.452000+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2392605"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in libxstl/libxml2. The \u0027exsltDynMapFunction\u0027 function in libexslt/dynamic.c does not contain a recursion depth check, which may cause an infinite loop via a specially crafted XSLT document while handling \u0027dyn:map()\u0027, leading to stack exhaustion and a local denial of service.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "libxslt: libxml2: Inifinite recursion at exsltDynMapFunction function in libexslt/dynamic.c",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "No evidence was found for arbitrary memory corruption through this flaw, limiting its impact to Availability only, and reducing its severity to Moderate.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:e3b3efcdd86f60b90664a249d45918b2ac5f45bae5eed5399e310d63e878b287_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2025-9714"
        },
        {
          "category": "external",
          "summary": "RHBZ#2392605",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2392605"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2025-9714",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-9714"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-9714",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-9714"
        },
        {
          "category": "external",
          "summary": "https://gitlab.gnome.org/GNOME/libxml2/-/commit/677a42645ef22b5a50741bad5facf9d8a8bc6d21",
          "url": "https://gitlab.gnome.org/GNOME/libxml2/-/commit/677a42645ef22b5a50741bad5facf9d8a8bc6d21"
        },
        {
          "category": "external",
          "summary": "https://gitlab.gnome.org/GNOME/libxslt/-/issues/148",
          "url": "https://gitlab.gnome.org/GNOME/libxslt/-/issues/148"
        }
      ],
      "release_date": "2025-09-02T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2025-12-15T15:38:07+00:00",
          "details": "For more information visit https://access.redhat.com/errata/RHSA-2025:23205",
          "product_ids": [
            "Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:e3b3efcdd86f60b90664a249d45918b2ac5f45bae5eed5399e310d63e878b287_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2025:23205"
        },
        {
          "category": "workaround",
          "details": "The impact of this flaw may be reduced by setting strict resource limits to the stack size of processes at the operational system level. This can be achieved either through the \u0027ulimit\u0027 shell built-in or the \u0027limits.conf\u0027 file.",
          "product_ids": [
            "Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:e3b3efcdd86f60b90664a249d45918b2ac5f45bae5eed5399e310d63e878b287_amd64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 6.2,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:e3b3efcdd86f60b90664a249d45918b2ac5f45bae5eed5399e310d63e878b287_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "libxslt: libxml2: Inifinite recursion at exsltDynMapFunction function in libexslt/dynamic.c"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "jub0bs"
          ]
        }
      ],
      "cve": "CVE-2025-22868",
      "cwe": {
        "id": "CWE-1286",
        "name": "Improper Validation of Syntactic Correctness of Input"
      },
      "discovery_date": "2025-02-26T04:00:44.350024+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2348366"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the `golang.org/x/oauth2/jws` package in the token parsing component. This vulnerability is made possible because of the use of `strings.Split(token, \".\")` to split JWT tokens, which can lead to excessive memory consumption when processing maliciously crafted tokens with a large number of `.` characters. An attacker could exploit this functionality by sending numerous malformed tokens and can trigger memory exhaustion and a Denial of Service.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "golang.org/x/oauth2/jws: Unexpected memory consumption during token parsing in golang.org/x/oauth2/jws",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:e3b3efcdd86f60b90664a249d45918b2ac5f45bae5eed5399e310d63e878b287_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2025-22868"
        },
        {
          "category": "external",
          "summary": "RHBZ#2348366",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2348366"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2025-22868",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-22868"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-22868",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-22868"
        },
        {
          "category": "external",
          "summary": "https://go.dev/cl/652155",
          "url": "https://go.dev/cl/652155"
        },
        {
          "category": "external",
          "summary": "https://go.dev/issue/71490",
          "url": "https://go.dev/issue/71490"
        },
        {
          "category": "external",
          "summary": "https://pkg.go.dev/vuln/GO-2025-3488",
          "url": "https://pkg.go.dev/vuln/GO-2025-3488"
        }
      ],
      "release_date": "2025-02-26T03:07:49.012000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2025-12-15T15:38:07+00:00",
          "details": "For more information visit https://access.redhat.com/errata/RHSA-2025:23205",
          "product_ids": [
            "Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:e3b3efcdd86f60b90664a249d45918b2ac5f45bae5eed5399e310d63e878b287_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2025:23205"
        },
        {
          "category": "workaround",
          "details": "To mitigate this vulnerability, it is recommended to pre-validate any payloads passed to `go-jose` to check that they do not contain an excessive amount of `.` characters.",
          "product_ids": [
            "Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:e3b3efcdd86f60b90664a249d45918b2ac5f45bae5eed5399e310d63e878b287_amd64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:e3b3efcdd86f60b90664a249d45918b2ac5f45bae5eed5399e310d63e878b287_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "golang.org/x/oauth2/jws: Unexpected memory consumption during token parsing in golang.org/x/oauth2/jws"
    },
    {
      "cve": "CVE-2025-22869",
      "cwe": {
        "id": "CWE-770",
        "name": "Allocation of Resources Without Limits or Throttling"
      },
      "discovery_date": "2025-02-26T04:00:47.683125+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2348367"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the golang.org/x/crypto/ssh package. SSH clients and servers are vulnerable to increased resource consumption, possibly leading to memory exhaustion and a DoS. This can occur during key exchange when the other party is slow to respond during key exchange.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "golang.org/x/crypto/ssh: Denial of Service in the Key Exchange of golang.org/x/crypto/ssh",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "While this flaw affects both SSH clients and servers implemented with golang.org/x/crypto/ssh, realistically the flaw will only lead to a DoS when transferring large files, greatly reducing the likelihood of exploitation.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:e3b3efcdd86f60b90664a249d45918b2ac5f45bae5eed5399e310d63e878b287_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2025-22869"
        },
        {
          "category": "external",
          "summary": "RHBZ#2348367",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2348367"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2025-22869",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-22869"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-22869",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-22869"
        },
        {
          "category": "external",
          "summary": "https://go.dev/cl/652135",
          "url": "https://go.dev/cl/652135"
        },
        {
          "category": "external",
          "summary": "https://go.dev/issue/71931",
          "url": "https://go.dev/issue/71931"
        },
        {
          "category": "external",
          "summary": "https://pkg.go.dev/vuln/GO-2025-3487",
          "url": "https://pkg.go.dev/vuln/GO-2025-3487"
        }
      ],
      "release_date": "2025-02-26T03:07:48.855000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2025-12-15T15:38:07+00:00",
          "details": "For more information visit https://access.redhat.com/errata/RHSA-2025:23205",
          "product_ids": [
            "Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:e3b3efcdd86f60b90664a249d45918b2ac5f45bae5eed5399e310d63e878b287_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2025:23205"
        },
        {
          "category": "workaround",
          "details": "This flaw can be mitigated when using the client only connecting to trusted servers.",
          "product_ids": [
            "Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:e3b3efcdd86f60b90664a249d45918b2ac5f45bae5eed5399e310d63e878b287_amd64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:e3b3efcdd86f60b90664a249d45918b2ac5f45bae5eed5399e310d63e878b287_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "golang.org/x/crypto/ssh: Denial of Service in the Key Exchange of golang.org/x/crypto/ssh"
    },
    {
      "cve": "CVE-2025-47906",
      "cwe": {
        "id": "CWE-440",
        "name": "Expected Behavior Violation"
      },
      "discovery_date": "2025-09-18T19:00:47.541046+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2396546"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A path handling flaw has been discovered in the os/exec go package. If the PATH environment variable contains paths which are executables (rather than just directories), passing certain strings to LookPath (\"\", \".\", and \"..\"), can result in the binaries listed in the PATH being unexpectedly returned.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "os/exec: Unexpected paths returned from LookPath in os/exec",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:e3b3efcdd86f60b90664a249d45918b2ac5f45bae5eed5399e310d63e878b287_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2025-47906"
        },
        {
          "category": "external",
          "summary": "RHBZ#2396546",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2396546"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2025-47906",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-47906"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-47906",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-47906"
        },
        {
          "category": "external",
          "summary": "https://go.dev/cl/691775",
          "url": "https://go.dev/cl/691775"
        },
        {
          "category": "external",
          "summary": "https://go.dev/issue/74466",
          "url": "https://go.dev/issue/74466"
        },
        {
          "category": "external",
          "summary": "https://groups.google.com/g/golang-announce/c/x5MKroML2yM",
          "url": "https://groups.google.com/g/golang-announce/c/x5MKroML2yM"
        },
        {
          "category": "external",
          "summary": "https://pkg.go.dev/vuln/GO-2025-3956",
          "url": "https://pkg.go.dev/vuln/GO-2025-3956"
        }
      ],
      "release_date": "2025-09-18T18:41:11.847000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2025-12-15T15:38:07+00:00",
          "details": "For more information visit https://access.redhat.com/errata/RHSA-2025:23205",
          "product_ids": [
            "Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:e3b3efcdd86f60b90664a249d45918b2ac5f45bae5eed5399e310d63e878b287_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2025:23205"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
          "product_ids": [
            "Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:e3b3efcdd86f60b90664a249d45918b2ac5f45bae5eed5399e310d63e878b287_amd64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L",
            "version": "3.1"
          },
          "products": [
            "Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:e3b3efcdd86f60b90664a249d45918b2ac5f45bae5eed5399e310d63e878b287_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "os/exec: Unexpected paths returned from LookPath in os/exec"
    },
    {
      "cve": "CVE-2025-52565",
      "cwe": {
        "id": "CWE-59",
        "name": "Improper Link Resolution Before File Access (\u0027Link Following\u0027)"
      },
      "discovery_date": "2025-10-17T14:19:18.653000+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2404708"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in runc. CVE-2025-52565 is very similar in concept and application toCVE-2025-31133, except that it exploits a flaw in /dev/console\nbind-mounts. When creating the /dev/console bind-mount (to /dev/pts/$n), if an attacker replaces /dev/pts/$n with a symlink then runc will bind-mount the symlink target over /dev/console.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "runc: container escape with malicious config due to /dev/console mount and related races",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Red Hat considers this as an Important flaw since the impact is limited to local attack with minimal privileges in order to jeopardize the environment.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:e3b3efcdd86f60b90664a249d45918b2ac5f45bae5eed5399e310d63e878b287_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2025-52565"
        },
        {
          "category": "external",
          "summary": "RHBZ#2404708",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2404708"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2025-52565",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-52565"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-52565",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-52565"
        },
        {
          "category": "external",
          "summary": "https://github.com/opencontainers/runc/security/advisories/GHSA-qw9x-cqr3-wc7r",
          "url": "https://github.com/opencontainers/runc/security/advisories/GHSA-qw9x-cqr3-wc7r"
        }
      ],
      "release_date": "2025-11-05T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2025-12-15T15:38:07+00:00",
          "details": "For more information visit https://access.redhat.com/errata/RHSA-2025:23205",
          "product_ids": [
            "Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:e3b3efcdd86f60b90664a249d45918b2ac5f45bae5eed5399e310d63e878b287_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2025:23205"
        },
        {
          "category": "workaround",
          "details": "Potential mitigations for this issue include:\n\n* Using user namespaces, with the host root user not mapped into the container\u0027s namespace. procfs file permissions are managed using Unix DAC and thus user namespaces stop a container process from being able to write to them.\n* Not running as a root user in the container (this includes disabling setuid binaries with noNewPrivileges). As above, procfs file permissions are managed using Unix DAC and thus non-root users cannot write to them.\n* The default SELinux policy should mitigate this issue, as the /dev/console bind-mount does not re-label the mount and so the container process should not be able to write to unsafe procfs files. However, CVE-2025-52881 allows an attacker to bypass LSM labels, and so this mitigation is not helpful when considered in combination with CVE-2025-52881.\n* The default AppArmor profile used by most runtimes will NOT help mitigate this issue, as /dev/console access is permitted. You could create a custom profile that blocks access to /dev/console, but such a profile might break regular containers. In addition, CVE-2025-52881 allows an attacker to bypass LSM labels, and so that mitigation is not helpful when considered in combination with CVE-2025-52881.",
          "product_ids": [
            "Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:e3b3efcdd86f60b90664a249d45918b2ac5f45bae5eed5399e310d63e878b287_amd64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 8.2,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:e3b3efcdd86f60b90664a249d45918b2ac5f45bae5eed5399e310d63e878b287_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "runc: container escape with malicious config due to /dev/console mount and related races"
    },
    {
      "cve": "CVE-2025-59375",
      "cwe": {
        "id": "CWE-770",
        "name": "Allocation of Resources Without Limits or Throttling"
      },
      "discovery_date": "2025-09-15T03:00:59.775098+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2395108"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A memory amplification vulnerability in libexpat allows attackers to trigger excessive dynamic memory allocations by submitting specially crafted XML input. A small input (~250 KiB) can cause the parser to allocate hundreds of megabytes, leading to denial-of-service (DoS) through memory exhaustion.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "firefox: thunderbird: expat: libexpat in Expat allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This issue is Important rather than Critical because, while it allows for significant resource exhaustion leading to denial-of-service (DoS), it does not enable arbitrary code execution, data leakage, or privilege escalation. The vulnerability stems from an uncontrolled memory amplification behavior in libexpat\u2019s parser, where a relatively small XML payload can cause disproportionately large heap allocations. However, the flaw is limited in scope to service disruption and requires the attacker to submit a crafted XML document\u2014something that can be mitigated with proper input validation and memory usage limits. Therefore, while the exploitability is high, the impact is confined to availability, not confidentiality or integrity, making it a high-severity but not critical flaw.\n\nIn Firefox and Thunderbird, where libexpat is a transitive userspace dependency, exploitation usually just crashes the application (app-level DoS), so it is classified as Moderate instead of Important.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:e3b3efcdd86f60b90664a249d45918b2ac5f45bae5eed5399e310d63e878b287_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2025-59375"
        },
        {
          "category": "external",
          "summary": "RHBZ#2395108",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2395108"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2025-59375",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-59375"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-59375",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-59375"
        },
        {
          "category": "external",
          "summary": "https://www.mozilla.org/security/advisories/mfsa2026-22/#CVE-2025-59375",
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-22/#CVE-2025-59375"
        },
        {
          "category": "external",
          "summary": "https://www.mozilla.org/security/advisories/mfsa2026-24/#CVE-2025-59375",
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-24/#CVE-2025-59375"
        }
      ],
      "release_date": "2025-09-15T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2025-12-15T15:38:07+00:00",
          "details": "For more information visit https://access.redhat.com/errata/RHSA-2025:23205",
          "product_ids": [
            "Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:e3b3efcdd86f60b90664a249d45918b2ac5f45bae5eed5399e310d63e878b287_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2025:23205"
        },
        {
          "category": "workaround",
          "details": "To mitigate the issue, limit XML input size and complexity before parsing, and avoid accepting compressed or deeply nested XML. Use OS-level resource controls (like ulimit or setrlimit()) to cap memory usage, or run the parser in a sandboxed or isolated process with strict memory and CPU limits. This helps prevent denial-of-service by containing excessive resource consumption.",
          "product_ids": [
            "Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:e3b3efcdd86f60b90664a249d45918b2ac5f45bae5eed5399e310d63e878b287_amd64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          },
          "products": [
            "Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:e3b3efcdd86f60b90664a249d45918b2ac5f45bae5eed5399e310d63e878b287_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "firefox: thunderbird: expat: libexpat in Expat allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing"
    },
    {
      "cve": "CVE-2025-62164",
      "cwe": {
        "id": "CWE-787",
        "name": "Out-of-bounds Write"
      },
      "discovery_date": "2025-11-21T02:01:11.280042+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2416282"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A vulnerability in vLLM allows attackers to supply malicious serialized prompt-embedding tensors that are deserialized using torch.load() without validation. Due to PyTorch 2.8.0 disabling sparse-tensor integrity checks by default, a crafted tensor can bypass bounds checks and cause an out-of-bounds write during to_dense(), leading to a crash (DoS) and potentially remote code execution on the vLLM server.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "vllm: VLLM deserialization vulnerability leading to DoS and potential RCE",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This vulnerability is considered important rather than moderate because it involves unsafe deserialization leading to memory corruption in a network-reachable, unauthenticated API path. Unlike typical moderate flaws that may only allow limited DoS or require specific conditions, this issue allows an attacker to supply a crafted sparse tensor that triggers an out-of-bounds memory write during PyTorch\u2019s to_dense() conversion. Memory corruption in a server process handling untrusted input significantly elevates security risk because it can lead not only to a reliable crash but also to potential remote code execution, enabling full compromise of the vLLM service. Additionally, the affected code path is part of the standard Completions API workflow, making the attack surface broadly exposed in real deployments. The combination of remote exploitability, unauthenticated access, memory corruption, and potential RCE clearly positions this issue above a moderate classification and into an important severity level.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:e3b3efcdd86f60b90664a249d45918b2ac5f45bae5eed5399e310d63e878b287_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2025-62164"
        },
        {
          "category": "external",
          "summary": "RHBZ#2416282",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2416282"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2025-62164",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-62164"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-62164",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-62164"
        },
        {
          "category": "external",
          "summary": "https://github.com/vllm-project/vllm/commit/58fab50d82838d5014f4a14d991fdb9352c9c84b",
          "url": "https://github.com/vllm-project/vllm/commit/58fab50d82838d5014f4a14d991fdb9352c9c84b"
        },
        {
          "category": "external",
          "summary": "https://github.com/vllm-project/vllm/pull/27204",
          "url": "https://github.com/vllm-project/vllm/pull/27204"
        },
        {
          "category": "external",
          "summary": "https://github.com/vllm-project/vllm/security/advisories/GHSA-mrw7-hf4f-83pf",
          "url": "https://github.com/vllm-project/vllm/security/advisories/GHSA-mrw7-hf4f-83pf"
        }
      ],
      "release_date": "2025-11-21T01:18:38.803000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2025-12-15T15:38:07+00:00",
          "details": "For more information visit https://access.redhat.com/errata/RHSA-2025:23205",
          "product_ids": [
            "Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:e3b3efcdd86f60b90664a249d45918b2ac5f45bae5eed5399e310d63e878b287_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2025:23205"
        },
        {
          "category": "workaround",
          "details": "No mitigation is currently available that meets Red Hat Product Security\u2019s standards for usability, deployment, applicability, or stability.",
          "product_ids": [
            "Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:e3b3efcdd86f60b90664a249d45918b2ac5f45bae5eed5399e310d63e878b287_amd64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:e3b3efcdd86f60b90664a249d45918b2ac5f45bae5eed5399e310d63e878b287_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "vllm: VLLM deserialization vulnerability leading to DoS and potential RCE"
    },
    {
      "cve": "CVE-2025-62372",
      "cwe": {
        "id": "CWE-129",
        "name": "Improper Validation of Array Index"
      },
      "discovery_date": "2025-11-21T02:00:57.180567+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2416280"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A denial-of-service vulnerability in vLLM allows an attacker with API access to crash the engine by submitting multimodal embedding tensors that have the correct number of dimensions but an invalid internal shape. Because vLLM validates only the tensor\u2019s ndim and not the full expected shape, malformed embeddings trigger shape mismatches or validation failures during processing, causing the inference engine to terminate.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "vllm: vLLM vulnerable to DoS with incorrect shape of multimodal embedding inputs",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This flaw is rated Moderate rather than Important because its impact is strictly limited to availability and requires low but existing privileges to exploit. The issue arises from incomplete shape validation of multimodal embedding tensors, which can cause deterministic crashes in the inference engine, but it does not enable memory corruption, data leakage, integrity compromise, or execution of arbitrary code. Exploitation requires an authenticated or API-key-holding user to submit malformed multimodal inputs, meaning it cannot be triggered by an unauthenticated attacker on an exposed endpoint. Additionally, the failure mode is a clean crash rather than undefined behavior, so the blast radius is constrained to service interruption rather than broader systemic compromise. These factors\u2014PR:L requirement, no confidentiality/integrity impact, deterministic failure mode, and scoped DoS only\u2014technically align the issue with Moderate severity instead of an Important flaw.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:e3b3efcdd86f60b90664a249d45918b2ac5f45bae5eed5399e310d63e878b287_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2025-62372"
        },
        {
          "category": "external",
          "summary": "RHBZ#2416280",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2416280"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2025-62372",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-62372"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-62372",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-62372"
        },
        {
          "category": "external",
          "summary": "https://github.com/vllm-project/vllm/commit/58fab50d82838d5014f4a14d991fdb9352c9c84b",
          "url": "https://github.com/vllm-project/vllm/commit/58fab50d82838d5014f4a14d991fdb9352c9c84b"
        },
        {
          "category": "external",
          "summary": "https://github.com/vllm-project/vllm/pull/27204",
          "url": "https://github.com/vllm-project/vllm/pull/27204"
        },
        {
          "category": "external",
          "summary": "https://github.com/vllm-project/vllm/pull/6613",
          "url": "https://github.com/vllm-project/vllm/pull/6613"
        },
        {
          "category": "external",
          "summary": "https://github.com/vllm-project/vllm/security/advisories/GHSA-pmqf-x6x8-p7qw",
          "url": "https://github.com/vllm-project/vllm/security/advisories/GHSA-pmqf-x6x8-p7qw"
        }
      ],
      "release_date": "2025-11-21T01:22:37.121000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2025-12-15T15:38:07+00:00",
          "details": "For more information visit https://access.redhat.com/errata/RHSA-2025:23205",
          "product_ids": [
            "Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:e3b3efcdd86f60b90664a249d45918b2ac5f45bae5eed5399e310d63e878b287_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2025:23205"
        },
        {
          "category": "workaround",
          "details": "No mitigation is currently available that meets Red Hat Product Security\u2019s standards for usability, deployment, applicability, or stability.",
          "product_ids": [
            "Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:e3b3efcdd86f60b90664a249d45918b2ac5f45bae5eed5399e310d63e878b287_amd64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:e3b3efcdd86f60b90664a249d45918b2ac5f45bae5eed5399e310d63e878b287_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "vllm: vLLM vulnerable to DoS with incorrect shape of multimodal embedding inputs"
    },
    {
      "cve": "CVE-2025-66448",
      "cwe": {
        "id": "CWE-94",
        "name": "Improper Control of Generation of Code (\u0027Code Injection\u0027)"
      },
      "discovery_date": "2025-12-01T23:01:07.198041+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2418152"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A remote code execution vulnerability has been identified in vLLM. An attacker can exploit a weakness in the model loading process to silently fetch and run unauthorized, malicious Python code on the host system. This happens because the engine mistakenly executes code from a remote repository referenced in a model\u0027s configuration, even when explicit security measures are set to prevent it.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "vllm: vLLM: Remote Code Execution via malicious model configuration",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This vulnerability is rated Important for Red Hat because vLLM, when deployed in a Red Hat environment, is susceptible to remote code execution. An attacker can craft a malicious model configuration that, when loaded, fetches and executes arbitrary Python code from a remote repository, even if `trust_remote_code` is explicitly set to `False`.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:e3b3efcdd86f60b90664a249d45918b2ac5f45bae5eed5399e310d63e878b287_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2025-66448"
        },
        {
          "category": "external",
          "summary": "RHBZ#2418152",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2418152"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2025-66448",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-66448"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-66448",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66448"
        },
        {
          "category": "external",
          "summary": "https://github.com/vllm-project/vllm/commit/ffb08379d8870a1a81ba82b72797f196838d0c86",
          "url": "https://github.com/vllm-project/vllm/commit/ffb08379d8870a1a81ba82b72797f196838d0c86"
        },
        {
          "category": "external",
          "summary": "https://github.com/vllm-project/vllm/pull/28126",
          "url": "https://github.com/vllm-project/vllm/pull/28126"
        },
        {
          "category": "external",
          "summary": "https://github.com/vllm-project/vllm/security/advisories/GHSA-8fr4-5q9j-m8gm",
          "url": "https://github.com/vllm-project/vllm/security/advisories/GHSA-8fr4-5q9j-m8gm"
        }
      ],
      "release_date": "2025-12-01T22:45:42.566000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2025-12-15T15:38:07+00:00",
          "details": "For more information visit https://access.redhat.com/errata/RHSA-2025:23205",
          "product_ids": [
            "Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:e3b3efcdd86f60b90664a249d45918b2ac5f45bae5eed5399e310d63e878b287_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2025:23205"
        },
        {
          "category": "workaround",
          "details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.",
          "product_ids": [
            "Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:e3b3efcdd86f60b90664a249d45918b2ac5f45bae5eed5399e310d63e878b287_amd64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:e3b3efcdd86f60b90664a249d45918b2ac5f45bae5eed5399e310d63e878b287_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "vllm: vLLM: Remote Code Execution via malicious model configuration"
    },
    {
      "cve": "CVE-2025-66506",
      "cwe": {
        "id": "CWE-405",
        "name": "Asymmetric Resource Consumption (Amplification)"
      },
      "discovery_date": "2025-12-04T23:01:20.507333+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2419056"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Fulcio, a free-to-use certificate authority. This vulnerability allows a denial of service (DoS) due to excessive memory allocation when processing a malicious OpenID Connect (OIDC) identity token containing numerous period characters.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "github.com/sigstore/fulcio: Fulcio: Denial of Service via crafted OpenID Connect (OIDC) token",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This vulnerability is rated Important for Red Hat as Fulcio, a certificate authority used for issuing code signing certificates, is susceptible to a denial of service when processing a specially crafted OpenID Connect (OIDC) token. This could lead to resource exhaustion and service unavailability in affected Red Hat products that utilize Fulcio.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:e3b3efcdd86f60b90664a249d45918b2ac5f45bae5eed5399e310d63e878b287_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2025-66506"
        },
        {
          "category": "external",
          "summary": "RHBZ#2419056",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2419056"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2025-66506",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-66506"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-66506",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66506"
        },
        {
          "category": "external",
          "summary": "https://github.com/sigstore/fulcio/commit/765a0e57608b9ef390e1eeeea8595b9054c63a5a",
          "url": "https://github.com/sigstore/fulcio/commit/765a0e57608b9ef390e1eeeea8595b9054c63a5a"
        },
        {
          "category": "external",
          "summary": "https://github.com/sigstore/fulcio/security/advisories/GHSA-f83f-xpx7-ffpw",
          "url": "https://github.com/sigstore/fulcio/security/advisories/GHSA-f83f-xpx7-ffpw"
        }
      ],
      "release_date": "2025-12-04T22:04:41.637000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2025-12-15T15:38:07+00:00",
          "details": "For more information visit https://access.redhat.com/errata/RHSA-2025:23205",
          "product_ids": [
            "Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:e3b3efcdd86f60b90664a249d45918b2ac5f45bae5eed5399e310d63e878b287_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2025:23205"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:e3b3efcdd86f60b90664a249d45918b2ac5f45bae5eed5399e310d63e878b287_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "github.com/sigstore/fulcio: Fulcio: Denial of Service via crafted OpenID Connect (OIDC) token"
    }
  ]
}

RHSA-2025:23209

Vulnerability from csaf_redhat - Published: 2025-12-15 15:50 - Updated: 2026-05-29 19:34

Summary

Red Hat Security Advisory: Red Hat AI Inference Server 3.2.5 (TPU)

Severity

Important

Notes

Topic: Red Hat AI Inference Server 3.2.5 (TPU) is now available.

Details: Red Hat® AI Inference Server

Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

CVE-2025-9230

A flaw was found in the OpenSSL CMS implementation (RFC 3211 KEK Unwrap). This vulnerability allows memory corruption, an application level denial of service, or potential execution of attacker-supplied code via crafted CMS messages using password-based encryption (PWRI).

5.6 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

CWE-787 - Out-of-bounds Write

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Unresolved product id: Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-tpu-rhel9@sha256:64796b48c68d31973a08e22c9530c39b1bc3ba9f376bbefa57643ef0fc857534_amd64		—	Vendor Fix fix Workaround

Threats

Impact Moderate

CVE-2025-9714

A flaw was found in libxstl/libxml2. The 'exsltDynMapFunction' function in libexslt/dynamic.c does not contain a recursion depth check, which may cause an infinite loop via a specially crafted XSLT document while handling 'dyn:map()', leading to stack exhaustion and a local denial of service.

6.2 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-606 - Unchecked Input for Loop Condition

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Unresolved product id: Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-tpu-rhel9@sha256:64796b48c68d31973a08e22c9530c39b1bc3ba9f376bbefa57643ef0fc857534_amd64		—	Vendor Fix fix Workaround

Threats

Impact Moderate

CVE-2025-22868

A flaw was found in the `golang.org/x/oauth2/jws` package in the token parsing component. This vulnerability is made possible because of the use of `strings.Split(token, ".")` to split JWT tokens, which can lead to excessive memory consumption when processing maliciously crafted tokens with a large number of `.` characters. An attacker could exploit this functionality by sending numerous malformed tokens and can trigger memory exhaustion and a Denial of Service.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-1286 - Improper Validation of Syntactic Correctness of Input

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Unresolved product id: Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-tpu-rhel9@sha256:64796b48c68d31973a08e22c9530c39b1bc3ba9f376bbefa57643ef0fc857534_amd64		—	Vendor Fix fix Workaround

Threats

Impact Important

CVE-2025-22869

A flaw was found in the golang.org/x/crypto/ssh package. SSH clients and servers are vulnerable to increased resource consumption, possibly leading to memory exhaustion and a DoS. This can occur during key exchange when the other party is slow to respond during key exchange.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-770 - Allocation of Resources Without Limits or Throttling

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Unresolved product id: Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-tpu-rhel9@sha256:64796b48c68d31973a08e22c9530c39b1bc3ba9f376bbefa57643ef0fc857534_amd64		—	Vendor Fix fix Workaround

Threats

Impact Important

CVE-2025-52565

A flaw was found in runc. CVE-2025-52565 is very similar in concept and application toCVE-2025-31133, except that it exploits a flaw in /dev/console bind-mounts. When creating the /dev/console bind-mount (to /dev/pts/$n), if an attacker replaces /dev/pts/$n with a symlink then runc will bind-mount the symlink target over /dev/console.

8.2 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

CWE-59 - Improper Link Resolution Before File Access ('Link Following')

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Unresolved product id: Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-tpu-rhel9@sha256:64796b48c68d31973a08e22c9530c39b1bc3ba9f376bbefa57643ef0fc857534_amd64		—	Vendor Fix fix Workaround

Threats

Impact Important

CVE-2025-59375

A memory amplification vulnerability in libexpat allows attackers to trigger excessive dynamic memory allocations by submitting specially crafted XML input. A small input (~250 KiB) can cause the parser to allocate hundreds of megabytes, leading to denial-of-service (DoS) through memory exhaustion.

5.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

CWE-770 - Allocation of Resources Without Limits or Throttling

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Unresolved product id: Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-tpu-rhel9@sha256:64796b48c68d31973a08e22c9530c39b1bc3ba9f376bbefa57643ef0fc857534_amd64		—	Vendor Fix fix Workaround

Threats

Impact Important

CVE-2025-62164

A vulnerability in vLLM allows attackers to supply malicious serialized prompt-embedding tensors that are deserialized using torch.load() without validation. Due to PyTorch 2.8.0 disabling sparse-tensor integrity checks by default, a crafted tensor can bypass bounds checks and cause an out-of-bounds write during to_dense(), leading to a crash (DoS) and potentially remote code execution on the vLLM server.

8.8 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-787 - Out-of-bounds Write

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Unresolved product id: Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-tpu-rhel9@sha256:64796b48c68d31973a08e22c9530c39b1bc3ba9f376bbefa57643ef0fc857534_amd64		—	Vendor Fix fix Workaround

Threats

Impact Important

CVE-2025-62372

A denial-of-service vulnerability in vLLM allows an attacker with API access to crash the engine by submitting multimodal embedding tensors that have the correct number of dimensions but an invalid internal shape. Because vLLM validates only the tensor’s ndim and not the full expected shape, malformed embeddings trigger shape mismatches or validation failures during processing, causing the inference engine to terminate.

6.5 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE-129 - Improper Validation of Array Index

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Unresolved product id: Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-tpu-rhel9@sha256:64796b48c68d31973a08e22c9530c39b1bc3ba9f376bbefa57643ef0fc857534_amd64		—	Vendor Fix fix Workaround

Threats

Impact Moderate

CVE-2025-66448

A remote code execution vulnerability has been identified in vLLM. An attacker can exploit a weakness in the model loading process to silently fetch and run unauthorized, malicious Python code on the host system. This happens because the engine mistakenly executes code from a remote repository referenced in a model's configuration, even when explicit security measures are set to prevent it.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-94 - Improper Control of Generation of Code ('Code Injection')

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Unresolved product id: Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-tpu-rhel9@sha256:64796b48c68d31973a08e22c9530c39b1bc3ba9f376bbefa57643ef0fc857534_amd64		—	Vendor Fix fix Workaround

Threats

Impact Important

CVE-2025-66506

A flaw was found in Fulcio, a free-to-use certificate authority. This vulnerability allows a denial of service (DoS) due to excessive memory allocation when processing a malicious OpenID Connect (OIDC) identity token containing numerous period characters.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-405 - Asymmetric Resource Consumption (Amplification)

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Unresolved product id: Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-tpu-rhel9@sha256:64796b48c68d31973a08e22c9530c39b1bc3ba9f376bbefa57643ef0fc857534_amd64		—	Vendor Fix fix

Threats

Impact Important

References

75 references

URL	Category
https://access.redhat.com/errata/RHSA-2025:23209	self
https://access.redhat.com/security/cve/CVE-2025-66448	external
https://access.redhat.com/security/cve/CVE-2025-66506	external
https://access.redhat.com/security/cve/CVE-2025-9230	external
https://access.redhat.com/security/cve/CVE-2025-9714	external
https://access.redhat.com/security/updates/classi…	external
https://www.redhat.com/en/products/ai/inference-server	external
https://access.redhat.com/security/cve/CVE-2025-22868	external
https://access.redhat.com/security/cve/CVE-2025-22869	external
https://access.redhat.com/security/cve/CVE-2025-52565	external
https://access.redhat.com/security/cve/CVE-2025-59375	external
https://access.redhat.com/security/cve/CVE-2025-62372	external
https://access.redhat.com/security/cve/CVE-2025-62164	external
https://security.access.redhat.com/data/csaf/v2/a…	self
https://access.redhat.com/security/cve/CVE-2025-9230	self
https://bugzilla.redhat.com/show_bug.cgi?id=2396054	external
https://www.cve.org/CVERecord?id=CVE-2025-9230	external
https://nvd.nist.gov/vuln/detail/CVE-2025-9230	external
https://access.redhat.com/security/cve/CVE-2025-9714	self
https://bugzilla.redhat.com/show_bug.cgi?id=2392605	external
https://www.cve.org/CVERecord?id=CVE-2025-9714	external
https://nvd.nist.gov/vuln/detail/CVE-2025-9714	external
https://gitlab.gnome.org/GNOME/libxml2/-/commit/6…	external
https://gitlab.gnome.org/GNOME/libxslt/-/issues/148	external
https://access.redhat.com/security/cve/CVE-2025-22868	self
https://bugzilla.redhat.com/show_bug.cgi?id=2348366	external
https://www.cve.org/CVERecord?id=CVE-2025-22868	external
https://nvd.nist.gov/vuln/detail/CVE-2025-22868	external
https://go.dev/cl/652155	external
https://go.dev/issue/71490	external
https://pkg.go.dev/vuln/GO-2025-3488	external
https://access.redhat.com/security/cve/CVE-2025-22869	self
https://bugzilla.redhat.com/show_bug.cgi?id=2348367	external
https://www.cve.org/CVERecord?id=CVE-2025-22869	external
https://nvd.nist.gov/vuln/detail/CVE-2025-22869	external
https://go.dev/cl/652135	external
https://go.dev/issue/71931	external
https://pkg.go.dev/vuln/GO-2025-3487	external
https://access.redhat.com/security/cve/CVE-2025-52565	self
https://bugzilla.redhat.com/show_bug.cgi?id=2404708	external
https://www.cve.org/CVERecord?id=CVE-2025-52565	external
https://nvd.nist.gov/vuln/detail/CVE-2025-52565	external
https://github.com/opencontainers/runc/security/a…	external
https://access.redhat.com/security/cve/CVE-2025-59375	self
https://bugzilla.redhat.com/show_bug.cgi?id=2395108	external
https://www.cve.org/CVERecord?id=CVE-2025-59375	external
https://nvd.nist.gov/vuln/detail/CVE-2025-59375	external
https://www.mozilla.org/security/advisories/mfsa2…	external
https://www.mozilla.org/security/advisories/mfsa2…	external
https://access.redhat.com/security/cve/CVE-2025-62164	self
https://bugzilla.redhat.com/show_bug.cgi?id=2416282	external
https://www.cve.org/CVERecord?id=CVE-2025-62164	external
https://nvd.nist.gov/vuln/detail/CVE-2025-62164	external
https://github.com/vllm-project/vllm/commit/58fab…	external
https://github.com/vllm-project/vllm/pull/27204	external
https://github.com/vllm-project/vllm/security/adv…	external
https://access.redhat.com/security/cve/CVE-2025-62372	self
https://bugzilla.redhat.com/show_bug.cgi?id=2416280	external
https://www.cve.org/CVERecord?id=CVE-2025-62372	external
https://nvd.nist.gov/vuln/detail/CVE-2025-62372	external
https://github.com/vllm-project/vllm/pull/6613	external
https://github.com/vllm-project/vllm/security/adv…	external
https://access.redhat.com/security/cve/CVE-2025-66448	self
https://bugzilla.redhat.com/show_bug.cgi?id=2418152	external
https://www.cve.org/CVERecord?id=CVE-2025-66448	external
https://nvd.nist.gov/vuln/detail/CVE-2025-66448	external
https://github.com/vllm-project/vllm/commit/ffb08…	external
https://github.com/vllm-project/vllm/pull/28126	external
https://github.com/vllm-project/vllm/security/adv…	external
https://access.redhat.com/security/cve/CVE-2025-66506	self
https://bugzilla.redhat.com/show_bug.cgi?id=2419056	external
https://www.cve.org/CVERecord?id=CVE-2025-66506	external
https://nvd.nist.gov/vuln/detail/CVE-2025-66506	external
https://github.com/sigstore/fulcio/commit/765a0e5…	external
https://github.com/sigstore/fulcio/security/advis…	external

Acknowledgments

jub0bs

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Red Hat AI Inference Server 3.2.5 (TPU) is now available.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "Red Hat\u00ae AI Inference Server",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2025:23209",
        "url": "https://access.redhat.com/errata/RHSA-2025:23209"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/CVE-2025-66448",
        "url": "https://access.redhat.com/security/cve/CVE-2025-66448"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/CVE-2025-66506",
        "url": "https://access.redhat.com/security/cve/CVE-2025-66506"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/CVE-2025-9230",
        "url": "https://access.redhat.com/security/cve/CVE-2025-9230"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/CVE-2025-9714",
        "url": "https://access.redhat.com/security/cve/CVE-2025-9714"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/",
        "url": "https://access.redhat.com/security/updates/classification/"
      },
      {
        "category": "external",
        "summary": "https://www.redhat.com/en/products/ai/inference-server",
        "url": "https://www.redhat.com/en/products/ai/inference-server"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/CVE-2025-22868",
        "url": "https://access.redhat.com/security/cve/CVE-2025-22868"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/CVE-2025-22869",
        "url": "https://access.redhat.com/security/cve/CVE-2025-22869"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/CVE-2025-52565",
        "url": "https://access.redhat.com/security/cve/CVE-2025-52565"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/CVE-2025-59375",
        "url": "https://access.redhat.com/security/cve/CVE-2025-59375"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/CVE-2025-62372",
        "url": "https://access.redhat.com/security/cve/CVE-2025-62372"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/CVE-2025-62164",
        "url": "https://access.redhat.com/security/cve/CVE-2025-62164"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_23209.json"
      }
    ],
    "title": "Red Hat Security Advisory: Red Hat AI Inference Server 3.2.5 (TPU)",
    "tracking": {
      "current_release_date": "2026-05-29T19:34:22+00:00",
      "generator": {
        "date": "2026-05-29T19:34:22+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.8.1"
        }
      },
      "id": "RHSA-2025:23209",
      "initial_release_date": "2025-12-15T15:50:15+00:00",
      "revision_history": [
        {
          "date": "2025-12-15T15:50:15+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2025-12-15T15:50:27+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2026-05-29T19:34:22+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat AI Inference Server 3.2",
                "product": {
                  "name": "Red Hat AI Inference Server 3.2",
                  "product_id": "Red Hat AI Inference Server 3.2",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:ai_inference_server:3.2::el9"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat AI Inference Server"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "registry.redhat.io/rhaiis/vllm-tpu-rhel9@sha256:64796b48c68d31973a08e22c9530c39b1bc3ba9f376bbefa57643ef0fc857534_amd64",
                "product": {
                  "name": "registry.redhat.io/rhaiis/vllm-tpu-rhel9@sha256:64796b48c68d31973a08e22c9530c39b1bc3ba9f376bbefa57643ef0fc857534_amd64",
                  "product_id": "registry.redhat.io/rhaiis/vllm-tpu-rhel9@sha256:64796b48c68d31973a08e22c9530c39b1bc3ba9f376bbefa57643ef0fc857534_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/vllm-tpu-rhel9@sha256%3A64796b48c68d31973a08e22c9530c39b1bc3ba9f376bbefa57643ef0fc857534?arch=amd64\u0026repository_url=registry.redhat.io/rhaiis\u0026tag=3.2.5-1765552619"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "amd64"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "registry.redhat.io/rhaiis/vllm-tpu-rhel9@sha256:64796b48c68d31973a08e22c9530c39b1bc3ba9f376bbefa57643ef0fc857534_amd64 as a component of Red Hat AI Inference Server 3.2",
          "product_id": "Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-tpu-rhel9@sha256:64796b48c68d31973a08e22c9530c39b1bc3ba9f376bbefa57643ef0fc857534_amd64"
        },
        "product_reference": "registry.redhat.io/rhaiis/vllm-tpu-rhel9@sha256:64796b48c68d31973a08e22c9530c39b1bc3ba9f376bbefa57643ef0fc857534_amd64",
        "relates_to_product_reference": "Red Hat AI Inference Server 3.2"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2025-9230",
      "cwe": {
        "id": "CWE-787",
        "name": "Out-of-bounds Write"
      },
      "discovery_date": "2025-09-17T12:15:34.387000+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2396054"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the OpenSSL CMS implementation (RFC 3211 KEK Unwrap). This vulnerability allows memory corruption, an application level denial of service, or potential execution of attacker-supplied code via crafted CMS messages using password-based encryption (PWRI).",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "openssl: Out-of-bounds read \u0026 write in RFC 3211 KEK Unwrap",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "The vulnerability was rated as Moderate because, while the potential impact includes an application level denial of service and possible arbitrary code execution, successful exploitation is considered unlikely due to the high attack complexity and the fact that password-based CMS encryption (PWRI) is rarely used in real-world deployments.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-tpu-rhel9@sha256:64796b48c68d31973a08e22c9530c39b1bc3ba9f376bbefa57643ef0fc857534_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2025-9230"
        },
        {
          "category": "external",
          "summary": "RHBZ#2396054",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2396054"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2025-9230",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-9230"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-9230",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-9230"
        }
      ],
      "release_date": "2025-09-30T23:59:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2025-12-15T15:50:15+00:00",
          "details": "For more information visit https://access.redhat.com/errata/RHSA-2025:23209",
          "product_ids": [
            "Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-tpu-rhel9@sha256:64796b48c68d31973a08e22c9530c39b1bc3ba9f376bbefa57643ef0fc857534_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2025:23209"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
          "product_ids": [
            "Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-tpu-rhel9@sha256:64796b48c68d31973a08e22c9530c39b1bc3ba9f376bbefa57643ef0fc857534_amd64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5.6,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.1"
          },
          "products": [
            "Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-tpu-rhel9@sha256:64796b48c68d31973a08e22c9530c39b1bc3ba9f376bbefa57643ef0fc857534_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "openssl: Out-of-bounds read \u0026 write in RFC 3211 KEK Unwrap"
    },
    {
      "cve": "CVE-2025-9714",
      "cwe": {
        "id": "CWE-606",
        "name": "Unchecked Input for Loop Condition"
      },
      "discovery_date": "2025-09-02T13:03:56.452000+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2392605"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in libxstl/libxml2. The \u0027exsltDynMapFunction\u0027 function in libexslt/dynamic.c does not contain a recursion depth check, which may cause an infinite loop via a specially crafted XSLT document while handling \u0027dyn:map()\u0027, leading to stack exhaustion and a local denial of service.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "libxslt: libxml2: Inifinite recursion at exsltDynMapFunction function in libexslt/dynamic.c",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "No evidence was found for arbitrary memory corruption through this flaw, limiting its impact to Availability only, and reducing its severity to Moderate.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-tpu-rhel9@sha256:64796b48c68d31973a08e22c9530c39b1bc3ba9f376bbefa57643ef0fc857534_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2025-9714"
        },
        {
          "category": "external",
          "summary": "RHBZ#2392605",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2392605"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2025-9714",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-9714"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-9714",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-9714"
        },
        {
          "category": "external",
          "summary": "https://gitlab.gnome.org/GNOME/libxml2/-/commit/677a42645ef22b5a50741bad5facf9d8a8bc6d21",
          "url": "https://gitlab.gnome.org/GNOME/libxml2/-/commit/677a42645ef22b5a50741bad5facf9d8a8bc6d21"
        },
        {
          "category": "external",
          "summary": "https://gitlab.gnome.org/GNOME/libxslt/-/issues/148",
          "url": "https://gitlab.gnome.org/GNOME/libxslt/-/issues/148"
        }
      ],
      "release_date": "2025-09-02T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2025-12-15T15:50:15+00:00",
          "details": "For more information visit https://access.redhat.com/errata/RHSA-2025:23209",
          "product_ids": [
            "Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-tpu-rhel9@sha256:64796b48c68d31973a08e22c9530c39b1bc3ba9f376bbefa57643ef0fc857534_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2025:23209"
        },
        {
          "category": "workaround",
          "details": "The impact of this flaw may be reduced by setting strict resource limits to the stack size of processes at the operational system level. This can be achieved either through the \u0027ulimit\u0027 shell built-in or the \u0027limits.conf\u0027 file.",
          "product_ids": [
            "Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-tpu-rhel9@sha256:64796b48c68d31973a08e22c9530c39b1bc3ba9f376bbefa57643ef0fc857534_amd64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 6.2,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-tpu-rhel9@sha256:64796b48c68d31973a08e22c9530c39b1bc3ba9f376bbefa57643ef0fc857534_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "libxslt: libxml2: Inifinite recursion at exsltDynMapFunction function in libexslt/dynamic.c"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "jub0bs"
          ]
        }
      ],
      "cve": "CVE-2025-22868",
      "cwe": {
        "id": "CWE-1286",
        "name": "Improper Validation of Syntactic Correctness of Input"
      },
      "discovery_date": "2025-02-26T04:00:44.350024+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2348366"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the `golang.org/x/oauth2/jws` package in the token parsing component. This vulnerability is made possible because of the use of `strings.Split(token, \".\")` to split JWT tokens, which can lead to excessive memory consumption when processing maliciously crafted tokens with a large number of `.` characters. An attacker could exploit this functionality by sending numerous malformed tokens and can trigger memory exhaustion and a Denial of Service.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "golang.org/x/oauth2/jws: Unexpected memory consumption during token parsing in golang.org/x/oauth2/jws",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-tpu-rhel9@sha256:64796b48c68d31973a08e22c9530c39b1bc3ba9f376bbefa57643ef0fc857534_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2025-22868"
        },
        {
          "category": "external",
          "summary": "RHBZ#2348366",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2348366"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2025-22868",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-22868"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-22868",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-22868"
        },
        {
          "category": "external",
          "summary": "https://go.dev/cl/652155",
          "url": "https://go.dev/cl/652155"
        },
        {
          "category": "external",
          "summary": "https://go.dev/issue/71490",
          "url": "https://go.dev/issue/71490"
        },
        {
          "category": "external",
          "summary": "https://pkg.go.dev/vuln/GO-2025-3488",
          "url": "https://pkg.go.dev/vuln/GO-2025-3488"
        }
      ],
      "release_date": "2025-02-26T03:07:49.012000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2025-12-15T15:50:15+00:00",
          "details": "For more information visit https://access.redhat.com/errata/RHSA-2025:23209",
          "product_ids": [
            "Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-tpu-rhel9@sha256:64796b48c68d31973a08e22c9530c39b1bc3ba9f376bbefa57643ef0fc857534_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2025:23209"
        },
        {
          "category": "workaround",
          "details": "To mitigate this vulnerability, it is recommended to pre-validate any payloads passed to `go-jose` to check that they do not contain an excessive amount of `.` characters.",
          "product_ids": [
            "Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-tpu-rhel9@sha256:64796b48c68d31973a08e22c9530c39b1bc3ba9f376bbefa57643ef0fc857534_amd64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-tpu-rhel9@sha256:64796b48c68d31973a08e22c9530c39b1bc3ba9f376bbefa57643ef0fc857534_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "golang.org/x/oauth2/jws: Unexpected memory consumption during token parsing in golang.org/x/oauth2/jws"
    },
    {
      "cve": "CVE-2025-22869",
      "cwe": {
        "id": "CWE-770",
        "name": "Allocation of Resources Without Limits or Throttling"
      },
      "discovery_date": "2025-02-26T04:00:47.683125+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2348367"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the golang.org/x/crypto/ssh package. SSH clients and servers are vulnerable to increased resource consumption, possibly leading to memory exhaustion and a DoS. This can occur during key exchange when the other party is slow to respond during key exchange.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "golang.org/x/crypto/ssh: Denial of Service in the Key Exchange of golang.org/x/crypto/ssh",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "While this flaw affects both SSH clients and servers implemented with golang.org/x/crypto/ssh, realistically the flaw will only lead to a DoS when transferring large files, greatly reducing the likelihood of exploitation.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-tpu-rhel9@sha256:64796b48c68d31973a08e22c9530c39b1bc3ba9f376bbefa57643ef0fc857534_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2025-22869"
        },
        {
          "category": "external",
          "summary": "RHBZ#2348367",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2348367"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2025-22869",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-22869"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-22869",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-22869"
        },
        {
          "category": "external",
          "summary": "https://go.dev/cl/652135",
          "url": "https://go.dev/cl/652135"
        },
        {
          "category": "external",
          "summary": "https://go.dev/issue/71931",
          "url": "https://go.dev/issue/71931"
        },
        {
          "category": "external",
          "summary": "https://pkg.go.dev/vuln/GO-2025-3487",
          "url": "https://pkg.go.dev/vuln/GO-2025-3487"
        }
      ],
      "release_date": "2025-02-26T03:07:48.855000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2025-12-15T15:50:15+00:00",
          "details": "For more information visit https://access.redhat.com/errata/RHSA-2025:23209",
          "product_ids": [
            "Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-tpu-rhel9@sha256:64796b48c68d31973a08e22c9530c39b1bc3ba9f376bbefa57643ef0fc857534_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2025:23209"
        },
        {
          "category": "workaround",
          "details": "This flaw can be mitigated when using the client only connecting to trusted servers.",
          "product_ids": [
            "Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-tpu-rhel9@sha256:64796b48c68d31973a08e22c9530c39b1bc3ba9f376bbefa57643ef0fc857534_amd64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-tpu-rhel9@sha256:64796b48c68d31973a08e22c9530c39b1bc3ba9f376bbefa57643ef0fc857534_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "golang.org/x/crypto/ssh: Denial of Service in the Key Exchange of golang.org/x/crypto/ssh"
    },
    {
      "cve": "CVE-2025-52565",
      "cwe": {
        "id": "CWE-59",
        "name": "Improper Link Resolution Before File Access (\u0027Link Following\u0027)"
      },
      "discovery_date": "2025-10-17T14:19:18.653000+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2404708"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in runc. CVE-2025-52565 is very similar in concept and application toCVE-2025-31133, except that it exploits a flaw in /dev/console\nbind-mounts. When creating the /dev/console bind-mount (to /dev/pts/$n), if an attacker replaces /dev/pts/$n with a symlink then runc will bind-mount the symlink target over /dev/console.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "runc: container escape with malicious config due to /dev/console mount and related races",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Red Hat considers this as an Important flaw since the impact is limited to local attack with minimal privileges in order to jeopardize the environment.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-tpu-rhel9@sha256:64796b48c68d31973a08e22c9530c39b1bc3ba9f376bbefa57643ef0fc857534_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2025-52565"
        },
        {
          "category": "external",
          "summary": "RHBZ#2404708",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2404708"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2025-52565",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-52565"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-52565",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-52565"
        },
        {
          "category": "external",
          "summary": "https://github.com/opencontainers/runc/security/advisories/GHSA-qw9x-cqr3-wc7r",
          "url": "https://github.com/opencontainers/runc/security/advisories/GHSA-qw9x-cqr3-wc7r"
        }
      ],
      "release_date": "2025-11-05T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2025-12-15T15:50:15+00:00",
          "details": "For more information visit https://access.redhat.com/errata/RHSA-2025:23209",
          "product_ids": [
            "Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-tpu-rhel9@sha256:64796b48c68d31973a08e22c9530c39b1bc3ba9f376bbefa57643ef0fc857534_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2025:23209"
        },
        {
          "category": "workaround",
          "details": "Potential mitigations for this issue include:\n\n* Using user namespaces, with the host root user not mapped into the container\u0027s namespace. procfs file permissions are managed using Unix DAC and thus user namespaces stop a container process from being able to write to them.\n* Not running as a root user in the container (this includes disabling setuid binaries with noNewPrivileges). As above, procfs file permissions are managed using Unix DAC and thus non-root users cannot write to them.\n* The default SELinux policy should mitigate this issue, as the /dev/console bind-mount does not re-label the mount and so the container process should not be able to write to unsafe procfs files. However, CVE-2025-52881 allows an attacker to bypass LSM labels, and so this mitigation is not helpful when considered in combination with CVE-2025-52881.\n* The default AppArmor profile used by most runtimes will NOT help mitigate this issue, as /dev/console access is permitted. You could create a custom profile that blocks access to /dev/console, but such a profile might break regular containers. In addition, CVE-2025-52881 allows an attacker to bypass LSM labels, and so that mitigation is not helpful when considered in combination with CVE-2025-52881.",
          "product_ids": [
            "Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-tpu-rhel9@sha256:64796b48c68d31973a08e22c9530c39b1bc3ba9f376bbefa57643ef0fc857534_amd64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 8.2,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-tpu-rhel9@sha256:64796b48c68d31973a08e22c9530c39b1bc3ba9f376bbefa57643ef0fc857534_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "runc: container escape with malicious config due to /dev/console mount and related races"
    },
    {
      "cve": "CVE-2025-59375",
      "cwe": {
        "id": "CWE-770",
        "name": "Allocation of Resources Without Limits or Throttling"
      },
      "discovery_date": "2025-09-15T03:00:59.775098+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2395108"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A memory amplification vulnerability in libexpat allows attackers to trigger excessive dynamic memory allocations by submitting specially crafted XML input. A small input (~250 KiB) can cause the parser to allocate hundreds of megabytes, leading to denial-of-service (DoS) through memory exhaustion.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "firefox: thunderbird: expat: libexpat in Expat allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This issue is Important rather than Critical because, while it allows for significant resource exhaustion leading to denial-of-service (DoS), it does not enable arbitrary code execution, data leakage, or privilege escalation. The vulnerability stems from an uncontrolled memory amplification behavior in libexpat\u2019s parser, where a relatively small XML payload can cause disproportionately large heap allocations. However, the flaw is limited in scope to service disruption and requires the attacker to submit a crafted XML document\u2014something that can be mitigated with proper input validation and memory usage limits. Therefore, while the exploitability is high, the impact is confined to availability, not confidentiality or integrity, making it a high-severity but not critical flaw.\n\nIn Firefox and Thunderbird, where libexpat is a transitive userspace dependency, exploitation usually just crashes the application (app-level DoS), so it is classified as Moderate instead of Important.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-tpu-rhel9@sha256:64796b48c68d31973a08e22c9530c39b1bc3ba9f376bbefa57643ef0fc857534_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2025-59375"
        },
        {
          "category": "external",
          "summary": "RHBZ#2395108",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2395108"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2025-59375",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-59375"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-59375",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-59375"
        },
        {
          "category": "external",
          "summary": "https://www.mozilla.org/security/advisories/mfsa2026-22/#CVE-2025-59375",
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-22/#CVE-2025-59375"
        },
        {
          "category": "external",
          "summary": "https://www.mozilla.org/security/advisories/mfsa2026-24/#CVE-2025-59375",
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-24/#CVE-2025-59375"
        }
      ],
      "release_date": "2025-09-15T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2025-12-15T15:50:15+00:00",
          "details": "For more information visit https://access.redhat.com/errata/RHSA-2025:23209",
          "product_ids": [
            "Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-tpu-rhel9@sha256:64796b48c68d31973a08e22c9530c39b1bc3ba9f376bbefa57643ef0fc857534_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2025:23209"
        },
        {
          "category": "workaround",
          "details": "To mitigate the issue, limit XML input size and complexity before parsing, and avoid accepting compressed or deeply nested XML. Use OS-level resource controls (like ulimit or setrlimit()) to cap memory usage, or run the parser in a sandboxed or isolated process with strict memory and CPU limits. This helps prevent denial-of-service by containing excessive resource consumption.",
          "product_ids": [
            "Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-tpu-rhel9@sha256:64796b48c68d31973a08e22c9530c39b1bc3ba9f376bbefa57643ef0fc857534_amd64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          },
          "products": [
            "Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-tpu-rhel9@sha256:64796b48c68d31973a08e22c9530c39b1bc3ba9f376bbefa57643ef0fc857534_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "firefox: thunderbird: expat: libexpat in Expat allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing"
    },
    {
      "cve": "CVE-2025-62164",
      "cwe": {
        "id": "CWE-787",
        "name": "Out-of-bounds Write"
      },
      "discovery_date": "2025-11-21T02:01:11.280042+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2416282"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A vulnerability in vLLM allows attackers to supply malicious serialized prompt-embedding tensors that are deserialized using torch.load() without validation. Due to PyTorch 2.8.0 disabling sparse-tensor integrity checks by default, a crafted tensor can bypass bounds checks and cause an out-of-bounds write during to_dense(), leading to a crash (DoS) and potentially remote code execution on the vLLM server.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "vllm: VLLM deserialization vulnerability leading to DoS and potential RCE",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This vulnerability is considered important rather than moderate because it involves unsafe deserialization leading to memory corruption in a network-reachable, unauthenticated API path. Unlike typical moderate flaws that may only allow limited DoS or require specific conditions, this issue allows an attacker to supply a crafted sparse tensor that triggers an out-of-bounds memory write during PyTorch\u2019s to_dense() conversion. Memory corruption in a server process handling untrusted input significantly elevates security risk because it can lead not only to a reliable crash but also to potential remote code execution, enabling full compromise of the vLLM service. Additionally, the affected code path is part of the standard Completions API workflow, making the attack surface broadly exposed in real deployments. The combination of remote exploitability, unauthenticated access, memory corruption, and potential RCE clearly positions this issue above a moderate classification and into an important severity level.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-tpu-rhel9@sha256:64796b48c68d31973a08e22c9530c39b1bc3ba9f376bbefa57643ef0fc857534_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2025-62164"
        },
        {
          "category": "external",
          "summary": "RHBZ#2416282",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2416282"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2025-62164",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-62164"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-62164",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-62164"
        },
        {
          "category": "external",
          "summary": "https://github.com/vllm-project/vllm/commit/58fab50d82838d5014f4a14d991fdb9352c9c84b",
          "url": "https://github.com/vllm-project/vllm/commit/58fab50d82838d5014f4a14d991fdb9352c9c84b"
        },
        {
          "category": "external",
          "summary": "https://github.com/vllm-project/vllm/pull/27204",
          "url": "https://github.com/vllm-project/vllm/pull/27204"
        },
        {
          "category": "external",
          "summary": "https://github.com/vllm-project/vllm/security/advisories/GHSA-mrw7-hf4f-83pf",
          "url": "https://github.com/vllm-project/vllm/security/advisories/GHSA-mrw7-hf4f-83pf"
        }
      ],
      "release_date": "2025-11-21T01:18:38.803000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2025-12-15T15:50:15+00:00",
          "details": "For more information visit https://access.redhat.com/errata/RHSA-2025:23209",
          "product_ids": [
            "Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-tpu-rhel9@sha256:64796b48c68d31973a08e22c9530c39b1bc3ba9f376bbefa57643ef0fc857534_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2025:23209"
        },
        {
          "category": "workaround",
          "details": "No mitigation is currently available that meets Red Hat Product Security\u2019s standards for usability, deployment, applicability, or stability.",
          "product_ids": [
            "Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-tpu-rhel9@sha256:64796b48c68d31973a08e22c9530c39b1bc3ba9f376bbefa57643ef0fc857534_amd64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-tpu-rhel9@sha256:64796b48c68d31973a08e22c9530c39b1bc3ba9f376bbefa57643ef0fc857534_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "vllm: VLLM deserialization vulnerability leading to DoS and potential RCE"
    },
    {
      "cve": "CVE-2025-62372",
      "cwe": {
        "id": "CWE-129",
        "name": "Improper Validation of Array Index"
      },
      "discovery_date": "2025-11-21T02:00:57.180567+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2416280"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A denial-of-service vulnerability in vLLM allows an attacker with API access to crash the engine by submitting multimodal embedding tensors that have the correct number of dimensions but an invalid internal shape. Because vLLM validates only the tensor\u2019s ndim and not the full expected shape, malformed embeddings trigger shape mismatches or validation failures during processing, causing the inference engine to terminate.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "vllm: vLLM vulnerable to DoS with incorrect shape of multimodal embedding inputs",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This flaw is rated Moderate rather than Important because its impact is strictly limited to availability and requires low but existing privileges to exploit. The issue arises from incomplete shape validation of multimodal embedding tensors, which can cause deterministic crashes in the inference engine, but it does not enable memory corruption, data leakage, integrity compromise, or execution of arbitrary code. Exploitation requires an authenticated or API-key-holding user to submit malformed multimodal inputs, meaning it cannot be triggered by an unauthenticated attacker on an exposed endpoint. Additionally, the failure mode is a clean crash rather than undefined behavior, so the blast radius is constrained to service interruption rather than broader systemic compromise. These factors\u2014PR:L requirement, no confidentiality/integrity impact, deterministic failure mode, and scoped DoS only\u2014technically align the issue with Moderate severity instead of an Important flaw.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-tpu-rhel9@sha256:64796b48c68d31973a08e22c9530c39b1bc3ba9f376bbefa57643ef0fc857534_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2025-62372"
        },
        {
          "category": "external",
          "summary": "RHBZ#2416280",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2416280"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2025-62372",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-62372"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-62372",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-62372"
        },
        {
          "category": "external",
          "summary": "https://github.com/vllm-project/vllm/commit/58fab50d82838d5014f4a14d991fdb9352c9c84b",
          "url": "https://github.com/vllm-project/vllm/commit/58fab50d82838d5014f4a14d991fdb9352c9c84b"
        },
        {
          "category": "external",
          "summary": "https://github.com/vllm-project/vllm/pull/27204",
          "url": "https://github.com/vllm-project/vllm/pull/27204"
        },
        {
          "category": "external",
          "summary": "https://github.com/vllm-project/vllm/pull/6613",
          "url": "https://github.com/vllm-project/vllm/pull/6613"
        },
        {
          "category": "external",
          "summary": "https://github.com/vllm-project/vllm/security/advisories/GHSA-pmqf-x6x8-p7qw",
          "url": "https://github.com/vllm-project/vllm/security/advisories/GHSA-pmqf-x6x8-p7qw"
        }
      ],
      "release_date": "2025-11-21T01:22:37.121000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2025-12-15T15:50:15+00:00",
          "details": "For more information visit https://access.redhat.com/errata/RHSA-2025:23209",
          "product_ids": [
            "Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-tpu-rhel9@sha256:64796b48c68d31973a08e22c9530c39b1bc3ba9f376bbefa57643ef0fc857534_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2025:23209"
        },
        {
          "category": "workaround",
          "details": "No mitigation is currently available that meets Red Hat Product Security\u2019s standards for usability, deployment, applicability, or stability.",
          "product_ids": [
            "Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-tpu-rhel9@sha256:64796b48c68d31973a08e22c9530c39b1bc3ba9f376bbefa57643ef0fc857534_amd64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-tpu-rhel9@sha256:64796b48c68d31973a08e22c9530c39b1bc3ba9f376bbefa57643ef0fc857534_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "vllm: vLLM vulnerable to DoS with incorrect shape of multimodal embedding inputs"
    },
    {
      "cve": "CVE-2025-66448",
      "cwe": {
        "id": "CWE-94",
        "name": "Improper Control of Generation of Code (\u0027Code Injection\u0027)"
      },
      "discovery_date": "2025-12-01T23:01:07.198041+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2418152"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A remote code execution vulnerability has been identified in vLLM. An attacker can exploit a weakness in the model loading process to silently fetch and run unauthorized, malicious Python code on the host system. This happens because the engine mistakenly executes code from a remote repository referenced in a model\u0027s configuration, even when explicit security measures are set to prevent it.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "vllm: vLLM: Remote Code Execution via malicious model configuration",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This vulnerability is rated Important for Red Hat because vLLM, when deployed in a Red Hat environment, is susceptible to remote code execution. An attacker can craft a malicious model configuration that, when loaded, fetches and executes arbitrary Python code from a remote repository, even if `trust_remote_code` is explicitly set to `False`.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-tpu-rhel9@sha256:64796b48c68d31973a08e22c9530c39b1bc3ba9f376bbefa57643ef0fc857534_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2025-66448"
        },
        {
          "category": "external",
          "summary": "RHBZ#2418152",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2418152"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2025-66448",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-66448"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-66448",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66448"
        },
        {
          "category": "external",
          "summary": "https://github.com/vllm-project/vllm/commit/ffb08379d8870a1a81ba82b72797f196838d0c86",
          "url": "https://github.com/vllm-project/vllm/commit/ffb08379d8870a1a81ba82b72797f196838d0c86"
        },
        {
          "category": "external",
          "summary": "https://github.com/vllm-project/vllm/pull/28126",
          "url": "https://github.com/vllm-project/vllm/pull/28126"
        },
        {
          "category": "external",
          "summary": "https://github.com/vllm-project/vllm/security/advisories/GHSA-8fr4-5q9j-m8gm",
          "url": "https://github.com/vllm-project/vllm/security/advisories/GHSA-8fr4-5q9j-m8gm"
        }
      ],
      "release_date": "2025-12-01T22:45:42.566000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2025-12-15T15:50:15+00:00",
          "details": "For more information visit https://access.redhat.com/errata/RHSA-2025:23209",
          "product_ids": [
            "Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-tpu-rhel9@sha256:64796b48c68d31973a08e22c9530c39b1bc3ba9f376bbefa57643ef0fc857534_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2025:23209"
        },
        {
          "category": "workaround",
          "details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.",
          "product_ids": [
            "Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-tpu-rhel9@sha256:64796b48c68d31973a08e22c9530c39b1bc3ba9f376bbefa57643ef0fc857534_amd64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-tpu-rhel9@sha256:64796b48c68d31973a08e22c9530c39b1bc3ba9f376bbefa57643ef0fc857534_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "vllm: vLLM: Remote Code Execution via malicious model configuration"
    },
    {
      "cve": "CVE-2025-66506",
      "cwe": {
        "id": "CWE-405",
        "name": "Asymmetric Resource Consumption (Amplification)"
      },
      "discovery_date": "2025-12-04T23:01:20.507333+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2419056"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Fulcio, a free-to-use certificate authority. This vulnerability allows a denial of service (DoS) due to excessive memory allocation when processing a malicious OpenID Connect (OIDC) identity token containing numerous period characters.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "github.com/sigstore/fulcio: Fulcio: Denial of Service via crafted OpenID Connect (OIDC) token",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This vulnerability is rated Important for Red Hat as Fulcio, a certificate authority used for issuing code signing certificates, is susceptible to a denial of service when processing a specially crafted OpenID Connect (OIDC) token. This could lead to resource exhaustion and service unavailability in affected Red Hat products that utilize Fulcio.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-tpu-rhel9@sha256:64796b48c68d31973a08e22c9530c39b1bc3ba9f376bbefa57643ef0fc857534_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2025-66506"
        },
        {
          "category": "external",
          "summary": "RHBZ#2419056",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2419056"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2025-66506",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-66506"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-66506",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66506"
        },
        {
          "category": "external",
          "summary": "https://github.com/sigstore/fulcio/commit/765a0e57608b9ef390e1eeeea8595b9054c63a5a",
          "url": "https://github.com/sigstore/fulcio/commit/765a0e57608b9ef390e1eeeea8595b9054c63a5a"
        },
        {
          "category": "external",
          "summary": "https://github.com/sigstore/fulcio/security/advisories/GHSA-f83f-xpx7-ffpw",
          "url": "https://github.com/sigstore/fulcio/security/advisories/GHSA-f83f-xpx7-ffpw"
        }
      ],
      "release_date": "2025-12-04T22:04:41.637000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2025-12-15T15:50:15+00:00",
          "details": "For more information visit https://access.redhat.com/errata/RHSA-2025:23209",
          "product_ids": [
            "Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-tpu-rhel9@sha256:64796b48c68d31973a08e22c9530c39b1bc3ba9f376bbefa57643ef0fc857534_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2025:23209"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-tpu-rhel9@sha256:64796b48c68d31973a08e22c9530c39b1bc3ba9f376bbefa57643ef0fc857534_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "github.com/sigstore/fulcio: Fulcio: Denial of Service via crafted OpenID Connect (OIDC) token"
    }
  ]
}

RHSA-2025:23449

Vulnerability from csaf_redhat - Published: 2025-12-17 08:22 - Updated: 2026-05-29 19:34

Summary

Red Hat Security Advisory: Red Hat AI Inference Server 3.2.5 (ROCm)

Severity

Important

Notes

Topic: Red Hat AI Inference Server 3.2.5 (ROCm) is now available.

Details: Red Hat® AI Inference Server

Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

CVE-2025-9230

A flaw was found in the OpenSSL CMS implementation (RFC 3211 KEK Unwrap). This vulnerability allows memory corruption, an application level denial of service, or potential execution of attacker-supplied code via crafted CMS messages using password-based encryption (PWRI).

5.6 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

CWE-787 - Out-of-bounds Write

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Unresolved product id: Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:c5efe40fa2a6e98d7d3d6676befff0dbbd87b2887769bb7e5856c5b0b0ada125_amd64		—	Vendor Fix fix Workaround

Threats

Impact Moderate

CVE-2025-9714

A flaw was found in libxstl/libxml2. The 'exsltDynMapFunction' function in libexslt/dynamic.c does not contain a recursion depth check, which may cause an infinite loop via a specially crafted XSLT document while handling 'dyn:map()', leading to stack exhaustion and a local denial of service.

6.2 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-606 - Unchecked Input for Loop Condition

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Unresolved product id: Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:c5efe40fa2a6e98d7d3d6676befff0dbbd87b2887769bb7e5856c5b0b0ada125_amd64		—	Vendor Fix fix Workaround

Threats

Impact Moderate

CVE-2025-22868

A flaw was found in the `golang.org/x/oauth2/jws` package in the token parsing component. This vulnerability is made possible because of the use of `strings.Split(token, ".")` to split JWT tokens, which can lead to excessive memory consumption when processing maliciously crafted tokens with a large number of `.` characters. An attacker could exploit this functionality by sending numerous malformed tokens and can trigger memory exhaustion and a Denial of Service.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-1286 - Improper Validation of Syntactic Correctness of Input

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Unresolved product id: Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:c5efe40fa2a6e98d7d3d6676befff0dbbd87b2887769bb7e5856c5b0b0ada125_amd64		—	Vendor Fix fix Workaround

Threats

Impact Important

CVE-2025-22869

A flaw was found in the golang.org/x/crypto/ssh package. SSH clients and servers are vulnerable to increased resource consumption, possibly leading to memory exhaustion and a DoS. This can occur during key exchange when the other party is slow to respond during key exchange.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-770 - Allocation of Resources Without Limits or Throttling

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Unresolved product id: Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:c5efe40fa2a6e98d7d3d6676befff0dbbd87b2887769bb7e5856c5b0b0ada125_amd64		—	Vendor Fix fix Workaround

Threats

Impact Important

CVE-2025-47906

A path handling flaw has been discovered in the os/exec go package. If the PATH environment variable contains paths which are executables (rather than just directories), passing certain strings to LookPath ("", ".", and ".."), can result in the binaries listed in the PATH being unexpectedly returned.

6.5 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L

CWE-440 - Expected Behavior Violation

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Unresolved product id: Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:c5efe40fa2a6e98d7d3d6676befff0dbbd87b2887769bb7e5856c5b0b0ada125_amd64		—	Vendor Fix fix Workaround

Threats

Impact Moderate

CVE-2025-52565

A flaw was found in runc. CVE-2025-52565 is very similar in concept and application toCVE-2025-31133, except that it exploits a flaw in /dev/console bind-mounts. When creating the /dev/console bind-mount (to /dev/pts/$n), if an attacker replaces /dev/pts/$n with a symlink then runc will bind-mount the symlink target over /dev/console.

8.2 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

CWE-59 - Improper Link Resolution Before File Access ('Link Following')

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Unresolved product id: Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:c5efe40fa2a6e98d7d3d6676befff0dbbd87b2887769bb7e5856c5b0b0ada125_amd64		—	Vendor Fix fix Workaround

Threats

Impact Important

CVE-2025-59375

A memory amplification vulnerability in libexpat allows attackers to trigger excessive dynamic memory allocations by submitting specially crafted XML input. A small input (~250 KiB) can cause the parser to allocate hundreds of megabytes, leading to denial-of-service (DoS) through memory exhaustion.

5.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

CWE-770 - Allocation of Resources Without Limits or Throttling

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Unresolved product id: Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:c5efe40fa2a6e98d7d3d6676befff0dbbd87b2887769bb7e5856c5b0b0ada125_amd64		—	Vendor Fix fix Workaround

Threats

Impact Important

CVE-2025-62164

A vulnerability in vLLM allows attackers to supply malicious serialized prompt-embedding tensors that are deserialized using torch.load() without validation. Due to PyTorch 2.8.0 disabling sparse-tensor integrity checks by default, a crafted tensor can bypass bounds checks and cause an out-of-bounds write during to_dense(), leading to a crash (DoS) and potentially remote code execution on the vLLM server.

8.8 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-787 - Out-of-bounds Write

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Unresolved product id: Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:c5efe40fa2a6e98d7d3d6676befff0dbbd87b2887769bb7e5856c5b0b0ada125_amd64		—	Vendor Fix fix Workaround

Threats

Impact Important

CVE-2025-62372

A denial-of-service vulnerability in vLLM allows an attacker with API access to crash the engine by submitting multimodal embedding tensors that have the correct number of dimensions but an invalid internal shape. Because vLLM validates only the tensor’s ndim and not the full expected shape, malformed embeddings trigger shape mismatches or validation failures during processing, causing the inference engine to terminate.

6.5 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE-129 - Improper Validation of Array Index

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Unresolved product id: Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:c5efe40fa2a6e98d7d3d6676befff0dbbd87b2887769bb7e5856c5b0b0ada125_amd64		—	Vendor Fix fix Workaround

Threats

Impact Moderate

CVE-2025-66448

A remote code execution vulnerability has been identified in vLLM. An attacker can exploit a weakness in the model loading process to silently fetch and run unauthorized, malicious Python code on the host system. This happens because the engine mistakenly executes code from a remote repository referenced in a model's configuration, even when explicit security measures are set to prevent it.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-94 - Improper Control of Generation of Code ('Code Injection')

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Unresolved product id: Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:c5efe40fa2a6e98d7d3d6676befff0dbbd87b2887769bb7e5856c5b0b0ada125_amd64		—	Vendor Fix fix Workaround

Threats

Impact Important

CVE-2025-66506

A flaw was found in Fulcio, a free-to-use certificate authority. This vulnerability allows a denial of service (DoS) due to excessive memory allocation when processing a malicious OpenID Connect (OIDC) identity token containing numerous period characters.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-405 - Asymmetric Resource Consumption (Amplification)

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Unresolved product id: Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:c5efe40fa2a6e98d7d3d6676befff0dbbd87b2887769bb7e5856c5b0b0ada125_amd64		—	Vendor Fix fix

Threats

Impact Important

References

84 references

URL	Category
https://access.redhat.com/errata/RHSA-2025:23449	self
https://access.redhat.com/security/cve/CVE-2025-22868	external
https://access.redhat.com/security/cve/CVE-2025-22869	external
https://access.redhat.com/security/cve/CVE-2025-47906	external
https://access.redhat.com/security/cve/CVE-2025-52565	external
https://access.redhat.com/security/cve/CVE-2025-59375	external
https://access.redhat.com/security/cve/CVE-2025-62164	external
https://access.redhat.com/security/cve/CVE-2025-62372	external
https://access.redhat.com/security/cve/CVE-2025-66448	external
https://access.redhat.com/security/cve/CVE-2025-66506	external
https://access.redhat.com/security/cve/CVE-2025-9230	external
https://access.redhat.com/security/cve/CVE-2025-9714	external
https://access.redhat.com/security/updates/classi…	external
https://www.redhat.com/en/products/ai/inference-server	external
https://security.access.redhat.com/data/csaf/v2/a…	self
https://access.redhat.com/security/cve/CVE-2025-9230	self
https://bugzilla.redhat.com/show_bug.cgi?id=2396054	external
https://www.cve.org/CVERecord?id=CVE-2025-9230	external
https://nvd.nist.gov/vuln/detail/CVE-2025-9230	external
https://access.redhat.com/security/cve/CVE-2025-9714	self
https://bugzilla.redhat.com/show_bug.cgi?id=2392605	external
https://www.cve.org/CVERecord?id=CVE-2025-9714	external
https://nvd.nist.gov/vuln/detail/CVE-2025-9714	external
https://gitlab.gnome.org/GNOME/libxml2/-/commit/6…	external
https://gitlab.gnome.org/GNOME/libxslt/-/issues/148	external
https://access.redhat.com/security/cve/CVE-2025-22868	self
https://bugzilla.redhat.com/show_bug.cgi?id=2348366	external
https://www.cve.org/CVERecord?id=CVE-2025-22868	external
https://nvd.nist.gov/vuln/detail/CVE-2025-22868	external
https://go.dev/cl/652155	external
https://go.dev/issue/71490	external
https://pkg.go.dev/vuln/GO-2025-3488	external
https://access.redhat.com/security/cve/CVE-2025-22869	self
https://bugzilla.redhat.com/show_bug.cgi?id=2348367	external
https://www.cve.org/CVERecord?id=CVE-2025-22869	external
https://nvd.nist.gov/vuln/detail/CVE-2025-22869	external
https://go.dev/cl/652135	external
https://go.dev/issue/71931	external
https://pkg.go.dev/vuln/GO-2025-3487	external
https://access.redhat.com/security/cve/CVE-2025-47906	self
https://bugzilla.redhat.com/show_bug.cgi?id=2396546	external
https://www.cve.org/CVERecord?id=CVE-2025-47906	external
https://nvd.nist.gov/vuln/detail/CVE-2025-47906	external
https://go.dev/cl/691775	external
https://go.dev/issue/74466	external
https://groups.google.com/g/golang-announce/c/x5M…	external
https://pkg.go.dev/vuln/GO-2025-3956	external
https://access.redhat.com/security/cve/CVE-2025-52565	self
https://bugzilla.redhat.com/show_bug.cgi?id=2404708	external
https://www.cve.org/CVERecord?id=CVE-2025-52565	external
https://nvd.nist.gov/vuln/detail/CVE-2025-52565	external
https://github.com/opencontainers/runc/security/a…	external
https://access.redhat.com/security/cve/CVE-2025-59375	self
https://bugzilla.redhat.com/show_bug.cgi?id=2395108	external
https://www.cve.org/CVERecord?id=CVE-2025-59375	external
https://nvd.nist.gov/vuln/detail/CVE-2025-59375	external
https://www.mozilla.org/security/advisories/mfsa2…	external
https://www.mozilla.org/security/advisories/mfsa2…	external
https://access.redhat.com/security/cve/CVE-2025-62164	self
https://bugzilla.redhat.com/show_bug.cgi?id=2416282	external
https://www.cve.org/CVERecord?id=CVE-2025-62164	external
https://nvd.nist.gov/vuln/detail/CVE-2025-62164	external
https://github.com/vllm-project/vllm/commit/58fab…	external
https://github.com/vllm-project/vllm/pull/27204	external
https://github.com/vllm-project/vllm/security/adv…	external
https://access.redhat.com/security/cve/CVE-2025-62372	self
https://bugzilla.redhat.com/show_bug.cgi?id=2416280	external
https://www.cve.org/CVERecord?id=CVE-2025-62372	external
https://nvd.nist.gov/vuln/detail/CVE-2025-62372	external
https://github.com/vllm-project/vllm/pull/6613	external
https://github.com/vllm-project/vllm/security/adv…	external
https://access.redhat.com/security/cve/CVE-2025-66448	self
https://bugzilla.redhat.com/show_bug.cgi?id=2418152	external
https://www.cve.org/CVERecord?id=CVE-2025-66448	external
https://nvd.nist.gov/vuln/detail/CVE-2025-66448	external
https://github.com/vllm-project/vllm/commit/ffb08…	external
https://github.com/vllm-project/vllm/pull/28126	external
https://github.com/vllm-project/vllm/security/adv…	external
https://access.redhat.com/security/cve/CVE-2025-66506	self
https://bugzilla.redhat.com/show_bug.cgi?id=2419056	external
https://www.cve.org/CVERecord?id=CVE-2025-66506	external
https://nvd.nist.gov/vuln/detail/CVE-2025-66506	external
https://github.com/sigstore/fulcio/commit/765a0e5…	external
https://github.com/sigstore/fulcio/security/advis…	external

Acknowledgments

jub0bs

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Red Hat AI Inference Server 3.2.5 (ROCm) is now available.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "Red Hat\u00ae AI Inference Server",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2025:23449",
        "url": "https://access.redhat.com/errata/RHSA-2025:23449"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/CVE-2025-22868",
        "url": "https://access.redhat.com/security/cve/CVE-2025-22868"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/CVE-2025-22869",
        "url": "https://access.redhat.com/security/cve/CVE-2025-22869"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/CVE-2025-47906",
        "url": "https://access.redhat.com/security/cve/CVE-2025-47906"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/CVE-2025-52565",
        "url": "https://access.redhat.com/security/cve/CVE-2025-52565"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/CVE-2025-59375",
        "url": "https://access.redhat.com/security/cve/CVE-2025-59375"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/CVE-2025-62164",
        "url": "https://access.redhat.com/security/cve/CVE-2025-62164"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/CVE-2025-62372",
        "url": "https://access.redhat.com/security/cve/CVE-2025-62372"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/CVE-2025-66448",
        "url": "https://access.redhat.com/security/cve/CVE-2025-66448"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/CVE-2025-66506",
        "url": "https://access.redhat.com/security/cve/CVE-2025-66506"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/CVE-2025-9230",
        "url": "https://access.redhat.com/security/cve/CVE-2025-9230"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/CVE-2025-9714",
        "url": "https://access.redhat.com/security/cve/CVE-2025-9714"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/",
        "url": "https://access.redhat.com/security/updates/classification/"
      },
      {
        "category": "external",
        "summary": "https://www.redhat.com/en/products/ai/inference-server",
        "url": "https://www.redhat.com/en/products/ai/inference-server"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_23449.json"
      }
    ],
    "title": "Red Hat Security Advisory: Red Hat AI Inference Server 3.2.5 (ROCm)",
    "tracking": {
      "current_release_date": "2026-05-29T19:34:23+00:00",
      "generator": {
        "date": "2026-05-29T19:34:23+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.8.1"
        }
      },
      "id": "RHSA-2025:23449",
      "initial_release_date": "2025-12-17T08:22:31+00:00",
      "revision_history": [
        {
          "date": "2025-12-17T08:22:31+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2025-12-17T08:22:37+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2026-05-29T19:34:23+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat AI Inference Server 3.2",
                "product": {
                  "name": "Red Hat AI Inference Server 3.2",
                  "product_id": "Red Hat AI Inference Server 3.2",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:ai_inference_server:3.2::el9"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat AI Inference Server"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:c5efe40fa2a6e98d7d3d6676befff0dbbd87b2887769bb7e5856c5b0b0ada125_amd64",
                "product": {
                  "name": "registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:c5efe40fa2a6e98d7d3d6676befff0dbbd87b2887769bb7e5856c5b0b0ada125_amd64",
                  "product_id": "registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:c5efe40fa2a6e98d7d3d6676befff0dbbd87b2887769bb7e5856c5b0b0ada125_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/vllm-rocm-rhel9@sha256%3Ac5efe40fa2a6e98d7d3d6676befff0dbbd87b2887769bb7e5856c5b0b0ada125?arch=amd64\u0026repository_url=registry.redhat.io/rhaiis\u0026tag=3.2.5-1765552603"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "amd64"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:c5efe40fa2a6e98d7d3d6676befff0dbbd87b2887769bb7e5856c5b0b0ada125_amd64 as a component of Red Hat AI Inference Server 3.2",
          "product_id": "Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:c5efe40fa2a6e98d7d3d6676befff0dbbd87b2887769bb7e5856c5b0b0ada125_amd64"
        },
        "product_reference": "registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:c5efe40fa2a6e98d7d3d6676befff0dbbd87b2887769bb7e5856c5b0b0ada125_amd64",
        "relates_to_product_reference": "Red Hat AI Inference Server 3.2"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2025-9230",
      "cwe": {
        "id": "CWE-787",
        "name": "Out-of-bounds Write"
      },
      "discovery_date": "2025-09-17T12:15:34.387000+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2396054"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the OpenSSL CMS implementation (RFC 3211 KEK Unwrap). This vulnerability allows memory corruption, an application level denial of service, or potential execution of attacker-supplied code via crafted CMS messages using password-based encryption (PWRI).",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "openssl: Out-of-bounds read \u0026 write in RFC 3211 KEK Unwrap",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "The vulnerability was rated as Moderate because, while the potential impact includes an application level denial of service and possible arbitrary code execution, successful exploitation is considered unlikely due to the high attack complexity and the fact that password-based CMS encryption (PWRI) is rarely used in real-world deployments.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:c5efe40fa2a6e98d7d3d6676befff0dbbd87b2887769bb7e5856c5b0b0ada125_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2025-9230"
        },
        {
          "category": "external",
          "summary": "RHBZ#2396054",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2396054"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2025-9230",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-9230"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-9230",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-9230"
        }
      ],
      "release_date": "2025-09-30T23:59:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2025-12-17T08:22:31+00:00",
          "details": "For more information visit https://access.redhat.com/errata/RHSA-2025:23449",
          "product_ids": [
            "Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:c5efe40fa2a6e98d7d3d6676befff0dbbd87b2887769bb7e5856c5b0b0ada125_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2025:23449"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
          "product_ids": [
            "Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:c5efe40fa2a6e98d7d3d6676befff0dbbd87b2887769bb7e5856c5b0b0ada125_amd64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5.6,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.1"
          },
          "products": [
            "Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:c5efe40fa2a6e98d7d3d6676befff0dbbd87b2887769bb7e5856c5b0b0ada125_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "openssl: Out-of-bounds read \u0026 write in RFC 3211 KEK Unwrap"
    },
    {
      "cve": "CVE-2025-9714",
      "cwe": {
        "id": "CWE-606",
        "name": "Unchecked Input for Loop Condition"
      },
      "discovery_date": "2025-09-02T13:03:56.452000+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2392605"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in libxstl/libxml2. The \u0027exsltDynMapFunction\u0027 function in libexslt/dynamic.c does not contain a recursion depth check, which may cause an infinite loop via a specially crafted XSLT document while handling \u0027dyn:map()\u0027, leading to stack exhaustion and a local denial of service.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "libxslt: libxml2: Inifinite recursion at exsltDynMapFunction function in libexslt/dynamic.c",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "No evidence was found for arbitrary memory corruption through this flaw, limiting its impact to Availability only, and reducing its severity to Moderate.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:c5efe40fa2a6e98d7d3d6676befff0dbbd87b2887769bb7e5856c5b0b0ada125_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2025-9714"
        },
        {
          "category": "external",
          "summary": "RHBZ#2392605",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2392605"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2025-9714",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-9714"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-9714",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-9714"
        },
        {
          "category": "external",
          "summary": "https://gitlab.gnome.org/GNOME/libxml2/-/commit/677a42645ef22b5a50741bad5facf9d8a8bc6d21",
          "url": "https://gitlab.gnome.org/GNOME/libxml2/-/commit/677a42645ef22b5a50741bad5facf9d8a8bc6d21"
        },
        {
          "category": "external",
          "summary": "https://gitlab.gnome.org/GNOME/libxslt/-/issues/148",
          "url": "https://gitlab.gnome.org/GNOME/libxslt/-/issues/148"
        }
      ],
      "release_date": "2025-09-02T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2025-12-17T08:22:31+00:00",
          "details": "For more information visit https://access.redhat.com/errata/RHSA-2025:23449",
          "product_ids": [
            "Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:c5efe40fa2a6e98d7d3d6676befff0dbbd87b2887769bb7e5856c5b0b0ada125_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2025:23449"
        },
        {
          "category": "workaround",
          "details": "The impact of this flaw may be reduced by setting strict resource limits to the stack size of processes at the operational system level. This can be achieved either through the \u0027ulimit\u0027 shell built-in or the \u0027limits.conf\u0027 file.",
          "product_ids": [
            "Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:c5efe40fa2a6e98d7d3d6676befff0dbbd87b2887769bb7e5856c5b0b0ada125_amd64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 6.2,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:c5efe40fa2a6e98d7d3d6676befff0dbbd87b2887769bb7e5856c5b0b0ada125_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "libxslt: libxml2: Inifinite recursion at exsltDynMapFunction function in libexslt/dynamic.c"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "jub0bs"
          ]
        }
      ],
      "cve": "CVE-2025-22868",
      "cwe": {
        "id": "CWE-1286",
        "name": "Improper Validation of Syntactic Correctness of Input"
      },
      "discovery_date": "2025-02-26T04:00:44.350024+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2348366"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the `golang.org/x/oauth2/jws` package in the token parsing component. This vulnerability is made possible because of the use of `strings.Split(token, \".\")` to split JWT tokens, which can lead to excessive memory consumption when processing maliciously crafted tokens with a large number of `.` characters. An attacker could exploit this functionality by sending numerous malformed tokens and can trigger memory exhaustion and a Denial of Service.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "golang.org/x/oauth2/jws: Unexpected memory consumption during token parsing in golang.org/x/oauth2/jws",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:c5efe40fa2a6e98d7d3d6676befff0dbbd87b2887769bb7e5856c5b0b0ada125_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2025-22868"
        },
        {
          "category": "external",
          "summary": "RHBZ#2348366",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2348366"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2025-22868",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-22868"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-22868",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-22868"
        },
        {
          "category": "external",
          "summary": "https://go.dev/cl/652155",
          "url": "https://go.dev/cl/652155"
        },
        {
          "category": "external",
          "summary": "https://go.dev/issue/71490",
          "url": "https://go.dev/issue/71490"
        },
        {
          "category": "external",
          "summary": "https://pkg.go.dev/vuln/GO-2025-3488",
          "url": "https://pkg.go.dev/vuln/GO-2025-3488"
        }
      ],
      "release_date": "2025-02-26T03:07:49.012000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2025-12-17T08:22:31+00:00",
          "details": "For more information visit https://access.redhat.com/errata/RHSA-2025:23449",
          "product_ids": [
            "Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:c5efe40fa2a6e98d7d3d6676befff0dbbd87b2887769bb7e5856c5b0b0ada125_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2025:23449"
        },
        {
          "category": "workaround",
          "details": "To mitigate this vulnerability, it is recommended to pre-validate any payloads passed to `go-jose` to check that they do not contain an excessive amount of `.` characters.",
          "product_ids": [
            "Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:c5efe40fa2a6e98d7d3d6676befff0dbbd87b2887769bb7e5856c5b0b0ada125_amd64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:c5efe40fa2a6e98d7d3d6676befff0dbbd87b2887769bb7e5856c5b0b0ada125_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "golang.org/x/oauth2/jws: Unexpected memory consumption during token parsing in golang.org/x/oauth2/jws"
    },
    {
      "cve": "CVE-2025-22869",
      "cwe": {
        "id": "CWE-770",
        "name": "Allocation of Resources Without Limits or Throttling"
      },
      "discovery_date": "2025-02-26T04:00:47.683125+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2348367"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the golang.org/x/crypto/ssh package. SSH clients and servers are vulnerable to increased resource consumption, possibly leading to memory exhaustion and a DoS. This can occur during key exchange when the other party is slow to respond during key exchange.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "golang.org/x/crypto/ssh: Denial of Service in the Key Exchange of golang.org/x/crypto/ssh",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "While this flaw affects both SSH clients and servers implemented with golang.org/x/crypto/ssh, realistically the flaw will only lead to a DoS when transferring large files, greatly reducing the likelihood of exploitation.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:c5efe40fa2a6e98d7d3d6676befff0dbbd87b2887769bb7e5856c5b0b0ada125_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2025-22869"
        },
        {
          "category": "external",
          "summary": "RHBZ#2348367",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2348367"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2025-22869",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-22869"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-22869",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-22869"
        },
        {
          "category": "external",
          "summary": "https://go.dev/cl/652135",
          "url": "https://go.dev/cl/652135"
        },
        {
          "category": "external",
          "summary": "https://go.dev/issue/71931",
          "url": "https://go.dev/issue/71931"
        },
        {
          "category": "external",
          "summary": "https://pkg.go.dev/vuln/GO-2025-3487",
          "url": "https://pkg.go.dev/vuln/GO-2025-3487"
        }
      ],
      "release_date": "2025-02-26T03:07:48.855000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2025-12-17T08:22:31+00:00",
          "details": "For more information visit https://access.redhat.com/errata/RHSA-2025:23449",
          "product_ids": [
            "Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:c5efe40fa2a6e98d7d3d6676befff0dbbd87b2887769bb7e5856c5b0b0ada125_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2025:23449"
        },
        {
          "category": "workaround",
          "details": "This flaw can be mitigated when using the client only connecting to trusted servers.",
          "product_ids": [
            "Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:c5efe40fa2a6e98d7d3d6676befff0dbbd87b2887769bb7e5856c5b0b0ada125_amd64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:c5efe40fa2a6e98d7d3d6676befff0dbbd87b2887769bb7e5856c5b0b0ada125_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "golang.org/x/crypto/ssh: Denial of Service in the Key Exchange of golang.org/x/crypto/ssh"
    },
    {
      "cve": "CVE-2025-47906",
      "cwe": {
        "id": "CWE-440",
        "name": "Expected Behavior Violation"
      },
      "discovery_date": "2025-09-18T19:00:47.541046+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2396546"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A path handling flaw has been discovered in the os/exec go package. If the PATH environment variable contains paths which are executables (rather than just directories), passing certain strings to LookPath (\"\", \".\", and \"..\"), can result in the binaries listed in the PATH being unexpectedly returned.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "os/exec: Unexpected paths returned from LookPath in os/exec",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:c5efe40fa2a6e98d7d3d6676befff0dbbd87b2887769bb7e5856c5b0b0ada125_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2025-47906"
        },
        {
          "category": "external",
          "summary": "RHBZ#2396546",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2396546"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2025-47906",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-47906"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-47906",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-47906"
        },
        {
          "category": "external",
          "summary": "https://go.dev/cl/691775",
          "url": "https://go.dev/cl/691775"
        },
        {
          "category": "external",
          "summary": "https://go.dev/issue/74466",
          "url": "https://go.dev/issue/74466"
        },
        {
          "category": "external",
          "summary": "https://groups.google.com/g/golang-announce/c/x5MKroML2yM",
          "url": "https://groups.google.com/g/golang-announce/c/x5MKroML2yM"
        },
        {
          "category": "external",
          "summary": "https://pkg.go.dev/vuln/GO-2025-3956",
          "url": "https://pkg.go.dev/vuln/GO-2025-3956"
        }
      ],
      "release_date": "2025-09-18T18:41:11.847000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2025-12-17T08:22:31+00:00",
          "details": "For more information visit https://access.redhat.com/errata/RHSA-2025:23449",
          "product_ids": [
            "Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:c5efe40fa2a6e98d7d3d6676befff0dbbd87b2887769bb7e5856c5b0b0ada125_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2025:23449"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
          "product_ids": [
            "Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:c5efe40fa2a6e98d7d3d6676befff0dbbd87b2887769bb7e5856c5b0b0ada125_amd64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L",
            "version": "3.1"
          },
          "products": [
            "Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:c5efe40fa2a6e98d7d3d6676befff0dbbd87b2887769bb7e5856c5b0b0ada125_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "os/exec: Unexpected paths returned from LookPath in os/exec"
    },
    {
      "cve": "CVE-2025-52565",
      "cwe": {
        "id": "CWE-59",
        "name": "Improper Link Resolution Before File Access (\u0027Link Following\u0027)"
      },
      "discovery_date": "2025-10-17T14:19:18.653000+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2404708"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in runc. CVE-2025-52565 is very similar in concept and application toCVE-2025-31133, except that it exploits a flaw in /dev/console\nbind-mounts. When creating the /dev/console bind-mount (to /dev/pts/$n), if an attacker replaces /dev/pts/$n with a symlink then runc will bind-mount the symlink target over /dev/console.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "runc: container escape with malicious config due to /dev/console mount and related races",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Red Hat considers this as an Important flaw since the impact is limited to local attack with minimal privileges in order to jeopardize the environment.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:c5efe40fa2a6e98d7d3d6676befff0dbbd87b2887769bb7e5856c5b0b0ada125_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2025-52565"
        },
        {
          "category": "external",
          "summary": "RHBZ#2404708",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2404708"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2025-52565",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-52565"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-52565",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-52565"
        },
        {
          "category": "external",
          "summary": "https://github.com/opencontainers/runc/security/advisories/GHSA-qw9x-cqr3-wc7r",
          "url": "https://github.com/opencontainers/runc/security/advisories/GHSA-qw9x-cqr3-wc7r"
        }
      ],
      "release_date": "2025-11-05T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2025-12-17T08:22:31+00:00",
          "details": "For more information visit https://access.redhat.com/errata/RHSA-2025:23449",
          "product_ids": [
            "Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:c5efe40fa2a6e98d7d3d6676befff0dbbd87b2887769bb7e5856c5b0b0ada125_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2025:23449"
        },
        {
          "category": "workaround",
          "details": "Potential mitigations for this issue include:\n\n* Using user namespaces, with the host root user not mapped into the container\u0027s namespace. procfs file permissions are managed using Unix DAC and thus user namespaces stop a container process from being able to write to them.\n* Not running as a root user in the container (this includes disabling setuid binaries with noNewPrivileges). As above, procfs file permissions are managed using Unix DAC and thus non-root users cannot write to them.\n* The default SELinux policy should mitigate this issue, as the /dev/console bind-mount does not re-label the mount and so the container process should not be able to write to unsafe procfs files. However, CVE-2025-52881 allows an attacker to bypass LSM labels, and so this mitigation is not helpful when considered in combination with CVE-2025-52881.\n* The default AppArmor profile used by most runtimes will NOT help mitigate this issue, as /dev/console access is permitted. You could create a custom profile that blocks access to /dev/console, but such a profile might break regular containers. In addition, CVE-2025-52881 allows an attacker to bypass LSM labels, and so that mitigation is not helpful when considered in combination with CVE-2025-52881.",
          "product_ids": [
            "Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:c5efe40fa2a6e98d7d3d6676befff0dbbd87b2887769bb7e5856c5b0b0ada125_amd64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 8.2,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:c5efe40fa2a6e98d7d3d6676befff0dbbd87b2887769bb7e5856c5b0b0ada125_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "runc: container escape with malicious config due to /dev/console mount and related races"
    },
    {
      "cve": "CVE-2025-59375",
      "cwe": {
        "id": "CWE-770",
        "name": "Allocation of Resources Without Limits or Throttling"
      },
      "discovery_date": "2025-09-15T03:00:59.775098+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2395108"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A memory amplification vulnerability in libexpat allows attackers to trigger excessive dynamic memory allocations by submitting specially crafted XML input. A small input (~250 KiB) can cause the parser to allocate hundreds of megabytes, leading to denial-of-service (DoS) through memory exhaustion.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "firefox: thunderbird: expat: libexpat in Expat allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This issue is Important rather than Critical because, while it allows for significant resource exhaustion leading to denial-of-service (DoS), it does not enable arbitrary code execution, data leakage, or privilege escalation. The vulnerability stems from an uncontrolled memory amplification behavior in libexpat\u2019s parser, where a relatively small XML payload can cause disproportionately large heap allocations. However, the flaw is limited in scope to service disruption and requires the attacker to submit a crafted XML document\u2014something that can be mitigated with proper input validation and memory usage limits. Therefore, while the exploitability is high, the impact is confined to availability, not confidentiality or integrity, making it a high-severity but not critical flaw.\n\nIn Firefox and Thunderbird, where libexpat is a transitive userspace dependency, exploitation usually just crashes the application (app-level DoS), so it is classified as Moderate instead of Important.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:c5efe40fa2a6e98d7d3d6676befff0dbbd87b2887769bb7e5856c5b0b0ada125_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2025-59375"
        },
        {
          "category": "external",
          "summary": "RHBZ#2395108",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2395108"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2025-59375",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-59375"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-59375",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-59375"
        },
        {
          "category": "external",
          "summary": "https://www.mozilla.org/security/advisories/mfsa2026-22/#CVE-2025-59375",
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-22/#CVE-2025-59375"
        },
        {
          "category": "external",
          "summary": "https://www.mozilla.org/security/advisories/mfsa2026-24/#CVE-2025-59375",
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-24/#CVE-2025-59375"
        }
      ],
      "release_date": "2025-09-15T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2025-12-17T08:22:31+00:00",
          "details": "For more information visit https://access.redhat.com/errata/RHSA-2025:23449",
          "product_ids": [
            "Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:c5efe40fa2a6e98d7d3d6676befff0dbbd87b2887769bb7e5856c5b0b0ada125_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2025:23449"
        },
        {
          "category": "workaround",
          "details": "To mitigate the issue, limit XML input size and complexity before parsing, and avoid accepting compressed or deeply nested XML. Use OS-level resource controls (like ulimit or setrlimit()) to cap memory usage, or run the parser in a sandboxed or isolated process with strict memory and CPU limits. This helps prevent denial-of-service by containing excessive resource consumption.",
          "product_ids": [
            "Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:c5efe40fa2a6e98d7d3d6676befff0dbbd87b2887769bb7e5856c5b0b0ada125_amd64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          },
          "products": [
            "Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:c5efe40fa2a6e98d7d3d6676befff0dbbd87b2887769bb7e5856c5b0b0ada125_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "firefox: thunderbird: expat: libexpat in Expat allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing"
    },
    {
      "cve": "CVE-2025-62164",
      "cwe": {
        "id": "CWE-787",
        "name": "Out-of-bounds Write"
      },
      "discovery_date": "2025-11-21T02:01:11.280042+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2416282"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A vulnerability in vLLM allows attackers to supply malicious serialized prompt-embedding tensors that are deserialized using torch.load() without validation. Due to PyTorch 2.8.0 disabling sparse-tensor integrity checks by default, a crafted tensor can bypass bounds checks and cause an out-of-bounds write during to_dense(), leading to a crash (DoS) and potentially remote code execution on the vLLM server.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "vllm: VLLM deserialization vulnerability leading to DoS and potential RCE",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This vulnerability is considered important rather than moderate because it involves unsafe deserialization leading to memory corruption in a network-reachable, unauthenticated API path. Unlike typical moderate flaws that may only allow limited DoS or require specific conditions, this issue allows an attacker to supply a crafted sparse tensor that triggers an out-of-bounds memory write during PyTorch\u2019s to_dense() conversion. Memory corruption in a server process handling untrusted input significantly elevates security risk because it can lead not only to a reliable crash but also to potential remote code execution, enabling full compromise of the vLLM service. Additionally, the affected code path is part of the standard Completions API workflow, making the attack surface broadly exposed in real deployments. The combination of remote exploitability, unauthenticated access, memory corruption, and potential RCE clearly positions this issue above a moderate classification and into an important severity level.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:c5efe40fa2a6e98d7d3d6676befff0dbbd87b2887769bb7e5856c5b0b0ada125_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2025-62164"
        },
        {
          "category": "external",
          "summary": "RHBZ#2416282",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2416282"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2025-62164",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-62164"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-62164",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-62164"
        },
        {
          "category": "external",
          "summary": "https://github.com/vllm-project/vllm/commit/58fab50d82838d5014f4a14d991fdb9352c9c84b",
          "url": "https://github.com/vllm-project/vllm/commit/58fab50d82838d5014f4a14d991fdb9352c9c84b"
        },
        {
          "category": "external",
          "summary": "https://github.com/vllm-project/vllm/pull/27204",
          "url": "https://github.com/vllm-project/vllm/pull/27204"
        },
        {
          "category": "external",
          "summary": "https://github.com/vllm-project/vllm/security/advisories/GHSA-mrw7-hf4f-83pf",
          "url": "https://github.com/vllm-project/vllm/security/advisories/GHSA-mrw7-hf4f-83pf"
        }
      ],
      "release_date": "2025-11-21T01:18:38.803000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2025-12-17T08:22:31+00:00",
          "details": "For more information visit https://access.redhat.com/errata/RHSA-2025:23449",
          "product_ids": [
            "Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:c5efe40fa2a6e98d7d3d6676befff0dbbd87b2887769bb7e5856c5b0b0ada125_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2025:23449"
        },
        {
          "category": "workaround",
          "details": "No mitigation is currently available that meets Red Hat Product Security\u2019s standards for usability, deployment, applicability, or stability.",
          "product_ids": [
            "Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:c5efe40fa2a6e98d7d3d6676befff0dbbd87b2887769bb7e5856c5b0b0ada125_amd64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:c5efe40fa2a6e98d7d3d6676befff0dbbd87b2887769bb7e5856c5b0b0ada125_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "vllm: VLLM deserialization vulnerability leading to DoS and potential RCE"
    },
    {
      "cve": "CVE-2025-62372",
      "cwe": {
        "id": "CWE-129",
        "name": "Improper Validation of Array Index"
      },
      "discovery_date": "2025-11-21T02:00:57.180567+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2416280"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A denial-of-service vulnerability in vLLM allows an attacker with API access to crash the engine by submitting multimodal embedding tensors that have the correct number of dimensions but an invalid internal shape. Because vLLM validates only the tensor\u2019s ndim and not the full expected shape, malformed embeddings trigger shape mismatches or validation failures during processing, causing the inference engine to terminate.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "vllm: vLLM vulnerable to DoS with incorrect shape of multimodal embedding inputs",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This flaw is rated Moderate rather than Important because its impact is strictly limited to availability and requires low but existing privileges to exploit. The issue arises from incomplete shape validation of multimodal embedding tensors, which can cause deterministic crashes in the inference engine, but it does not enable memory corruption, data leakage, integrity compromise, or execution of arbitrary code. Exploitation requires an authenticated or API-key-holding user to submit malformed multimodal inputs, meaning it cannot be triggered by an unauthenticated attacker on an exposed endpoint. Additionally, the failure mode is a clean crash rather than undefined behavior, so the blast radius is constrained to service interruption rather than broader systemic compromise. These factors\u2014PR:L requirement, no confidentiality/integrity impact, deterministic failure mode, and scoped DoS only\u2014technically align the issue with Moderate severity instead of an Important flaw.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:c5efe40fa2a6e98d7d3d6676befff0dbbd87b2887769bb7e5856c5b0b0ada125_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2025-62372"
        },
        {
          "category": "external",
          "summary": "RHBZ#2416280",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2416280"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2025-62372",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-62372"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-62372",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-62372"
        },
        {
          "category": "external",
          "summary": "https://github.com/vllm-project/vllm/commit/58fab50d82838d5014f4a14d991fdb9352c9c84b",
          "url": "https://github.com/vllm-project/vllm/commit/58fab50d82838d5014f4a14d991fdb9352c9c84b"
        },
        {
          "category": "external",
          "summary": "https://github.com/vllm-project/vllm/pull/27204",
          "url": "https://github.com/vllm-project/vllm/pull/27204"
        },
        {
          "category": "external",
          "summary": "https://github.com/vllm-project/vllm/pull/6613",
          "url": "https://github.com/vllm-project/vllm/pull/6613"
        },
        {
          "category": "external",
          "summary": "https://github.com/vllm-project/vllm/security/advisories/GHSA-pmqf-x6x8-p7qw",
          "url": "https://github.com/vllm-project/vllm/security/advisories/GHSA-pmqf-x6x8-p7qw"
        }
      ],
      "release_date": "2025-11-21T01:22:37.121000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2025-12-17T08:22:31+00:00",
          "details": "For more information visit https://access.redhat.com/errata/RHSA-2025:23449",
          "product_ids": [
            "Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:c5efe40fa2a6e98d7d3d6676befff0dbbd87b2887769bb7e5856c5b0b0ada125_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2025:23449"
        },
        {
          "category": "workaround",
          "details": "No mitigation is currently available that meets Red Hat Product Security\u2019s standards for usability, deployment, applicability, or stability.",
          "product_ids": [
            "Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:c5efe40fa2a6e98d7d3d6676befff0dbbd87b2887769bb7e5856c5b0b0ada125_amd64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:c5efe40fa2a6e98d7d3d6676befff0dbbd87b2887769bb7e5856c5b0b0ada125_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "vllm: vLLM vulnerable to DoS with incorrect shape of multimodal embedding inputs"
    },
    {
      "cve": "CVE-2025-66448",
      "cwe": {
        "id": "CWE-94",
        "name": "Improper Control of Generation of Code (\u0027Code Injection\u0027)"
      },
      "discovery_date": "2025-12-01T23:01:07.198041+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2418152"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A remote code execution vulnerability has been identified in vLLM. An attacker can exploit a weakness in the model loading process to silently fetch and run unauthorized, malicious Python code on the host system. This happens because the engine mistakenly executes code from a remote repository referenced in a model\u0027s configuration, even when explicit security measures are set to prevent it.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "vllm: vLLM: Remote Code Execution via malicious model configuration",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This vulnerability is rated Important for Red Hat because vLLM, when deployed in a Red Hat environment, is susceptible to remote code execution. An attacker can craft a malicious model configuration that, when loaded, fetches and executes arbitrary Python code from a remote repository, even if `trust_remote_code` is explicitly set to `False`.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:c5efe40fa2a6e98d7d3d6676befff0dbbd87b2887769bb7e5856c5b0b0ada125_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2025-66448"
        },
        {
          "category": "external",
          "summary": "RHBZ#2418152",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2418152"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2025-66448",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-66448"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-66448",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66448"
        },
        {
          "category": "external",
          "summary": "https://github.com/vllm-project/vllm/commit/ffb08379d8870a1a81ba82b72797f196838d0c86",
          "url": "https://github.com/vllm-project/vllm/commit/ffb08379d8870a1a81ba82b72797f196838d0c86"
        },
        {
          "category": "external",
          "summary": "https://github.com/vllm-project/vllm/pull/28126",
          "url": "https://github.com/vllm-project/vllm/pull/28126"
        },
        {
          "category": "external",
          "summary": "https://github.com/vllm-project/vllm/security/advisories/GHSA-8fr4-5q9j-m8gm",
          "url": "https://github.com/vllm-project/vllm/security/advisories/GHSA-8fr4-5q9j-m8gm"
        }
      ],
      "release_date": "2025-12-01T22:45:42.566000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2025-12-17T08:22:31+00:00",
          "details": "For more information visit https://access.redhat.com/errata/RHSA-2025:23449",
          "product_ids": [
            "Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:c5efe40fa2a6e98d7d3d6676befff0dbbd87b2887769bb7e5856c5b0b0ada125_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2025:23449"
        },
        {
          "category": "workaround",
          "details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.",
          "product_ids": [
            "Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:c5efe40fa2a6e98d7d3d6676befff0dbbd87b2887769bb7e5856c5b0b0ada125_amd64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:c5efe40fa2a6e98d7d3d6676befff0dbbd87b2887769bb7e5856c5b0b0ada125_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "vllm: vLLM: Remote Code Execution via malicious model configuration"
    },
    {
      "cve": "CVE-2025-66506",
      "cwe": {
        "id": "CWE-405",
        "name": "Asymmetric Resource Consumption (Amplification)"
      },
      "discovery_date": "2025-12-04T23:01:20.507333+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2419056"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Fulcio, a free-to-use certificate authority. This vulnerability allows a denial of service (DoS) due to excessive memory allocation when processing a malicious OpenID Connect (OIDC) identity token containing numerous period characters.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "github.com/sigstore/fulcio: Fulcio: Denial of Service via crafted OpenID Connect (OIDC) token",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This vulnerability is rated Important for Red Hat as Fulcio, a certificate authority used for issuing code signing certificates, is susceptible to a denial of service when processing a specially crafted OpenID Connect (OIDC) token. This could lead to resource exhaustion and service unavailability in affected Red Hat products that utilize Fulcio.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:c5efe40fa2a6e98d7d3d6676befff0dbbd87b2887769bb7e5856c5b0b0ada125_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2025-66506"
        },
        {
          "category": "external",
          "summary": "RHBZ#2419056",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2419056"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2025-66506",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-66506"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-66506",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66506"
        },
        {
          "category": "external",
          "summary": "https://github.com/sigstore/fulcio/commit/765a0e57608b9ef390e1eeeea8595b9054c63a5a",
          "url": "https://github.com/sigstore/fulcio/commit/765a0e57608b9ef390e1eeeea8595b9054c63a5a"
        },
        {
          "category": "external",
          "summary": "https://github.com/sigstore/fulcio/security/advisories/GHSA-f83f-xpx7-ffpw",
          "url": "https://github.com/sigstore/fulcio/security/advisories/GHSA-f83f-xpx7-ffpw"
        }
      ],
      "release_date": "2025-12-04T22:04:41.637000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2025-12-17T08:22:31+00:00",
          "details": "For more information visit https://access.redhat.com/errata/RHSA-2025:23449",
          "product_ids": [
            "Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:c5efe40fa2a6e98d7d3d6676befff0dbbd87b2887769bb7e5856c5b0b0ada125_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2025:23449"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:c5efe40fa2a6e98d7d3d6676befff0dbbd87b2887769bb7e5856c5b0b0ada125_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "github.com/sigstore/fulcio: Fulcio: Denial of Service via crafted OpenID Connect (OIDC) token"
    }
  ]
}

RHSA-2026:1049

Vulnerability from csaf_redhat - Published: 2026-01-22 21:04 - Updated: 2026-05-29 14:57

Summary

Red Hat Security Advisory: Red Hat OpenShift Pipelines Release 1.21.0

Severity

Important

Notes

Topic: The 1.21.0 GA release of Red Hat OpenShift Pipelines Operator.. For more details see [product documentation](https://docs.redhat.com/en/documentation/red_hat_openshift_pipelines).

Details: The 1.21.0 release of Red Hat OpenShift Pipelines Operator.

Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

CVE-2025-66506

A flaw was found in Fulcio, a free-to-use certificate authority. This vulnerability allows a denial of service (DoS) due to excessive memory allocation when processing a malicious OpenID Connect (OIDC) identity token containing numerous period characters.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-405 - Asymmetric Resource Consumption (Amplification)

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Unresolved product id: Red Hat OpenShift Pipelines 1.21:registry.redhat.io/openshift-pipelines/pipelines-operator-bundle@sha256:a5672822c8a59e50317d79a697d7e93c9fca27df13dcbd999c3c7a18475243a2_amd64		—	Vendor Fix fix

Known not affected 12 products

Product	Identifier	Version	Remediation
Unresolved product id: Red Hat OpenShift Pipelines 1.21:registry.redhat.io/openshift-pipelines/pipelines-operator-proxy-rhel9@sha256:15d40f853744265a1f4f64e29d1da73056d87033faa393f17e2da75d19265008_arm64		—
Unresolved product id: Red Hat OpenShift Pipelines 1.21:registry.redhat.io/openshift-pipelines/pipelines-operator-proxy-rhel9@sha256:25aeacd4b3dc9fdc04f3d88b128658c8574798d125efff9496f7a936d85ceb04_ppc64le		—
Unresolved product id: Red Hat OpenShift Pipelines 1.21:registry.redhat.io/openshift-pipelines/pipelines-operator-proxy-rhel9@sha256:65dda4d1773b5cbb5b192aea81186aacb8e200d5c033527fcc9b236125382df3_amd64		—
Unresolved product id: Red Hat OpenShift Pipelines 1.21:registry.redhat.io/openshift-pipelines/pipelines-operator-proxy-rhel9@sha256:e3475b5cd64b0a9e597f31fe7b6a7847b2bf924ce4feb123ebbf8e3424938f67_s390x		—
Unresolved product id: Red Hat OpenShift Pipelines 1.21:registry.redhat.io/openshift-pipelines/pipelines-operator-webhook-rhel9@sha256:190f972cbf4951f32ccc666075c0c64751a98b4ac95f7b5762b39605084f4938_ppc64le		—
Unresolved product id: Red Hat OpenShift Pipelines 1.21:registry.redhat.io/openshift-pipelines/pipelines-operator-webhook-rhel9@sha256:511e668c1ffc13395f57cd53983b4ba6d76a7e4004d8a845bb940d86d775ada6_arm64		—
Unresolved product id: Red Hat OpenShift Pipelines 1.21:registry.redhat.io/openshift-pipelines/pipelines-operator-webhook-rhel9@sha256:81280d1b2568f74e265a8ab579581b44843e6841be4aa55562df84298cceda99_s390x		—
Unresolved product id: Red Hat OpenShift Pipelines 1.21:registry.redhat.io/openshift-pipelines/pipelines-operator-webhook-rhel9@sha256:b574aec30943382079ea6c60df7aacce77fe3caacf366a08fe2c37769061a1bd_amd64		—
Unresolved product id: Red Hat OpenShift Pipelines 1.21:registry.redhat.io/openshift-pipelines/pipelines-rhel9-operator@sha256:055d60f1ce44fdab089475c7fcbadb2764fdb453c05bba7ec918af82e4a2c7c1_amd64		—
Unresolved product id: Red Hat OpenShift Pipelines 1.21:registry.redhat.io/openshift-pipelines/pipelines-rhel9-operator@sha256:258f160b7fcb75aea2ebf51b9163c58eaad1dc0fbd9285a411564a5f93e8a190_ppc64le		—
Unresolved product id: Red Hat OpenShift Pipelines 1.21:registry.redhat.io/openshift-pipelines/pipelines-rhel9-operator@sha256:87ee30c0e63990331d779ff146fc811bd385f352c7c1d5b57d6d06fac2867f7b_s390x		—
Unresolved product id: Red Hat OpenShift Pipelines 1.21:registry.redhat.io/openshift-pipelines/pipelines-rhel9-operator@sha256:bf1e73f5e9c64d63fa6c283617834f59d11c642ad92bf6ac08ebb0d4b0d2e089_arm64		—

Threats

Impact Important

References

11 references

URL	Category
https://access.redhat.com/errata/RHSA-2026:1049	self
https://access.redhat.com/security/cve/CVE-2025-66506	external
https://access.redhat.com/security/updates/classi…	external
https://docs.redhat.com/en/documentation/red_hat_…	external
https://security.access.redhat.com/data/csaf/v2/a…	self
https://access.redhat.com/security/cve/CVE-2025-66506	self
https://bugzilla.redhat.com/show_bug.cgi?id=2419056	external
https://www.cve.org/CVERecord?id=CVE-2025-66506	external
https://nvd.nist.gov/vuln/detail/CVE-2025-66506	external
https://github.com/sigstore/fulcio/commit/765a0e5…	external
https://github.com/sigstore/fulcio/security/advis…	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "The 1.21.0 GA release of Red Hat OpenShift Pipelines Operator..\nFor more details see [product documentation](https://docs.redhat.com/en/documentation/red_hat_openshift_pipelines).",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "The 1.21.0 release of Red Hat OpenShift Pipelines Operator.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2026:1049",
        "url": "https://access.redhat.com/errata/RHSA-2026:1049"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/CVE-2025-66506",
        "url": "https://access.redhat.com/security/cve/CVE-2025-66506"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/",
        "url": "https://access.redhat.com/security/updates/classification/"
      },
      {
        "category": "external",
        "summary": "https://docs.redhat.com/en/documentation/red_hat_openshift_pipelines",
        "url": "https://docs.redhat.com/en/documentation/red_hat_openshift_pipelines"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_1049.json"
      }
    ],
    "title": "Red Hat Security Advisory: Red Hat OpenShift Pipelines Release 1.21.0",
    "tracking": {
      "current_release_date": "2026-05-29T14:57:50+00:00",
      "generator": {
        "date": "2026-05-29T14:57:50+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.8.1"
        }
      },
      "id": "RHSA-2026:1049",
      "initial_release_date": "2026-01-22T21:04:37+00:00",
      "revision_history": [
        {
          "date": "2026-01-22T21:04:37+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2026-01-22T21:04:43+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2026-05-29T14:57:50+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat OpenShift Pipelines 1.21",
                "product": {
                  "name": "Red Hat OpenShift Pipelines 1.21",
                  "product_id": "Red Hat OpenShift Pipelines 1.21",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:openshift_pipelines:1.21::el9"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat OpenShift Pipelines"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "registry.redhat.io/openshift-pipelines/pipelines-operator-bundle@sha256:a5672822c8a59e50317d79a697d7e93c9fca27df13dcbd999c3c7a18475243a2_amd64",
                "product": {
                  "name": "registry.redhat.io/openshift-pipelines/pipelines-operator-bundle@sha256:a5672822c8a59e50317d79a697d7e93c9fca27df13dcbd999c3c7a18475243a2_amd64",
                  "product_id": "registry.redhat.io/openshift-pipelines/pipelines-operator-bundle@sha256:a5672822c8a59e50317d79a697d7e93c9fca27df13dcbd999c3c7a18475243a2_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/pipelines-operator-bundle@sha256%3Aa5672822c8a59e50317d79a697d7e93c9fca27df13dcbd999c3c7a18475243a2?arch=amd64\u0026repository_url=registry.redhat.io/openshift-pipelines\u0026tag=1769115266"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "registry.redhat.io/openshift-pipelines/pipelines-rhel9-operator@sha256:055d60f1ce44fdab089475c7fcbadb2764fdb453c05bba7ec918af82e4a2c7c1_amd64",
                "product": {
                  "name": "registry.redhat.io/openshift-pipelines/pipelines-rhel9-operator@sha256:055d60f1ce44fdab089475c7fcbadb2764fdb453c05bba7ec918af82e4a2c7c1_amd64",
                  "product_id": "registry.redhat.io/openshift-pipelines/pipelines-rhel9-operator@sha256:055d60f1ce44fdab089475c7fcbadb2764fdb453c05bba7ec918af82e4a2c7c1_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/pipelines-rhel9-operator@sha256%3A055d60f1ce44fdab089475c7fcbadb2764fdb453c05bba7ec918af82e4a2c7c1?arch=amd64\u0026repository_url=registry.redhat.io/openshift-pipelines\u0026tag=1769114738"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "registry.redhat.io/openshift-pipelines/pipelines-operator-proxy-rhel9@sha256:65dda4d1773b5cbb5b192aea81186aacb8e200d5c033527fcc9b236125382df3_amd64",
                "product": {
                  "name": "registry.redhat.io/openshift-pipelines/pipelines-operator-proxy-rhel9@sha256:65dda4d1773b5cbb5b192aea81186aacb8e200d5c033527fcc9b236125382df3_amd64",
                  "product_id": "registry.redhat.io/openshift-pipelines/pipelines-operator-proxy-rhel9@sha256:65dda4d1773b5cbb5b192aea81186aacb8e200d5c033527fcc9b236125382df3_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/pipelines-operator-proxy-rhel9@sha256%3A65dda4d1773b5cbb5b192aea81186aacb8e200d5c033527fcc9b236125382df3?arch=amd64\u0026repository_url=registry.redhat.io/openshift-pipelines\u0026tag=1769114727"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "registry.redhat.io/openshift-pipelines/pipelines-operator-webhook-rhel9@sha256:b574aec30943382079ea6c60df7aacce77fe3caacf366a08fe2c37769061a1bd_amd64",
                "product": {
                  "name": "registry.redhat.io/openshift-pipelines/pipelines-operator-webhook-rhel9@sha256:b574aec30943382079ea6c60df7aacce77fe3caacf366a08fe2c37769061a1bd_amd64",
                  "product_id": "registry.redhat.io/openshift-pipelines/pipelines-operator-webhook-rhel9@sha256:b574aec30943382079ea6c60df7aacce77fe3caacf366a08fe2c37769061a1bd_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/pipelines-operator-webhook-rhel9@sha256%3Ab574aec30943382079ea6c60df7aacce77fe3caacf366a08fe2c37769061a1bd?arch=amd64\u0026repository_url=registry.redhat.io/openshift-pipelines\u0026tag=1769114612"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "amd64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "registry.redhat.io/openshift-pipelines/pipelines-rhel9-operator@sha256:bf1e73f5e9c64d63fa6c283617834f59d11c642ad92bf6ac08ebb0d4b0d2e089_arm64",
                "product": {
                  "name": "registry.redhat.io/openshift-pipelines/pipelines-rhel9-operator@sha256:bf1e73f5e9c64d63fa6c283617834f59d11c642ad92bf6ac08ebb0d4b0d2e089_arm64",
                  "product_id": "registry.redhat.io/openshift-pipelines/pipelines-rhel9-operator@sha256:bf1e73f5e9c64d63fa6c283617834f59d11c642ad92bf6ac08ebb0d4b0d2e089_arm64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/pipelines-rhel9-operator@sha256%3Abf1e73f5e9c64d63fa6c283617834f59d11c642ad92bf6ac08ebb0d4b0d2e089?arch=arm64\u0026repository_url=registry.redhat.io/openshift-pipelines\u0026tag=1769114738"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "registry.redhat.io/openshift-pipelines/pipelines-operator-proxy-rhel9@sha256:15d40f853744265a1f4f64e29d1da73056d87033faa393f17e2da75d19265008_arm64",
                "product": {
                  "name": "registry.redhat.io/openshift-pipelines/pipelines-operator-proxy-rhel9@sha256:15d40f853744265a1f4f64e29d1da73056d87033faa393f17e2da75d19265008_arm64",
                  "product_id": "registry.redhat.io/openshift-pipelines/pipelines-operator-proxy-rhel9@sha256:15d40f853744265a1f4f64e29d1da73056d87033faa393f17e2da75d19265008_arm64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/pipelines-operator-proxy-rhel9@sha256%3A15d40f853744265a1f4f64e29d1da73056d87033faa393f17e2da75d19265008?arch=arm64\u0026repository_url=registry.redhat.io/openshift-pipelines\u0026tag=1769114727"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "registry.redhat.io/openshift-pipelines/pipelines-operator-webhook-rhel9@sha256:511e668c1ffc13395f57cd53983b4ba6d76a7e4004d8a845bb940d86d775ada6_arm64",
                "product": {
                  "name": "registry.redhat.io/openshift-pipelines/pipelines-operator-webhook-rhel9@sha256:511e668c1ffc13395f57cd53983b4ba6d76a7e4004d8a845bb940d86d775ada6_arm64",
                  "product_id": "registry.redhat.io/openshift-pipelines/pipelines-operator-webhook-rhel9@sha256:511e668c1ffc13395f57cd53983b4ba6d76a7e4004d8a845bb940d86d775ada6_arm64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/pipelines-operator-webhook-rhel9@sha256%3A511e668c1ffc13395f57cd53983b4ba6d76a7e4004d8a845bb940d86d775ada6?arch=arm64\u0026repository_url=registry.redhat.io/openshift-pipelines\u0026tag=1769114612"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "arm64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "registry.redhat.io/openshift-pipelines/pipelines-rhel9-operator@sha256:258f160b7fcb75aea2ebf51b9163c58eaad1dc0fbd9285a411564a5f93e8a190_ppc64le",
                "product": {
                  "name": "registry.redhat.io/openshift-pipelines/pipelines-rhel9-operator@sha256:258f160b7fcb75aea2ebf51b9163c58eaad1dc0fbd9285a411564a5f93e8a190_ppc64le",
                  "product_id": "registry.redhat.io/openshift-pipelines/pipelines-rhel9-operator@sha256:258f160b7fcb75aea2ebf51b9163c58eaad1dc0fbd9285a411564a5f93e8a190_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/pipelines-rhel9-operator@sha256%3A258f160b7fcb75aea2ebf51b9163c58eaad1dc0fbd9285a411564a5f93e8a190?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-pipelines\u0026tag=1769114738"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "registry.redhat.io/openshift-pipelines/pipelines-operator-proxy-rhel9@sha256:25aeacd4b3dc9fdc04f3d88b128658c8574798d125efff9496f7a936d85ceb04_ppc64le",
                "product": {
                  "name": "registry.redhat.io/openshift-pipelines/pipelines-operator-proxy-rhel9@sha256:25aeacd4b3dc9fdc04f3d88b128658c8574798d125efff9496f7a936d85ceb04_ppc64le",
                  "product_id": "registry.redhat.io/openshift-pipelines/pipelines-operator-proxy-rhel9@sha256:25aeacd4b3dc9fdc04f3d88b128658c8574798d125efff9496f7a936d85ceb04_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/pipelines-operator-proxy-rhel9@sha256%3A25aeacd4b3dc9fdc04f3d88b128658c8574798d125efff9496f7a936d85ceb04?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-pipelines\u0026tag=1769114727"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "registry.redhat.io/openshift-pipelines/pipelines-operator-webhook-rhel9@sha256:190f972cbf4951f32ccc666075c0c64751a98b4ac95f7b5762b39605084f4938_ppc64le",
                "product": {
                  "name": "registry.redhat.io/openshift-pipelines/pipelines-operator-webhook-rhel9@sha256:190f972cbf4951f32ccc666075c0c64751a98b4ac95f7b5762b39605084f4938_ppc64le",
                  "product_id": "registry.redhat.io/openshift-pipelines/pipelines-operator-webhook-rhel9@sha256:190f972cbf4951f32ccc666075c0c64751a98b4ac95f7b5762b39605084f4938_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/pipelines-operator-webhook-rhel9@sha256%3A190f972cbf4951f32ccc666075c0c64751a98b4ac95f7b5762b39605084f4938?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-pipelines\u0026tag=1769114612"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "registry.redhat.io/openshift-pipelines/pipelines-rhel9-operator@sha256:87ee30c0e63990331d779ff146fc811bd385f352c7c1d5b57d6d06fac2867f7b_s390x",
                "product": {
                  "name": "registry.redhat.io/openshift-pipelines/pipelines-rhel9-operator@sha256:87ee30c0e63990331d779ff146fc811bd385f352c7c1d5b57d6d06fac2867f7b_s390x",
                  "product_id": "registry.redhat.io/openshift-pipelines/pipelines-rhel9-operator@sha256:87ee30c0e63990331d779ff146fc811bd385f352c7c1d5b57d6d06fac2867f7b_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/pipelines-rhel9-operator@sha256%3A87ee30c0e63990331d779ff146fc811bd385f352c7c1d5b57d6d06fac2867f7b?arch=s390x\u0026repository_url=registry.redhat.io/openshift-pipelines\u0026tag=1769114738"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "registry.redhat.io/openshift-pipelines/pipelines-operator-proxy-rhel9@sha256:e3475b5cd64b0a9e597f31fe7b6a7847b2bf924ce4feb123ebbf8e3424938f67_s390x",
                "product": {
                  "name": "registry.redhat.io/openshift-pipelines/pipelines-operator-proxy-rhel9@sha256:e3475b5cd64b0a9e597f31fe7b6a7847b2bf924ce4feb123ebbf8e3424938f67_s390x",
                  "product_id": "registry.redhat.io/openshift-pipelines/pipelines-operator-proxy-rhel9@sha256:e3475b5cd64b0a9e597f31fe7b6a7847b2bf924ce4feb123ebbf8e3424938f67_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/pipelines-operator-proxy-rhel9@sha256%3Ae3475b5cd64b0a9e597f31fe7b6a7847b2bf924ce4feb123ebbf8e3424938f67?arch=s390x\u0026repository_url=registry.redhat.io/openshift-pipelines\u0026tag=1769114727"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "registry.redhat.io/openshift-pipelines/pipelines-operator-webhook-rhel9@sha256:81280d1b2568f74e265a8ab579581b44843e6841be4aa55562df84298cceda99_s390x",
                "product": {
                  "name": "registry.redhat.io/openshift-pipelines/pipelines-operator-webhook-rhel9@sha256:81280d1b2568f74e265a8ab579581b44843e6841be4aa55562df84298cceda99_s390x",
                  "product_id": "registry.redhat.io/openshift-pipelines/pipelines-operator-webhook-rhel9@sha256:81280d1b2568f74e265a8ab579581b44843e6841be4aa55562df84298cceda99_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/pipelines-operator-webhook-rhel9@sha256%3A81280d1b2568f74e265a8ab579581b44843e6841be4aa55562df84298cceda99?arch=s390x\u0026repository_url=registry.redhat.io/openshift-pipelines\u0026tag=1769114612"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "registry.redhat.io/openshift-pipelines/pipelines-operator-bundle@sha256:a5672822c8a59e50317d79a697d7e93c9fca27df13dcbd999c3c7a18475243a2_amd64 as a component of Red Hat OpenShift Pipelines 1.21",
          "product_id": "Red Hat OpenShift Pipelines 1.21:registry.redhat.io/openshift-pipelines/pipelines-operator-bundle@sha256:a5672822c8a59e50317d79a697d7e93c9fca27df13dcbd999c3c7a18475243a2_amd64"
        },
        "product_reference": "registry.redhat.io/openshift-pipelines/pipelines-operator-bundle@sha256:a5672822c8a59e50317d79a697d7e93c9fca27df13dcbd999c3c7a18475243a2_amd64",
        "relates_to_product_reference": "Red Hat OpenShift Pipelines 1.21"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "registry.redhat.io/openshift-pipelines/pipelines-operator-proxy-rhel9@sha256:15d40f853744265a1f4f64e29d1da73056d87033faa393f17e2da75d19265008_arm64 as a component of Red Hat OpenShift Pipelines 1.21",
          "product_id": "Red Hat OpenShift Pipelines 1.21:registry.redhat.io/openshift-pipelines/pipelines-operator-proxy-rhel9@sha256:15d40f853744265a1f4f64e29d1da73056d87033faa393f17e2da75d19265008_arm64"
        },
        "product_reference": "registry.redhat.io/openshift-pipelines/pipelines-operator-proxy-rhel9@sha256:15d40f853744265a1f4f64e29d1da73056d87033faa393f17e2da75d19265008_arm64",
        "relates_to_product_reference": "Red Hat OpenShift Pipelines 1.21"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "registry.redhat.io/openshift-pipelines/pipelines-operator-proxy-rhel9@sha256:25aeacd4b3dc9fdc04f3d88b128658c8574798d125efff9496f7a936d85ceb04_ppc64le as a component of Red Hat OpenShift Pipelines 1.21",
          "product_id": "Red Hat OpenShift Pipelines 1.21:registry.redhat.io/openshift-pipelines/pipelines-operator-proxy-rhel9@sha256:25aeacd4b3dc9fdc04f3d88b128658c8574798d125efff9496f7a936d85ceb04_ppc64le"
        },
        "product_reference": "registry.redhat.io/openshift-pipelines/pipelines-operator-proxy-rhel9@sha256:25aeacd4b3dc9fdc04f3d88b128658c8574798d125efff9496f7a936d85ceb04_ppc64le",
        "relates_to_product_reference": "Red Hat OpenShift Pipelines 1.21"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "registry.redhat.io/openshift-pipelines/pipelines-operator-proxy-rhel9@sha256:65dda4d1773b5cbb5b192aea81186aacb8e200d5c033527fcc9b236125382df3_amd64 as a component of Red Hat OpenShift Pipelines 1.21",
          "product_id": "Red Hat OpenShift Pipelines 1.21:registry.redhat.io/openshift-pipelines/pipelines-operator-proxy-rhel9@sha256:65dda4d1773b5cbb5b192aea81186aacb8e200d5c033527fcc9b236125382df3_amd64"
        },
        "product_reference": "registry.redhat.io/openshift-pipelines/pipelines-operator-proxy-rhel9@sha256:65dda4d1773b5cbb5b192aea81186aacb8e200d5c033527fcc9b236125382df3_amd64",
        "relates_to_product_reference": "Red Hat OpenShift Pipelines 1.21"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "registry.redhat.io/openshift-pipelines/pipelines-operator-proxy-rhel9@sha256:e3475b5cd64b0a9e597f31fe7b6a7847b2bf924ce4feb123ebbf8e3424938f67_s390x as a component of Red Hat OpenShift Pipelines 1.21",
          "product_id": "Red Hat OpenShift Pipelines 1.21:registry.redhat.io/openshift-pipelines/pipelines-operator-proxy-rhel9@sha256:e3475b5cd64b0a9e597f31fe7b6a7847b2bf924ce4feb123ebbf8e3424938f67_s390x"
        },
        "product_reference": "registry.redhat.io/openshift-pipelines/pipelines-operator-proxy-rhel9@sha256:e3475b5cd64b0a9e597f31fe7b6a7847b2bf924ce4feb123ebbf8e3424938f67_s390x",
        "relates_to_product_reference": "Red Hat OpenShift Pipelines 1.21"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "registry.redhat.io/openshift-pipelines/pipelines-operator-webhook-rhel9@sha256:190f972cbf4951f32ccc666075c0c64751a98b4ac95f7b5762b39605084f4938_ppc64le as a component of Red Hat OpenShift Pipelines 1.21",
          "product_id": "Red Hat OpenShift Pipelines 1.21:registry.redhat.io/openshift-pipelines/pipelines-operator-webhook-rhel9@sha256:190f972cbf4951f32ccc666075c0c64751a98b4ac95f7b5762b39605084f4938_ppc64le"
        },
        "product_reference": "registry.redhat.io/openshift-pipelines/pipelines-operator-webhook-rhel9@sha256:190f972cbf4951f32ccc666075c0c64751a98b4ac95f7b5762b39605084f4938_ppc64le",
        "relates_to_product_reference": "Red Hat OpenShift Pipelines 1.21"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "registry.redhat.io/openshift-pipelines/pipelines-operator-webhook-rhel9@sha256:511e668c1ffc13395f57cd53983b4ba6d76a7e4004d8a845bb940d86d775ada6_arm64 as a component of Red Hat OpenShift Pipelines 1.21",
          "product_id": "Red Hat OpenShift Pipelines 1.21:registry.redhat.io/openshift-pipelines/pipelines-operator-webhook-rhel9@sha256:511e668c1ffc13395f57cd53983b4ba6d76a7e4004d8a845bb940d86d775ada6_arm64"
        },
        "product_reference": "registry.redhat.io/openshift-pipelines/pipelines-operator-webhook-rhel9@sha256:511e668c1ffc13395f57cd53983b4ba6d76a7e4004d8a845bb940d86d775ada6_arm64",
        "relates_to_product_reference": "Red Hat OpenShift Pipelines 1.21"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "registry.redhat.io/openshift-pipelines/pipelines-operator-webhook-rhel9@sha256:81280d1b2568f74e265a8ab579581b44843e6841be4aa55562df84298cceda99_s390x as a component of Red Hat OpenShift Pipelines 1.21",
          "product_id": "Red Hat OpenShift Pipelines 1.21:registry.redhat.io/openshift-pipelines/pipelines-operator-webhook-rhel9@sha256:81280d1b2568f74e265a8ab579581b44843e6841be4aa55562df84298cceda99_s390x"
        },
        "product_reference": "registry.redhat.io/openshift-pipelines/pipelines-operator-webhook-rhel9@sha256:81280d1b2568f74e265a8ab579581b44843e6841be4aa55562df84298cceda99_s390x",
        "relates_to_product_reference": "Red Hat OpenShift Pipelines 1.21"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "registry.redhat.io/openshift-pipelines/pipelines-operator-webhook-rhel9@sha256:b574aec30943382079ea6c60df7aacce77fe3caacf366a08fe2c37769061a1bd_amd64 as a component of Red Hat OpenShift Pipelines 1.21",
          "product_id": "Red Hat OpenShift Pipelines 1.21:registry.redhat.io/openshift-pipelines/pipelines-operator-webhook-rhel9@sha256:b574aec30943382079ea6c60df7aacce77fe3caacf366a08fe2c37769061a1bd_amd64"
        },
        "product_reference": "registry.redhat.io/openshift-pipelines/pipelines-operator-webhook-rhel9@sha256:b574aec30943382079ea6c60df7aacce77fe3caacf366a08fe2c37769061a1bd_amd64",
        "relates_to_product_reference": "Red Hat OpenShift Pipelines 1.21"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "registry.redhat.io/openshift-pipelines/pipelines-rhel9-operator@sha256:055d60f1ce44fdab089475c7fcbadb2764fdb453c05bba7ec918af82e4a2c7c1_amd64 as a component of Red Hat OpenShift Pipelines 1.21",
          "product_id": "Red Hat OpenShift Pipelines 1.21:registry.redhat.io/openshift-pipelines/pipelines-rhel9-operator@sha256:055d60f1ce44fdab089475c7fcbadb2764fdb453c05bba7ec918af82e4a2c7c1_amd64"
        },
        "product_reference": "registry.redhat.io/openshift-pipelines/pipelines-rhel9-operator@sha256:055d60f1ce44fdab089475c7fcbadb2764fdb453c05bba7ec918af82e4a2c7c1_amd64",
        "relates_to_product_reference": "Red Hat OpenShift Pipelines 1.21"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "registry.redhat.io/openshift-pipelines/pipelines-rhel9-operator@sha256:258f160b7fcb75aea2ebf51b9163c58eaad1dc0fbd9285a411564a5f93e8a190_ppc64le as a component of Red Hat OpenShift Pipelines 1.21",
          "product_id": "Red Hat OpenShift Pipelines 1.21:registry.redhat.io/openshift-pipelines/pipelines-rhel9-operator@sha256:258f160b7fcb75aea2ebf51b9163c58eaad1dc0fbd9285a411564a5f93e8a190_ppc64le"
        },
        "product_reference": "registry.redhat.io/openshift-pipelines/pipelines-rhel9-operator@sha256:258f160b7fcb75aea2ebf51b9163c58eaad1dc0fbd9285a411564a5f93e8a190_ppc64le",
        "relates_to_product_reference": "Red Hat OpenShift Pipelines 1.21"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "registry.redhat.io/openshift-pipelines/pipelines-rhel9-operator@sha256:87ee30c0e63990331d779ff146fc811bd385f352c7c1d5b57d6d06fac2867f7b_s390x as a component of Red Hat OpenShift Pipelines 1.21",
          "product_id": "Red Hat OpenShift Pipelines 1.21:registry.redhat.io/openshift-pipelines/pipelines-rhel9-operator@sha256:87ee30c0e63990331d779ff146fc811bd385f352c7c1d5b57d6d06fac2867f7b_s390x"
        },
        "product_reference": "registry.redhat.io/openshift-pipelines/pipelines-rhel9-operator@sha256:87ee30c0e63990331d779ff146fc811bd385f352c7c1d5b57d6d06fac2867f7b_s390x",
        "relates_to_product_reference": "Red Hat OpenShift Pipelines 1.21"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "registry.redhat.io/openshift-pipelines/pipelines-rhel9-operator@sha256:bf1e73f5e9c64d63fa6c283617834f59d11c642ad92bf6ac08ebb0d4b0d2e089_arm64 as a component of Red Hat OpenShift Pipelines 1.21",
          "product_id": "Red Hat OpenShift Pipelines 1.21:registry.redhat.io/openshift-pipelines/pipelines-rhel9-operator@sha256:bf1e73f5e9c64d63fa6c283617834f59d11c642ad92bf6ac08ebb0d4b0d2e089_arm64"
        },
        "product_reference": "registry.redhat.io/openshift-pipelines/pipelines-rhel9-operator@sha256:bf1e73f5e9c64d63fa6c283617834f59d11c642ad92bf6ac08ebb0d4b0d2e089_arm64",
        "relates_to_product_reference": "Red Hat OpenShift Pipelines 1.21"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2025-66506",
      "cwe": {
        "id": "CWE-405",
        "name": "Asymmetric Resource Consumption (Amplification)"
      },
      "discovery_date": "2025-12-04T23:01:20.507333+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "Red Hat OpenShift Pipelines 1.21:registry.redhat.io/openshift-pipelines/pipelines-operator-proxy-rhel9@sha256:15d40f853744265a1f4f64e29d1da73056d87033faa393f17e2da75d19265008_arm64",
            "Red Hat OpenShift Pipelines 1.21:registry.redhat.io/openshift-pipelines/pipelines-operator-proxy-rhel9@sha256:25aeacd4b3dc9fdc04f3d88b128658c8574798d125efff9496f7a936d85ceb04_ppc64le",
            "Red Hat OpenShift Pipelines 1.21:registry.redhat.io/openshift-pipelines/pipelines-operator-proxy-rhel9@sha256:65dda4d1773b5cbb5b192aea81186aacb8e200d5c033527fcc9b236125382df3_amd64",
            "Red Hat OpenShift Pipelines 1.21:registry.redhat.io/openshift-pipelines/pipelines-operator-proxy-rhel9@sha256:e3475b5cd64b0a9e597f31fe7b6a7847b2bf924ce4feb123ebbf8e3424938f67_s390x",
            "Red Hat OpenShift Pipelines 1.21:registry.redhat.io/openshift-pipelines/pipelines-operator-webhook-rhel9@sha256:190f972cbf4951f32ccc666075c0c64751a98b4ac95f7b5762b39605084f4938_ppc64le",
            "Red Hat OpenShift Pipelines 1.21:registry.redhat.io/openshift-pipelines/pipelines-operator-webhook-rhel9@sha256:511e668c1ffc13395f57cd53983b4ba6d76a7e4004d8a845bb940d86d775ada6_arm64",
            "Red Hat OpenShift Pipelines 1.21:registry.redhat.io/openshift-pipelines/pipelines-operator-webhook-rhel9@sha256:81280d1b2568f74e265a8ab579581b44843e6841be4aa55562df84298cceda99_s390x",
            "Red Hat OpenShift Pipelines 1.21:registry.redhat.io/openshift-pipelines/pipelines-operator-webhook-rhel9@sha256:b574aec30943382079ea6c60df7aacce77fe3caacf366a08fe2c37769061a1bd_amd64",
            "Red Hat OpenShift Pipelines 1.21:registry.redhat.io/openshift-pipelines/pipelines-rhel9-operator@sha256:055d60f1ce44fdab089475c7fcbadb2764fdb453c05bba7ec918af82e4a2c7c1_amd64",
            "Red Hat OpenShift Pipelines 1.21:registry.redhat.io/openshift-pipelines/pipelines-rhel9-operator@sha256:258f160b7fcb75aea2ebf51b9163c58eaad1dc0fbd9285a411564a5f93e8a190_ppc64le",
            "Red Hat OpenShift Pipelines 1.21:registry.redhat.io/openshift-pipelines/pipelines-rhel9-operator@sha256:87ee30c0e63990331d779ff146fc811bd385f352c7c1d5b57d6d06fac2867f7b_s390x",
            "Red Hat OpenShift Pipelines 1.21:registry.redhat.io/openshift-pipelines/pipelines-rhel9-operator@sha256:bf1e73f5e9c64d63fa6c283617834f59d11c642ad92bf6ac08ebb0d4b0d2e089_arm64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2419056"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Fulcio, a free-to-use certificate authority. This vulnerability allows a denial of service (DoS) due to excessive memory allocation when processing a malicious OpenID Connect (OIDC) identity token containing numerous period characters.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "github.com/sigstore/fulcio: Fulcio: Denial of Service via crafted OpenID Connect (OIDC) token",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This vulnerability is rated Important for Red Hat as Fulcio, a certificate authority used for issuing code signing certificates, is susceptible to a denial of service when processing a specially crafted OpenID Connect (OIDC) token. This could lead to resource exhaustion and service unavailability in affected Red Hat products that utilize Fulcio.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat OpenShift Pipelines 1.21:registry.redhat.io/openshift-pipelines/pipelines-operator-bundle@sha256:a5672822c8a59e50317d79a697d7e93c9fca27df13dcbd999c3c7a18475243a2_amd64"
        ],
        "known_not_affected": [
          "Red Hat OpenShift Pipelines 1.21:registry.redhat.io/openshift-pipelines/pipelines-operator-proxy-rhel9@sha256:15d40f853744265a1f4f64e29d1da73056d87033faa393f17e2da75d19265008_arm64",
          "Red Hat OpenShift Pipelines 1.21:registry.redhat.io/openshift-pipelines/pipelines-operator-proxy-rhel9@sha256:25aeacd4b3dc9fdc04f3d88b128658c8574798d125efff9496f7a936d85ceb04_ppc64le",
          "Red Hat OpenShift Pipelines 1.21:registry.redhat.io/openshift-pipelines/pipelines-operator-proxy-rhel9@sha256:65dda4d1773b5cbb5b192aea81186aacb8e200d5c033527fcc9b236125382df3_amd64",
          "Red Hat OpenShift Pipelines 1.21:registry.redhat.io/openshift-pipelines/pipelines-operator-proxy-rhel9@sha256:e3475b5cd64b0a9e597f31fe7b6a7847b2bf924ce4feb123ebbf8e3424938f67_s390x",
          "Red Hat OpenShift Pipelines 1.21:registry.redhat.io/openshift-pipelines/pipelines-operator-webhook-rhel9@sha256:190f972cbf4951f32ccc666075c0c64751a98b4ac95f7b5762b39605084f4938_ppc64le",
          "Red Hat OpenShift Pipelines 1.21:registry.redhat.io/openshift-pipelines/pipelines-operator-webhook-rhel9@sha256:511e668c1ffc13395f57cd53983b4ba6d76a7e4004d8a845bb940d86d775ada6_arm64",
          "Red Hat OpenShift Pipelines 1.21:registry.redhat.io/openshift-pipelines/pipelines-operator-webhook-rhel9@sha256:81280d1b2568f74e265a8ab579581b44843e6841be4aa55562df84298cceda99_s390x",
          "Red Hat OpenShift Pipelines 1.21:registry.redhat.io/openshift-pipelines/pipelines-operator-webhook-rhel9@sha256:b574aec30943382079ea6c60df7aacce77fe3caacf366a08fe2c37769061a1bd_amd64",
          "Red Hat OpenShift Pipelines 1.21:registry.redhat.io/openshift-pipelines/pipelines-rhel9-operator@sha256:055d60f1ce44fdab089475c7fcbadb2764fdb453c05bba7ec918af82e4a2c7c1_amd64",
          "Red Hat OpenShift Pipelines 1.21:registry.redhat.io/openshift-pipelines/pipelines-rhel9-operator@sha256:258f160b7fcb75aea2ebf51b9163c58eaad1dc0fbd9285a411564a5f93e8a190_ppc64le",
          "Red Hat OpenShift Pipelines 1.21:registry.redhat.io/openshift-pipelines/pipelines-rhel9-operator@sha256:87ee30c0e63990331d779ff146fc811bd385f352c7c1d5b57d6d06fac2867f7b_s390x",
          "Red Hat OpenShift Pipelines 1.21:registry.redhat.io/openshift-pipelines/pipelines-rhel9-operator@sha256:bf1e73f5e9c64d63fa6c283617834f59d11c642ad92bf6ac08ebb0d4b0d2e089_arm64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2025-66506"
        },
        {
          "category": "external",
          "summary": "RHBZ#2419056",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2419056"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2025-66506",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-66506"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-66506",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66506"
        },
        {
          "category": "external",
          "summary": "https://github.com/sigstore/fulcio/commit/765a0e57608b9ef390e1eeeea8595b9054c63a5a",
          "url": "https://github.com/sigstore/fulcio/commit/765a0e57608b9ef390e1eeeea8595b9054c63a5a"
        },
        {
          "category": "external",
          "summary": "https://github.com/sigstore/fulcio/security/advisories/GHSA-f83f-xpx7-ffpw",
          "url": "https://github.com/sigstore/fulcio/security/advisories/GHSA-f83f-xpx7-ffpw"
        }
      ],
      "release_date": "2025-12-04T22:04:41.637000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-01-22T21:04:37+00:00",
          "details": "Red Hat OpenShift Pipelines is a cloud-native, continuous integration and\ncontinuous delivery (CI/CD) solution based on Kubernetes resources.\nIt uses Tekton building blocks to automate deployments across multiple\nplatforms by abstracting away the underlying implementation details.\nTekton introduces a number of standard custom resource definitions (CRDs)\nfor defining CI/CD pipelines that are portable across Kubernetes distributions.",
          "product_ids": [
            "Red Hat OpenShift Pipelines 1.21:registry.redhat.io/openshift-pipelines/pipelines-operator-bundle@sha256:a5672822c8a59e50317d79a697d7e93c9fca27df13dcbd999c3c7a18475243a2_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:1049"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "Red Hat OpenShift Pipelines 1.21:registry.redhat.io/openshift-pipelines/pipelines-operator-bundle@sha256:a5672822c8a59e50317d79a697d7e93c9fca27df13dcbd999c3c7a18475243a2_amd64",
            "Red Hat OpenShift Pipelines 1.21:registry.redhat.io/openshift-pipelines/pipelines-operator-proxy-rhel9@sha256:15d40f853744265a1f4f64e29d1da73056d87033faa393f17e2da75d19265008_arm64",
            "Red Hat OpenShift Pipelines 1.21:registry.redhat.io/openshift-pipelines/pipelines-operator-proxy-rhel9@sha256:25aeacd4b3dc9fdc04f3d88b128658c8574798d125efff9496f7a936d85ceb04_ppc64le",
            "Red Hat OpenShift Pipelines 1.21:registry.redhat.io/openshift-pipelines/pipelines-operator-proxy-rhel9@sha256:65dda4d1773b5cbb5b192aea81186aacb8e200d5c033527fcc9b236125382df3_amd64",
            "Red Hat OpenShift Pipelines 1.21:registry.redhat.io/openshift-pipelines/pipelines-operator-proxy-rhel9@sha256:e3475b5cd64b0a9e597f31fe7b6a7847b2bf924ce4feb123ebbf8e3424938f67_s390x",
            "Red Hat OpenShift Pipelines 1.21:registry.redhat.io/openshift-pipelines/pipelines-operator-webhook-rhel9@sha256:190f972cbf4951f32ccc666075c0c64751a98b4ac95f7b5762b39605084f4938_ppc64le",
            "Red Hat OpenShift Pipelines 1.21:registry.redhat.io/openshift-pipelines/pipelines-operator-webhook-rhel9@sha256:511e668c1ffc13395f57cd53983b4ba6d76a7e4004d8a845bb940d86d775ada6_arm64",
            "Red Hat OpenShift Pipelines 1.21:registry.redhat.io/openshift-pipelines/pipelines-operator-webhook-rhel9@sha256:81280d1b2568f74e265a8ab579581b44843e6841be4aa55562df84298cceda99_s390x",
            "Red Hat OpenShift Pipelines 1.21:registry.redhat.io/openshift-pipelines/pipelines-operator-webhook-rhel9@sha256:b574aec30943382079ea6c60df7aacce77fe3caacf366a08fe2c37769061a1bd_amd64",
            "Red Hat OpenShift Pipelines 1.21:registry.redhat.io/openshift-pipelines/pipelines-rhel9-operator@sha256:055d60f1ce44fdab089475c7fcbadb2764fdb453c05bba7ec918af82e4a2c7c1_amd64",
            "Red Hat OpenShift Pipelines 1.21:registry.redhat.io/openshift-pipelines/pipelines-rhel9-operator@sha256:258f160b7fcb75aea2ebf51b9163c58eaad1dc0fbd9285a411564a5f93e8a190_ppc64le",
            "Red Hat OpenShift Pipelines 1.21:registry.redhat.io/openshift-pipelines/pipelines-rhel9-operator@sha256:87ee30c0e63990331d779ff146fc811bd385f352c7c1d5b57d6d06fac2867f7b_s390x",
            "Red Hat OpenShift Pipelines 1.21:registry.redhat.io/openshift-pipelines/pipelines-rhel9-operator@sha256:bf1e73f5e9c64d63fa6c283617834f59d11c642ad92bf6ac08ebb0d4b0d2e089_arm64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "github.com/sigstore/fulcio: Fulcio: Denial of Service via crafted OpenID Connect (OIDC) token"
    }
  ]
}

CVE-2025-66506 (GCVE-0-2025-66506)

Tags

Sightings

Nomenclature

Action not permitted

CVE-2025-66506 (GCVE-0-2025-66506)

Solutions

Vulnerability from cleanstart

Tags

Sightings

Nomenclature